Removed established connection appears again?
Posted: Fri Dec 04, 2015 9:49 pm
Hello,
I've noticed something strange after trying to remove active (established) connection from ip->firewall->connections on MikroTik RB951G-2HnD v6.33.1.
This is a scenario:
- open terminal on MT router
- connect to some device (system telnet 10.20.20.1 333)
- in connections I see src 192.168.1.1:44453 and dst 10.20.20.1:333
- that device sends TCP keep-alive package every second to check if socket is alive
- I remove that established connection
- if that device first sends some package (keep-alive), old connection appears again but with switched src and dst addresses
- if I send something from terminal to device, old connection appears again without switching src and dsc addresses
src address will be from one who first sends something to other side.
It can be a problem if I allow only router to establish connection.
In my log (I log all connections without any matched rule), I can see connection from that device:
TCP (ACK,PSH) from 10.20.20.1:333 -> 192.168.1.1:44453
but it is wrong, because router should always be on src side.
What do you think about this situation?
Thanks!
I've noticed something strange after trying to remove active (established) connection from ip->firewall->connections on MikroTik RB951G-2HnD v6.33.1.
This is a scenario:
- open terminal on MT router
- connect to some device (system telnet 10.20.20.1 333)
- in connections I see src 192.168.1.1:44453 and dst 10.20.20.1:333
- that device sends TCP keep-alive package every second to check if socket is alive
- I remove that established connection
- if that device first sends some package (keep-alive), old connection appears again but with switched src and dst addresses
- if I send something from terminal to device, old connection appears again without switching src and dsc addresses
src address will be from one who first sends something to other side.
It can be a problem if I allow only router to establish connection.
In my log (I log all connections without any matched rule), I can see connection from that device:
TCP (ACK,PSH) from 10.20.20.1:333 -> 192.168.1.1:44453
but it is wrong, because router should always be on src side.
What do you think about this situation?
Thanks!