FreeNAS outgoing http requests

TimTeka · Jul 3, 2014

Dear Guruz,
All of a sudden one of my FreeNAS instances (1 of 3) is frequently trying to reach various destinations (observe this traffic on firewall). All on port 80. E.g. 23.108.34.219, 94.100.23.179, 64.62.249.132, etc.

How could I make it stop doing that?

c32767a · Jul 3, 2014

With computers, things don't typically "suddenly start" doing anything.

What changed?

Did you install a new jail module, or make some other change?

What services do you have configured? What's different about the misbehaving instance compared to the others?

TimTeka · Jul 3, 2014

I use FreeNAS only for iscsi. No plugins at all, no jails, cifs, etc.

c32767a · Jul 3, 2014

There are only a couple things in freenas that could possibly generate http traffic to the 'net.
There's a script that does dynamic DNS updates in services, but it's off by default.
The other is the script that checks for available jail packages, but that should only run if you go to the page that shows available jail packages.

I return to my original question, what changed, or is different between the instance that's generating the HTTP traffic and the ones that are not?

By the way, since you reference seeing this activity on the firewall, I assume you're not exposing this system to the internet directly. If it is exposed and accessible from the outside of your network, you might also want to check it and see if it's been compromised.

TimTeka · Jul 3, 2014

Sorry, i wish i could remember the moment that FreeNAS has started flooding firewall logs.
As i said earlier i use FreeNAS solely as iscsi target. BTW it would be nice to be able to slightly customize the gui (fot example to hide the Jail or Plugins menus mentioned by you)

TimTeka · Jul 3, 2014

Of course the server is in dedicated vlan, with other freenases and esxi hosts

c32767a · Jul 3, 2014

I'm not a developer, so I can't help with changing the GUI, if you look elsewhere on the site, there is a place to make feature requests.. That's where I'd ask that.

As to the HTTP, the only thing I could suggest at this point is to look at the actual traffic with a sniffer and see what it's trying to access, that might give you some clue as to what part of freenas is making the requests.

c32767a · Jul 3, 2014

Oh, and if your freenas doesn't need internet access, you could always remove the default route.

TimTeka · Jul 3, 2014

you could always remove the default route.

But I can't

I need to control it somehow from my PC (which is in different vlan of course).
The IPs it's trying to access (23.108.34.219, 94.100.23.179, 64.62.249.132, etc) are all FreeNAS web sites. Maybe I've accidentally entered the Plugins page? But why on Earth is it bombing my router now?

cyberjock · Jul 3, 2014

FreeNAS tries to do things in the background. In particular I know it tries to download a plugin manifest list every day. It also tries to sync its time with NTP servers. FreeNAS is designed as an appliance and because of that is not designed to let you mess around with its scripts and such.

I'd say you either block the log entries, let FreeNAS connect to the internet, or just ignore the problems.

Important Announcement for the TrueNAS Community.

FreeNAS outgoing http requests

TimTeka

Dabbler

c32767a

Patron

TimTeka

Dabbler

c32767a

Patron

TimTeka

Dabbler

TimTeka

Dabbler

c32767a

Patron

c32767a

Patron

TimTeka

Dabbler

cyberjock

Inactive Account

Similar threads