[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LTSP, iptables, & Firestarter.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I have been a satisfied - and increasingly impressed (and aware) -
Firestarter user for some time on a stand-alone Debian unstable
machine running ker 2.6.5, until I decided to set up a simple one
machine home network ...

~    The thing was to declare eth1 as a trusted interface to the
firewall. Inspired by
Jim McDougalls's ltsp FAQ [section 7.2.4.1 in http://www.ltsp.org/documentation/ltsp-4.1/ltsp-4.1-2-en.html ] 
I dived into iptables and adapted Oskar Andreasson's flush-iptables script
[
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#ABOUTTHEAUTHOR
]
which I attach below. It works. LTSP rocks (I credit Jim) and I have an
impressed 80 yr. old compulsive emailer on my hands.

Firestarter seemed to work for a while but now
when I start it from Applications->Internet->Firestarter I get the message

"A proper configuration for Firestarter was not found. If you are
running Firestarter from the directory you built it in, run 'make
install-data-local' to install a configuration, or simply 'make
install' to install the whole program.

Firestarter will now close."

I apt-installed Firestarter, and regularly updated it, so the above
does not apply.
Searching for its configuration files I can only find
/var/lib/dpkg/info/firestarter.conffiles
which gives me
/etc/firestarter/non-routables
/etc/init.d/firestarter
.. and
Tux:~# /etc/init.d/firestarter start
Starting the Firestarter firewall: failed.

I'm fairly agnostic about firestarter and iptables - I just want a
secure system
and I appreciated firestarters real-time visualisation of external
probes, although
the masochist (perhaps) in me would like to master iptables. At the
moment I'm
not sure what is happening and suspect there is minimal protection
although
ker 2.6.5 includes selinux libs.

Constructive suggestions appreciated.

Adam Bogacki,
afb@paradise.net.nz

NOTE: My 'flush-iptables' script.

#Configurations

###IPTABLES="/usr/sbin/iptables"

#reset the default policies in the filter table

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

#reset the default policies in the nat table

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

#reset the default policies in the mangle table

iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

#flush all the rules in the filter & nat tables

iptables -F
iptables -t nat -F
iptables -t mangle -F

~ the chains that's not default in the filter
#& nat table

iptables -X
iptables -t nat -X
iptables -t mangle -X

#accept eth1 as a trusted interface

iptables -A INPUT -i eth1 -j ACCEPT

iptables -A OUTPUT -o eth1 -j ACCEPT

iptables -A FORWARD -i eth1 -d 0.0.0.0/0 -j ACCEPT

#save this setup for next use

iptables-save




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCA12l18X1Fk5VORARArB9AJ4+kFMVYuFA2RzLYpqJyeChA/RhKACfdyw+
BLq+EjbA/+E44YGYoKp9mMo=
=XySG
-----END PGP SIGNATURE-----
Reply to: