I created a firewall rule on the forward chain to drop all packets marked invalid with a destination address of my email server. When I enable this some computers are very slow to load the mail servers web page and looking at the mikrotik log I'll see dozens of invalid connection warnings from the computers mac address to the mail server port 443. On other computers there is no log and the page loads very fast. What could be causing this?
After looking at the date this was posted, this is old news... but the way I understand that is the port of the "first ip" will change because that is the end-users computer that is connecting to your mail server, it will use whatever port it knows is not in use to open the connection from its side, the port will not change on the destination device... looks like u are using secure login (443) and imap (143). I take it that you editted the src-mac address to read all 0's, otherwise these are fake mac-addresses, which is prolly why they are getting tagged as invalid. If they were real mac's then maybe a firmware issue was causing your slow responses... could also be a number of issues, with the computers in question.
Invalid packet is packet that does not belong to any already established connection (no entry in connection tracking) and is not syn packet that establishes new connection.
What I get from this is a packet that has no place being sent to your server in any form or fashion, I could be wrong, but I see dropping invalid connection-state packets something that could always be implemented without ill-effects... Can I get a response on this thought please...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum