Firestarter showing different connections

jmore9 · 11-09-2009, 04:26 PM

Firestarter showing different connections
I am having problems with firefox. When i set the default page to load it goes to Yahoo.com which is where it is supposed to go.

But when you look at firestarter bottom where it says source / destination it shows the following :

71.205.117.xx (changed then xx) and destination of 209.85.225.138 port 80

Just before this happened my cable modem went off completely except for power light for about 8 minutes.

I also did a netstat -a and this is at the top:

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 c-71-205-117-87.h:58177 iw-in-f101.1e100.ne:www ESTABLISHED
tcp 0 0 c-71-205-117-87.h:47047 iy-in-f101.1e100.ne:www ESTABLISHED
tcp6 0 0 localhost:ipp [::]:* LISTEN
udp 0 0 *:47802 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:mdns *:*

I did a google search for iw-in-f101.1e100.ne and it came back as windows update.

The yahoo web page is displayed and 209.85.225.138 is the destination address which is google.

This all happened after the comcast tech was in my apartment building.

Comcast support said they did have a tech in my building today , but i saw him come and go. They also said that Ubuntu has a very bad virus and i should get macafee or nortons and do a scan !!

Anyone have any ideas why firestarter shows connection to google when yahoo is being disp[ayed ?

Here are some snaps showing what i am talking about

http://farm3.static.flickr.com/2800/...d9d7c58f_m.jpg

http://farm3.static.flickr.com/2603/...a1f1c46f_m.jpg

http://farm3.static.flickr.com/2447/...61dbe9a4_m.jpg

wfh · 11-10-2009, 10:00 AM

Quote:

Originally Posted by jmore9

Comcast support said...that Ubuntu has a very bad virus and i should get macafee or nortons and do a scan !!

Anyone have any ideas why firestarter shows connection to google when yahoo is being disp[ayed ?

First things first: Ubuntu does not have a "virus". Windoze is prey to viruses, not Linux. That would indicate that the Comcast support tech knows little or nothing that would help you solve your problem.

Second, Google and Yahoo both run 'crawlers' or 'spiders', harvesting interesting content to add to their search engines. You see this sort of thing alot, but don't worry about it.

Firestarter is rather extreme for a home network. You could get by with a much leaner firewall.

This is one which I used with a dsl modem. This is kind of a 'drop-in' ppp-over-ethernet firewall. You should try to understand *WHY* the rules are written the way they are and make adjustments to meet your needs:

Code:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:INPUT-FORWARD - [0:0]
:OUTPUT ACCEPT [0:0]
# Allow ssh
-A INPUT -m tcp -p tcp --dport ssh -j LOG
-A INPUT -m state -m tcp -p tcp --dport ssh   --state NEW -j ACCEPT
# Uncomment to allow access to website
#-A INPUT -m state -m tcp -p tcp --dport www   --state NEW -j ACCEPT
-A INPUT -j INPUT-FORWARD
-A FORWARD -j INPUT-FORWARD
# Block impossible addresses
-A INPUT-FORWARD -s 10.0.0.0/8 -i ppp0 -j DROP
-A INPUT-FORWARD -s 172.16.0.0/12 -i ppp0 -j DROP
-A INPUT-FORWARD -s 192.168.0.0/16 -i ppp0 -j DROP
-A INPUT-FORWARD -s 255.0.0.0/8 -i ppp0 -j DROP
-A INPUT-FORWARD -s 224.0.0.0/3 -i ppp0 -j DROP
# Accept local traffic
-A INPUT-FORWARD -i lo -j ACCEPT
-A INPUT-FORWARD -i eth0 -j ACCEPT
# Allow completed connections
-A INPUT-FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Reject everything else
-A INPUT-FORWARD -p udp -j REJECT
-A INPUT-FORWARD -p tcp -j REJECT
COMMIT

Ask more questions. Experiment, but don't be shy about posting questions. We all had to start somewhere and your firewall is very important.