Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Localhost resolving to strange address

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Charlie22911
      last edited by

      So I've got something weird going on that I noticed while monitoring network traffic. localhost ipv4 and ipv6 are resolving to gearssdk.opswat.com and I am not sure why.
      Is this something to be concerned about? Strangely, even if I use MXToolBox to do a DNS lookup it also resolves gearssdk.opswat.com to localhost…

      1 Reply Last reply Reply Quote 0
      • C
        Charlie22911
        last edited by

        Doing a port span on LAN interface to monitor, only traffic being passed is between my main PC on random high ports (55000 and up) and 127.0.0.1 TCP ports 443 and 19000. Sitting at 31GB of traffic over a 12ish hour period with a TCP checksum error count of over 24 million between this address only.

        The MAC address associated with this 127.0.0.1 is 00:0E:C4:D2:7F:7F which doesn't match any known device on my network and seems to be associated with the company Iskra Transmission D.d.

        I still can't figure this out, it'd driving me batty… No ideas folks?

        1 Reply Last reply Reply Quote 0
        • GrimsonG
          Grimson Banned
          last edited by

          Probably a host entry on your PC and not related to pfSense at all. Try to resolve it from a different device or pfSense itself.

          If you want more help you first need to provide a lot more details about your pfSense setup, you didn't even include whether you're using the resolver or forwarder.

          1 Reply Last reply Reply Quote 0
          • C
            Charlie22911
            last edited by

            I'm a bit new to this, so let me give this a shot… Please let me know if there are more specific items I need to list.

            I'm using 2.4.2-RELEASE-p1, DNS resolver with forwarding enabled to Google DNS ipv4 and ipv6 with interfaces set to its default of ALL.

            Physical setup is a Qotom fanless box with i3 4025u + 4GB ram and quad intel i210 nics as follows: Cable modem > pfSense WAN >|> pfSense LAN+SPAN > Netgear GS108T managed switch (LAN) + Monitoring PC (SPAN) which is separate from my main PC.

            Packages installed are Snort, pfBlockerNg, ntopng, nut, openvpn-client-export.

            I tried powering off my main PC to see what how the traffic changes, and 127.0.0.1 now correctly resolves to the hostname of the device that performed the resolution; the target MAC address is still the same however. Originally 127.0.0.1 was resolving to gearssdk.opswat.com regardless of the device performing the resolution.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.