search

linuxserver / docker-unifi-network-application

GNU General Public License v3.0
553 stars 41 forks source link

[BUG] Outgoing connections to unusual IPs from container #92

Closed scottf51 closed 1 week ago

scottf51 commented 1 week ago

Is there an existing issue for this?

Current Behavior

Currently after installing the latest version of Unifi from this image (8.2.93 ) - I am seeing some weird outbound communication that seems to be triggered when connecting to the unifi server via the IOS app, although not 100% on the trigger , example of the communication below. I should note that none of the 10.x.x.x or 192.x.x.x address exist on my local network or are the initiators of the comms , some of the IPs seem to belong to AWS / twillo , some Vodafone and I cannot see any reason for it or any indication that it should be expected based on the unifi docs https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference

In this case 172.18.0.2 is the unifi server running on docker and it was installed per the instructions in the readme and seems to be operating ok. IT is of course possible that this is expected / in the standard unifi server , I do not have a comparison at this time , but though it worth reporting in case this is 

Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=148.252.141.73 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=8743 DF PROTO=UDP SPT=34427 DPT=46605 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14506 DF PROTO=UDP SPT=34427 DPT=33192 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14507 DF PROTO=UDP SPT=34427 DPT=37429 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14508 DF PROTO=UDP SPT=34427 DPT=43583 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14509 DF PROTO=UDP SPT=34427 DPT=28077 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=10.80.7.30 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=16596 DF PROTO=UDP SPT=34427 DPT=60058 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=10.86.123.133 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=21166 DF PROTO=UDP SPT=34427 DPT=54065 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=192.0.0.6 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=62556 DF PROTO=UDP SPT=34427 DPT=49734 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=10.86.123.133 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=21167 DF PROTO=UDP SPT=34427 DPT=49673 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=10.86.123.133 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=21168 DF PROTO=UDP SPT=34427 DPT=52876 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=148.252.141.73 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=8762 DF PROTO=UDP SPT=34427 DPT=43056 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=148.252.141.73 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=8763 DF PROTO=UDP SPT=34427 DPT=46605 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14525 DF PROTO=UDP SPT=34427 DPT=33192 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14526 DF PROTO=UDP SPT=34427 DPT=37429 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14527 DF PROTO=UDP SPT=34427 DPT=43583 LEN=120 
Jun 18 01:29:39 scott-mm kernel: DOCKER-USER: IN=br-9dde562dac8a OUT=enp4s0 PHYSIN=vethd535456 MAC=02:42:ff:60:22:04:02:42:ac:12:00:02:08:00 SRC=172.18.0.2 DST=52.215.127.252 LEN=140 TOS=0x18 PREC=0xA0 TTL=63 ID=14528 DF PROTO=UDP SPT=34427 DPT=28077 LEN=120

Expected Behavior

No egress connections via unexpected ports

Steps To Reproduce

Install debian bookworm

Install docker

create docker containers for unifi and mongo, docker compose file here :

services:
  unifi-db:
    image: mongo:7.0
    container_name: unifi-db
    environment:
      - MONGO_USER=unifi
      - MONGO_PASS=XXXXXXXXXXXXXXX
      - MONGO_DBNAME=unifi
    volumes:
      - /docker-data/new-unifi-db/db:/data/db
      - /docker-data/new-unifi-db/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped

  unifi-network-application:
    depends_on:
      - unifi-db
    image: linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - MONGO_PASS=XXXXXXXXXXX
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      # - MONGO_TLS= #optional
      # - MONGO_AUTHSOURCE= #optional
    volumes:
      - /docker-data/new-unifi-controller/config:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped

Allow egress ports through IPtables on parent host as per unifi docs

Connect to unifi server on LAN and then via cellular

Check firewall logs for blocked connections

Environment

- OS:debian bookworm 
- How docker service was installed: installed via instructions on docker website - using debian apt repo 

scott@scott-mm:~$ cat /etc/apt/sources.list.d/docker.list 
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian   bookworm stable


### CPU architecture

x86-64

### Docker creation

```bash
sudo docker compose -f docker-compose-new-unifi.yml up --detach

that yaml file is :

services:
  unifi-db:
    image: mongo:7.0
    container_name: unifi-db
    environment:
      - MONGO_USER=unifi
      - MONGO_PASS=XXXXXXXXXXXXXXX
      - MONGO_DBNAME=unifi
    volumes:
      - /docker-data/new-unifi-db/db:/data/db
      - /docker-data/new-unifi-db/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped

  unifi-network-application:
    depends_on:
      - unifi-db
    image: linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - MONGO_PASS=XXXXXXXXXXX
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      # - MONGO_TLS= #optional
      # - MONGO_AUTHSOURCE= #optional
    volumes:
      - /docker-data/new-unifi-controller/config:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped

### Container logs

