I came across the following in Mikrotik log:
invalid forward: in:bridge out:ether1, src-mac xx..., proto TCP (RST), 10.0.0.204:57914->126.96.36.199:443, len 40
(iphone to an Akamai)
invalid forward: in:bridge out:ether1, src-mac ...., proto TCP (ACK,FIN), 10.0.0.152:60806->188.8.131.52:80, len 52
(amazon stick to amazon)
this is logged by "drop forward state=invalid" rule.
NAT is configured to "masquerade" everything going through WAN port.
Could you tell me what is "invalid" about that? (I've read that it is mostly about badly NAT-ed packets... but the devices in question have no issues connecting to the internet, on top of masquerade rule simply saying "whatever goes through WAN")
Second question, unexpected inputs (SYN):
src-mac ....., proto TCP (SYN), 184.108.40.206:42541-> mikrotik:13413, len 40
I see a number of those, is it someone scanning my net? Curious is that those come in packs from various IPs: