there is a local FTP server in my network which is behind NAT. Everything is working fine from the local network, but there is a problem when connecting from outside.
CCR1036-8G-2S+ / RouterOS 7.2.3
added dstnat from public 40021 port to local port 21, so I am able to connect to FileZilla server but there is a problem with directory listing
Code: Select all
Status: Connecting to PUBLIC_IP_HIDDEN:40021...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (PUBLIC_IP_HIDDEN,156,80)
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing
Below is what I did (partial config):
Code: Select all
/ip firewall filter
add action=accept chain=forward dst-address=192.168.50.0 src-address=172.16.0.0/16
/ip firewall nat
add action=redirect chain=dstnat comment="REDIRECT FOR STATIC DNS ENTRIES" dst-port=53 protocol=tcp
add action=redirect chain=dstnat comment="REDIRECT FOR STATIC DNS ENTRIES" dst-port=53 protocol=udp
add action=netmap chain=srcnat comment="ASAN FINANCE <=> FELIX" dst-address=10.250.21.151 log=yes src-address=172.16.49.33 to-addresses=\
10.127.247.10
add action=netmap chain=srcnat comment="ASAN FINANCE <=> STR" dst-address=10.250.21.151 log=yes src-address=172.16.55.136 to-addresses=\
10.127.247.9
add action=masquerade chain=srcnat comment="LAN MASQUERADE" out-interface="WAN BRIDGE"
add action=dst-nat chain=dstnat comment="IR INTERNET MAP" dst-port=3366 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.51.253 \
to-ports=5900
add action=dst-nat chain=dstnat comment="LOCAL FTP" dst-port=40021 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.51.253 \
to-ports=21
add action=dst-nat chain=dstnat comment="UBUNTU STR WEB" dst-port=57080 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.55.136 \
to-ports=80
add action=dst-nat chain=dstnat comment="STR NODE1 SRV" dst-port=22041 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.33.105 \
to-ports=80
add action=dst-nat chain=dstnat comment="STR NODE1 SRV SSH" dst-port=22043 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.33.105 \
to-ports=22
add action=dst-nat chain=dstnat comment="STR NODE2 CLIENT" dst-port=22042 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.33.99 \
to-ports=80
add action=dst-nat chain=dstnat comment="STR NODE2 CLIENT SSH" dst-port=22044 in-interface="WAN BRIDGE" protocol=tcp to-addresses=\
172.16.33.99 to-ports=22
add action=dst-nat chain=dstnat comment="ANDREW LOCAL WWW" dst-port=57550 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.46.212 \
to-ports=7550
add action=dst-nat chain=dstnat comment="UBUNTU STR SSH" dst-port=57071 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.55.136 \
to-ports=22
add action=dst-nat chain=dstnat comment="MALIYYA SERVER" dst-port=44490 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.51.195 \
to-ports=3389
add action=dst-nat chain=dstnat comment=BOKT dst-port=4490 in-interface="WAN BRIDGE" protocol=tcp to-addresses=172.16.51.238 to-ports=4490
add action=dst-nat chain=dstnat comment="MALIYYA DATASRV EXCHANGE" dst-port=10777 in-interface="WAN BRIDGE" protocol=tcp to-addresses=\
172.16.51.195 to-ports=8095
/ip ipsec identity
add comment="ASAN FINANCE" peer=AsanPeer
/ip ipsec policy
add comment="ASAN FINANCE" dst-address=10.250.21.151/32 peer=AsanPeer proposal=AsanProposal src-address=10.127.247.8/29 tunnel=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=<PUBLIC_IP_HIDDEN>