LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Mandriva 2007 Firestarter set up (http://www.linuxquestions.org/questions/linux-security-4/mandriva-2007-firestarter-set-up-519581/)

paul123 01-15-2007 05:26 PM

Mandriva 2007 Firestarter set up
 
I installed rpm firestarter and got a message in consol about setting chkconfig..... IPtables:scratch: or something else.

I found chkconfig but its an executable? Man told me abit more....im sure im supposed to find a script and # out something? at least that what it sounds like.

When you try to start in kde as user you get an error. If I kdesu firestarter it runs ok.

When the system boots I can see firestarter being initialised in a run level but theres no sign of it in desktop after boot and ps -aux reveals no firestarter running???

Sorry im totally green, got enough Linux knowledge to scrap by but thats it.

Ive googled it and found a bug report which wasnt a bug...they said the IPtables are defaulted to ON after set up in mandriva 2007....

Back to the file that i need to edit. i need fire starter to run from boot.

I cant find the script.:scratch:

paul123 01-16-2007 11:28 AM

Ok I unistalled firestarter and put the mandriva firewall back in until I understand whats going on.

Next I went to consol and urpmi firestarter, after its installed it finishes with this message.

You have to decide whether to let iptables startup script
or firestarter to control your firewall, using chkconfig.


Ok now according to a bug report and reply; in mandriva 2007 a configuration script is set to IPtables ON, this is why when I try to start firestarter GUI in desktop I get unknown error. How do I sort this???

Bug report here: http://archives.mandrivalinux.com/co...1/msg02569.php

The GUI does run under root. Sorry if this is not the right forum, maybe I should try newbie? If its wrong can a mod please move the thread, thanks.

b0uncer 01-16-2007 11:33 AM

Quote:

When you try to start in kde as user you get an error. If I kdesu firestarter it runs ok.
This is because regular users should not be able to alter firewall/etc configuration, for obvious reasons. It's the job of a system administrator.

You need to understand some things, after which this problem doesn't sound a problem at all anymore. Firestarter is not a firewall. It is merely a graphical front-end, a nice window-formed tool that allows you to control a program called iptables in a more convenient way, and iptables (user-space program) then controls the actual iptables which is in your Linux kernel, and does the real job. Therefore Firestarter does not need to show up on your desktop, not necessarily even run every boot if you configure a few things. The thing Firestarter is for is creating a configuration for iptables. After that Firestarter is probably loaded during boot, it pushes this config you created to iptables which then takes it in use. Another way would be to save the config into a file and use iptables-restore or just a shell script to load it during boot. You don't even need Firestarter to have an iptables-based firewall, since you could just as well use iptables from console; the easy way to handle bigger firewall/router/etc configurations would be to write a script that handles iptables; possibly then use iptables-save to save that config into a slightly more iptables-looking file and use iptables-restore to load that file during boot (because iptables rules are not written in kernel and thus need to be reloaded during boot by an initscript).

So, shortly:

- Firestarter is not a firewall, just a graphical tool to configure iptables rules
- Firestarter does not need to run all the time, you just run it once when you create config and then let it be, and it ought to load that config for you
- if you are curious if your configuration is loaded at boot, check out (note: as root)
Code:

iptables -L
and you should see your rules -- note: in iptables' "format".

I hope that cleared things up a bit. Quite a many newcomer think Firestarter (or any other alike) need to be run all the time, like ZoneAlarm on Windows for example, but that is not the case. iptables is usually enabled in the kernel, and controlling it happens trough iptables userspace program, which is usually installed by default. If you remove your Firestarter you still have a firewall, it's just that probably Firestarter is no longer "feeding" the rules to iptables during boot, and you need to create an own/add to an existing initscript which handles it; this is not difficult at all.

More information (that you should read): iptables.org

EDIT:

Quote:

You have to decide whether to let iptables startup script
or firestarter to control your firewall, using chkconfig.
This is just what I meant: your firewall rules are saved into a file on your harddisk, by Firestarter if you use it, and then somebody just needs to "load" them when your machine boots. There exists an initscript of iptables' in your system that can do it, or then Firestarter can do it as well (I just wonder why, but I guess for nice working). It's just no use to have them both do it. That's why you have to decide if you want Firestarter, or iptables' initscript, do it. They make no difference, both just load the same rules to iptables. It is not a bug, it is the way the program works.

paul123 01-18-2007 12:04 AM

Thanks. I got it now. :cool:


All times are GMT -5. The time now is 03:01 PM.