Please see enclosed image for more details.
Can anyone explain why I'm seeing ipv4 LAN port activity on the WAN port in the Packet Sniffer with no NAT, and Interface is constantly incrementing byte/packet counter on the sfp1 tx direction? Please ignore the sfp1 rx activity, that's just unrelated activity on the WAN network. The ping is correctly failing as it always does time out.
The reason I'm doing this because I was seeing byte/packet counter constantly incrementing on the interface when I had an LTE module installed and I have a very low amount of data on the cellular plan so I need to watch that. It seems that I cannot trust the interface counter if its incrementing when no LAN packets pass though. Unless LAN packets are really leaking through, then that's a bigger problem.
I reduced the setup to this after a Reset Configuration with No Default Configuration enabled. My PC with ip address 10.1.10.59 is on LAN port ether1, and WAN port is sfp1. Using firmware 7.2rc4 on RB922UAGS. WLAN is disabled.
EDIT: RB922UAGS is behind another private network that’s running 192.168.0.0/24. So /ip dhcp-client will get 192.168.0.X.
/ip pool
add name=ipv4_pool1 ranges=10.1.10.20-10.1.10.59
/ip dhcp-server
add address-pool=ipv4_pool1 interface=ether1 name=server1
/queue simple
add dst=ether1 limit-at=64k/64k max-limit=64k/64k name=queue1 priority=6/6 \
queue=pcq-upload-default/pcq-download-default target=sfp1
/ip address
add address=10.1.10.1/24 interface=ether1 network=10.1.10.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=sfp1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.1.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.1.10.1
/ipv6 firewall filter
add action=drop chain=forward
add action=drop chain=output
add action=drop chain=input
/ipv6 firewall raw
add action=drop chain=prerouting
add action=drop chain=output
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=10.1.10.0/24
set api-ssl disabled=yes
/tool sniffer
set filter-direction=tx filter-interface=sfp1