Hi, i have installed in my home an RV180W, connected to WAN side at mikrotik Groove 52HPn (managed by my wi-fi internet provider), and at LAN side at my home LAN.

Into my LAN i have a Grandstream VoIP Gateway HT-502, NAS and other, and into the RV180, i have opened this ports:

NAS_FTP TCP 2121 - 2121
NAS_HTTP TCP 8080 - 8080
NAS_FTP_PASS TCP 55536 - 55541
VoIP_TCP TCP 5040 - 5060
VoIP_UDP UDP 5040 - 5060
VoIP_Voce_UDP UDP 10000 - 20000
VoIP_Voce_TCP TCP 10000 - 20000
VoIP_RTP_TCP TCP 5004 - 5004

My provider initially NAT everything on my WAN ip address of the RV 180 and for 2 years, all works perfectly, but some months ago, my internet speed sometimes slow down, and i notice a lot of traffic on WAN led and on LAN led of the Grandstream.

I have analyzed traffic in the router, and i have find a lot of traffic (similar to DDoS attack) to the port 1900 UDP fo the GrandStream.

i have tried to block some of the source IP address of attack, and after a couple of seconds, they start from another new IP.

now, my provider, has blocked all ports on mikrotik and this has temporary resolved the problem, but i doesn't understand why the traffic pass through the firewall without problem.

all devices has the latest firmware release and my connection have a static IP address.

I have installed this firewall, to manage Firewall and NAT myself, without contact everytime my internet provider, but now i must replicate all NAT in the Mikrotik provider and in my firewall, to stay "protected".

Someone know if there are some bug about DDoS attack for this device?