Isolated machine want to access internet

blackd

Hello. I downloaded the pack from netgate and installed ok 2 virtual machine, isolated from the external network. I have putted wireshark on the wan link between the 2 firewalls and i captured packets. I configure with standard ip on lan and wan, without DNS. On capture i saw that pfsense want to reache on some ip from USA, and is not about from update.
Anybody tested that? I think is a breach of security...

P3R

How should pfSense be able to check if later versions of pfSense are available (to inform the administrator of it) without connecting to a Netgate download server?

Maybe you could check what the ip belong to and what kind of traffic it is before crying Wolf here?

blackd

How as i saying is not about update. I disable update. You understand what i said? Read carrefouly.

P3R

I'm sorry that I was unable to decipher that part of your message but my questions are still valid...

What does the ip belong to (USA is kind of big and not specific enough) and what kind of traffic is it?

blackd

Your question is good, but in this moment i am not in front of pc to give you the logs. Later this day i will show the logs. But if i make a connection of 2 pfsense that are no part of internet, and config with default, just ip, why to go to internet ip if my updates are off and not configure any dns or other option?

Gertjan

It's possible to shut down most of pfSense services so it won't call out anymore.
But what about the bogons IP lists ( a cron task ) ?
And the GUI that goes out no matter what, to check for a new, updated ULA ?
These are the ones that I know of right now. Others might exist.

To shut these down, you have to change the code.

@blackd said in Isolated machine want to access internet:

I think is a breach of security...

Think again.

johnpoz

So your saying pfsense without any dns is reaching out to a specific IP? So the IP must be hard coded into pfsense to check for X?

I don't think so to be honest, hard coding IPs is horrible coding!

Lets see these logs, or the IP that its reaching out to.. And we can prob figure out what is going on.. But I would be very surprised if the pfsense dev's hardcoded an IP into anything they are running. Best would also be these sniffs you took.

You have no packages installed?

You sure its just not the ping to the gateway of pfsense wan? That would be reaching out to an IP without dns to resolve it.. You do know that pfsense even if you turn off unbound, will try and grab dns from dhcp on its wan. And then would attempt to use that for dns..

Also how are you sure its not something on the lan side trying to get to X?

What about NTP? If pfsense at any time had dns, it would of resolved some IPs in the ntp.pool and be trying to set time with those, etc.

TL;DR going to need way more info to try and help you figure out what your seeing.

Also, I have a few pfsense vms I could fire up and try and duplicate what your doing/seeing..