I have some packet captures that specify my internal NAT’d IP in the WAN packet capture trace. They are all RST and FIN packets for some kind of TCP session on 443. There are also retransmission for the FIN and RST packets.
What could cause this? I was under the impression that Internal addresses would never go out a WAN link that is configured for NAT. Is it possible that the router destroys the session completely from its translation table as soon as the first FIN/RST goes across and therefor it can no longer match the session in its translate table - so it does no translation and simply forwards the packet unaltered?