Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untangler
    Join Date
    Jan 2010
    Posts
    94

    Question Downloads from 172.30.1.4 ?

    Hello,

    Many times i've seen on my Untangle boxes (in the Report module), the ip address 172.30.1.4 (or something similar) being responsible for big hits and "wasted" bandwidth.

    Example here (screenshot): http://img52.imageshack.us/img52/100...014reports.png

    Is this related to MS Windows Update ? I believe that ip (172.30.1.4) is internal, not an internet ip.. so how would that be used by Microsoft servers ?

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    172.16.0.0 to 172.31.255.255 are private address space, they are not routable across the internet.
    What is your internal scope of ip address?
    You need to look more inside in the reports and find who is go to this address, and why this traffic pass across Untangle.
    Seems to be vpn traffic
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Untangler
    Join Date
    Jan 2010
    Posts
    94

    Default

    Hello dwasserman,

    Untangle ip: 192.168.1.1

    (untangle is the DHCP server, serving from 192.168.1.100 to 200)


    As i said, i've noticed this before on other networks where i also have Untangle running. None of these places use the 172.x.x.x address range internally.

    I'm almost sure it's related to Windows Updates but would like confirmation. Wondering if you guys also have noticed this on your Untangle servers.


    The example in the OP (did you see the screenshot?) shows me exactly who consumed 660 megs in one day so i dont know what you mean by look more inside the reports.

  4. #4
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    172 is the default address of openvn I suspect, you use openvpn?
    The world is divided into 10 kinds of people, who know binary and those not

  5. #5
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,129

    Default

    Quote Originally Posted by ivanradisson View Post
    Hello dwasserman,

    Untangle ip: 192.168.1.1

    (untangle is the DHCP server, serving from 192.168.1.100 to 200)


    As i said, i've noticed this before on other networks where i also have Untangle running. None of these places use the 172.x.x.x address range internally.

    I'm almost sure it's related to Windows Updates but would like confirmation. Wondering if you guys also have noticed this on your Untangle servers.


    The example in the OP (did you see the screenshot?) shows me exactly who consumed 660 megs in one day so i dont know what you mean by look more inside the reports.
    172 is used by OpenVPN. I see a lot of 172 entries in the log when nobody is even using the openvpn so I'm not sure why they are inthe logs.

    Lannie

  6. #6
    Untangler
    Join Date
    Jan 2010
    Posts
    94

    Exclamation

    Hello everyone,

    OpenVPN is not even installed on this Untangle Server.

  7. #7
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Then, you must find more deep in the reports, who is talking whit 172.x.x.x host, and what type of traffic.
    Suspect of hijacked pc.
    The world is divided into 10 kinds of people, who know binary and those not

  8. #8
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    That address is not routable on the internet, so something is misconfigured on your network.

    That traffic is passing through the Untangle to something and something is passing traffic but it's not "on the Internet."

    Make a block rule on the Untangle and see what breaks.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Jan 2010
    Posts
    94

    Default

    I can confirm with 100% sureness that it is Windows Updates.

    Why it comes reported as 172.30.1.4 is what makes it weird...

  10. #10
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    What is your confirmation method? please paste here screenshot
    The world is divided into 10 kinds of people, who know binary and those not

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2