Hi,
I have notices a bit unusual behavior with NAT, running RouterBOARD 962UiGS-5HacT2HnT with RouterOS 6.48.2 in simple home office setup: WAN, and bridge interface to some LAN port and wifi.
I do have NAT:
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=8.9.10.11 dst-port=22 in-interface=ether1 protocol=tcp to-addresses=192.168.88.100
And what I have seen, that when is SSH session established from an IP in the internet 1.2.3.4, as example, to public IP 8.9.10.11, and I do flap (disable and then enable) interface to server 192.168.88.100, then source IP 1.2.3.4 is unable to establish SSH to that server anymore. I have run packet sniffer. On ether1 port are visible packets source 1.2.3.4 destination 8.9.10.11:22 RX only.
On bridge interface are visible packets source 1.2.3.4 destination 192.168.88.100:22 TX and in opposite direction source 192.168.88.100:22 destination 1.2.3.4 RX. Such returning packets are not visible on ether1 (wan port).
After port flap to server, from any other public IP service SSH is still accessible, except from 1.2.3.4. I have tied to clear connection table, waiting few days, only finding how to fix this issue is reboot of device. ARP record is there, ping to server from router works, access to SSH from other IP works, access to server via IPSec tunnel works as well, only source in the internet 1.2.3.4 could not reach SSH service any more.
Have you encounter similar issue? Or do I have incorrect NAT configuration?