I have an RV-325 router (10.0.1.1) connected to two WAN sources: WAN1 and WAN2. WAN2 (eth2) is an ADSL modem router which forwards all traffic via a DMZ port 192.168.1.29 to the RV-325 WAN2. I see entries like these in the RV-325 "System LOG" which I do not understand:
2020-11-07, 04:50:50 ALLOW TCP 22.214.171.124:58939 -> 192.168.1.29:9206 on eth2 2020-11-07, 04:50:50 ALLOW TCP 126.96.36.199:58939 -> 10.0.1.12:9206 on eth2
The first line above seems like the outside address (188.8.131.52) with port 58939 is being passed along to the RV-325 as 192.168.1.29 port 9206. As far as I can determine the ADSL modem is not supposed to be doing any port translation or port forwarding activities.
I'm not at all clear about the second line, except that it looks like the DMZ packet from the ADSL modem is 184.108.40.206 port 58939 which is being sent to the RV-325 modem/firewall and port translated to 10.0.1.12 port 9206.
I have the following port forwarding rules in the access rules in the firewall:
Allow PiA  WAN2 Any 10.0.1.12 ~ 10.0.1.12 Always Deny PiA  WAN1 Any 10.0.1.12 ~ 10.0.1.12 Always
Is this unwanted traffic actually arriving at the 10.0.1.12 port 9206? Thanks....RDK