On this page http://wiki.mikrotik.com/wiki/Connection_Rate author writes:

Each entry in connection tracking table represents bidirectional communication. Every time packet gets associated to particular entry, packet size value (including IP header) is added to "connection-bytes" value for this entry. (in another words "connection-bytes" includes both - upload and download)

When I look at connections tab it lists up down links separately, ie:

src dst
1.1.1.1:80 2.2.2.2:1234
2.2.2.2:1234 1.1.1.1:80

Is mentioned wiki page incorrect or connection tracking behavior is different when bridging (ROS4.2)?

When I look at connections tab it lists up down links separately, ie:

src dst
1.1.1.1:80 2.2.2.2:1234
2.2.2.2:1234 1.1.1.1:80

Is mentioned wiki page incorrect or connection tracking behavior is different when bridging (ROS4.2)?

well, while routing, I cannot see double records... maybe bridging, maybe timeout - what's in TCP State and Timeout values of these entries?

hm..I cannot find any entries that have the same ports today. What I still see is my LAN as a source and destination even though we are behind nat (so LAN is always the source address) like so:

(my lan 1.1.1.0/24)
src dst
1.1.1.2:xxx 24.7.7.7:xxx
1.1.1.6:xxx 63.4.4.4:xx
197.4.4.4:xxx 1.1.1.45:xxx

This causes problems for my mangle rules as I cannot filter traffic by src as it can be listed in dst as well... any idea why this is happening?

edit: my configuration: [LAN]----[MT transparent bridge]-----[router w/NAT]-----[internet]

This causes problems for my mangle rules as I cannot filter traffic by src as it can be listed in dst as well...

anyway you will have your lan addresses either as src or as dst - packets go in both directions

This causes problems for my mangle rules as I cannot filter traffic by src as it can be listed in dst as well...

anyway you will have your lan addresses either as src or as dst - packets go in both directions

What is the definition of src address on MT? Isn't it the side that started with TCP (SYN) packet? By that definition, since LAN is always initiating traffic it should always be the src.

thanks,
Michael

The source address is the IP address of the device that sent the particular packet you're looking at. In a unicast TCP virtual circuit that could be either of the two hosts involved, the destination address will be the other host.

It works like with all other devices, basically.