Community discussions

MUM Europe 2020
 
Sniedzins
just joined
Topic Author
Posts: 11
Joined: Wed Jul 19, 2006 8:45 pm
Location: Riga, Latvia

forwarding to ftp server

Tue Mar 06, 2007 5:45 pm

Hello!

I am writing, because I cannot get through Mikrotik's router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn't let me through.

Any help?

Thank you!
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 968
Joined: Fri May 26, 2006 1:25 am

Tue Mar 06, 2007 6:36 pm

make sure the MT Ftp server is disabled...and try the netmap action. Should not matter, but ive been using netmap to do port fowarding for a while on many different MT routers.
:beep :beep :beep
 
Sniedzins
just joined
Topic Author
Posts: 11
Joined: Wed Jul 19, 2006 8:45 pm
Location: Riga, Latvia

Wed Mar 07, 2007 10:05 am

hello again!

well.. i am total beginner in RouterOS.. so.. could i as for a help how to use netmap action?

i would trully appreciate any help, because suddenly we need ftp server.. very quickly.. but i cannot get through router..
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Wed Mar 07, 2007 10:09 am

Sniedzins,

At the very bottom of http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php they have a example of how to use netmap. It's pretty easy and the example is easy to understand.
 
Diganet
Member
Member
Posts: 349
Joined: Sun Oct 30, 2005 9:30 pm
Location: Denmark
Contact:

Re: forwarding to ftp server

Wed Mar 07, 2007 6:29 pm

Hello!

I am writing, because I cannot get through Mikrotik's router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn't let me through.

Any help?

Thank you!
To make VNC work you have to forward both port 5800 and 5900. Same goes with FTP. You need to forward port 20 and 21. Also be sure that both hosts (.13 and .26) have MT as their default gw.

It will work, it does here :)

/Henrik
 
User avatar
kolorasta
Member Candidate
Member Candidate
Posts: 299
Joined: Sun Jun 25, 2006 11:55 pm
Location: Argentina

Re: forwarding to ftp server

Tue Sep 18, 2007 3:37 pm

Hello!

I am writing, because I cannot get through Mikrotik's router to the ftp server.. And, what else is interesting, the NAT rule O is not wirking as well.

I have just one real IP address. So to I need to make NAT rules, I supose, to get from internet to my ftp server, that does not have a real IP address.

Here are the NAT rules:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=5900
action=dst-nat to-addresses=x.x.x.14 to-ports=5900

1 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=25
action=dst-nat to-addresses=x.x.x.13 to-ports=25

2 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=110
action=dst-nat to-addresses=x.x.x.13 to-ports=110

3 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=3389
action=dst-nat to-addresses=x.x.x.180 to-ports=3389

4 chain=srcnat out-interface=ether1 action=masquerade

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21

1,2,3,4 rules ar working fine. 0 and 5 is not working at all. If I try to connect to my ftp server - rule 5, I can see using winbox, that router receives my demand. But it doesn't let me through.

Any help?

Thank you!
I had the same problem... and i fixed it you have to specify the in-interface to the wan interface

in your case is ether1 (i guess so because it's the out-interface in the masquerade) the rule #5 would be like this

5 chain=dstnat dst-address=62.85.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=x.x.x.26 to-ports=21 in-interface=ether1

now you can have an ftp server in your lan with external access and connect to any ftp server at the same time
 
dentwistle
just joined
Posts: 6
Joined: Mon Sep 17, 2007 8:52 pm

Re: forwarding to ftp server

Fri Sep 21, 2007 1:11 am

I had a similar issue and I setup a rule to allow related connections that way tcp port 20 the ftp data port is also allowed through. I found this when I was able to connect to the server but not retrieve any data from directory lookups and such. You might also want to turn on the ftp helper in the firewall settings.

Who is online

Users browsing this forum: AzizHalal, saibarker and 96 guests