VectorLinux
October 24, 2014, 06:19:55 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: Setting up a firewall on vector linux 6?[solved]  (Read 2297 times)
davidlondonuk
Member
*
Posts: 55


« on: October 30, 2010, 10:45:45 pm »

Hi,

Does anybody have a step by step guide for setting up a firewall on vector linux? This is really confusing and I have been using Arch linux so I am used to configuration.

What does firestarter do? What is the service /etc/rc.d/rc.firewall? Why two firewalls? In short, what is going on?

Thanks for any advice-I thought vector was about keeping it simple?

David

[solved] thanks for the help, have the firewall working now and it starts at boot, still not sure what firestarter is installed for though...
« Last Edit: November 01, 2010, 01:04:02 am by davidlondonuk » Logged
roarde
Vectorian
****
Posts: 532


move the needle


« Reply #1 on: October 31, 2010, 12:32:47 am »

As root, run vasm (or start vasm as regular user and select "super").
Network > firewall .

Here's an excerpt from the script (this bit actually goes into rc.firewall) that tells a bit of what it does:
Code:
## VASM's vfirewall modifies this script !!!
##
## This script will find and start firewall in the following order
##   - user specified FIREWALL_SCRIPT variable
##   - GuardDog (/etc/rc.firewall and /etc/rc.guidedog)
##   - gShield (/etc/firewall/gShield.rc)
##   - Firewall-Jay (/etc/firewall-jay/fw-jay)
##   - the default VL firewall
##
## The default VL firewall is suitable for a workstation that allows:
##  - all outputs from this machine
##  - some inputs to this machine (domain, ssh, http)
##  - optional ipmasquerading
##
## To enable ipmasquerading, specify the GREEN_NET.
## This machine should work as a gateway with the following configuration
##
## {RED}-----[gateway]------{GREEN}
##
## RED   = The Internet
## GREEN = Your Intranet

The VectorLinux developers have utmost confidence in this method (another excerpt):
Code:
## Sufficient for home use, serving some casual clients.
## Not for a serious office !!!
## You cannot sue me for whatever reason regarding this script :P.

Actually, it does seem to work fairly well for its purpose. Regular users require more ports nowdays, so defaults probably won't do; select "open" from the firewall menu. Note that open uses radio boxes, so it can both open and close the listed ports.

There are other ways to do this, of course. One of them is probably VasmCC. I'm running light, which doesn't have VasmCC by default, so I don't know. For the other ways, I'm hoping you'll get other answers here when more people wake up.

To see what a menu item in vasm does, ls /sbin/v(menu item name here). If it's there, it's probably an sh script and you can read it. For example,  ls /sbin/vfirewall  shows it's there; open /sbin/vfirewall with leafpad, less, vi, or whatever.
Logged

Robert
VL STD 7.1 RC2.2.2, icewmvmods
davidlondonuk
Member
*
Posts: 55


« Reply #2 on: October 31, 2010, 12:54:11 am »

Thanks sixforty, that helped a lot, now I can see how you actually get the firewall to start at boot. Why is firestarter installed though? It's a bit daft really-does firestarter actually do anything in vector linux.

Don't get me wrong, I like vector 6, it's quick and easy to use without all that boring configuration in a distro like arch-it was even really easy to install. But it does have some annoying quirks, like building a package from deb, rpm or source-surely it can't be that difficult-arch linux does it without any problems. I really don't want to install stuff, like a printer driver, without being able to uninstall quickly and easily.

The other thing is some of the software-firefox is broken in Vector so I am using opera-no big deal but why is it in the repo? I had to change the time as the clocks went back and got locked out of sudo for an hour because the timestamps were wrong. Maybe vector 7 will iron out these quirks.

Cheers and thanks for the help,

David
Logged
roarde
Vectorian
****
Posts: 532


move the needle


« Reply #3 on: October 31, 2010, 01:45:31 am »

I'll have to pass on the firestarter question -- afaik, I don't have it.

Installing software. Scroll down for deb and rpm examples. Remember the site opensourcebistro.com ; very useful. Haven't run arch, as ISP's signon style won't allow for netinstalls. I understand that packaging methods are arch's strongest point, so my guess is that this'll be one of the few points where vector is harder to use.

There is a temporary (hopefully) problem with updating the repos. Haven't heard of firefox not working (this is firefox, updated to 3.6.12 from the repos), but firefox was one update that the maintainers are having the problem with. If you're using GSlapt, edit > preferences > sources tab (widening this window helps), turn on testing if you haven't. Reload as suggested, grab firefox 3.6.12. Its first run will suggest flash upgrade. You can pass on that for now, look at opensourcebistro for how to do it; the application provider's method won't work on an unmodified Vector.

As for the time problem, I believe the time's supposed to adjust itself for daylight savings time, but it may wait for a reboot to do so. Not sure. I'll be forced to find out next week.
Logged

Robert
VL STD 7.1 RC2.2.2, icewmvmods
davidlondonuk
Member
*
Posts: 55


« Reply #4 on: October 31, 2010, 02:14:13 am »

Thanks again sixforty, the openbistro site is very handy.

As an experiment I download the latest firefox and installed in my /home/me/opt dir and just created a desktop link. You are right, that is not working properly either so it's not the vector package -probably a greasemonkey script is not working. Opera works well.

Arch linux has AUR which is the 'arch user repo': you download a package build file, it takes care of all deps and builds the software as a tar.gz. Arch is ok but the initial install is just the bare bones base system- no Xorg or desktop environment. If you want a bootsplash like vector then you have to rebuild the kernel. It's perfect if you want to learn how linux/unix works-but i just want an easy to use stable working desktop system.

Vector 6 has been a real eye opener, it's fast, sleek, and has all the apps I really need with a good configuration system-arch installs bleeding edge stuff unless you know what you are doing and there is a lot of text file configuration and tinkering to get it working right.

Cheers,

David

Logged
Andy Price
Packager
Vectorite
****
Posts: 237


« Reply #5 on: November 13, 2010, 03:17:15 am »

Hi David

Sorry for my lateness, just catching up reading posts after being away. Firestarter (and GuardDog) are just GUI front ends which make it easy to modify the firewall script. They don't actually run all the time, only when you invoke them to make a change.

Cheers
Andy
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!