Don't understand how local traffic from my LAN can jump throught NAT rule on mikrotik and go to the DMZ ?
/ip firewall nat add action=masquerade chain=srcnat out-interface=DMZ src-address=10.10.0.0/16 to-addresses=0.0.0.0
i don't have no more rules in filter, mangle or raw
exept /ip firewall filter add action=accept chain=forward
by the way ! this wrong traffic flows only to 443 dst port
for example
11:33:32.992004 IP 10.10.231.53.37698 > 87.250.250.207.443: Flags [R], seq 2920141894, win 0, length 0
11:33:33.547967 IP 10.10.154.87.46466 > 213.180.193.230.443: Flags [R], seq 611987300, win 0, length 0
11:33:33.548239 IP 10.10.154.87.46466 > 213.180.193.230.443: Flags [R], seq 611987300, win 0, length 0
11:33:33.885430 IP 10.10.145.16.51837 > 54.205.60.226.443: Flags [R], seq 1323507005, win 0, length 0
11:33:33.885763 IP 10.10.145.16.51837 > 54.205.60.226.443: Flags [R], seq 1323507005, win 0, length 0
11:33:33.890503 IP 10.10.145.16.51841 > 54.205.60.226.443: Flags [R], seq 3018220698, win 0, length 0
11:33:33.890863 IP 10.10.145.16.51841 > 54.205.60.226.443: Flags [R], seq 3018220698, win 0, length 0
11:33:34.433547 IP 10.10.111.135.36300 > 87.250.250.207.443: Flags [R], seq 3053875660, win 0, length 0
11:33:34.433764 IP 10.10.111.135.36300 > 87.250.250.207.443: Flags [R], seq 3053875660, win 0, length 0
11:33:34.434848 IP 10.10.111.135.36300 > 87.250.250.207.443: Flags [R], seq 3053875660, win 0, length 0
11:33:34.444327 IP 10.10.3.150.39194 > 213.180.193.230.443: Flags [R], seq 1263754677, win 0, length 0
11:33:34.444873 IP 10.10.3.150.39194 > 213.180.193.230.443: Flags [R], seq 1263754677, win 0, length 0
11:33:34.710503 IP 10.10.156.46.64118 > 17.57.12.243.443: Flags [R], seq 3260872821, win 0, length 0
11:33:35.230764 IP 10.10.146.13.38828 > 173.194.179.31.443: Flags [R], seq 874401182, win 0, length 0
11:33:35.230909 IP 10.10.146.13.38828 > 173.194.179.31.443: Flags [R], seq 874401182, win 0, length 0
11:33:35.230971 IP 10.10.146.13.38828 > 173.194.179.31.443: Flags [R], seq 874401182, win 0, length 0
11:33:35.241811 IP 10.10.146.13.38828 > 173.194.179.31.443: Flags [R], seq 874401182, win 0, length 0
11:33:35.242625 IP 10.10.146.13.38828 > 173.194.179.31.443: Flags [R], seq 874401182, win 0, length 0
routeros v 6.48.6
CCR1036-8G-2S+