Ótimo dia pessoas,

Venho a procura de uma solução para um problema estranho que venho tendo.
Possuo um RB941-nB hAP Lite e estou usando para controlar uma pequena rede comercial.
Configurei um loadbalance onde direciona um grupo de ips direto para sair por um link diferente e se um deles cair ele trocar para o outro.
Link 1 é adsl e fica para os desktops e o link 2 fica para os servidores.
Já tenho alguns redirecionamentos funcionando feito RDP, porta 6500, portas 10000 entre outras mas não consigo redirecionar meu FTP, faço o teste externo mostra como aberto mas não trafega e interno ele pega, mesma coisa com a porta 8000 usada pelo DVR da Hikvision.

A Lan1 pode ser desconsiderada por não estar usando, ainda vou configurar para outra coisa.

Toda a rede esta presa na Lan2 onde fica ligado o switch que alimenta as cascatas da rede.

Ainda vou configurar a VPN e esta preconfigurada, caso queriam me dar umas dicas também aceito.

Mas meu problema atual são os serviços de FTP (21) e o DVR (8000)

Agradeço a ajuda.

Modelo RB941-nB
Versão v6.39.2

# jul/20/2017 12:05:11 by RouterOS 6.39.2
# software id = VWMR-U2LT
#
/interface bridge
add admin-mac=6C:3B:6B:41:046 auto-mac=no comment=defconf fast-forward=no \
name=Wi-Fi
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=brazil disabled=no distance=indoors frequency=auto mode=ap-bridge \
ssid=medexpress wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether3 ] name=LAN01
set [ find default-name=ether4 ] name=LAN02
set [ find default-name=ether1 ] name=WAN01
set [ find default-name=ether2 ] name=WAN02
/ip neighbor discovery
set WAN01 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
"######" wpa2-pre-shared-key="######"
add name=profile wpa-pre-shared-key=visitante wpa2-pre-shared-key=visitante
/ip pool
#add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=MEDwDHCP ranges=10.1.1.80-10.1.1.99
add name=lanVPN ranges=10.1.2.2-10.1.2.10
/ip dhcp-server
add address-pool=MEDwDHCP authoritative=after-2sec-delay interface=Wi-Fi \
name=defconf
/ppp profile
add dns-server=10.1.1.101,8.8.8.8 idle-timeout=5m local-address=10.1.2.1 \
name=vpn only-one=yes remote-address=lanVPN
/system logging action
set 0 memory-lines=100 memory-stop-on-full=yes
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=Wi-Fi comment=defconf interface=LAN02
add bridge=Wi-Fi comment=defconf interface=wlan1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
#add address=192.168.88.1/24 comment=defconf disabled=yes interface=LAN01 \
network=192.168.88.0
add address="IPdedicado"/29 interface=WAN02 network="Redededicado"
add address=10.1.1.1/24 comment="Ponte com med" interface=LAN02 network=\
10.1.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
WAN01
/ip dhcp-server network
#add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.1.1.253 disabled=yes name=router
add address="GateDedicado" name=RouterDedi
add address=192.168.15.1 name=RouterAdsl
/ip firewall address-list
#add address=10.1.1.103-10.1.1.110 comment="Lista de Servidores do 103 ao 110" \
list=Servidores2
#add address=10.1.1.101 comment="Lista de Servidores do 101" list=Servidores1
/ip firewall filter
add action=accept chain=forward comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept establieshed,related" \
connection-state=established,related
add action=accept chain=forward comment="Redirecionar: RDP" \
connection-nat-state=dstnat protocol=rdp
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=WAN01
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=WAN02
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=WAN01
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=WAN02
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Grupo: Esta\E7\F5es de Trabalho" new-routing-mark=MED_PCs passthrough=no \
src-address=10.1.1.2-10.1.1.99
add action=mark-routing chain=prerouting comment="Grupo: Servidores" \
new-routing-mark=SERVIDORES passthrough=yes src-address=\
10.1.1.100-10.1.1.108
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=WAN01
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=WAN02
add action=dst-nat chain=dstnat comment="Redirecionar: Porta ArtNews" \
dst-port=6500 in-interface=WAN02 protocol=tcp to-addresses=10.1.1.106 \
to-ports=6500
# Essa não pega
add action=dst-nat chain=dstnat comment="Redirecionar: Porta DVR" dst-port=\
8000 in-interface=WAN02 protocol=tcp to-addresses=10.1.1.130 to-ports=\
8000
# Essa não pega
add action=dst-nat chain=dstnat comment="Redirecionar: FTP ARQ02" disabled=\
yes dst-port=1021 in-interface=WAN02 protocol=tcp to-addresses=10.1.1.108 \
to-ports=21
add action=dst-nat chain=dstnat comment="Redirecionar: Wemin FileServer" \
dst-port=10000 protocol=tcp to-addresses=10.1.1.102 to-ports=10000
add action=dst-nat chain=dstnat comment="Redirecionar: Wemin FileServer2" \
dst-port=10001 protocol=tcp to-addresses=10.1.1.108 to-ports=10000
add action=dst-nat chain=dstnat comment="Redirecionar: Wemin FileServer2 SSH" \
dst-port=10002 protocol=tcp to-addresses=10.1.1.108 to-ports=22
add action=dst-nat chain=dstnat comment="Redirecionar: RDP" dst-port=10105 \
protocol=tcp to-addresses=10.1.1.105 to-ports=3389
add action=dst-nat chain=dstnat comment="Redirecionar: RDP 107" dst-port=9999 \
protocol=tcp to-addresses=10.1.1.107 to-ports=3389
/ip firewall raw
add action=passthrough chain=prerouting comment=\
"special dummy rule to show fasttrack counters" disabled=yes
/ip firewall service-port
set ftp disabled=yes
/ip route
add comment=LinkADSL distance=1 gateway=192.168.15.1 routing-mark=MED_PCs \
scope=255
add comment=LinkDEDI distance=1 gateway="GateDedicado" routing-mark=SERVIDORES \
scope=255
add disabled=yes distance=1 gateway="GateDedicado"
/ip service
set ftp disabled=yes
/ppp secret
add name=daniel password=###### profile=vpn service=pptp
/system clock
set time-zone-name=America/Recife
/system identity
set name=RouterMed
/system package update
set channel=release-candidate
/system script
add name=Link_ADSL-on owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/ip route {set [find comment=LinkADSL] gateway=192.168.15.1}"
add name=Link_ADSL-off owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/ip route {set [find comment=LinkADSL] gateway="GateDedicado"}"
add name=Link_DEDI-on owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/ip route {set [find comment=LinkDEDI] gateway="GateDedicado"}"
add name=Link_DEDI-off owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/ip route {set [find comment=LinkDEDI] gateway=192.168.15.1}"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=WAN02
add interface=LAN01
add interface=LAN02
add interface=wlan1
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=WAN02
add interface=LAN01
add interface=LAN02
add interface=wlan1
/tool netwatch
add comment=Verifica_LinkADSL down-script=Link_ADSL-off host=192.168.15.1 \
up-script=Link_ADSL-on
add comment=Verifica_LinkADSL down-script=Link_DEDI-off host="GateDedicado" \
up-script=Link_DEDI-on