Hello,
I’m not sure if this is possible:
I have a MT 2.9.37 setup as a router and a NAT Firewall. Connection tracking is on for the NAT side, however routed traffic also gets caught in the connection tracking as well. Is there a way to prevent all of the routed traffic from being tracked in the connections? Ie. routed traffic bypasses the connection tracking altogether.
Thanks,
Cliff.
connection tracking is either on or off … you can’t specfically say don’t track ‘this’. You can still be natting even on the routed traffic, so you probably want it on anyhow. Connection-tracking is used for more than just nat also, ie; ip fragments, mangling, etc.
Sam
changeip,
Thanks for the info. The reason I ask is because I’m having a problem with Router OS 2.9.38, whenever I use a Polycom vx5000 to make a video conference call behind the router to the internet.
I can make the call sucessfully, when I hang up the call it causes the router to panic and reboot, everytime. I’ve narrowed it down to Connection Tracking in the Firewall. If I turn off Connection tracking it works as expected, as soon as I turn it back on the problem begins again. This happens on routed as well as NATed traffic, since it will primarily used from routed traffic I was hoping to separate the two in connection tracking.
I’ve sent a support request to MT
Cliff.
We are experiencing this exact same problem on our network. Has anyone found a true solution to it yet? Not only does it reboot the router that our client using the Polycom device is connected to, it reboots our Core router as well. This is a very severe problem for us and the solution is of utmost urgency to us.
airtech,
I have several support requests to MT and I’m just getting the usual try this, try that but no real solution as of yet.
If your not using NAT on any of your core routers the problem is related to Connection Tracking (aka Stateful packet inspection). So if you can turn off connection tracking this will help. I unfortunately can’t turn it off since I’m using NAT.
C.
Well, we found out that it is not just a Mikrotik issue, it is a Polycom issue. I have their support team working on it as we speak and will let you know as soon as we find a solution.
airtech,
I have a ViewStation FX MP behind a MT 2.9.5 version and a ViewStation VX 5000 and a ViewStation FX MP behind a MT 2.9.38.
The FX works fine with the 2.9.5 and doesn’t reboot the router, the ones behind the 2.9.38 both will reboot the router on disconnect.
The Polycom FX has the software version, Release 6.0.5 FX - 08 Jun 2005.
C.
i would say its a MT issue as well as nothing (well few things,) should cause the router to crash…
exactly, if its crashing MT its definately an MT problem. I wonder if this is the same packets (similiar) that was crashing MT earlier (biffit) … had to do with IP fragments it didn’t like.
Sam
please make the sniffer file from this traffic of the Polycom which cause the router to crash, so we could try to analyze it. Send it to support@mikrotik.com
Thank you so much Mikrotik. Your suggestion sent to us to disable just h.323 connection tracking in the firewall service ports worked! Thank you again for looking into this for us.