Page 1 of 1

connection tracking is routing possibile

Posted: Sat Sep 01, 2007 10:55 pm
by titius
If I turno off connection tracking is routing possibile ?

Re: connection tracking is routing possibile

Posted: Sun Sep 02, 2007 11:39 am
by tneumann
Yes.

Re: connection tracking is routing possibile

Posted: Mon Sep 03, 2007 3:37 pm
by sergejs
Connection tracking is required for action=mark-routing.

Re: connection tracking is routing possibile

Posted: Mon Sep 03, 2007 4:50 pm
by leonj
Connection tracking is required for action=mark-routing.

Is this the only reason that conn-trac would be used? Besides being able to actualy see whats happening on the network?

Regards
Leon

Re: connection tracking is routing possibile

Posted: Mon Sep 03, 2007 8:24 pm
by tneumann
Is this the only reason that conn-trac would be used? Besides being able to actualy see whats happening on the network?
No, connection tracking is also needed for some functionality of the firewall (/ ip firewall filter)

--Tom

Re: connection tracking is routing possibile

Posted: Mon Sep 03, 2007 8:26 pm
by gmsmstr
Also NAT ..

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 2:34 am
by titius
can someone PLS tell us for what is conn tracking is.

Can turn it off, and still do mangle packet mark ? and drop allp2p, and stuff like that?

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 3:17 am
by gmsmstr
The best of my knowledge, not saying this is a complete list but here is what it will turn off or make not work.
  • NAT
    packet marking
    some filter rules (not sure what ones)
    sip helper (v3)
    very possable for pptp and other helper services (don't mater much as they need nat to really do anything)
Could be more, write support@mikrotik.com to see if you can get a list from MT. I will and post it on list.

Dennis

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 8:56 am
by sergejs
Connection tracking is required by data that are being stored in connection table.
NAT, Mangle and options that are put in connection table that later may be used in firewall, HotSpot, queues, service-ports helpers are used by connection tracking.

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 6:44 pm
by fatonk
You should not turn off connection tracking, but can you tell us why you want to do that, maybe we can help you solving the problem without applying rules that can create a problem in your network.

Regards.

Faton

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 10:31 pm
by changeip
there are many reasons to disable connection tracking... if you need high performance and don't need any firewalling / etc.

some clarification if anyone knows:

1. action=mark-packet should work without connection table because it's only alive while it traverses the router, correct?

2. action=mark-routing should work without connection table because it's only based on the single packet that rule is being applied to, correct ?

3. If you use a specifier to determine if it's within an ongoing connection-mark then you need the connection tables, correct?

4. ip fragmentation is not handled without connection tracking. if packets are fragmented they may not match a rule because they are split into multiple packets and not handled automatically.

Sam

Re: connection tracking is routing possibile

Posted: Tue Sep 04, 2007 11:33 pm
by titius
well,

Simpler form of question, can I turn off conntrack on RBs that are just p2p wifi links to other RBs ??

I want to get better performance.

Re: connection tracking is routing possibile

Posted: Wed Sep 05, 2007 1:22 am
by changeip
if you are simply routing and not doing any firewalling or mangling then sure. we have turned off connection tracking on many of our border routers.

Sam

Re: connection tracking is routing possibile

Posted: Thu Sep 06, 2007 9:03 pm
by titius
tnx