VectorLinux
October 31, 2014, 11:54:52 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1] 2
  Print  
Author Topic: starting firestarter  (Read 4930 times)
sledgehammer
Vectorian
****
Posts: 1425



« on: May 30, 2010, 09:59:53 am »

It should be called firestopper.  At least I can't start it on boot up on my VL 6.0 system. Rather I have to open a terminal, go to root, and type "firestarter" before it will start. (I got firestarter from the VL repositories)

I do not have firewall enabled in VASM.

Does anyone know whether I can just add a line or two at the end of /etc/rc.d/rc.local to get it to autostart?  Such as /usr/bin/firestarter --start?

And, if so, precisely the code to add? 

I have looked around and this seems to be a common problem.  I tried a couple of the "fixes" without success. I think I'm close, but not quite there.
Logged

VL7.0 xfce4 Samsung RF511
bigpaws
Vectorian
****
Posts: 1856


« Reply #1 on: May 30, 2010, 10:15:30 am »

You can add the command to rc.local remember to use the
full path. Which is what I believe you have listed. You can
also try whereis <name of program>.

Bigpaws
Logged
sledgehammer
Vectorian
****
Posts: 1425



« Reply #2 on: May 30, 2010, 10:55:13 am »

Thanks, bigpaws.

whereis returns

Quote
firestarter: /usr/bin/firestarter /etc/firestarter /usr/X11R6/bin/firestarter /usr/bin/X11/firestarter /usr/X11/bin/firestarter /usr/share/firestarter

Any clue which of these might be best?

Logged

VL7.0 xfce4 Samsung RF511
Andy Price
Packager
Vectorite
****
Posts: 237


« Reply #3 on: May 30, 2010, 05:03:34 pm »

Running the command firestarter in a terminal doesn't start the firewall, it just brings up the Firestarter GUI so that you can adjust the settings. I'm guessing that you actually want to run the firewall.

You can check if the firewall is running by issuing (as root):
/etc/rc.d/init.d/firewall status.
You can also use start, stop or restart in place of status.

To get the firewall to run after you have installed Firestarter, you do need to have the firewall enabled in VASM. Firestarter itself doesn't show up in VASM, I guess it's really just a front-end to iptables, but I'm no expert, the above is just my experience.





Logged
retired1af
Packager
Vectorian
****
Posts: 1265



« Reply #4 on: May 30, 2010, 06:07:24 pm »

I just installed the program and fiddled around with it. It has an option to start whenever you connect, so I'm not sure you need to add it to rc.local.

I wasn't that impressed with it.
Logged

ASUS K73 Intel i3 Dual Core 2.3GHz
sledgehammer
Vectorian
****
Posts: 1425



« Reply #5 on: May 30, 2010, 07:24:43 pm »

Thanks to all,

Andy Price's suggestion was quite enlightening.  The below shows first an attempt when I thought firestarter was running (the gui was showing in the panel).  Secondly, the result of the same command with the firestarter gui not running.  Third shows the results of the same command after enabling firewall in VASM>Services (level 4). Last shows running same command with the firestarter gui running while firewall is on in VASM.

FIRST

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
bash: /etc/rc.d/init.d/firewall: Permission denied

SECOND

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
bash: /etc/rc.d/init.d/firewall: Permission denied

THIRD

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
Firestarter is running...

FOURTH

Quote
Vector://home/johwhi
root:# /etc/rc.d/init.d/firewall status
Firestarter is running...


I think it has been running all these months (even though firewall not enabled in VASM) when I start it by typing firestarter in root as it regularly showed inbound events, some serious.  Nonetheless, it is very comforting to know that it is now running even if I forget to start the gui.

« Last Edit: May 30, 2010, 07:26:14 pm by sledgehammer » Logged

VL7.0 xfce4 Samsung RF511
retired1af
Packager
Vectorian
****
Posts: 1265



« Reply #6 on: May 30, 2010, 07:39:17 pm »

That's one of the reasons I wasn't impressed. What it's indicating as "serious", really isn't.
Logged

ASUS K73 Intel i3 Dual Core 2.3GHz
bigpaws
Vectorian
****
Posts: 1856


« Reply #7 on: May 30, 2010, 07:55:30 pm »

ps is great for showing running processes.

