Hi,

i have trouble with masquerade on MK 3.x (2.9x no problem)

klient RB 411 with RB52

interface wireless print
name="WiFi" mtu=1500 mac-address=00:0C:42:23:48:4A .......................

ip address
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 172.16.10.1/24 172.16.10.0 172.16.10.255 Ethernet
1 10.xx.xx.xx/30 10.xx.xx.xx 10.xx.xx.xx WiFi
ip route

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 reachable 10.xx.xx.xx 1 WiFi
1 ADC 10.xx.xx.xx/30 10.xx.xx.xx 0 WiFi
2 ADC 172.16.10.0/24 172.16.10.1 0 Ethernet

ip firewall nat print
chain=srcnat action=masquerade out-interface=WiFi

but on AP (RB133 with RB52) i see :

jun/10 20:59:58 firewall,info forward: in:pokryti out:5G, src-mac 00:0c:42:23:14:6f, proto TCP (ACK,FIN), 172.16.10.19:60473->62.168.11.130:80, len 52
jun/10 21:00:18 firewall,info forward: in:pokryti out:5G, src-mac 00:0c:42:23:14:6f, proto TCP (ACK,RST), 172.16.10.19:60423->62.168.11.130:80, len 40
jun/10 21:01:02 firewall,info forward: in:pokryti out:5G, src-mac 00:0c:42:23:14:6f, proto TCP (ACK,RST), 172.16.10.19:60489->62.168.11.130:80, len 40
jun/10 22:21:37 firewall,info forward: in:pokryti out:5G, src-mac 00:0c:42:23:48:4a, proto TCP (ACK,FIN), 172.16.10.20:1069->80.250.24.50:80, len 40
jun/10 22:21:37 firewall,info forward: in:pokryti out:5G, src-mac 00:0c:42:23:48:4a, proto TCP (ACK,FIN), 172.16.10.20:1069->80.250.24.50:80, len 40

what's wrong on my config ?
thx for your help.

any tip ?

I have that problem at all clients with MK 3.x (today over most 70)

thx

do you use transparent web proxy?

Try to block invalid packets in the firewall. Then let us know about the results.

no, don’t use any proxy

IP http://80.250.24.50/ isn’t invalid, it’s regular page

if i use this rules : chain=srcnat action=masquerade out-interface=WiFi i can’t see this packet on AP

i have drop rules, but MK 2.9.x don’t make this

btw - sorry, for my bad eng.

thx