EasyManuals Logo

MikroTik RouterOS v2.9 User Manual

MikroTik RouterOS v2.9
709 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #560 background imageLoading...
Page #560 background image
General Information
FTP service through SOCKS server
Let us consider that we have a network 192.168.0.0/24 which is masqueraded, using a router with a
public IP 10.1.0.104/24 and a private IP 192.168.0.1/24. Somewhere in the network is an FTP
server with IP address 10.5.8.8. We want to allow access to this FTP server for a client in our local
network with IP address 192.168.0.2/24.
We have already masqueraded our local network:
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat src-address=192.168.0.0/24 action=masquerade
[admin@MikroTik] ip firewall nat>
And the access to public FTP servers is denied in firewall:
[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward src-address=192.168.0.0/24 dst-address=:21 action=drop
[admin@MikroTik] ip firewall filter>
We need to enable the SOCKS server:
[admin@MikroTik] ip socks> set enabled=yes
[admin@MikroTik] ip socks> print
enabled: yes
port: 1080
connection-idle-timeout: 2m
max-connections: 200
[admin@MikroTik] ip socks>
Add access to a client with an IP address 192.168.0.2/32 to SOCKS access list, allow data transfer
from FTP server to client (allow destionation ports from 1024 to 65535 for any IP address), and
drop everything else:
[admin@MikroTik] ip socks access> add src-address=192.168.0.2/32 dst-address=:21
action=allow
[admin@MikroTik] ip socks access> add dst-address=:1024-65535 action=allow
[admin@MikroTik] ip socks access> add action=deny
[admin@MikroTik] ip socks access> print
Flags: X - disabled
0 src-address=192.168.0.2/32 dst-address=:21 action=allow
1 dst-address=:1024-65535 action=allow
2 action=deny
[admin@MikroTik] ip socks access>
That's all - the SOCKS server is configured. To see active connections and data transmitted and
received:
[admin@MikroTik] ip socks connections> print
# SRC-ADDRESS DST-ADDRESS TX RX
0 192.168.0.2:1238 10.5.8.8:21 1163 4625
1 192.168.0.2:1258 10.5.8.8:3423 0 3231744
[admin@MikroTik] ip socks connections>
Note! In order to use SOCKS proxy server, you have to specify its IP address and port in your FTP
Page 546 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the MikroTik RouterOS v2.9 and is the answer not in the manual?

MikroTik RouterOS v2.9 Specifications

General IconGeneral
BrandMikroTik
ModelRouterOS v2.9
CategorySoftware
LanguageEnglish