LTSP, iptables, & Firestarter.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, I have been a satisfied - and increasingly impressed (and aware) -
Firestarter user for some time on a stand-alone Debian unstable
machine running ker 2.6.5, until I decided to set up a simple one
machine home network ...
~ The thing was to declare eth1 as a trusted interface to the
firewall. Inspired by
Jim McDougalls's ltsp FAQ [section 7.2.4.1 in
http://www.ltsp.org/documentation/ltsp-4.1/ltsp-4.1-2-en.html ]
I dived into iptables and adapted Oskar Andreasson's flush-iptables script
[
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#ABOUTTHEAUTHOR
]
which I attach below. It works. LTSP rocks (I credit Jim) and I have an
impressed 80 yr. old compulsive emailer on my hands.
Firestarter seemed to work for a while but now
when I start it from Applications->Internet->Firestarter I get the message
"A proper configuration for Firestarter was not found. If you are
running Firestarter from the directory you built it in, run 'make
install-data-local' to install a configuration, or simply 'make
install' to install the whole program.
Firestarter will now close."
I apt-installed Firestarter, and regularly updated it, so the above
does not apply.
Searching for its configuration files I can only find
/var/lib/dpkg/info/firestarter.conffiles
which gives me
/etc/firestarter/non-routables
/etc/init.d/firestarter
.. and
Tux:~# /etc/init.d/firestarter start
Starting the Firestarter firewall: failed.
I'm fairly agnostic about firestarter and iptables - I just want a
secure system
and I appreciated firestarters real-time visualisation of external
probes, although
the masochist (perhaps) in me would like to master iptables. At the
moment I'm
not sure what is happening and suspect there is minimal protection
although
ker 2.6.5 includes selinux libs.
Constructive suggestions appreciated.
Adam Bogacki,
afb@paradise.net.nz
NOTE: My 'flush-iptables' script.
#Configurations
###IPTABLES="/usr/sbin/iptables"
#reset the default policies in the filter table
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#reset the default policies in the nat table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
#reset the default policies in the mangle table
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
#flush all the rules in the filter & nat tables
iptables -F
iptables -t nat -F
iptables -t mangle -F
~ the chains that's not default in the filter
#& nat table
iptables -X
iptables -t nat -X
iptables -t mangle -X
#accept eth1 as a trusted interface
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -d 0.0.0.0/0 -j ACCEPT
#save this setup for next use
iptables-save
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCA12l18X1Fk5VORARArB9AJ4+kFMVYuFA2RzLYpqJyeChA/RhKACfdyw+
BLq+EjbA/+E44YGYoKp9mMo=
=XySG
-----END PGP SIGNATURE-----
Reply to: