Hello gurus! I'm running debian squeeze 64bit, and on occassion use a vpn, which is where my question lies. When I have the vpn running, my /var/log/messages.log is absolutely flooded with block messages. These messages happen even when there are no services using the vpn, ie I just connect to the vpn, and the computer is idling.
My computers sit behind a firewalled adsl router, and usually get zero messages from the firewall, the log for the router also shows these warnings. For example;
Feb 23 03:50:46 fred kernel: [ 3876.973032] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.87.157.117 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=112 ID=30498 PROTO=UDP SPT=41596 DPT=6883 LEN=73
Feb 23 03:51:02 fred kernel: [ 3892.652551] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.234.132.185 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=109 ID=57106 PROTO=UDP SPT=20949 DPT=6883 LEN=73
Feb 23 03:51:22 fred kernel: [ 3912.604051] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.226.50.2 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=112 ID=13348 PROTO=UDP SPT=32848 DPT=6883 LEN=73
Feb 23 03:51:42 fred kernel: [ 3932.656032] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.12.78.206 DST=0.182.130.21 LEN=70 TOS=0x00 PREC=0x00 TTL=44 ID=64940 PROTO=UDP SPT=28654 DPT=6883 LEN=50
Feb 23 03:52:02 fred kernel: [ 3952.525549] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.194.38.173 DST=0.182.130.21 LEN=99 TOS=0x00 PREC=0x00 TTL=113 ID=15860 PROTO=UDP SPT=48873 DPT=6883 LEN=79
... + many more, with various sorcce IPs (I edited the IPs)
Why is my firewall getting hammered by these? Are they anything to worry about, as such? I can clearly see they are getting blocked, but still I wish to ask those in know the mechanics of what's happening, and why. Should all this non-specific-to-me junk get filtered at the vpn end, and not just shunted down the line to the user?