Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I setup Firestarter on my Debian Woody box and got it configured and running (very nice program).
It runs fine as root but when (following good practice) I try to dial up from a non root account I find that its blocking me from doing normal web access. When I try to load it (as su) it will not start claiming that it is missing libraries (probably a path issue perhaps).
Will try tonight though! Had no idea that passing that extra parameter gave root its ENV's and this clears up several other similar issues too.
Thanks a lot!
Regarding the Firestarter configuration - No it does not start automatically on dial up but has to be turned on. I have also found that I cannot even do a ping and basically am limited to being root for ANY kind of internet net access.
My route table and /etc/Resolv.conf file when not root are exactly the same as they are for root so I am pretty certain it has to be a firewall issue but I am not sure.
In my firestarter setup, I selected 'start the firewall on dialout', which allows regular users to surf, based on the rules. Without this option, nothing, is coming in our out because, the way firestarter works, until it is running (at dialout or when you start it, everything is blocked). A regular user can't start the GUI though. I have a desktop icon that has
su - root -c firestarter
in it, set it up to open in terminal and it prompt for password when I want to see the hits, or change the firewall rules.
Brilliant - this 'sounds' exactly like the trouble I am having. I suspected that a default blocking of everything was happening but I did not figure that everything is blanked without Firestarter running and that starting it is was enables traffic to move, but subject to iptable rules.
Will try all of your suggestions tonight after work - Thanks for your help!
FYI, if you open a console and enter
tail -f /var/log/messages
(even as regular user),
you can see all the firewall hits. This is the information I have sent to ISPs when I detect a concerted attempt to scan my machine (i.e. hitting all ports many times/second in a systematic way). Hope it all comes together.
I very clearly set Firestarter to start on Dial Out and close when shut down - The only problem is that it just does not (I check in top and with 'ps') but it only seems to run when specifically started.
Also I also seem to have to enable WWW as a service if I am to be able to resolve anything.
I reckon its also calling some NFS problems too but im not sure about this yet --- scouring google at the moment.
hey there....
am looking for a better solution myself....thus i found your post...
depending on how you installed/configured firestarter for your system, it can still be running in the background on your system thru the use of ipchains(iptables) just the gui interface isnt running (ie. i use debian...firestarter is started in the background during a startup runlevel)
if you goto their site, they have a mailing list fourm w/an archive....in this they touch on the problem of starting the gui--there is no 'clear' soulution...
esentially you have to be root to start the gui....most dialers(kpp,etc) allow you to start scripts upon completion of the ppp process, however the script is run w/your user privileges...thus the problem
the author is working a solution, but it is difficult to fix and not create a root exploit.....
one solution is to add yourself to a sudo group....
personally, i just start the firewall gui......connect to the net via kpp then start the firewall within 3 secs of ppp completion....this works best for me.....
if you are having a pinging/dns problem when using firewall-this is due to the not connected ppp situation: if you have the firewall running while NOT connected to the internet via ppp, then you connect via ppp, you will have to EITHER: put your nameservers ip address into the trusted hosts list or IF ITS ALREADY THEIR before you connected, take it out of the trusted host list---yes i know this is screwy but its how it works if firestarted is already running when ppp connects...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.