Today I was checking the NAT connections on a simple setup I use.
The setup is fairly simple. A PPPoE connection to the internet, a local-bridge interface to the inside network (192.168.x.x). NAT is in between:

/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=pppoe

Today, I found this:

/ip firewall connection> print
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
0 tcp 178.x.x.x:59551 84.x.x.x:443 established 9h8m39s
1 tcp 188.x.x.x:39789 84.x.x.x:443 established 9h9m22s
2 tcp 188.x.x.x:46318 84.x.x.x:443 established 9h15m38s
(...)

The SRC and DST are both not local to my setup. What is going on here? Am I somehow in the middle of connections that do not belong to my local setup?

Hi,

On a terminal "/ip proxy print" - is that enabled - if so you have an open web proxy Other than that recreate the rule without the 0.0.0.0/0 since the to-address should technically be either an actual address on the unit or not set at all.