hi boyz,
what would happen? In manual, there is note that when using NAT, connection tracking MUST be enabled. Did somebody try to switch it off?
Why I want to do this ? We face problem with ICQ on our network. It is disconnecting clients occasionally, several times a day. We don’t use any special things on network - no hotspots, no proxies, nothing - it is plain open routed wireless network with filtered ports 135-139 and 445 because of Microsoft sharing and closed P2P during day by packet filtering. Nothing else.
thnx!
You can turn it off.
If you use NAT in your network, it would work not correctly.
http://www.mikrotik.com/docs/ros/2.8/ip/conserv
I wondered this also. So, if not using NAT/IP Helpers you can turn it off? No other functions rely on this feature? I thought maybe the ‘established connection’ or other connection type filters would use this.
Sam
turning conntrack off will improve performance. but you will loose NAT (including masquerading), connection marking, connection state matching, P2P matching… and maybe somthing else that i forgot - see the manual for more info.