Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Feb 2021
    Posts
    24

    Default Untangle pinging internal hosts by itself?

    My untangle box acts as the edge firewall for my network, but I also have an internal router that blocks not already established traffic coming into the internal network.
    The Internal router logs blocked packets and I have just noticed that untangle is attemping to ping internal hosts behind this router.
    I would assume this is untangles way of trying to identify the host?
    Why is it doing this?
    How can I turn this off?

    Screenshot_20210418_192739.png

    In that photo 172.20.0.1 is the untangle LAN interface, and the 172.20.10.6 is a host behind the internal router. Weirdly enough, 172.20.10.6 is the only one being ping'd.

    Here is a little more detailed view from syslog messages:
    Screenshot_20210418_193358.png

    Its definitely an ICMP request from untangle

    Just checked untangle's logs, its on there as well:
    Screenshot_20210418_193645.png
    Last edited by erasedhammer; 04-18-2021 at 04:37 PM.

  2. #2
    Untanglit
    Join Date
    Dec 2020
    Posts
    15

    Default

    I had kind of a simuler "issue", my monitoring server found out the untangle was responding on port 25 and untangle was forwarding this traffic to my mail gateway. On the mail gateway it appeared as if it was untangle that kept connecting on port 25.
    So during troubleshooting, you try to check if untangle is explicidly forwarding icmp traffic to 172.20.10.6, you could also try creating a firewall rule blocking icmp to 172.20.10.6.

    /Peter

  3. #3
    Untanglit
    Join Date
    Feb 2021
    Posts
    24

    Default

    Quote Originally Posted by bndt206 View Post
    I had kind of a simuler "issue", my monitoring server found out the untangle was responding on port 25 and untangle was forwarding this traffic to my mail gateway. On the mail gateway it appeared as if it was untangle that kept connecting on port 25.
    So during troubleshooting, you try to check if untangle is explicidly forwarding icmp traffic to 172.20.10.6, you could also try creating a firewall rule blocking icmp to 172.20.10.6.

    /Peter
    Yeah, I am blocking it at the internal router. I am more keen to find what is generating the icmp traffic, and hopefully turn it off at the source. I am not using untangle as my DHCP server, so it shouldnt be using icmp to identify unused IP addresses (at least I would hope not).

    As of lately, the pings are coming every 8 to 12 hours, and cycle through a couple of internal hosts (all in that same subnet). I am slowly running strace on a couple PIDs on untangle to hopefully identify the local program generating the traffic.

  4. #4
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    What is your netmask? I dont think how untangle can ping (or any other session) if in the middle have a router with port forward rules. A simple diagram of your lan with all ip address involved can help us to help you
    The world is divided into 10 kinds of people, who know binary and those not

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2