[Mikrotik] FTP frustration

Wed, 11 Jun 2014 09:47:37 -0700 

All,

This was working and now it's not. Can someone suggest what is wrong with
this? I have an ftp server sitting on the LAN at 192.168.200.200. I want to
access it from anywhere. I exported my FW and Nat rules below. Thanks for
looking :)

/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new dst-port=22
protocol=tcp \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=\
    ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=\
    ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp
add chain=input comment="default configuration - icmp" protocol=icmp
add chain=input comment=established connection-state=established
add chain=input comment=related connection-state=related
add chain=input dst-port=22,443,8728,8291 protocol=tcp
add action=drop chain=input comment="default configuration"
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080
protocol=tcp to-addresses=192.168.200.90 to-ports=8080
add action=dst-nat chain=dstnat comment="FTP for Work"
dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway
protocol=tcp to-addresses=\
    192.168.200.200 to-ports=21
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200
to-ports=20
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=5000-6000
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200
to-ports=\
    5000-6000
add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x
dst-port=88,3074 in-interface=ether1-gateway protocol=tcp
to-addresses=192.168.200.93 \
    to-ports=3074
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074
in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93
to-ports=3074
/ip firewall service-port
set ftp disabled=yes ports=99
set tftp disabled=yes
set irc disabled=yes
set pptp disabled=yes
[admin@RB2011UAS-2HnD] /ip firewall>

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080
protocol=tcp to-addresses=192.168.200.90 to-ports=8080
add action=dst-nat chain=dstnat comment="FTP for Work"
dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway
protocol=tcp to-addresses=\
    192.168.200.200 to-ports=21
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200
to-ports=20
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=5000-6000
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200
to-ports=\
    5000-6000
add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x
dst-port=88,3074 in-interface=ether1-gateway protocol=tcp
to-addresses=192.168.200.93 \
    to-ports=3074
add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074
in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93
to-ports=3074
[admin@RB2011UAS-2HnD] /ip firewall nat>


*Jerry Roy*
Sr. Systems Engineer
MTCNA/MTCRE/MTCTCE


 1 949 681 5054
1 562 305 9545 Cell

Unity Network Services

*An iPass Company*
125 Technology Drive
Suite 100
Irvine, CA 92618
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2041 bytes
Desc: not available
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.gif>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to