For the last year I’ve used RouterBoard 750 later upgraded to 493AH Both with OS 4.14 (at this time we had a sizeable number of rules in the proxy caused to use the CPU of the 750 to its full capacity by this time we haven’t notice the full blown problem that I will describe ahead) both router and the web-proxy worked without a problem for that time however recently (few months back) notice high use of the internet during low times which gradually became increasing high at all-time specially with nothing but the internet connected to the router(I thought it was a virus so I disconnected everything from it , as well as to prove IPS I was not doing any of their supposed hacking I was been blame for), seems that sources from outside are using the router as “anonymous” proxy thru the web proxy itself. However the connections multiply when I turn off the web proxy. The only thing I’ve been able to “rid” myself of this problem by assign web proxy with random port other than 8080, down side is I need the web proxy and while this stops the ones from outside does not stop anyone from accessing those pages that were blocked.
Web-Proxy configuration (originally)
Firewall NAT rule (dstnat,tcp port 80 redirect port 8080)
Web Proxy setting Port 8080
Now
Nat rule off
Web proxy random unused port
The picture is a fair view of the absurd number of connections that come from the outside into a different destinations, I stated early only way to avoid this for us has been to give web-proxy random port. I am still fairly new to this router still and if it’s a setting we could correct that be great but I doubt it’s that easy.
RouterBoard RB493QH OS 4.14 I am aware that there 5.18v due to some problems with early 5.xx version we held from updating it, as of yet unsure if it’s a router backdoor, a messed up setting or something else entirely.
Any help would be greatly appreciated.
Thanks in advance