Community discussions

MUM Europe 2020
 
User avatar
rwrocket
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Nov 24, 2014 8:08 am

Why are these packets invalid?

Fri Nov 17, 2017 7:44 am

If I turn on logging/blocking of invalid forward traffic in this intermediate router I get a lot of packets that seem to be legit but are being marked as invalid.

For now I am allowing it in case it causes problems for our customers so I hope someone might be able to explain why I am seeing this.

To clarify this router is running PPPoE Server serving public IPs to PPPoE customers. Each customer is running their own consumer grade firewall and NAT
The router in the screenshot is not doing any NAT

The traffic looks legitimate so I am trying to establish why it is being marked as INVALID.
You do not have the required permissions to view the files attached to this post.
 
msatter
Forum Guru
Forum Guru
Posts: 1335
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Why are these packets invalid?

Fri Nov 17, 2017 9:50 am

Those ack,fin and rst are package sent by the other side to end the established connecting, that is considered by your Mikrotik already as ended.

These packets are coming in now and are bouncing off because nobody is waiting to welcome them.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
rwrocket
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 80
Joined: Mon Nov 24, 2014 8:08 am

Re: Why are these packets invalid?

Mon Nov 20, 2017 5:40 am

Thank you for the reply, I am not clear what you are mean though or if it is normal or not?

The majority of these packets come from my customer side (PPPoE clients) attempting to reach outside (internet) addresses

Who is online

Users browsing this forum: No registered users and 77 guests