My connection:
Internet -> Static WAN IP address, EDGE router (with NAT rules) -> Core Router -> Local Network
The Core router CCR1009-8G-1S-1S+ (tile), has no NAT rules, no Mangle rules, simple static default route.
There is a simple Firewall rule list (CCR):
/ip firewall filter
add action=accept chain=forward comment="Accept established and related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow access to Internet" src-address=192.168.88.0/24
add action=drop chain=forward comment="Drop ALL Forward" log=yes log-prefix="Drop ALL Forward"
For some reason reading the log I see some traffic was dropped
Drop ALL Forward forward: in:WAN-interface out:LAN-interface, connection-state:new src-mac AA:AA:01:01:01:01, proto TCP (ACK,PSH), 33.90.100.100:443->192.168.88.101:60708, len 125
I don't understand why that traffic was initiated as "new".
My computer 192.168.88.101 initiates connection from port 60708 to remote server 33.90.100.100 port 443, because I have established and related rule, incoming traffic should be automatically accepted. But it accepts it only partially, some traffic is recognized as "new", and it does not go to "established and related."
I probably would not pay attention to it, till I found tons of dropped traffic from different network clients, and people complain about the slow internet.
Later I found the same issue with output/input chains
/ip firewall filter
add action=accept chain=input comment="Accept established and related" connection-state=established,related
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=accept chain=input comment="Accept Winbox" dst-address=192.168.88.1 dst-port=8291 protocol=tcp
add action=drop chain=input comment="Drop ALL Input" log=yes log-prefix="Drop ALL Input"
add action=accept chain=output comment="Accept established and related" connection-state=established,related
add action=drop chain=output comment="Drop ALL Output" log=yes log-prefix="Drop ALL Output"
Reading the log:
Drop ALL Output output: connection-state:new proto TCP, 192.168.88.1:8291->192.168.88.101:33000, len 125
I am still connected to Winbox, but some traffic is dropped.
I have these issues on different computers/clients.
I have replaced the Core router with the new device (same model), no luck.
Later I found the same issues in another network with the same type of hardware (CCR tile)
Tested on RouterOS 7.13.5 and 7.12
What it could be? Where do I need to look?
Internet -> Static WAN IP address, EDGE router (with NAT rules) -> Core Router -> Local Network
The Core router CCR1009-8G-1S-1S+ (tile), has no NAT rules, no Mangle rules, simple static default route.
There is a simple Firewall rule list (CCR):
/ip firewall filter
add action=accept chain=forward comment="Accept established and related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow access to Internet" src-address=192.168.88.0/24
add action=drop chain=forward comment="Drop ALL Forward" log=yes log-prefix="Drop ALL Forward"
For some reason reading the log I see some traffic was dropped
Drop ALL Forward forward: in:WAN-interface out:LAN-interface, connection-state:new src-mac AA:AA:01:01:01:01, proto TCP (ACK,PSH), 33.90.100.100:443->192.168.88.101:60708, len 125
I don't understand why that traffic was initiated as "new".
My computer 192.168.88.101 initiates connection from port 60708 to remote server 33.90.100.100 port 443, because I have established and related rule, incoming traffic should be automatically accepted. But it accepts it only partially, some traffic is recognized as "new", and it does not go to "established and related."
I probably would not pay attention to it, till I found tons of dropped traffic from different network clients, and people complain about the slow internet.
Later I found the same issue with output/input chains
/ip firewall filter
add action=accept chain=input comment="Accept established and related" connection-state=established,related
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=accept chain=input comment="Accept Winbox" dst-address=192.168.88.1 dst-port=8291 protocol=tcp
add action=drop chain=input comment="Drop ALL Input" log=yes log-prefix="Drop ALL Input"
add action=accept chain=output comment="Accept established and related" connection-state=established,related
add action=drop chain=output comment="Drop ALL Output" log=yes log-prefix="Drop ALL Output"
Reading the log:
Drop ALL Output output: connection-state:new proto TCP, 192.168.88.1:8291->192.168.88.101:33000, len 125
I am still connected to Winbox, but some traffic is dropped.
I have these issues on different computers/clients.
I have replaced the Core router with the new device (same model), no luck.
Later I found the same issues in another network with the same type of hardware (CCR tile)
Tested on RouterOS 7.13.5 and 7.12
What it could be? Where do I need to look?
Statistics: Posted by WildWest — Fri Feb 23, 2024 10:45 pm