Community discussions

 
User avatar
arthurmitch
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Mon Jan 31, 2011 3:02 pm
Location: South Africa
Contact:

ftp port fowading

Tue Jul 26, 2011 10:46 am

ok i have the following problem on my network i cannot connect to my ftp using my command prompt but i can connect using my gui windows based internet explorer,if got ospf setted up on all 7 of my routers,i can connect and enter username and password but the error i get when connecting throw my command prompt when doing ls like list directorys is:

500 illegal port command
425 unable to build data connection; operation timed out

aney ideas?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: ftp port fowading

Tue Jul 26, 2011 3:37 pm

that means that related data connection cannot be created. check if you have nat somewhere in the middle and nat helper is disabled, or you have to switch to passive mode, if you are not already using that.
 
User avatar
arthurmitch
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Mon Jan 31, 2011 3:02 pm
Location: South Africa
Contact:

Re: ftp port fowading

Tue Jul 26, 2011 4:48 pm

where do i disable nat helper?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: ftp port fowading

Tue Jul 26, 2011 6:18 pm

http://wiki.mikrotik.com/wiki/Manual:IP ... vice_Ports
But you want the helper ENABLED on all routers that do NAT. Not that you should be doing NAT on more than one router (the border router where traffic from your AS exits to the Internet).
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
dasiu
Trainer
Trainer
Posts: 232
Joined: Fri Jan 30, 2009 11:41 am
Location: Reading, UK
Contact:

Re: ftp port fowading

Tue Jul 26, 2011 6:20 pm

/ip firewall service-port
But I think that janisk was asking to check if it is not disabled somewhere - it should be enabled for active FTP connection to be established ;-).

edit: Yeah, fewi was faster :).
 
User avatar
arthurmitch
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Mon Jan 31, 2011 3:02 pm
Location: South Africa
Contact:

Re: ftp port fowading

Wed Jul 27, 2011 9:49 am

ok i already did that thought it was something else i will build a diagram and paste it now
 
User avatar
arthurmitch
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Mon Jan 31, 2011 3:02 pm
Location: South Africa
Contact:

Re: ftp port fowading

Wed Jul 27, 2011 1:43 pm

ok here is my main router: rout print

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.134.110.9 1
1 A S 10.0.0.0/24 192.168.45.3 110
2 A S 10.1.1.0/24 192.168.45.3 110
3 ADC 41.134.110.0/28 41.134.110.10 ether1 0
4 A S 192.168.11.0/24 192.168.45.3 110
5 ADC 192.168.13.0/24 192.168.13.1 bridge1 0
6 A S 192.168.20.0/24 192.168.45.3 110
7 A S 192.168.30.0/24 192.168.45.3 110
8 ADC 192.168.45.0/24 192.168.45.1 ether5 0
9 A S 192.168.50.0/24 192.168.45.3 110
10 A S 192.168.88.0/24 192.168.45.3 110

firewall:

0 ;;; All-Internet
chain=srcnat action=masquerade out-interface=ether1

1 ;;; Loop-Back
chain=srcnat action=masquerade protocol=tcp src-address=192.168.45.0/24 dst-address=192.168.88.2

2 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=41.134.110.1 dst-port=20-25

3 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=41.134.110.1 dst-port=443

4 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=41.134.110.1 dst-port=2040-2050

5 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.134.110.1 dst-port=6080

6 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.134.110.1 dst-port=9091

7 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=41.134.110.1 dst-port=80-81

8 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=41.134.110.1 dst-port=3203-3206

9 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=41.134.110.1 dst-port=5900-5935

10 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=41.134.110.1 dst-port=6000-6020

11 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.134.110.1 dst-port=6080

12 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=41.134.110.1 dst-port=7000

13 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=41.134.110.1 dst-port=8061

14 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=41.134.110.1 dst-port=8080-8082

15 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.134.110.1 dst-port=9091

16 chain=dstnat action=dst-nat to-addresses=10.1.1.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8292

17 chain=dstnat action=dst-nat to-addresses=10.1.1.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8293

18 chain=dstnat action=dst-nat to-addresses=192.168.20.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8294

19 chain=dstnat action=dst-nat to-addresses=10.0.0.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8295

20 chain=dstnat action=dst-nat to-addresses=10.0.0.1 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8296

21 chain=dstnat action=dst-nat to-addresses=192.168.50.2 to-ports=8291 protocol=tcp dst-address=41.134.110.1 dst-port=8297
-- [Q quit|D dump|down]

router 2:

