Community discussions

MikroTik App
 
TomSF
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Tue Jun 27, 2017 2:12 am

Need help bypassing connection tracking

Thu Jun 30, 2022 9:27 pm

I have a device that opens an IPv4 TCP connection to a specific port on the WAN. This device loses functionality when that connection goes away which happens when the TCP established timeout occurs. I want to bypass connection tracking for that device to that port. I created a Raw rule to set no-track on the prerouting chain based on destination port and source mac address. Turning on logging in key firewall rules, I have log entries indicating that the SYN packets were forwarded to the WAN interface, but I get no response. I cannot see any indication in firewall rule counters or log entries that a response is being blocked. Is there something else I need to do to get a response back to that device and establish the connection?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Need help bypassing connection tracking

Sat Jul 02, 2022 3:33 pm

You likely need a similar raw rule marking return packets for non-tracking as well. If connection is not tracked, then firewall can't recognise return packets by its own, you have to do it manually.

Currently those return packets are likely droped as invalid.
 
TomSF
Member Candidate
Member Candidate
Topic Author
Posts: 102
Joined: Tue Jun 27, 2017 2:12 am

Re: Need help bypassing connection tracking

Sat Jul 02, 2022 6:25 pm

That makes sense. I had a filter to allow untracked on the forward chain, but the packet probably never got that far. Thanks.

Who is online

Users browsing this forum: Bing [Bot], ergys, mogiretony and 81 guests