```bash
It should be noted that the system seems to be running fine , so while there may be errors ,  I'm not super concerned about them, more concerned about the coutbound connections I do not see a reason for 

[custom-init] No custom files found, skipping...
[ls.io-init] done.
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: destroy called
[migrations] started
[migrations] no migrations found
usermod: no changes
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1000
User GID:    1000
───────────────────────────────────────

[custom-init] No custom files found, skipping...
[ls.io-init] done.
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Unable to read data from SCTP socket. Permanent error: (104) Connection reset by peer
:0 SCTP ingest failed
:0 SCTP ingest failed
:0 Unable to do SSL I/O
:0 webRtcId 1 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TURN instance failed: TURN id:   3; fd: 215 0.0.0.0:60616 -> 52.215.127.230:3478 (all_interfaces) DTLS id: 27,
:0 All TURN channel bindings failed
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Unable to read data from SCTP socket. Permanent error: (104) Connection reset by peer
:0 SCTP ingest failed
:0 SCTP ingest failed
:0 Unable to do SSL I/O
:0 webRtcId 2 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TURN instance failed: TURN id:   3; fd: 215 0.0.0.0:58139 -> 52.215.127.230:3478 (all_interfaces) DTLS id: 34,
:0 All TURN channel bindings failed
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 All TURN channel bindings failed
:0 webRtcId 3 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 4 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 5 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Unable to read data from SCTP socket. Permanent error: (104) Connection reset by peer
:0 SCTP ingest failed
:0 SCTP ingest failed
:0 Unable to do SSL I/O
:0 webRtcId 6 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TURN instance failed: TURN id:   3; fd: 212 0.0.0.0:60787 -> 52.215.127.255:3478 (all_interfaces) DTLS id: 22,
:0 All TURN channel bindings failed
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 7 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Unable to read data from SCTP socket. Permanent error: (104) Connection reset by peer
:0 SCTP ingest failed
:0 SCTP ingest failed
:0 Unable to do SSL I/O
:0 webRtcId 8 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TURN instance failed: TURN id:   3; fd: 214 0.0.0.0:57546 -> 52.215.127.227:3478 (all_interfaces) DTLS id: 23,
:0 All TURN channel bindings failed
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 webRtcId 9 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 All TURN channel bindings failed
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 10 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 11 terminated with code: (-2147090409) WebRTC connection interrupted from far side
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 TCP candidates not supported yet
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 Permanent error code on channel bind request: 403 - Forbidden IP
:0 All TURN channel bindings failed
:0 webRtcId 12 terminated with code: (-2147090409) WebRTC connection interrupted from far side
github-actions[bot] commented 1 week ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

scottf51 commented 1 week ago

Did some more testing, looks like this only happens when you connect via remote, ie not on LAN , so connecting via unifi servers using the IOS app

At least in testing right now when I connect using the app via the LAN I do not see this, (ie "directly connected" ) according to the app . I also do not see this traffic when I connect to the unifi server via the LAN using a browser.

j0nnymoe commented 1 week ago

This sounds like it's not a bug and working as expected if you're seeing the traffic when remotely connecting.

scottf51 commented 1 week ago

It is traffic that is not called out in unifi docs though, not on their ports , very odd , looks like the majority of it is to do with STUN

It is also going to RFC1918 addresses that do not exist on my network, so no way it can actually route to them and no idea where it is getting the idea it should be using them

scottf51 commented 1 week ago
Screenshot 2024-06-18 at 23 43 04
scottf51 commented 1 week ago

weird, as I said 192.0.0.6 for example does not exist at all on my network, neither does 10.132.x.x or 10.83.x.x, where would it get that IP ? seems clear it is trying to use twilio.com for something , like I said , maybe this is just Unifi . I guess really I need to find some more hardware and install the same Unifi server manually from their website and see if I see the same behaviour, but thought there may be someone cleverer than me that has seen this before / knows it is normal :)

Roxedus commented 1 week ago

This would all be traffic that Ubiquity is making, it is best to reach out to them to get answers, we simply just consumes their packages to build this image.

This issue has nothing to do with the image itself, and therefore it is not related, closing.