Community discussions

 
vdpollm
just joined
Topic Author
Posts: 3
Joined: Fri Apr 03, 2015 1:21 pm

Disable fasttrack

Tue Mar 07, 2017 7:27 pm

hi,

i have a 750UP

there are builtin in fasttrack rules in the ip firewall filters and mangle.

i want to disable this, as it interferes with my queues.

i have an existing 750GL and did this about a year ago.

now i cannot remember how i removed them.

when i try to remove or disable i get an error message that says that i cannot disable or remove builtin. however, i did do this previously.

i have spend the past 2 hrs googling and on this forum to find an answer, but, sadly, i am either blind as a bat, or my search parameters suck, coz i cannot find how to do it.

the posts or google links that i do find just say disable, or delete, but, that does not work, as per the above.

please can somebody point me to a post that has a solution that works?

thank you so much

regards
Marc
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Disable fasttrack

Tue Mar 07, 2017 10:42 pm

Not sure about that, but did you try to reset your RB with no default configuration?
 
janus20
Member Candidate
Member Candidate
Posts: 111
Joined: Thu Nov 03, 2016 10:31 am
Location: Pitesti, Romania

Re: Disable fasttrack

Tue Mar 07, 2017 10:42 pm

Hi,
Fasttrack enabled by default defined by those two rules:
/ip firewall filter 
add chain=forward action=fasttrack-connection connection-state=established,related
add chain=forward action=accept connection-state=established,related
You could see entire default configuration by running into terminal command;
/system default-configuration print
... should see line like:
...
 /ip firewall {
             filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
             filter add chain=input action=accept connection-state=established,related comment="defconf: accept established,related"
             filter add chain=input action=drop in-interface=ether1 comment="defconf: drop all from WAN"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related comment="defconf: accept established,related"
             filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
             filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 comment="defconf:  drop all from WAN not DSTNATed"
           }
...
Long story, short...
Image

Disable into FILTER tab rules which are commented out with "defconf: fasttrack" and one with "defconf: accept established,related"; in image above (from https://wiki.mikrotik.com/index.php?tit ... edirect=no ) are reprezented by rules nr 4 and 5.

After that just reboot the router. That's all.

Hope it helps.

kind regards,
 
nescafe2002
Long time Member
Long time Member
Posts: 624
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Disable fasttrack

Tue Mar 07, 2017 11:29 pm

Perhaps you tried to disable rule #1 (dummy) which indeed isn't possible.

Do NOT disable rule #5 (above) since this will block response packets. Just disable the one forward rule with action=fasttrack-connection.

No reboot necessary. You could kill existing connections in the Firewall > Connections tab if necessary.
 
janus20
Member Candidate
Member Candidate
Posts: 111
Joined: Thu Nov 03, 2016 10:31 am
Location: Pitesti, Romania

Re: Disable fasttrack

Wed Mar 08, 2017 12:10 am

Hi,
Perhaps you tried to disable rule #1 (dummy) which indeed isn't possible.
That's what he did :)
Do NOT disable rule #5 (above) since this will block response packets. Just disable the one forward rule with action=fasttrack-connection.
He said fasttrack is interfering with his queues. So i presumed that he has already have at least a basic firewall up and running and fasttrack rules were left out; based on my presumption:
a. since he did not show us any config rules i do not know if that global forward accept is even in his firewall rules ( example posted by me was from mikrotik manual );
b. I am a beginner too with mikrotik and i am not sure if is a good idea to have a global forward accept within filter rules.
No reboot necessary. You could kill existing connections in the Firewall > Connections tab if necessary.
After reboot those "dummy" won't appear anymore in filter and mangle tab/table. That's what i meant.

kind regards,
 
vdpollm
just joined
Topic Author
Posts: 3
Joined: Fri Apr 03, 2015 1:21 pm

Re: Disable fasttrack

Wed Mar 08, 2017 8:18 am

Hi Janus20 and Nescafe2002,

thank you for your inputs.

i will try this tonight when i am home and then let you know what happened.

thank you again. hope your day is Lego :-)

regards
Marc
 
vdpollm
just joined
Topic Author
Posts: 3
Joined: Fri Apr 03, 2015 1:21 pm

Re: Disable fasttrack

Sat Mar 11, 2017 2:30 pm

Whoop Whoop :-)

thank you so much.

apologies for the delay - work got in the way........

thank you again.

regards
Marc
 
marwooj
newbie
Posts: 35
Joined: Mon Nov 06, 2017 10:44 am

Re: Disable fasttrack

Sat Mar 03, 2018 12:40 am

HI, so is this #5 rule necessary?

Who is online

Users browsing this forum: No registered users and 26 guests