LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-15-2007, 04:26 PM   #1
paul123
Member
 
Registered: Nov 2006
Location: UK
Distribution: Mandriva 2007
Posts: 93

Rep: Reputation: 15
Mandriva 2007 Firestarter set up


I installed rpm firestarter and got a message in consol about setting chkconfig..... IPtables or something else.

I found chkconfig but its an executable? Man told me abit more....im sure im supposed to find a script and # out something? at least that what it sounds like.

When you try to start in kde as user you get an error. If I kdesu firestarter it runs ok.

When the system boots I can see firestarter being initialised in a run level but theres no sign of it in desktop after boot and ps -aux reveals no firestarter running???

Sorry im totally green, got enough Linux knowledge to scrap by but thats it.

Ive googled it and found a bug report which wasnt a bug...they said the IPtables are defaulted to ON after set up in mandriva 2007....

Back to the file that i need to edit. i need fire starter to run from boot.

I cant find the script.
 
Old 01-16-2007, 10:28 AM   #2
paul123
Member
 
Registered: Nov 2006
Location: UK
Distribution: Mandriva 2007
Posts: 93

Original Poster
Rep: Reputation: 15
Ok I unistalled firestarter and put the mandriva firewall back in until I understand whats going on.

Next I went to consol and urpmi firestarter, after its installed it finishes with this message.

You have to decide whether to let iptables startup script
or firestarter to control your firewall, using chkconfig.


Ok now according to a bug report and reply; in mandriva 2007 a configuration script is set to IPtables ON, this is why when I try to start firestarter GUI in desktop I get unknown error. How do I sort this???

Bug report here: http://archives.mandrivalinux.com/co...1/msg02569.php

The GUI does run under root. Sorry if this is not the right forum, maybe I should try newbie? If its wrong can a mod please move the thread, thanks.

Last edited by paul123; 01-16-2007 at 10:32 AM.
 
Old 01-16-2007, 10:33 AM   #3
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Quote:
When you try to start in kde as user you get an error. If I kdesu firestarter it runs ok.
This is because regular users should not be able to alter firewall/etc configuration, for obvious reasons. It's the job of a system administrator.

You need to understand some things, after which this problem doesn't sound a problem at all anymore. Firestarter is not a firewall. It is merely a graphical front-end, a nice window-formed tool that allows you to control a program called iptables in a more convenient way, and iptables (user-space program) then controls the actual iptables which is in your Linux kernel, and does the real job. Therefore Firestarter does not need to show up on your desktop, not necessarily even run every boot if you configure a few things. The thing Firestarter is for is creating a configuration for iptables. After that Firestarter is probably loaded during boot, it pushes this config you created to iptables which then takes it in use. Another way would be to save the config into a file and use iptables-restore or just a shell script to load it during boot. You don't even need Firestarter to have an iptables-based firewall, since you could just as well use iptables from console; the easy way to handle bigger firewall/router/etc configurations would be to write a script that handles iptables; possibly then use iptables-save to save that config into a slightly more iptables-looking file and use iptables-restore to load that file during boot (because iptables rules are not written in kernel and thus need to be reloaded during boot by an initscript).

So, shortly:

- Firestarter is not a firewall, just a graphical tool to configure iptables rules
- Firestarter does not need to run all the time, you just run it once when you create config and then let it be, and it ought to load that config for you
- if you are curious if your configuration is loaded at boot, check out (note: as root)
Code:
iptables -L
and you should see your rules -- note: in iptables' "format".

I hope that cleared things up a bit. Quite a many newcomer think Firestarter (or any other alike) need to be run all the time, like ZoneAlarm on Windows for example, but that is not the case. iptables is usually enabled in the kernel, and controlling it happens trough iptables userspace program, which is usually installed by default. If you remove your Firestarter you still have a firewall, it's just that probably Firestarter is no longer "feeding" the rules to iptables during boot, and you need to create an own/add to an existing initscript which handles it; this is not difficult at all.

More information (that you should read): iptables.org

EDIT:

Quote:
You have to decide whether to let iptables startup script
or firestarter to control your firewall, using chkconfig.
This is just what I meant: your firewall rules are saved into a file on your harddisk, by Firestarter if you use it, and then somebody just needs to "load" them when your machine boots. There exists an initscript of iptables' in your system that can do it, or then Firestarter can do it as well (I just wonder why, but I guess for nice working). It's just no use to have them both do it. That's why you have to decide if you want Firestarter, or iptables' initscript, do it. They make no difference, both just load the same rules to iptables. It is not a bug, it is the way the program works.

Last edited by b0uncer; 01-16-2007 at 10:36 AM.
 
Old 01-17-2007, 11:04 PM   #4
paul123
Member
 
Registered: Nov 2006
Location: UK
Distribution: Mandriva 2007
Posts: 93

Original Poster
Rep: Reputation: 15
Thanks. I got it now.
 
  


Reply

Tags
firestarter, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgrading Mandriva 2007.0 to 2007.1 Genin Mandriva 2 12-25-2006 02:48 AM
Mandriva 2007 WDSnav Linux - Newbie 2 12-24-2006 03:11 PM


All times are GMT -5. The time now is 06:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration