LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 03-28-2007, 08:43 PM   #1
dalert0140
LQ Newbie
 
Registered: Jun 2004
Posts: 6

Rep: Reputation: 0
firewall rules only load on init 1


Hi,

I've been on and off linux so forgive me if I'm not clear with the terminology. I recently started using Linux again this time with Ubuntu. I installed the iptalbes gui Firestarter. It worked fine but if i reboot I get this when I run

Code:
sudo  /etc/init.d/firestarter status
gives a "firstarter is stopped".and Shields UP shows the ports as "closed" not stealthed.

This is where I get lost: if i add firestarter to the start up services using sysv-rc-conf tool, but ONLY to the 1st runlevel it loads the rules fine!!

So can anyone tell me if I should just add it to 1st runlevel with sysv-rc-conf? I was under the impression this was only for troubleshooting? Should'nt the iptables load on runlevel 2 which is the default on debian/ubuntu?

Thanks
 
Old 03-28-2007, 11:52 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by dalert0140
Should'nt the iptables load on runlevel 2 which is the default on debian/ubuntu?
I've not used firestarter, but if you installed it from the Ubuntu repositories I would have thought it would have set itself up properly. If not, you should be able to manually change which runlevels it starts in using either the tool you just mentioned or directly by renaming/creating symlinks.

If the software was set up for something other than Debian/Ubuntu, it might either have left configuring the symlinks to you, or enabled it only for runlevel 3 and higher since on some systems RL3 is the lowest RL to use networking. I am somewhat surprised it would be configured on RL1.
 
Old 03-29-2007, 02:48 PM   #3
dalert0140
LQ Newbie
 
Registered: Jun 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by blackhole54
I've not used firestarter, but if you installed it from the Ubuntu repositories I would have thought it would have set itself up properly. If not, you should be able to manually change which runlevels it starts in using either the tool you just mentioned or directly by renaming/creating symlinks.
Thanks for responding. i, too , would've assumed that Ubuntu would install it properly from past experiene with other packages. I use the ubuntu repos too.

sysv-rc-conf, similar to chkconfig, shows that its set for runlevel 2,3,4,5 which should make it start in runlevel 2 but for some reason it donesn't.i'm running on runlevel 2.
If I want it to run on this runlevel, #2, then i have to check off the runlevel 1 box. This is very wtf-ish because i thought runlevel 1 was troubleshooting and it didn't run on a regular boot. Any thoughts? Am I wrong about this?
 
Old 03-30-2007, 01:19 AM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by dalert0140
sysv-rc-conf, similar to chkconfig, shows that its set for runlevel 2,3,4,5 which should make it start in runlevel 2 but for some reason it donesn't.i'm running on runlevel 2.
If I want it to run on this runlevel, #2, then i have to check off the runlevel 1 box. This is very wtf-ish because i thought runlevel 1 was troubleshooting and it didn't run on a regular boot. Any thoughts? Am I wrong about this?
Your analysis sounds right to me.

At first I was going to take this opportunity to learn about sysv-rc-conf (it's still on my to-do list ), but I've decided maybe it would be better if you looked at the raw symlinks to see what is going on. I am not sure how much you know, so forgive me if I cover known territory.

Here is a listing of my symlinks for RLs 1 & 2:

Code:
user@ubuntu:~$ ls /etc/rc[12].d
/etc/rc1.d:
K01apport           K19cupsys        K20hotkey-setup   K21acpid
K01gdm              K19hplip         K20makedev        K23ntp-server
K01usplash          K19sendmail      K20nvidia-kernel  K74bluetooth
K11anacron          K20acpi-support  K20powernowd      K89klogd
K11atd              K20apmd          K20privoxy        K90sysklogd
K11cron             K20dbus          K20rsync          README
K12915resolution    K20dirmngr       K20ssh            S30killprocs
K12sl-modem-daemon  K20festival      K20tor            S90single

/etc/rc2.d:
K75bluetooth        S11klogd          S20hotkey-setup   S89atd
K79sendmail         S12915resolution  S20makedev        S89cron
K80tor              S13gdm            S20nvidia-kernel  S90binfmt-support
K88sl-modem-daemon  S14firewall       S20powernowd      S97usplash
README              S19cupsys         S20privoxy        S98acpi-support
S01apport           S19hplip          S20rsync          S99acpi_report
S05vbesave          S20apmd           S20ssh            S99rc.local
S10acpid            S20dbus           S49_ntp_sane      S99rmnologin
S10powernowd.early  S20dirmngr        S50ntp-server     S99stop-readahead
S10sysklogd         S20festival       S89anacron
Typically, each of these will point to a file in /etc/init.d (although it could point anywhere) like so:

Code:
user@ubuntu:~$ ls -l /etc/rc2.d/S89cron 
lrwxrwxrwx 1 root root 14 Jan 10 08:47 /etc/rc2.d/S89cron -> ../init.d/cron
When the OS starts a runlevel, it first executes all the symlinks in the directory for that runlevel that start with a "K" (for kill), giving each the parameter "stop". It then does the same thing for all of the symlinks that start with an "S" (for start), except it provides those with the parameter "start". So that's how the system starts and stops services when it changes rumlevels and when it first starts up. You can see that, as expected, when going to RL one, it shuts almost everything down.

