Has anyone else seen an issue where RouterOS will not pass packets greater than the MTU unless connection tracking is enabled? I have spent the last two days trying to figure out why my new MT router would not pass these packets. As soon as I turned on connection tracking, packets > 1500 bytes started to pass through the router
I’ve noticed that it will not even respond to ping packets > 1500 bytes without the connection tracking turned on. I would not have thought this would happen.
I am not doing any shaping or firewalling, the only rules in this router are to drop netBIOS traffic.
Hmmm, just stumbled across this when trying to introduce some basic traffic shaping/priorities on a bridge just filtering out NetBIOS and some other protocols until now.
Somewhen I must have disabled connection-tracking on that system, and was wondering why the mangle rules (using connection-marks) were marking packets somewhat deliberately. But of course connection-marks will not really work without connection tracking …
This is part of the fragmentation issues i mentioned to you some weeks ago Cmit.
Another part is about udp packets have Don’t Fragment flag set.
I can only speculate that such packet craziness is to create clear cut scenarios where either an udp type tunnel will work or it wont work instead of slowing down as fragmentation would have caused, if fragmentation were allowed to happen.
Personally i like things to work according to standards shrugs
…