Did you add the forward table rules? Casey
On Wed, Jun 11, 2014 at 2:12 PM, Jerry Roy <[email protected]> wrote: > Yes, Its the WAN IP. > > I believe I still have the default rules in there. I removed the dest > address from the rule but still same issue. > > I keep getting a syn sent in the connections log. > > *Jerry Roy* > Sr. Systems Engineer > MTCNA/MTCRE/MTCTCE > > > 1 949 681 5054 > 1 562 305 9545 Cell > > Unity Network Services > > *An iPass Company* > 125 Technology Drive > Suite 100 > Irvine, CA 92618 > > > > > On Wed, Jun 11, 2014 at 10:51 AM, Casey Mills <[email protected]> wrote: > > > I assume 172.250.x.x is you WAN IP. > > > > I don't see a need to specify dst-address in this rule, you are already > > specifying the in-interface. > > add action=dst-nat chain=dstnat comment="FTP for Work" > > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > > protocol=tcp to-addresses=192.168.200.200 to-ports=21 > > > > My RB2011 came with a few forward table filter rules that might come in > > handy. > > add chain=forward comment="default configuration" > > connection-state=established > > add chain=forward comment="default configuration" > connection-state=related > > add action=drop chain=forward comment="default configuration" > > connection-state=invalid > > > > Casey > > > > > > > > > > On Wed, Jun 11, 2014 at 12:46 PM, Jerry Roy <[email protected]> wrote: > > > > > All, > > > > > > This was working and now it's not. Can someone suggest what is wrong > with > > > this? I have an ftp server sitting on the LAN at 192.168.200.200. I > want > > to > > > access it from anywhere. I exported my FW and Nat rules below. Thanks > for > > > looking :) > > > > > > /ip firewall filter > > > add action=drop chain=input comment="drop ssh brute forcers" > dst-port=22 > > > protocol=tcp src-address-list=ssh_blacklist > > > add action=add-src-to-address-list address-list=ssh_blacklist > > > address-list-timeout=1w3d chain=input connection-state=new dst-port=22 > > > protocol=tcp \ > > > src-address-list=ssh_stage3 > > > add action=add-src-to-address-list address-list=ssh_stage3 > > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > > protocol=tcp src-address-list=\ > > > ssh_stage2 > > > add action=add-src-to-address-list address-list=ssh_stage2 > > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > > protocol=tcp src-address-list=\ > > > ssh_stage1 > > > add action=add-src-to-address-list address-list=ssh_stage1 > > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > > protocol=tcp > > > add chain=input comment="default configuration - icmp" protocol=icmp > > > add chain=input comment=established connection-state=established > > > add chain=input comment=related connection-state=related > > > add chain=input dst-port=22,443,8728,8291 protocol=tcp > > > add action=drop chain=input comment="default configuration" > > > in-interface=ether1-gateway > > > /ip firewall nat > > > add action=masquerade chain=srcnat comment="default configuration" > > > out-interface=ether1-gateway to-addresses=0.0.0.0 > > > add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080 > > > protocol=tcp to-addresses=192.168.200.90 to-ports=8080 > > > add action=dst-nat chain=dstnat comment="FTP for Work" > > > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > > > protocol=tcp to-addresses=\ > > > 192.168.200.200 to-ports=21 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20 > > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > > to-ports=20 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x > > dst-port=5000-6000 > > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > > to-ports=\ > > > 5000-6000 > > > add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x > > > dst-port=88,3074 in-interface=ether1-gateway protocol=tcp > > > to-addresses=192.168.200.93 \ > > > to-ports=3074 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074 > > > in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93 > > > to-ports=3074 > > > /ip firewall service-port > > > set ftp disabled=yes ports=99 > > > set tftp disabled=yes > > > set irc disabled=yes > > > set pptp disabled=yes > > > [admin@RB2011UAS-2HnD] /ip firewall> > > > > > > /ip firewall nat > > > add action=masquerade chain=srcnat comment="default configuration" > > > out-interface=ether1-gateway to-addresses=0.0.0.0 > > > add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080 > > > protocol=tcp to-addresses=192.168.200.90 to-ports=8080 > > > add action=dst-nat chain=dstnat comment="FTP for Work" > > > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > > > protocol=tcp to-addresses=\ > > > 192.168.200.200 to-ports=21 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20 > > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > > to-ports=20 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x > > dst-port=5000-6000 > > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > > to-ports=\ > > > 5000-6000 > > > add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x > > > dst-port=88,3074 in-interface=ether1-gateway protocol=tcp > > > to-addresses=192.168.200.93 \ > > > to-ports=3074 > > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074 > > > in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93 > > > to-ports=3074 > > > [admin@RB2011UAS-2HnD] /ip firewall nat> > > > > > > > > > *Jerry Roy* > > > Sr. Systems Engineer > > > MTCNA/MTCRE/MTCTCE > > > > > > > > > 1 949 681 5054 > > > 1 562 305 9545 Cell > > > > > > Unity Network Services > > > > > > *An iPass Company* > > > 125 Technology Drive > > > Suite 100 > > > Irvine, CA 92618 > > > -------------- next part -------------- > > > An HTML attachment was scrubbed... > > > URL: < > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.html > > > > > > > -------------- next part -------------- > > > A non-text attachment was scrubbed... > > > Name: image001.gif > > > Type: image/gif > > > Size: 2041 bytes > > > Desc: not available > > > URL: < > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.gif > > > > > > > _______________________________________________ > > > Mikrotik mailing list > > > [email protected] > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > > RouterOS > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/3f0eac85/attachment.html > > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/123fbce5/attachment.html > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image001.gif > Type: image/gif > Size: 2041 bytes > Desc: not available > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/123fbce5/attachment.gif > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/bdcb70fb/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
