Running Version 3.2 Mikrotik
Setup:
pppoe client connected. Public IP obtained from ISP ok.
Internal users on private IP Range on own Ethernet interface.
Nat rule: Masquarade if out interface = pppoe client
Problem:
Traffic in and out of pppoe-interface (LOTS, not just Winbox or SSH)
At first i thought my web-proxy is enabled and external hackers could use connection like that.
That is not the case however. Proxy is disabled.
Checking through firewall connections list, i found src-addresses/ports and dst-addresses/ports that has got nothing to to with legitimate traffic that should be entering and leaving my interface.
The src / dst combination addresses does not belong to anything relevant on my router.
The traffic is NOT present on my internal Ethernet interface. Neither is the NAT rule counting these packets. The suspect connections are not being detected as bittorrent.
Am i crazy for thinking that some sort of firewall penetration has happened on my router. This is a problem as bandwidth is quite expensive on this link, never mind the security implications.
Any ideas what might be going on, reproduce and cure?
Thanx