On Thursday 25 February 2010 07:36:50 Roland RoLaNd wrote: > lately i've noticed that lots of traffic being produced by the servers .. > is there a way to know whose using port forwarding to my server so they > access the internet ? I don't know why you use the term "port forwarding". If I understand you correctly., and having said that ip forwarding isn't turned on, you suspect someone is using your 2 servers to gain access to the internet"? The only thing I can think of...they might be using your servers as a SOCKS proxy. For this , there needs to be some way to connect to these serves (SSH? etc...). Log in to these servers and do a "netstat -ntap" so you can see the established connections and track what programs are responsible for these. If anyone is connected to your machines (from the local network) you'll see it there too. Of course, I'm assuming your machines were not tampered with (that is, all the binaries are intact :) Best regards, Jorge p.d. you can try wireshark (network sniffer)...