So for firestarter to run in runlevel 2, /etc/rc2.d should contains a symlink like Snnfirsestarter which points to (probably) ../init.d/firestarter, where nn is a two digit number specifying where it executes in the startup sequence.

So why don't you take a look at these directories and see what is actually there.
 
Old 03-30-2007, 06:26 PM   #5
dalert0140
LQ Newbie
 
Registered: Jun 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
At first I was going to take this opportunity to learn about sysv-rc-conf (it's still on my to-do list )
You should give it a go. It's really point and click simple .

Quote:
I am not sure how much you know, so forgive me if I cover known territory.
Don't worry about it. I don't know anything the more I can learn the better.

Here is what I get when I run the commands that you did. I don't know what wrong here everything seems similar to what you have.

Code:
david@number-five:~$ ls /etc/rc[12].d
/etc/rc1.d:
K01apport   K19cupsys        K20firestarter    K20rsync      README
K01gdm      K19hplip         K20hotkey-setup   K21acpid      S30killprocs
K01usplash  K20acpi-support  K20keytouch       K74bluetooth  S90single
K11anacron  K20apmd          K20makedev        K89klogd
K11atd      K20dbus          K20nvidia-kernel  K90sysklogd
K11cron     K20festival      K20powernowd      K99lokkit

/etc/rc2.d:
K19hplip            S11klogd         S20keytouch       S90binfmt-support
README              S13gdm           S20makedev        S98usplash
S01apport           S19cupsys        S20nvidia-kernel  S99acpi-support
S01lokkit           S20apmd          S20powernowd      S99rc.local
S05vbesave          S20dbus          S20rsync          S99rmnologin
S10acpid            S20festival      S89anacron            S99stop-readahead
S10powernowd.early  S20firestarter   S89atd
S10sysklogd         S20hotkey-setup  S89cron
david@number-five:~$ ls -l /etc/rc2.d/S20firestarter
lrwxrwxrwx 1 root root 21 2006-11-03 19:28 /etc/rc2.d/S20firestarter -> ../init.d/firestarter
david@number-five:~$ sudo /etc/init.d/firestarter status
 * Firestarter is stopped
david@number-five:~$ runlevel
N 2
 
Old 03-31-2007, 01:30 AM   #6
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by dalert0140
Here is what I get when I run the commands that you did. I don't know what wrong here everything seems similar to what you have.
Yeah.It looks right to me. I suggest you check a couple of system logs. Check /var/log/boot to see if it shows a record of firestarter starting. And check /var/log/syslog to see if you find any errors from firestarter that might be causing it to shut down.

I have a notebook that runs edgy eft. I normally run my own firewall script on it, but when I get a chance I will try installing firestarter on it and see if I have any problems.

BTW, which version of Ubuntu are you running?
 
Old 04-01-2007, 05:15 AM   #7
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Well, I installed firestarter on edgy and learned that before I can really learn much about it I will need to read more documentation than I plan to do at the moment.

Upon installation, it set itself up to start in runlevels 2 through 5 and be killed in RLs 0,1, and 6. Which seems reasonable. However, upon reboot it didn't actually start up. Nor did it report anything when I asked it for status. Not even "firstarter is stopped". Examination of /etc/init.d/firestarter revealed that at a minimum, this is caused by two files being absent: /etc/firestarter/firestarter.sh and /etc/firestarter/configuration. If either of these is absent, /etc/init.d/firestarter immediately exits silently.

It appears that to change anything about firestarter you must be running as root (possibly via sudo). Running in runlevel one will accomplish this, although generally that's not the best way to do it. (But could that account for your comments about things working in RL one?) Based on its man page, I believe firestarter.sh is generated by running firestarter with the --generate-scripts option. Perhaps this creates the configuration file also (if not, I don't know how that is created -- perhaps manually).


If the two required files are present, when booted into runlevel 2 it should start at boot time, and I believe log a message to /var/log/boot that reads Starting the Firestarter firewall.... After that I don't know what should happen.

That's about all the info I can give you, but if you have a specific question, I will try to answer it.

Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i load iptables rules at startup synaptical Debian 6 07-15-2005 12:28 PM
Firewall Rules studpenguin Linux - Security 0 07-01-2004 04:14 AM
help with firewall rules please deuce868 Linux - Security 1 06-14-2004 04:18 PM
how to get iptables to load rules on startup ? qwijibow Linux - Security 5 09-02-2003 10:48 AM
I can't load iptables rules Kinstonian Linux - General 15 04-13-2003 08:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 04:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration