LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Multiple firewall messages with ppp0 (vpn) up
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2012, 10:58 PM   #1
Random_Name
LQ Newbie
 
Registered: Feb 2012
Posts: 2

Rep: Reputation: Disabled
Multiple firewall messages with ppp0 (vpn) up

Hello gurus! I'm running debian squeeze 64bit, and on occassion use a vpn, which is where my question lies. When I have the vpn running, my /var/log/messages.log is absolutely flooded with block messages. These messages happen even when there are no services using the vpn, ie I just connect to the vpn, and the computer is idling.

My computers sit behind a firewalled adsl router, and usually get zero messages from the firewall, the log for the router also shows these warnings. For example;

Code:
Feb 23 03:50:46 fred kernel: [ 3876.973032] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.87.157.117 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=112 ID=30498 PROTO=UDP SPT=41596 DPT=6883 LEN=73 
Feb 23 03:51:02 fred kernel: [ 3892.652551] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.234.132.185 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=109 ID=57106 PROTO=UDP SPT=20949 DPT=6883 LEN=73 
Feb 23 03:51:22 fred kernel: [ 3912.604051] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.226.50.2 DST=0.182.130.21 LEN=93 TOS=0x00 PREC=0x00 TTL=112 ID=13348 PROTO=UDP SPT=32848 DPT=6883 LEN=73 
Feb 23 03:51:42 fred kernel: [ 3932.656032] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.12.78.206 DST=0.182.130.21 LEN=70 TOS=0x00 PREC=0x00 TTL=44 ID=64940 PROTO=UDP SPT=28654 DPT=6883 LEN=50 
Feb 23 03:52:02 fred kernel: [ 3952.525549] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=0.194.38.173 DST=0.182.130.21 LEN=99 TOS=0x00 PREC=0x00 TTL=113 ID=15860 PROTO=UDP SPT=48873 DPT=6883 LEN=79 

... + many more, with various sorcce IPs (I edited the IPs)
Why is my firewall getting hammered by these? Are they anything to worry about, as such? I can clearly see they are getting blocked, but still I wish to ask those in know the mechanics of what's happening, and why. Should all this non-specific-to-me junk get filtered at the vpn end, and not just shunted down the line to the user?

Thanks.
 
Old 02-22-2012, 11:26 PM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Could I see your iptables configuration? Most likely, this is due to how your iptables is configured.
 
Old 02-23-2012, 01:29 PM   #3
Random_Name
LQ Newbie
 
Registered: Feb 2012
Posts: 2

Original Poster
Rep: Reputation: Disabled
I'm using the UFW package to manage my firewall;

Code:
root /etc # ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
I thought that would hardly be enough info! So did some digging and, oh my, UFW has actually added a shed load of various rules!

Code:
root /etc # iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1756 1233K ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1756 1233K ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  130 22907 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1558  210K ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1558  210K ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  299 18820 ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  299 18820 ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  299 18820 ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  299 18820 ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   47  3666 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137 
   83 19241 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138 
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:68 
    0     0 ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   100 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 1511 1206K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68 
  243 26975 ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       224.0.0.0/4          0.0.0.0/0           
  113  4068 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.0/4         
  130 22907 ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   100 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 1257  191K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  299 18820 ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW ALLOW] ' 

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID limit: avg 3/min burst 10 
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL 
  113  4068 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type MULTICAST 
  130 22907 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST 
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
  130 22907 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   79  4740 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 
  220 14080 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW 

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 0 level 4 prefix `[UFW LIMIT BLOCK] ' 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
Perhaps the problem is in there somewhere? I should spend some time reading up on iptables, and add a short specific ruleset to drop as default, allow loopback, and anything related.. Because I couldn't even fathom out where to start with the current ruleset.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Managing A Single Firewall Policy For Multiple Servers Using Firewall Builder LXer Syndicated Linux News 0 12-06-2010 10:20 AM
Multiple Static IPs on ppp0 jnyunt Linux - Networking 1 01-03-2009 08:38 PM
Toggling rc.firewall between ppp0 and eth0 Woodsman Slackware 2 12-05-2005 07:33 PM
forced reconnect creates multiple ppp0 entries in snmp table vimico Linux - Networking 0 11-07-2005 05:01 AM
VPN Firewall with multiple subnet masks CJ_Grobler Linux - Security 1 05-26-2005 03:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:18 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration