OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: Lawrence Dol on July 26, 2019, 05:14:41 am

Title: Firewall is conecting to servers around the world?
Post by: Lawrence Dol on July 26, 2019, 05:14:41 am

My test installation of OPNsense is connecting to 4 servers in various countries, USA (x2), Czechia, and Iran for reasons I can't identify. The IP addresses are 184.105.182.16, 89.221.210.188, 37.156.28.13, and 23.131.160.7 and connections are made about every 5 minutes. The installation is a vanilla install at this point, with nothing that ought to be polling for anything that I am aware of.

The only plugins I've installed are: acme-client (still disabled), maltrail, netdata, and ntopng.

Any ideas? I'm sure it's nothing, but I am mildly alarmed by this.

Title: Re: Firewall is conecting to servers around the world?
Post by: mimugmail on July 26, 2019, 06:05:13 am

First step would be disable Plugins one by one. Maltrail e.g. updates trails via GitHub every now and then.

Title: Re: Firewall is conecting to servers around the world?
Post by: chemlud on July 27, 2019, 10:16:13 am

Could you share pcap to have look what's going on? Do you have any aliases defined with domain names that could resolve to these addresses?