I have a CCR2004-16G-2S+ with RouterOS 7.0.4 behind a Fritzbox (7630) .
I configured it as a router cascade with double natting.
The mikrotik WAN Port is connected to the FritzBox and behind the mikrotik is a server. The Fritzbox has a static route for the server network pointing to the mikrotik.
ISP--> Fritzbox (192.168.1.1/24) --> CCR (192.168.1.254 / 192.168.2.1/24) --> Server (192.168.2.2)
I want to use the Server as FTP Server on port 21 and 45500-45600 .
So far I realised this with double natting like this:
Code: Select all
/ip firewall filter
add action=accept chain=forward comment="Server 1" dst-address=192.168.2.2 \
dst-port=21 protocol=tcp
add action=accept chain=forward dst-address=192.168.2.2 dst-port=49500-49600 \
protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat comment="FTP Server1" dst-port=21 in-interface=\
ether1 protocol=tcp to-addresses=192.168.2.2 to-ports=21
add action=dst-nat chain=dstnat dst-port=49500-49600 in-interface=ether1 \
protocol=tcp to-addresses=192.168.2.2 to-ports=49500-49600
add action=masquerade chain=srcnat comment=masquerade
Someone suggested to not use double nat and let the fritzbox route instead. I tried this but can't get it working. If I disable the src-nat masquerading and dst-nat rules and set port forwarding directly in the fritzbox directly to the server (it would still need to go via the static route to the wan port of the mikrotik) I can't reach the FTP server anymore.
Any ideas?