LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-23-2011, 07:57 AM   #1
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6, CentOS 7 (with Mate), Ubuntu 16.04 Mate
Posts: 2,127

Rep: Reputation: 174Reputation: 174
Firestarter vs. treaceroute


I am running Firestarter 1.0.3 on my Ubuntu 10.04 desktop. When the firewall is running I am not able to execute a traceroute command.
Quote:
traceroute www.missssouribullet.com
traceroute to www.missssouribullet.com (67.215.65.132), 30 hops max, 60 byte packets
send: Operation not permitted
It works fine if I stop the firewall.

I looked in the documentation and it tells me
Quote:
By default Firestarter allows ICMP traffic,
I do NOT have ICMP filtering enabled in the preferences. (I did try enabling it and allowing traceroute - same issue.)

I have my policies set to "Restrictive by default, whitelist traffic" but I do not find any way to add a rule for traceroute (which is supposed to be allowed by the preferences.)

Any suggestions???

TIA,

Ken
 
Old 02-24-2011, 01:31 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Print out you iptables using 'iptables -L -n -v'
 
Old 02-24-2011, 07:44 AM   #3
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6, CentOS 7 (with Mate), Ubuntu 16.04 Mate
Posts: 2,127

Original Poster
Rep: Reputation: 174Reputation: 174
Quote:
Chain INPUT (policy DROP 1 packets, 69 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x02
303 28155 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0
2 144 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
3 687 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
13 2242 DROP all -- * * 0.0.0.0/0 192.168.0.255
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
7 280 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
63009 89M INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'

Chain OUTPUT (policy DROP 18 packets, 2496 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.112 192.168.0.1 tcp dpt:53
309 19370 ACCEPT udp -- * * 192.168.0.112 192.168.0.1 udp dpt:53
2 144 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
41550 2499K OUTBOUND all -- * eth0 0.0.0.0/0 0.0.0.0/0
18 2496 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
18 2496 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'

Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
62999 89M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 304 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 192.168.0.112 0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.112 0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.112 0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.0.112 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpts:137:139
6 540 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 udp dpts:137:139
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 udp dpt:445
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 udp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:21
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:123
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33434
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:20:21
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:563
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 udp dpt:563
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:11371
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:11371
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:11371
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:11371
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:11371
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:443
0 0 LSI all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination

Chain LSI (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LSO (1 references)
pkts bytes target prot opt in out source destination
2 88 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
2 88 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
2 88 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
40988 2473K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 228 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 69.16.168.50
0 0 ACCEPT all -- * * 0.0.0.0/0 76.5.159.134
0 0 ACCEPT all -- * * 0.0.0.0/0 208.33.159.36
0 0 ACCEPT all -- * * 0.0.0.0/0 63.162.197.68
508 22352 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:80
26 1144 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:443
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:119
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:119
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpts:137:139
9 1248 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpts:137:139
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:445
5 220 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:110
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:25
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:5900
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:5900
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:515
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:515
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:9100
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:9100
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:10000
0 0 ACCEPT tcp -- * * 192.168.0.112 0.0.0.0/0 tcp dpt:123
1 76 ACCEPT udp -- * * 192.168.0.112 0.0.0.0/0 udp dpt:123
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
8 352 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:563
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:563
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11371
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:11371
2 88 LSO all -- * * 0.0.0.0/0 0.0.0.0/0
ken@taylor12:~$
Which is a lot to look at and of which I have little understanding. However, I did a traceroute (which failed) after the above and ran the iptables command again. I compared the results with Beyond Compare and found the following entry which might be a clue
Quote:
3 148 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Does that mean I am in fact filtering all ICMP traffic? Firestarter preferences indicate that I am not.

Thanks again,

Ken
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
About Firestarter anilbh Linux - Security 3 08-07-2007 11:11 PM
Help with Firestarter rsiby Linux - Security 1 03-27-2006 09:49 AM
Firestarter CrEsPo Linux - Security 10 05-02-2005 08:23 PM
Firestarter?? BajaNick Linux - General 1 09-16-2003 07:08 AM
Firestarter Kane2002 Linux - Networking 1 08-27-2003 12:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration