March 30, 2015, 09:01:43 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
Author Topic: How-to use Firestarter with Wicd (even with more than 1 interface) in VL6 STD  (Read 3886 times)
Posts: 1144

« on: March 02, 2009, 09:30:18 pm »

This how-to tells you how you can make sure your firewall configuration starts with your wired or wireless wicd connection, and how you can restart the firewall when you switch from one to the other.

I had three problems with Firestarter on VL6.

First, I couldn't launch it. I got a message saying "proper configuration not found".

This was easily solved by reinstalling the firestarter package with gslapt.
Then, start firestarter, put in your root password, go through the wizard, and configure your firewall appropriately.

Second, once the firewall was configured, I enabled the firewall service in Vasm. However, the firewall wouldn't start on boot, because my wireless connection isn't up by that time.

This is solved by pressing the "script" button in a wicd connection (wired or wireless) and having wicd run a post-connection script that will start the firewall.
This will work:
/etc/rc.d/init.d/firewall start
The script will start your firewall after wicd gets the interface up. You can disable the firewall service in VASM.

This is all fine if you always use the same network interface (always wired, or always wireless, for example). But...

Third, as far as I know, firestarter doesn't easily handle multiple network interfaces. If you boot up with a different interface (or switch from a wireless to a wired connection), the firewall won't start. You need to launch firestarter, change the preferences, and restart the firewall (or go through the wizard again).

This is solved by creating two scripts.
I named them "/etc/firestarter/" and "/etc/firestarter/" (as root).
You should replace the names with your network interfaces.

The content of the /etc/firestarter/ script is:
/etc/rc.d/init.d/firewall stop
sed -i 's/eth0/\wlan0/' /etc/firestarter/configuration
/etc/rc.d/init.d/firewall start
(again, your two interface names will go on the sed line, instead of eth0 and wlan0)

The /etc/firestarter/ script is the same, except you change the order of the two interfaces in the sed line:
sed -i 's/wlan0/\eth0/' /etc/firestarter/configuration

Then make sure you make them accessible to root only:
chmod 700 /etc/firestarter/
chmod 700 /etc/firestarter/

What these scripts do is replace one interface by the other in the firestarter configuration file, and then start the firewall.

Finally, you'll have to put these scripts in each wicd connection appropriately (instead of the above script in point 2, that only works for a single network interface).
Press the script button for the wired connection and write "/etc/firestarter/" in the post-connection space.
Do the same for every wireless connection that you usually use (but writing "/etc/firestarter/" instead). It's a bit of a pain, but as far as I know, wicd doesn't do "general" scripts, only per-connection ones.

This way you can be sure that no matter what connection you're using when you boot up your computer (or if you switch to another interface mid-session), your firewall will be up and running.

It seems to work fine with the tests I've made, but I would appreciate other people checking this.
There might be easier ways. Thanks!

(the nice sed line comes from here:
« Last Edit: March 03, 2009, 08:54:15 am by wcs » Logged
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!