0 A S 0.0.0.0/0 192.168.45.1 1
1 A S 10.0.0.0/24 10.1.1.1 110
2 ADC 10.1.1.0/24 10.1.1.2 wlan1 0
3 A S 41.134.110.0/28 192.168.45.1 110
4 A S 192.168.11.0/24 10.1.1.1 110
5 A S 192.168.13.0/24 192.168.45.1 110
6 A S 192.168.20.0/24 10.1.1.1 110
7 A S 192.168.30.0/24 10.1.1.1 110
8 ADC 192.168.45.0/24 192.168.45.3 ether1 0
9 A S 192.168.50.0/24 10.1.1.1 110
10 A S 192.168.88.0/24 10.1.1.1 110

firewall:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

router 3:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.1.1.2 1
1 A S 10.0.0.0/24 192.168.20.1 110
2 ADC 10.1.1.0/24 10.1.1.1 wlan1 0
3 A S 41.134.110.0/28 10.1.1.2 110
4 A S 192.168.11.0/24 192.168.20.1 110
5 A S 192.168.13.0/24 10.1.1.2 110
6 ADC 192.168.20.0/24 192.168.20.2 ether1 0
7 A S 192.168.30.0/24 192.168.20.1 110
8 A S 192.168.45.0/24 10.1.1.2 110
9 A S 192.168.50.0/24 192.168.20.1 110
10 A S 192.168.88.0/24 192.168.20.1 110

firewall:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

router 4:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.20.1 192.168.20.2 1
1 A S 10.0.0.0/24 192.168.30.2 110
2 A S 10.1.1.0/24 192.168.20.2 110
3 A S 41.134.110.0/28 192.168.20.2 110
4 ADC 192.168.11.0/24 192.168.11.1 ether3 0
5 A S 192.168.13.0/24 192.168.20.2 110
6 ADC 192.168.20.0/24 192.168.20.1 ether2 0
7 ADC 192.168.30.0/24 192.168.30.1 ether1 0
8 A S 192.168.45.0/24 192.168.20.2 110
9 A S 192.168.50.0/24 192.168.30.2 110
10 A S 192.168.88.0/24 192.168.30.2 110

firewall:

0 chain=srcnat action=masquerade

router 5:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.30.1 1
1 ADC 10.0.0.0/24 10.0.0.2 wlan1 0
2 A S 10.1.1.0/24 192.168.30.1 110
3 A S 41.134.110.0/28 192.168.30.1 110
4 A S 192.168.11.0/24 192.168.30.1 110
5 A S 192.168.13.0/24 192.168.30.1 110
6 A S 192.168.20.0/24 192.168.30.1 110
7 ADC 192.168.30.0/24 192.168.30.2 ether1 0
8 A S 192.168.45.0/24 192.168.30.1 110
9 A S 192.168.50.0/24 10.0.0.1 110
10 A S 192.168.88.0/24 10.0.0.1 110

firewall:

0 chain=srcnat action=masquerade

router 6:

B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.0.0.2 1
1 ADC 10.0.0.0/24 10.0.0.1 wlan1 0
2 A S 10.1.1.0/24 10.0.0.2 110
3 A S 41.134.110.0/28 10.0.0.2 110
4 A S 192.168.11.0/24 10.0.0.2 110
5 A S 192.168.13.0/24 10.0.0.2 110
6 A S 192.168.20.0/24 10.0.0.2 110
7 A S 192.168.30.0/24 10.0.0.2 110
8 A S 192.168.45.0/24 10.0.0.2 110
9 ADC 192.168.50.0/24 192.168.50.1 ether1 0
10 A S 192.168.88.0/24 192.168.50.2 110

firewall:

0 chain=srcnat action=masquerade

router 7: this was my main router but is now the las router that is onsite.

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 X S 0.0.0.0/0 41.134.110.2 1
1 X S 0.0.0.0/0 196.212.100.145 1
2 A S 0.0.0.0/0 192.168.50.1 1
3 A S 0.0.0.0/0 192.168.50.1 1
4 X S 0.0.0.0/0 196.212.100.145 2
5 X S 0.0.0.0/0 41.134.110.2 3
6 A S 10.0.0.0/24 192.168.50.1 110
7 A S 10.1.1.0/24 192.168.50.1 110
8 A S 41.134.110.0/28 192.168.50.1 110
9 A S 192.168.11.0/24 192.168.50.1 110
10 A S 192.168.13.0/24 192.168.50.1 110
11 A S 192.168.20.0/24 192.168.50.1 110
12 A S 192.168.30.0/24 192.168.50.1 110
13 A S 192.168.45.0/24 192.168.50.1 110
14 ADC 192.168.50.0/24 192.168.50.2 ether3-wirless 0
15 ADC 192.168.88.0/24 192.168.88.1 ether5-lan 0

firewall:

0 chain=srcnat action=masquerade

that last router router7 was my main router atleast untill they stole my dsl cables so now i had to get a new connection to my home and my ftp is on 192.168.88.2.
 
User avatar
arthurmitch
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Mon Jan 31, 2011 3:02 pm
Location: South Africa
Contact:

Re: ftp port fowading

Tue Aug 30, 2011 9:26 am

found my trouble and sortede it out thanx in anyway!

Who is online

Users browsing this forum: No registered users and 8 guests