Yes, Its the WAN IP. I believe I still have the default rules in there. I removed the dest address from the rule but still same issue.
I keep getting a syn sent in the connections log. *Jerry Roy* Sr. Systems Engineer MTCNA/MTCRE/MTCTCE 1 949 681 5054 1 562 305 9545 Cell Unity Network Services *An iPass Company* 125 Technology Drive Suite 100 Irvine, CA 92618 On Wed, Jun 11, 2014 at 10:51 AM, Casey Mills <wkm...@gmail.com> wrote: > I assume 172.250.x.x is you WAN IP. > > I don't see a need to specify dst-address in this rule, you are already > specifying the in-interface. > add action=dst-nat chain=dstnat comment="FTP for Work" > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > protocol=tcp to-addresses=192.168.200.200 to-ports=21 > > My RB2011 came with a few forward table filter rules that might come in > handy. > add chain=forward comment="default configuration" > connection-state=established > add chain=forward comment="default configuration" connection-state=related > add action=drop chain=forward comment="default configuration" > connection-state=invalid > > Casey > > > > > On Wed, Jun 11, 2014 at 12:46 PM, Jerry Roy <j...@ipass.com> wrote: > > > All, > > > > This was working and now it's not. Can someone suggest what is wrong with > > this? I have an ftp server sitting on the LAN at 192.168.200.200. I want > to > > access it from anywhere. I exported my FW and Nat rules below. Thanks for > > looking :) > > > > /ip firewall filter > > add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 > > protocol=tcp src-address-list=ssh_blacklist > > add action=add-src-to-address-list address-list=ssh_blacklist > > address-list-timeout=1w3d chain=input connection-state=new dst-port=22 > > protocol=tcp \ > > src-address-list=ssh_stage3 > > add action=add-src-to-address-list address-list=ssh_stage3 > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > protocol=tcp src-address-list=\ > > ssh_stage2 > > add action=add-src-to-address-list address-list=ssh_stage2 > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > protocol=tcp src-address-list=\ > > ssh_stage1 > > add action=add-src-to-address-list address-list=ssh_stage1 > > address-list-timeout=1m chain=input connection-state=new dst-port=22 > > protocol=tcp > > add chain=input comment="default configuration - icmp" protocol=icmp > > add chain=input comment=established connection-state=established > > add chain=input comment=related connection-state=related > > add chain=input dst-port=22,443,8728,8291 protocol=tcp > > add action=drop chain=input comment="default configuration" > > in-interface=ether1-gateway > > /ip firewall nat > > add action=masquerade chain=srcnat comment="default configuration" > > out-interface=ether1-gateway to-addresses=0.0.0.0 > > add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080 > > protocol=tcp to-addresses=192.168.200.90 to-ports=8080 > > add action=dst-nat chain=dstnat comment="FTP for Work" > > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > > protocol=tcp to-addresses=\ > > 192.168.200.200 to-ports=21 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20 > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > to-ports=20 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x > dst-port=5000-6000 > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > to-ports=\ > > 5000-6000 > > add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x > > dst-port=88,3074 in-interface=ether1-gateway protocol=tcp > > to-addresses=192.168.200.93 \ > > to-ports=3074 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074 > > in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93 > > to-ports=3074 > > /ip firewall service-port > > set ftp disabled=yes ports=99 > > set tftp disabled=yes > > set irc disabled=yes > > set pptp disabled=yes > > [admin@RB2011UAS-2HnD] /ip firewall> > > > > /ip firewall nat > > add action=masquerade chain=srcnat comment="default configuration" > > out-interface=ether1-gateway to-addresses=0.0.0.0 > > add action=dst-nat chain=dstnat comment="Den Camera" dst-port=8080 > > protocol=tcp to-addresses=192.168.200.90 to-ports=8080 > > add action=dst-nat chain=dstnat comment="FTP for Work" > > dst-address=172.250.x.x dst-port=21 in-interface=ether1-gateway > > protocol=tcp to-addresses=\ > > 192.168.200.200 to-ports=21 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=20 > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > to-ports=20 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x > dst-port=5000-6000 > > in-interface=ether1-gateway protocol=tcp to-addresses=192.168.200.200 > > to-ports=\ > > 5000-6000 > > add action=dst-nat chain=dstnat comment=Xbox dst-address=172.250.x.x > > dst-port=88,3074 in-interface=ether1-gateway protocol=tcp > > to-addresses=192.168.200.93 \ > > to-ports=3074 > > add action=dst-nat chain=dstnat dst-address=172.250.x.x dst-port=3074 > > in-interface=ether1-gateway protocol=udp to-addresses=192.168.200.93 > > to-ports=3074 > > [admin@RB2011UAS-2HnD] /ip firewall nat> > > > > > > *Jerry Roy* > > Sr. Systems Engineer > > MTCNA/MTCRE/MTCTCE > > > > > > 1 949 681 5054 > > 1 562 305 9545 Cell > > > > Unity Network Services > > > > *An iPass Company* > > 125 Technology Drive > > Suite 100 > > Irvine, CA 92618 > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.html > > > > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: image001.gif > > Type: image/gif > > Size: 2041 bytes > > Desc: not available > > URL: < > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/eb9686c0/attachment.gif > > > > > _______________________________________________ > > Mikrotik mailing list > > Mikrotik@mail.butchevans.com > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > RouterOS > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/3f0eac85/attachment.html > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/123fbce5/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 2041 bytes Desc: not available URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140611/123fbce5/attachment.gif> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
