I have configured my AR300M to use the router of my home network as DNS server. This seems to work, as /tmp/resolv.conf.auto contains:
Despite this, the AR300M frequently sends icmp packages to the following domains:
This is the case even when no client is connected to LAN. I’d rather not have my devices ping Google all day long. How can I find out which service creates these requests and how to disable them? DDNS is disabled, since I have no use for it.
Thanks in advance for any help!
EDIT: Sorry, being not very knowledgeable in networking, I assumed that these were DNS requests, given the host names. But they turn out to be ICMP echo requests (pings). I edited the title to reflect this better.
The AR300M pings each of these addresses every 5 seconds 24/7! Can this be turned off? Otherwise I’ll just have to filter this traffic in my firewall, but that does not seem the right approach to me.
I think this is GLi Health (supposed to be a repeater manger, IIRC).
Whilst I like some help with “repeater manager”, I, like you, do not want my router calling out for anything (updates. health etc.) especially to untrusted sites like Google.
How about a GL Health script which manages the repeater part without the undesirable “pinging” of outside sites?
Thanks for the hint, glitch! My AR300M has a wired connection to my home router, so no need to check the connection. In case internet access is lost, there is nothing the AR300M can do about it.
I’ll check the “Auto scan & reconnect” and similar options when I get a chance (not near my router now). Maybe there is a service for this which I can just turn off?
So I’m back near my router now. I searched for references to gl_health in /etc/rc.local as per this post, but haven’t found any. The file exists in /usr/bin/gl_health but I find no reference to it. So my impression is that gl_health may not be the culprit, after all.
But I found this in /etc/config/mwan3:
root@GL-AR300M:/etc# cat /etc/config/mwan3
config interface 'wan'
option enabled '1'
list track_ip '18.104.22.168'
list track_ip '22.214.171.124'
list track_ip '126.96.36.199'
list track_ip '188.8.131.52'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '5'
option up '3'
So I searched the forums a bit more, and it turns out this has been discussed (needed to know mwan3 was the culprit to find that thread…). Since I don’t have a multi-WAN setup, the solution was easy for me. I just needed to remove mwan3 as described here:
A reboot later I did a packet capture again, and now there are only NTP and DHCP requests left (both going to my home router). I’m a happy camper
Yes that is how it works. Need to just disable mwan3 if there is only one method configured.
Thanks for confirming this, @alzhao!
IMHO, it would be desirable to have mwan3 disabled by default, as long as only one method is configured. I’m wondering how many GL.iNet routers out there send out thousands of pings per hour 24/7 to Google and others for apparently no reason at all.
is there a way to disable this in luci? I couldn’t find any references to wan3.
I’m not aware of a way to do that in luci. That doesn’t mean there is no way - I’m far from being an expert. But IIRC I didn’t see mwan3 among the packages that can be uninstalled in the software tab in luci.
to disable mwan3, find /etc/hotplug.d/iface and find mwan3.
Edit the script and add
exit 0 in the beginning.
@alzhao I have looked for that file, it had already been uninstalled when I removed mwan3 via the methods described above;
opkg remove luci-app-mwan3 mwan3
I’m still seeing my gl constantly connecting to resolver2.opendns.com (184.108.40.206); I’ve configured the gl to use my primary router for DNS which is far more securely configured with Dnscrypt and dnssec; I don’t want or need this router pre configured, or configuring itself to connect to whatever dns server it wants, this is a security risk. How do I disable these querys altogether?
Check /etc/config/network and remove dns settings
Thank you @alzaho, sorry, I was running Zema antimalware and it was actually the culprit connecting to opendns, for whatever reason;
As long as you solved your issues I am happy.