Community discussions

 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

connection tracking is routing possibile

Sat Sep 01, 2007 10:55 pm

If I turno off connection tracking is routing possibile ?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Re: connection tracking is routing possibile

Sun Sep 02, 2007 11:39 am

Yes.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: connection tracking is routing possibile

Mon Sep 03, 2007 3:37 pm

Connection tracking is required for action=mark-routing.
 
leonj
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Thu Jun 22, 2006 4:23 pm
Location: South Africa
Contact:

Re: connection tracking is routing possibile

Mon Sep 03, 2007 4:50 pm

Connection tracking is required for action=mark-routing.

Is this the only reason that conn-trac would be used? Besides being able to actualy see whats happening on the network?

Regards
Leon
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Re: connection tracking is routing possibile

Mon Sep 03, 2007 8:24 pm

Is this the only reason that conn-trac would be used? Besides being able to actualy see whats happening on the network?
No, connection tracking is also needed for some functionality of the firewall (/ ip firewall filter)

--Tom
 
gmsmstr
Trainer
Trainer
Posts: 940
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO
Contact:

Re: connection tracking is routing possibile

Mon Sep 03, 2007 8:26 pm

Also NAT ..
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: connection tracking is routing possibile

Tue Sep 04, 2007 2:34 am

can someone PLS tell us for what is conn tracking is.

Can turn it off, and still do mangle packet mark ? and drop allp2p, and stuff like that?
 
gmsmstr
Trainer
Trainer
Posts: 940
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO
Contact:

Re: connection tracking is routing possibile

Tue Sep 04, 2007 3:17 am

The best of my knowledge, not saying this is a complete list but here is what it will turn off or make not work.
  • NAT
    packet marking
    some filter rules (not sure what ones)
    sip helper (v3)
    very possable for pptp and other helper services (don't mater much as they need nat to really do anything)
Could be more, write support@mikrotik.com to see if you can get a list from MT. I will and post it on list.

Dennis
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: connection tracking is routing possibile

Tue Sep 04, 2007 8:56 am

Connection tracking is required by data that are being stored in connection table.
NAT, Mangle and options that are put in connection table that later may be used in firewall, HotSpot, queues, service-ports helpers are used by connection tracking.
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: connection tracking is routing possibile

Tue Sep 04, 2007 6:44 pm

You should not turn off connection tracking, but can you tell us why you want to do that, maybe we can help you solving the problem without applying rules that can create a problem in your network.

Regards.

Faton
 
changeip
Forum Guru
Forum Guru
Posts: 3803
Joined: Fri May 28, 2004 5:22 pm

Re: connection tracking is routing possibile

Tue Sep 04, 2007 10:31 pm

there are many reasons to disable connection tracking... if you need high performance and don't need any firewalling / etc.

some clarification if anyone knows:

1. action=mark-packet should work without connection table because it's only alive while it traverses the router, correct?

2. action=mark-routing should work without connection table because it's only based on the single packet that rule is being applied to, correct ?

3. If you use a specifier to determine if it's within an ongoing connection-mark then you need the connection tables, correct?

4. ip fragmentation is not handled without connection tracking. if packets are fragmented they may not match a rule because they are split into multiple packets and not handled automatically.

Sam
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: connection tracking is routing possibile

Tue Sep 04, 2007 11:33 pm

well,

Simpler form of question, can I turn off conntrack on RBs that are just p2p wifi links to other RBs ??

I want to get better performance.
 
changeip
Forum Guru
Forum Guru
Posts: 3803
Joined: Fri May 28, 2004 5:22 pm

Re: connection tracking is routing possibile

Wed Sep 05, 2007 1:22 am

if you are simply routing and not doing any firewalling or mangling then sure. we have turned off connection tracking on many of our border routers.

Sam
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: connection tracking is routing possibile

Thu Sep 06, 2007 9:03 pm

tnx

Who is online

Users browsing this forum: Google [Bot] and 99 guests