Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-28-2007, 08:43 PM
|
#1
|
LQ Newbie
Registered: Jun 2004
Posts: 6
Rep:
|
firewall rules only load on init 1
Hi,
I've been on and off linux so forgive me if I'm not clear with the terminology. I recently started using Linux again this time with Ubuntu. I installed the iptalbes gui Firestarter. It worked fine but if i reboot I get this when I run
Code:
sudo /etc/init.d/firestarter status
gives a "firstarter is stopped".and Shields UP shows the ports as "closed" not stealthed.
This is where I get lost: if i add firestarter to the start up services using sysv-rc-conf tool, but ONLY to the 1st runlevel it loads the rules fine!!
So can anyone tell me if I should just add it to 1st runlevel with sysv-rc-conf? I was under the impression this was only for troubleshooting? Should'nt the iptables load on runlevel 2 which is the default on debian/ubuntu?
Thanks
|
|
|
03-28-2007, 11:52 PM
|
#2
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Quote:
Originally Posted by dalert0140
Should'nt the iptables load on runlevel 2 which is the default on debian/ubuntu?
|
I've not used firestarter, but if you installed it from the Ubuntu repositories I would have thought it would have set itself up properly. If not, you should be able to manually change which runlevels it starts in using either the tool you just mentioned or directly by renaming/creating symlinks.
If the software was set up for something other than Debian/Ubuntu, it might either have left configuring the symlinks to you, or enabled it only for runlevel 3 and higher since on some systems RL3 is the lowest RL to use networking. I am somewhat surprised it would be configured on RL1.
|
|
|
03-29-2007, 02:48 PM
|
#3
|
LQ Newbie
Registered: Jun 2004
Posts: 6
Original Poster
Rep:
|
Quote:
Originally Posted by blackhole54
I've not used firestarter, but if you installed it from the Ubuntu repositories I would have thought it would have set itself up properly. If not, you should be able to manually change which runlevels it starts in using either the tool you just mentioned or directly by renaming/creating symlinks.
|
Thanks for responding. i, too , would've assumed that Ubuntu would install it properly from past experiene with other packages. I use the ubuntu repos too.
sysv-rc-conf, similar to chkconfig, shows that its set for runlevel 2,3,4,5 which should make it start in runlevel 2 but for some reason it donesn't.i'm running on runlevel 2.
If I want it to run on this runlevel, #2, then i have to check off the runlevel 1 box. This is very wtf-ish because i thought runlevel 1 was troubleshooting and it didn't run on a regular boot. Any thoughts? Am I wrong about this?
|
|
|
03-30-2007, 01:19 AM
|
#4
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Quote:
Originally Posted by dalert0140
sysv-rc-conf, similar to chkconfig, shows that its set for runlevel 2,3,4,5 which should make it start in runlevel 2 but for some reason it donesn't.i'm running on runlevel 2.
If I want it to run on this runlevel, #2, then i have to check off the runlevel 1 box. This is very wtf-ish because i thought runlevel 1 was troubleshooting and it didn't run on a regular boot. Any thoughts? Am I wrong about this?
|
Your analysis sounds right to me.
At first I was going to take this opportunity to learn about sysv-rc-conf (it's still on my to-do list ), but I've decided maybe it would be better if you looked at the raw symlinks to see what is going on. I am not sure how much you know, so forgive me if I cover known territory.
Here is a listing of my symlinks for RLs 1 & 2:
Code:
user@ubuntu:~$ ls /etc/rc[12].d
/etc/rc1.d:
K01apport K19cupsys K20hotkey-setup K21acpid
K01gdm K19hplip K20makedev K23ntp-server
K01usplash K19sendmail K20nvidia-kernel K74bluetooth
K11anacron K20acpi-support K20powernowd K89klogd
K11atd K20apmd K20privoxy K90sysklogd
K11cron K20dbus K20rsync README
K12915resolution K20dirmngr K20ssh S30killprocs
K12sl-modem-daemon K20festival K20tor S90single
/etc/rc2.d:
K75bluetooth S11klogd S20hotkey-setup S89atd
K79sendmail S12915resolution S20makedev S89cron
K80tor S13gdm S20nvidia-kernel S90binfmt-support
K88sl-modem-daemon S14firewall S20powernowd S97usplash
README S19cupsys S20privoxy S98acpi-support
S01apport S19hplip S20rsync S99acpi_report
S05vbesave S20apmd S20ssh S99rc.local
S10acpid S20dbus S49_ntp_sane S99rmnologin
S10powernowd.early S20dirmngr S50ntp-server S99stop-readahead
S10sysklogd S20festival S89anacron
Typically, each of these will point to a file in /etc/init.d (although it could point anywhere) like so:
Code:
user@ubuntu:~$ ls -l /etc/rc2.d/S89cron
lrwxrwxrwx 1 root root 14 Jan 10 08:47 /etc/rc2.d/S89cron -> ../init.d/cron
When the OS starts a runlevel, it first executes all the symlinks in the directory for that runlevel that start with a "K" (for kill), giving each the parameter "stop". It then does the same thing for all of the symlinks that start with an "S" (for start), except it provides those with the parameter "start". So that's how the system starts and stops services when it changes rumlevels and when it first starts up. You can see that, as expected, when going to RL one, it shuts almost everything down.
