Unaccounted For Wan Traffic
I could really use some help. I have an pfsense 2.1 installed at an apartment building with about 50 students behind it. I have all units separated into vlans. I keep seeing the WAN traffic graph being maxed out at 30mbps. Literally flatlined at 30mbps yet there will be little or no traffic on any vlans or the lan. I checked pftop and I can see the connections with the src being the wan address of pfsense box and the dest being random ips on port 80. DNS look up the ips tells me nothing so I don't think these are actual web sites. I check the log files don't see where any internal clients have initiated contact with these IP's
Attached is a graph of what I'm seeing. This isn't the best example as there is some traffic on the lan in the graph, but normally there won't be hardly any traffic on the lan when the wan is maxed out.
Any help would be greatly appreciated!
If you're using a proxy such as squid, this has been known to happen if you're trying to cache things such as Windows Updates. Squid will sometimes attempt to download a full file or revalidate the cache even if a client stopped the initial request.