There are quite a few significant changes since 6.5! (especially security vulnerability patches ;) Some things that may be related to your observations include automated hardware offloading to switch chip where supported, and some changes to the way fasttrack and connection tracking works. It is possible that your spoofed packets are detected as 'invalid' (I see that Aaron has mentioned that too, while I was writing this :) To test that possibility, maybe make a filter rule that matches invalid packets with source/dest address of known connections and see if it counts any packets? I don't entirely follow some points in your question though - in particular that pcap shows the packets but other packet capture does not... is there more than one router in this scenario? Perhaps you could describe the topology in more detail and how the various components are put together? :-} Cheers!
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike O'Connor Sent: Tuesday, 14 April 2020 9:45 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Router Filtering TCP RST Packets
Hi All
I've been asked to look at a problem with a web filtering system for a business.
Ever since they upgraded from a 6.5.x version to a current long term release of RouterOS the filtering (RST Packets) traffic generated by the filter system has been lost/blocked by the router.
I have pcap files generated by the router showing the RST packets being generated and sent to the client and server of a tcp connection but captures of the inbound and outbound traffic path do not show these RST packets.
rp-filter is turned off, ip connection traffic how been tried on and off.
I found someone else asking this question https://forum.mikrotik.com/viewtopic.php?t=149084 the single reply was from someone who did not understand the problem.
Does anyone have any ideas ?
Thanks
Mike
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au