So for firestarter to run in runlevel 2, /etc/rc2.d should contains a symlink like Snnfirsestarter which points to (probably) ../init.d/firestarter, where nn is a two digit number specifying where it executes in the startup sequence.
So why don't you take a look at these directories and see what is actually there.
|
|
|
03-30-2007, 06:26 PM
|
#5
|
LQ Newbie
Registered: Jun 2004
Posts: 6
Original Poster
Rep:
|
Quote:
At first I was going to take this opportunity to learn about sysv-rc-conf (it's still on my to-do list )
|
You should give it a go. It's really point and click simple .
Quote:
I am not sure how much you know, so forgive me if I cover known territory.
|
Don't worry about it. I don't know anything the more I can learn the better.
Here is what I get when I run the commands that you did. I don't know what wrong here everything seems similar to what you have.
Code:
david@number-five:~$ ls /etc/rc[12].d
/etc/rc1.d:
K01apport K19cupsys K20firestarter K20rsync README
K01gdm K19hplip K20hotkey-setup K21acpid S30killprocs
K01usplash K20acpi-support K20keytouch K74bluetooth S90single
K11anacron K20apmd K20makedev K89klogd
K11atd K20dbus K20nvidia-kernel K90sysklogd
K11cron K20festival K20powernowd K99lokkit
/etc/rc2.d:
K19hplip S11klogd S20keytouch S90binfmt-support
README S13gdm S20makedev S98usplash
S01apport S19cupsys S20nvidia-kernel S99acpi-support
S01lokkit S20apmd S20powernowd S99rc.local
S05vbesave S20dbus S20rsync S99rmnologin
S10acpid S20festival S89anacron S99stop-readahead
S10powernowd.early S20firestarter S89atd
S10sysklogd S20hotkey-setup S89cron
david@number-five:~$ ls -l /etc/rc2.d/S20firestarter
lrwxrwxrwx 1 root root 21 2006-11-03 19:28 /etc/rc2.d/S20firestarter -> ../init.d/firestarter
david@number-five:~$ sudo /etc/init.d/firestarter status
* Firestarter is stopped
david@number-five:~$ runlevel
N 2
|
|
|
03-31-2007, 01:30 AM
|
#6
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Quote:
Originally Posted by dalert0140
Here is what I get when I run the commands that you did. I don't know what wrong here everything seems similar to what you have.
|
Yeah.It looks right to me. I suggest you check a couple of system logs. Check /var/log/boot to see if it shows a record of firestarter starting. And check /var/log/syslog to see if you find any errors from firestarter that might be causing it to shut down.
I have a notebook that runs edgy eft. I normally run my own firewall script on it, but when I get a chance I will try installing firestarter on it and see if I have any problems.
BTW, which version of Ubuntu are you running?
|
|
|
04-01-2007, 05:15 AM
|
#7
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Well, I installed firestarter on edgy and learned that before I can really learn much about it I will need to read more documentation than I plan to do at the moment.
Upon installation, it set itself up to start in runlevels 2 through 5 and be killed in RLs 0,1, and 6. Which seems reasonable. However, upon reboot it didn't actually start up. Nor did it report anything when I asked it for status. Not even "firstarter is stopped". Examination of /etc/init.d/firestarter revealed that at a minimum, this is caused by two files being absent: /etc/firestarter/firestarter.sh and /etc/firestarter/configuration. If either of these is absent, /etc/init.d/firestarter immediately exits silently.
It appears that to change anything about firestarter you must be running as root (possibly via sudo). Running in runlevel one will accomplish this, although generally that's not the best way to do it. (But could that account for your comments about things working in RL one?) Based on its man page, I believe firestarter.sh is generated by running firestarter with the --generate-scripts option. Perhaps this creates the configuration file also (if not, I don't know how that is created -- perhaps manually).
If the two required files are present, when booted into runlevel 2 it should start at boot time, and I believe log a message to /var/log/boot that reads Starting the Firestarter firewall.... After that I don't know what should happen.
That's about all the info I can give you, but if you have a specific question, I will try to answer it.
Good luck.
|
|
|
All times are GMT -5. The time now is 04:54 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|