Bigpaws
Logged
sledgehammer
Vectorian
****
Posts: 1425



« Reply #8 on: May 30, 2010, 08:32:14 pm »

bigpaws,

ps is great!

ps -A shows that firestarter is running.  Now if I can just remember all this.

Logged

VL7.0 xfce4 Samsung RF511
sledgehammer
Vectorian
****
Posts: 1425



« Reply #9 on: May 30, 2010, 10:05:28 pm »

So, root:# /etc/rc.d/init.d/firewall status showed firestarter was running and ps -A did not show it as running.  I took out what I had added to /etc/rc.d/rc.local and rebooted. 

root:# /etc/rc.d/init.d/firewall status said firestarter was not running and ps -A still didn't show it.  I checked VASM and firewall was still enabled in services for run level 4.  So I started firestarter as follows:

root:# /etc/rc.d/init.d/firewall start and it said that firestarter was running.  Checked with ps -A and still no firestarter.  I then typed "firestarter" as root as I have been accustomed to doing and the gui showed up.  I then ran ps -A and it showed firestarter running.

Any comments?  Anyone know of another good firewall?  What about just removing firestarter altogether and relying on the VASM firewall? I saved bigpaws' instructions on firewall security some time ago and it still looks a bit too complicated for my skill level.  Unless I hear a better suggestion, I will just start the firestarter GUI each time I reboot.  Apologize in advance if I have not followed the proper guidelines from earlier posts.
Logged

VL7.0 xfce4 Samsung RF511
bigpaws
Vectorian
****
Posts: 1856


« Reply #10 on: May 31, 2010, 04:43:36 am »

Have you looked at the firestarter site?

http://www.fs-security.com/docs/faq.php

Bigpaws
Logged
Andy Price
Packager
Vectorite
****
Posts: 237


« Reply #11 on: May 31, 2010, 04:54:25 am »

I think you are confusing Firestarter with the actual firewall. Firestarter is just a nice GUI which enables you to add rules to the firewall, which is based on iptables. For example, I needed to add a rule to allow my wife to access a SAMBA share on my PC.

I don't think that seeing the firestarter process running tells you much other than that the GUI is running. If you have enabled the firewall in VASM then doing an lsmod | less will show several modules loaded such as ip_tables and ipt_MASQUERADE, which I presume are the actual firewall.

If you are on a network you can test whether the firewall is doing anything. First ping your PC from another one. Then start Firestarter from a terminal (or from the System menu) and go to Preferences > Firewall > ICMP filtering. Tick the Enable ICMP filtering check box but don't tick any of packet types. Restart the firewall, close the Firestarter GUI and then ping again. You should find it to blocked this time around, showing that the firewall is working.

As for other firewalls, I used Guarddog for a while, but it was a lot more complicated to set up (though it did give very fine control) and it, too, was just a front end for iptables. My guess (hope!) is that Firestarter does the job sufficiently well in the same way as Windows' built-in firewall.

Hope the above makes sense.
Logged
retired1af
Packager
Vectorian
****
Posts: 1265



« Reply #12 on: May 31, 2010, 05:30:21 am »

I'm not sure if Firestarter is a gui front end to iptables or not. I didn't dig into it that much other than to see if it installed properly and took a quick look at the interface. It does install itself as a service, which leads me to believe it's handling the security, rather than iptables. I'd have to play with it longer to see.

I prefer a much more robust solution (such as Guarddog).
Logged

ASUS K73 Intel i3 Dual Core 2.3GHz
bigpaws
Vectorian
****
Posts: 1856


« Reply #13 on: May 31, 2010, 06:09:08 am »

According to what  I found it is a front end to iptables.

If you want to see if there are any rules for iptables set
then use this command

iptables -L

That will give a list of any rules that are invoked.

Guarddog is also a front end to iptables.

Bigpaws
Logged
retired1af
Packager
Vectorian
****
Posts: 1265



« Reply #14 on: May 31, 2010, 06:31:01 am »

Yeah, I knew Guarddog was. Used it extensively with SOHO 5.x. I thought Guarddog was more robust and allowed you to easily fine tune iptables. I didn't get that impression with Firestarter. Then again, I loved TPF (Tiny Personal Firewall) when it was available for Windows. For a little program, it was a giant when it came to the control you could exercise over your connection (both inbound and outbound).
Logged

ASUS K73 Intel i3 Dual Core 2.3GHz
Pages: [1] 2
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!