Using OS 2.9.43. Router/Firewall was working fine. DST-NAT set up so our ftp, web, and mail servers as well as several workstations were accessible from the Internet from our public IP addresses. Changed ISP so our public addresses changed. Changed all references to the old public IP addresses to the new IP addresses. Web server and mail server are both accessible from the Internet, all workstations previously accessible via Remote Desktop and PC Anywhere are all accessible with the new IP addresses but I receive connection errors to the ftp server. When I bypassed the MT and put the ftp server on a public address I can connect and transfer files, no problem so I'm sure I have a configuration problem. I've searched the manual and forums to no avail. Anybody have help for me please.

0 ;;; Drop Invalid Connections
chain=input connection-state=invalid action=drop
1 ;;; Allow Established Connections
chain=input connection-state=established action=accept
2 ;;; Allow UDP
chain=input protocol=udp action=accept
3 ;;; Allow ICMP
chain=input protocol=icmp action=accept
4 ;;; Allow access to router from known network
chain=input src-address=xx.xxx.xx.x/24 action=accept
5 ;;; Allow access to router from known network
chain=input src-address=192.168.1.0/24 action=accept
6 X ;;; Drop anything else
chain=input action=drop
7 ;;; Drop invalid connections
chain=forward protocol=tcp connection-state=invalid action=drop
8 ;;; Allow related connections
chain=forward connection-state=related action=accept
9 chain=forward src-address=0.0.0.0/8 action=drop
10 chain=forward dst-address=0.0.0.0/8 action=drop
11 chain=forward src-address=127.0.0.0/8 action=drop
12 chain=forward dst-address=127.0.0.0/8 action=drop
13 chain=forward src-address=224.0.0.0/3 action=drop
14 chain=forward dst-address=224.0.0.0/3 action=drop
15 chain=forward protocol=tcp action=jump jump-target=tcp
16 chain=forward protocol=udp action=jump jump-target=udp
17 chain=forward protocol=icmp action=jump jump-target=icmp
18 ;;; deny TFTP
chain=tcp protocol=tcp dst-port=69 action=drop
19 ;;; deny RPC Portmapper
chain=tcp protocol=tcp dst-port=111 action=drop
20 ;;; deny RPC Portmapper
chain=tcp protocol=tcp dst-port=135 action=drop
21 X ;;; deny NBT
chain=tcp protocol=tcp dst-port=137-139 action=drop
22 X ;;; deny CIFS
chain=tcp protocol=tcp dst-port=445 action=drop
23 ;;; deny DHCP
chain=tcp protocol=tcp dst-port=67-68 action=drop
24 ;;; deny NFS
chain=tcp protocol=tcp dst-port=2049 action=drop
25 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=12345-12346 action=drop
26 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=20034 action=drop
27 ;;; deny BackOriffice
chain=tcp protocol=tcp dst-port=3133 action=drop
28 ;;; Deny TFTP
chain=udp protocol=udp dst-port=69 action=drop
29 ;;; Deny RPC Portmapper
chain=udp protocol=udp dst-port=111 action=drop
30 ;;; Deny RPC Portmapper
chain=udp protocol=udp dst-port=135 action=drop
31 ;;; Deny NBT
chain=udp protocol=udp dst-port=137-139 action=reject
reject-with=icmp-network-unreachable
32 ;;; Deny NFS
chain=udp protocol=udp dst-port=2049 action=drop
33 ;;; Deny BackOriffice
chain=udp protocol=udp dst-port=3133 action=drop
34 ;;; Drop invalid connections
chain=icmp protocol=icmp icmp-options=0:0 action=accept
35 ;;; Allow established connections
chain=icmp protocol=icmp icmp-options=3:0 action=accept
36 ;;; Allow already established connections
chain=icmp protocol=icmp icmp-options=3:1 action=accept
37 ;;; Allow source quench
chain=icmp protocol=icmp icmp-options=4:0 action=accept
38 ;;; Allow echo request
chain=icmp protocol=icmp icmp-options=8:0 action=accept
39 ;;; Allow time exceed
chain=icmp protocol=icmp icmp-options=11:0 action=accept
40 ;;; Allow parameter bad
chain=icmp protocol=icmp icmp-options=12:0 action=accept
41 ;;; Deny all other types
chain=icmp action=drop

Which FTP are you running there ??

Argosoft. Neither active nor passive modes will work. I didn't change ftp software, only changed my public ip addresses in "ip addresses" and "dst-nat".

Come on people...somebody has to have an opinion. Do I need to add a rule explicilty allowing an ftp connection to an ftp server on the lan? Should I blow out the configuration and rebuild everything because RouterOS didn't parse the ip address change correctly. I seem to remember an earlier version (maybe 2.8 ) had a firewall rule that explicitly allowed an ftp connection from the Internet but I can't find a corresponding rule in 2.9. Do I need to provide more information? I need some help from an expert...please!

I had a problem with FTP in the past with the same symptoms. I had somehow disabled FTP under IP --> Firewall --> Service Ports. Try disable/enable there and see what happens.

I don't have a problem with ftp to the router.

This was an FTP problem to a server behind the firewall in NAT mode.

Yes. Please see my original post. Everything was working until I changed my public ip addresses in "ip addresses" and "dst-nat". Now everything works except ftp. Connections can be made to the ftp server on the lan but then time out waiting for something.

Okay, we seem to be having a communication problem here. I read your post. I have the same setup as you (an FTP, mail server, web server, and other stuff behind a MT router). I had the same problem as you mentioned with FTP. The service port helper may not be working properly after your network changes. The ftp helper is for servers BEHIND your MT router. I could ping the server I could telnet into the my server's FTP port but I couldn't transfer files via FTP from the web. All I was saying was go in and toggle the setting off and on for FTP. Maybe the settings for this feature didn't update with your network change. This is in ip/firewall/service-port NOT /ip/service where the router services are located.

My bad. I'll give it a go. Thanks Chucka.

You are the man. When I went to ip firewall service-port, print, all service ports were X'ed. I enabled ftp and I was able to connect and transfer files, up and down. I toggled the service port back off and my problem of connecting but being unable to transfer files returned. Thank you very much for your advice. Did I just flat out miss this in the manual?