misterbeetz Posted January 13, 2016 Share Posted January 13, 2016 Just a quick question for the unraid wizards out there. My router setup allows me to track and block unapproved network connections and I see that there is one curious source that attempts outgoing connections on a regular basis from my unraid machine to the same IP in Europe. Normally I would expect the source IP to be the one I had assigned to the unraid box during setup ( i.e. 192.168.x.x) however the source IP in this case is always 172.17.0.4 I currently have a 6.1.6 setup with a handful of dockers (CP, SB, Plex etc), but no vms. Given that I am not a networking/IT guru... Does anyone know of a way that I can dig deeper and find from where these attempts are coming from? Quote Link to comment
Squid Posted January 14, 2016 Share Posted January 14, 2016 disable the containers one at a time and see when it disappears... Its probably Plex communicating with its server's Quote Link to comment
misterbeetz Posted January 14, 2016 Author Share Posted January 14, 2016 Thanks Squid! I have narrowed it down to the Sickrage plugin that I have. I have also determined that the destination IP is one of the lesser known usenet trackers that I have enabled to search from. Oddly enough the packets seem to go through fine when the source IP is that of the unraid machine. They don't go through though when the source IP is 172.17.0.4 ... The only difference I see with the 172. packets is that they are TCP-RA rather than TCP-S. The other trackers I use do not trigger this behavior. Any ideas why source IP would flip flop like this? Quote Link to comment
JonathanM Posted January 14, 2016 Share Posted January 14, 2016 Thanks Squid! I have narrowed it down to the Sickrage plugin that I have. I have also determined that the destination IP is one of the lesser known usenet trackers that I have enabled to search from. Oddly enough the packets seem to go through fine when the source IP is that of the unraid machine. They don't go through though when the source IP is 172.17.0.4 ... The only difference I see with the 172. packets is that they are TCP-RA rather than TCP-S. The other trackers I use do not trigger this behavior. Any ideas why source IP would flip flop like this? 172.x is the internal docker network, all the containers are on it within docker. Why you are seeing that specific behaviour I have no idea. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.