linux

Gray IPs in the source of the packet, from where?

Actually, I’ve been thinking about what day it is, what’s the matter and why, when sending packets from the local network (behind NAT), the packets fly to the Internet with a source address with a gray IP!
Log from Uncle Lesha (provider admin):

Посмотрел ваш трафик, возможно на выходе не все попадает под NAT/firewall, вот срез с нашего роутера, интерфейс Gi0/NAME_INTERFACE - это
VLAN ваш, пакеты с приватными адресами летят "наружу":
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Gi0/NAME_INTERFACE     ***Local_ip****  Null          64.233.165.113  11 D769 01BB     3
Gi0/NAME_INTERFACE     ***Local_ip****  Null          52.17.203.231   06 FAAE 040C     7
Gi0/NAME_INTERFACE     ***Local_ip****  Null          74.125.205.189  11 F8EF 01BB     1
Gi0/NAME_INTERFACE     ***Local_ip****  Null          52.17.203.231   06 E6A4 040C     3
Gi0/NAME_INTERFACE     ***Local_ip****  Null          64.233.165.139  06 D163 01BB     1

NAT is naturally included, there are forwards. Uncle Lesha should see the external IP given to us, right? And in fact, in such a scenario that its "extreme" border router cuts off these packets, since the answer will come to them, and this affects the quality of the "Internet services" that we receive ..
And packets with a source address with a local IP on the external interface, only the mystery is that it is not a full-fledged subnet, but from different subnets, packets selectively fly ... As an example:

09:23:12.451428 IP ***LOCAL_IP***.63440 > 94.100.180.72.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.454861 IP ***LOCAL_IP***.63435 > 94.100.180.76.443: Flags [F.], seq 3091904178, ack 4143344419, win 1020, length 0
09:23:12.454880 IP ***LOCAL_IP***.63435 > 94.100.180.76.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.454892 IP ***LOCAL_IP***.63433 > 217.69.139.244.443: Flags [F.], seq 3268938754, ack 859051175, win 65535, length 0
09:23:12.455099 IP ***LOCAL_IP***.63433 > 217.69.139.244.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.456098 IP ***LOCAL_IP***.63432 > 217.69.139.244.443: Flags [F.], seq 1193167781, ack 3677299424, win 1021, length 0
09:23:12.456344 IP ***LOCAL_IP***.63432 > 217.69.139.244.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:13.416121 IP ***LOCAL_IP***.63444 > 184.31.10.65.443: Flags [F.], seq 2954132686, ack 1776309780, win 1022, length 0
09:23:13.416135 IP ***LOCAL_IP***.63444 > 184.31.10.65.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:16.264048 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 4112172240, ack 2323109567, win 16425, length 0
09:23:16.564170 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0
09:23:17.160054 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0
09:23:18.361985 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0

Somewhere buried "curvature of the hands" or software?