I have a setup with RouterB sitting behind RouterA. RouterA sets RouterB's IP address to a public static IP 108.x.y.z, which it has been given in a block of addresses by the ISP.
In RouterA's logs, I see this:
src=108.x.y.z dst=192.168.0.28 ipprot=17 sport=64881 dport=161
Drop traffic to 192.168.0.0/16
The source is RouterB (or possibly one of the computers sitting behind it) and the destination is for an IP Address that doesn't exist, nor is it in fact even on the same subnet at the rest of the network sitting behind either router.
Is there something I can do to find the source of this traffic?
Update: more details
As suggested by blankabout I had a look in RouterB's logs. There is nothing but a bunch of stuff like this:
2012 Mar 15 08:44:33 [FVS336G] [wand] [LBFO] Restarting WAN2_
2012 Mar 15 08:45:36 [FVS336G] [wand] [LBFO] WAN1(UP), WAN2(UP)_
2012 Mar 15 08:46:37 [FVS336G] [wand] [LBFO] Restarting WAN1_
Regarding the comment from gravyface on the answer from blankabout: indeed the router was recently moved, so it could be that. How could I go about checking?
The router is a NETGEAR ProSafe VPN Firewall FVS336G if that helps any.