Hi, If the router is in NAT mode, it is inclined to be picky on what it passes through. (and perhaps more so with newer versions) You could perhaps put in some raw filters to allow the spoofed packets from the web filter to pass into the local network. (Assuming they don't need alteration). Or perhaps more easily another non SPI router/packet filtering bridge, for just this task. Not sure about the outward RST's as they would presumably need to be natted. Regards Roger To: public@talk.mikrotik.com.au From: Mike O'Connor <mike@oeg.com.au> Date sent: Tue, 14 Apr 2020 21:14:45 +0930 Subject: [MT-AU Public] Router Filtering TCP RST Packets Send reply to: MikroTik Australia Public List <public@talk.mikrotik.com.au> [ Double-click this line for list subscription options ] Hi All I've been asked to look at a problem with a web filtering system for a business. Ever since they upgraded from a 6.5.x version to a current long term release of RouterOS the filtering (RST Packets) traffic generated by the filter system has been lost/blocked by the router. I have pcap files generated by the router showing the RST packets being generated and sent to the client and server of a tcp connection but captures of the inbound and outbound traffic path do not show these RST packets. rp-filter is turned off, ip connection traffic how been tried on and off. I found someone else asking this question https://forum.mikrotik.com/viewtopic.php?t=149084 the single reply was from someone who did not understand the problem. Does anyone have any ideas ? Thanks Mike _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au---------------------------- Roger Plant