I have the following configuration at the moment:
1. Main router - hEX S
2. AP/Bridge - hAP ac^2 x2
The main router (Dual WAN) is with default firewall rules (IMCP allowed only from local, everything except winbox is disabled) and both hAPs are reset with no configuration and set as AP (all ports are bridged and no firewall present). Behind one of the hAPs I have a server on which there is installed openVPN using UDP.
The main router is forwarding to the server
Everything seems to work as meant and I have access to the network and the devices from outside. However I recently I saw in the logs that some strange IP addresses are dstnat-ed to to internal server on which is the VPN. These logs are rare (once or twice a day) and seems to be from one range 185.200.118.0 - 185.200.118.255.add action=dst-nat chain=dstnat comment="OpenVPN " dst-address=static address from ISP \
dst-port=1194 in-interface-list=WAN log=yes protocol=udp to-addresses=\
Local address of the server to-ports=1194
Do you guys have any explanation of this and should I be worried? Is there a way to allow only specific IP addresses to be dstned-ed to the server and should I set firewalls also on the hAPs? Currently I've disabled the NAT rule for the 1194 port as I'm not sure what is happening and don't want to risk it.
Thanks for the help in advance.