FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-20-2008, 06:14 PM
Fred Schuelzky
 
Default Noobie question -- Firestarter

How can i start firestarter on boot up?





Thanks
Fred

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 06:39 PM
Nik
 
Default Noobie question -- Firestarter

In article <47939D7F.4020007@earthlink.net>,
Fred Schuelzky <phredsky@earthlink.net> wrote:
> How can i start firestarter on boot up?

You don't want to do that!
Firestarter is just a front end to iptables, which is the standard firewall
in Ubuntu. This should be started automagically when Ubuntu boots,
presumably at the same time that networing is brought up.
Therefore any rules that you make using Firestarter will always be there.

Nik





> Thanks
> Fred

--
"welcome to the blood red crimson sky of another imperial day"

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 06:45 PM
andy baxter
 
Default Noobie question -- Firestarter

Nik wrote:
> In article <47939D7F.4020007@earthlink.net>,
> Fred Schuelzky <phredsky@earthlink.net> wrote:
>
>> How can i start firestarter on boot up?
>>
>
> You don't want to do that!
> Firestarter is just a front end to iptables, which is the standard firewall
> in Ubuntu. This should be started automagically when Ubuntu boots,
> presumably at the same time that networing is brought up.
> Therefore any rules that you make using Firestarter will always be there.
>
> Nik
>
>
Are you sure about this? I thought that changes to iptables were stored
in the kernel memory, so not preserved between boots unless a script in
/etc/init.d specifically re-creates them.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 07:39 PM
Mario Vukelic
 
Default Noobie question -- Firestarter

On Sun, 2008-01-20 at 19:45 +0000, andy baxter wrote:
> unless a script in
> /etc/init.d specifically re-creates them.

And firestarter installs these files that do just that:

/etc/init.d/firestarter
/etc/network/if-down.d/50firestarter
/etc/network/if-up.d/50firestarter
/etc/ppp/ip-down.d/50firestarter
/etc/ppp/ip-up.d/50firestarter

When interfaces are managed through NetworkManager, as far as I can see
NM runs /etc/NetworkManager/dispatcher.d/01ifupdown. This should take
care of running /etc/network/if-*.d/50firestarter


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 07:53 PM
Mario Vukelic
 
Default Noobie question -- Firestarter

On Sun, 2008-01-20 at 19:45 +0000, andy baxter wrote:
> unless a script in
> /etc/init.d specifically re-creates them.

Which is what Firestarter does. I provides these files:

/etc/init.d/firestarter
/etc/network/if-down.d/50firestarter
/etc/network/if-up.d/50firestarter
/etc/ppp/ip-down.d/50firestarter
/etc/ppp/ip-up.d/50firestarter

And NetworkManager seems to run them, too,
through /etc/NetworkManager/dispatcher.d/01ifupdown.

I don't know if this has to be enabled in the Firestarter preferences or
if it is the default, but suspect the latter. One can easily run a port
scan to the _outside* IP address with the Network Tools from menu System
> Administration. It will show that status of the ports.

* If you have a (WLAN) router, go to its configuration interface and see
which IP address faces outwards, then use this in the port scan. If you
don't have a router, use ifconfig on the command line or rightclick the
NetworkManager applet in the notification area to see its properties.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 08:00 PM
andy baxter
 
Default Noobie question -- Firestarter

Mario Vukelic wrote:
> On Sun, 2008-01-20 at 19:45 +0000, andy baxter wrote:
>
>> unless a script in
>> /etc/init.d specifically re-creates them.
>>
>
> And firestarter installs these files that do just that:
>
> /etc/init.d/firestarter
> /etc/network/if-down.d/50firestarter
> /etc/network/if-up.d/50firestarter
> /etc/ppp/ip-down.d/50firestarter
> /etc/ppp/ip-up.d/50firestarter
>
> When interfaces are managed through NetworkManager, as far as I can see
> NM runs /etc/NetworkManager/dispatcher.d/01ifupdown. This should take
> care of running /etc/network/if-*.d/50firestarter
>
OK - I thought it might but wasn't sure.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2008, 09:08 PM
"Jeffrey F. Bloss"
 
Default Noobie question -- Firestarter

Mario Vukelic wrote:

>
> On Sun, 2008-01-20 at 19:45 +0000, andy baxter wrote:
> > unless a script in
> > /etc/init.d specifically re-creates them.
>
> And firestarter installs these files that do just that:

But does it actually *work*?

My experience with Firestarter (dated by about a year now so buyer
beware) is that something is "missing" somewhere. To have your netfilter
rules installed at boot time rather then when a user logs in you need
to either sort out Firestarter's convoluted chain of shell scripts and
create more symlinks, or use the GUI just as a management tool and
install a standard iptables script in /etc/init.d so that you can "save"
and "restore" rules properly as etc/default/iptables-rules.

Again, the last time I messed with Firestarter was probably better than
a year ago, but at that time it installed all the "necessary files" and
still wouldn't load rule sets at boot time. That certainly could have
changed. They way to test it is to log into a Ctrl-Alt-F1 console before
logging into the GUI and running a 'sudo iptables --list'. If you don't
see something considerably more involved than the iptables default
3-chain "ACCEPT" policy, you're probably not loading your custom rule
set at boot time.

--
|/ Outside of a dog, a book is a man's best friend.
(o O) Inside of a dog, it's too dark to read.
-oOO-(_)-OOo-------------------------------[ Groucho Marx ]---
http://wrench.homelinux.net/~jeff/

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-21-2008, 03:50 AM
Mario Vukelic
 
Default Noobie question -- Firestarter

On Sun, 2008-01-20 at 17:08 -0500, Jeffrey F. Bloss wrote:
> My experience with Firestarter (dated by about a year now so buyer
> beware) is that something is "missing" somewhere. To have your
> netfilter
> rules installed at boot time

I think the problem here is that NM does only starts when the user logs
in. To have the network run at boot time, just go the old-fashioned way
and define the interfaces in /etc/network/interfaces


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-21-2008, 03:51 AM
Mario Vukelic
 
Default Noobie question -- Firestarter

Sorry for posting the same thing twice, the first time Evo had
crashed ...

On Sun, 2008-01-20 at 21:53 +0100, Mario Vukelic wrote:
> On Sun, 2008-01-20 at 19:45 +0000, andy baxter wrote:
> > unless a script in
> > /etc/init.d specifically re-creates them.
>
> Which is what Firestarter does. I provides these files:
>
> /etc/init.d/firestarter
> /etc/network/if-down.d/50firestarter
> /etc/network/if-up.d/50firestarter
> /etc/ppp/ip-down.d/50firestarter
> /etc/ppp/ip-up.d/50firestarter
>
> And NetworkManager seems to run them, too,
> through /etc/NetworkManager/dispatcher.d/01ifupdown.
>
> I don't know if this has to be enabled in the Firestarter preferences or
> if it is the default, but suspect the latter. One can easily run a port
> scan to the _outside* IP address with the Network Tools from menu System
> > Administration. It will show that status of the ports.
>
> * If you have a (WLAN) router, go to its configuration interface and see
> which IP address faces outwards, then use this in the port scan. If you
> don't have a router, use ifconfig on the command line or rightclick the
> NetworkManager applet in the notification area to see its properties.
>
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org