I've got a unique problem. I basically am using a PC for a router with routerOS 4.5 right now. I bridge ether1-4 and use ether5 as my WAN. I am pushing about 60-80mbit right now nothing fancy just straight routing.
Everything has worked well but some particular websites don't like the mikrotik and will time out sessions. If I plug my laptop into the dmz outside the mikrotik the web sessions will not time out.
This is for a library system web system that logs you out after 15 mins. But I watch the connection drop in the connection tracking after a few seconds. But it is only for this site and a couple others. So the other side loses its session and assumes you have to log back in. But no other ISP in town has this happen. Only when it is behind this mikrotik. I swear they are dropping me on their side. But according to their tech support it claims this:
--
Q1. Why does the e-Library OPAC system keep showing the message "Session has timed out. Please click OK to start a new OPAC session."?
A: Each OPAC session is set at 15 minutes. The system displays this message after 15 minutes of inactivity. If this message is shown after less than 15 minutes of inactivity, it is because the system switches to a server load balance. For users who connect through a proxy, if a different IP address is used in the same session, the server load balance will not be able to identify the same session based on a IP address. That is when a Session Timeout message appears before it is time for the session to time out. When that happens, contact your network administrator or enter http://webcat1.tpml.edu.tw or http://webcat2.tpml.edu.tw in the address bar of your browser.
--
I do not use a proxy, and I've used a public IP so it is straight routing with only one forward chain rule in the firewall just to see..
Bizarre.. any ideas why could be doing this?
The conntrack timeouts are all about what they should be according to the manual. I am not doing anything fancy except for some port 25 blocking (the anti spam rules Butch put together)