Hello.
I discovered in logs of my mikrotik RB1100AH a lot of drop packets on 443 and 80 ports via the following rule:
add action=drop chain=forward connection-state=invalid disable=no
I dont use multiwan. Packets drop from wellknow and reliable sites.
This rule is situated in firewall after forward establish and related rules.
Ether1 is WAN-port, ether2 is LAN.
RouterOS version is 6.37.3 (stable)
What do you think about it?
Thank you.
Regards, Mar
No ideas? 80 and 443 ports are open of course and sites work.
Is it correct to use Ether1 as WAN-port on RB1100AHx2? Maybe Ether11 is better?
I tried to disable invalid forward rule, but after that I find in log a lof of packets drop via input invalid rule.
Un my opinion, it is not normal situation. Does anybody have the same?
Thank you.
Regards, Mar
The question is how much (in relation to total number of packets) and what kind of packets. There are always some packets that stateful firewall sees as invalid. Some retransmitted ACKs, RSTs, …
You was absolutely right. I collected info from mikrotik to wireshark and analyzed traffic. All packets which were dropped by mikrotik is with retransmission status. Please check my diagram dependence total count of packets from retransmitted. Is it normal?
Thank you.
Regards, Mar
If I’m looking correctly and e.g. at time 140 it’s over 20% of retransmitted packets, then yes, it does look like a lot. But to be honest, I’m not sure what I’d do next.
A possible question may be does this have an effect to
a) browsing speed?(do webpages load up faster or slower when drop rule in place)
b) Does this have an effect on Upload or download speeds?
c) Does this effect windows scaling?(has anyone done a capture using wireshark running same tests to see if this affects windows scaling)