Community discussions

 
lav21
newbie
Topic Author
Posts: 41
Joined: Sat Sep 18, 2010 3:32 pm

tools - profile - firewall cpu 30%, but ALL rules OFF...wtf?

Fri Aug 10, 2012 8:20 pm

tools - profile - firewall - cpu 30-40%, but ALL firewall rules OFF (filter, nat. mangle - 0 rules).

what is a mystery ?
 
User avatar
hassibi
Trainer
Trainer
Posts: 130
Joined: Wed Jun 13, 2012 5:58 am
Location: Iran,Kerman

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Sun Aug 12, 2012 6:46 pm

Hello
I think its Connection Tracking...Disable it and check your router profile again.

Good luck.
 
Ivoshiee
Member
Member
Posts: 471
Joined: Sat May 06, 2006 4:11 pm

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Sun Aug 12, 2012 6:53 pm

Hello
I think its Connection Tracking...Disable it and check your router profile again.

Good luck.
What good does disabling of the connection tracking will do? Why should I need it anyway?
 
lav21
newbie
Topic Author
Posts: 41
Joined: Sat Sep 18, 2010 3:32 pm

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Sun Aug 12, 2012 8:47 pm

Features affected by connection tracking

NAT
firewall:
connection-bytes
connection-mark
connection-type
connection-state
connection-limit
connection-rate
layer7-protocol
p2p
new-connection-mark
tarpit
p2p matching in simple queues

http://wiki.mikrotik.com/wiki/Manual:IP ... n_tracking
 
lav21
newbie
Topic Author
Posts: 41
Joined: Sat Sep 18, 2010 3:32 pm

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Sun Aug 12, 2012 9:39 pm

hassibi, Thank you!!!!!!!
(Огромное спасибо)

Exactly!!!!

Conntrack disabled and cpu load go down.
Although none of these features have not been used:

Features affected by connection tracking

NAT
firewall:
connection-bytes
connection-mark
connection-type
connection-state
connection-limit
connection-rate
layer7-protocol
p2p
new-connection-mark
tarpit
p2p matching in simple queues

******
And conntrack table is not full
******

Why?
 
User avatar
hassibi
Trainer
Trainer
Posts: 130
Joined: Wed Jun 13, 2012 5:58 am
Location: Iran,Kerman

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Mon Aug 13, 2012 9:15 am

Because by default RouterOS check connection and its state.
its recommended that disable connection tracking if not use that feature...

Good Luck
Features affected by connection tracking

NAT
firewall:
connection-bytes
connection-mark
connection-type
connection-state
connection-limit
connection-rate
layer7-protocol
p2p
new-connection-mark
tarpit
p2p matching in simple queues

http://wiki.mikrotik.com/wiki/Manual:IP ... n_tracking
 
lav21
newbie
Topic Author
Posts: 41
Joined: Sat Sep 18, 2010 3:32 pm

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Mon Aug 13, 2012 9:31 am

but, what could be the reason for this behavior?

I still need to use DNAT.

I remind you - a few more similar servers with enable conntrack, but do not have this problem.
An interesting mechanism of the phenomenon .....
 
lav21
newbie
Topic Author
Posts: 41
Joined: Sat Sep 18, 2010 3:32 pm

Re: tools - profile - firewall cpu 30%, but ALL rules OFF...

Tue Aug 14, 2012 3:56 pm

no idea?

help......................................

Who is online

Users browsing this forum: No registered users and 84 guests