unknown problem

hi all

Please help me solve the problem as shown in the picture.Especially what is inside the frame in red shows the volume of data traffic congestion. one WAN port (ether1) note that the volume of data the user actually on LAN ports ether2,ether3
Does not correspond with the size of the data on ether1.
i get this problem when I activate the external web cache redirect in the firewall ,when i disable it every thing doing normal .

the nat rule :chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1
chain=dstnat action=dst-nat to-addresses=10.50.5.67 to-ports=3128
protocol=tcp dst-port=80

Make sure your dst nat for your proxy is from you LAN only.

Your proxy got published as a public proxy on the internet, and people from the internet are using your proxy.

more thanks for answer .

the external cache its include public IP . do you mean need to change it to private IP ?

---------------up------------------------

No, limit the access to the proxy from your LAN only.

chain=dstnat action=dst-nat to-addresses=10.50.5.67 to-ports=3128 protocol=tcp dst-port=80 src-address=192.168.0.0/24

Change src-address=192.168.0.0/24 to your LAN subnet.

dear tomaskir i thank you so much

i did what you said and i got better and every think working normally . i will monitor it today and will give you the results .

but can you give me more clearance for this problem ,especially i have another router connected with the same cache with the same rule and working fine !

kind regards

This is probably what happend: A crawler bot scanned your router and found an open proxy. It then got published on the internet in an open proxy list website somewhere. So random people from the internet were using your router as a proxy, and eating your bandwidth.

This is because your NAT rule was set so that everyone got pushed to the proxy when they accessed the router on the proxy port. We changed it to only let people from your LAN access the proxy.

thank you


every thing working good


regards