[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firestarter not starting

On Mon, May 22, 2006 at 09:50:01PM +0100, John Talbut wrote:
> Thanks for the further ideas, Ken.
> Firestarter certainly does not seem to be starting on bootup.  Using ps 
> as root gives no entries for Firestarter after booting, whereas it does 
> once I get Firestarter to start.

That doesn't mean that the firewall isn't running. Firestarter is just a
front-end for iptables as you probably already know. "Firestarter" will
only show up in ps output if the firestarter gui is running. To see if
it has configured iptables for you use iptables -L to list all the
current chains.

Maybe an example will help.. I have two user accounts on my machine -
one for myself and one for my wife. Only for my own account do I have
firestarter the gui set to start on login and only when I am logged in
does firestarter show up in ps output. The firewall (iptables) is
continuing to run when I log out though and this can be confirmed by
logging in with my wife's account and running "iptables -L" in an xterm
as root. It shows all the chains that firestarter configured iptables to
run. If my dhcp lease expires and dhclient obtains a new IP from my
cable provider then the exit hook runs "sh /etc/init.d/firestarter
start" which reconfigures iptables to my new IP address. This is
transparent though.

Running "/etc/init.d/firestarter status" will also tell you if firestarter
the firewall (firestarter service) is running.

Put another way...
/etc/init.d/firestarter runs the firewall
/usr/sbin/firestarter runs the firestarter gui

> The boot script  /etc/init.d/firestarter is:

What I was interested in was the script that you said existed in

You should get a failure notice at bootup since your ppp link is not up.
I believe it can be safely ignored.

What you need is a script in /etc/ppp/ip-up.d 
which reruns /etc/init.d/firestarter when you bring up your ppp link.
This however will not get you the gui portion of firestarter or make
firestarter show up in ps output but it does start the firewall itself.
To get the gui firestarter program to come up /usr/sbin/firestarter has
to be run with root privileges. When you type this in manually in a
console you get the firestarter gui program to come up as it should. To
avoid having to do that each time configure sudo and your gnome session
manager according to the directions listed at


> Running /usr/sbin/firestarter as root does start Firestarter.

As it should. Run it and make sure it is configured to "start/restart
firewall on dialout". This is under Preferences>Firewall in the gui

> starting at  /etc/firestarter/firestarter.sh do not.

No it won't if ppp0 isn't up yet. That's why the little script in
/etc/ppp/ip-up.d is necessary.

To test the whole thing out:

1) Bring up ppp0 using whatever dialer program you use in Gnome
2) In a terminal as root run "/etc/init.d/firestarter status" to see if
the firewall service is running. You may need to wait a few seconds
after your ppp link is established before you do this. If it is running
you will get "Firestarter is running..." as your output. You will NOT
see firestarter in ps output though at this point and will not have the
firestarter gui either. If you get a message other than "Firestarter is
running..." then the script in /etc/ppp/ip-up.d is not working or not
installed yet.
3) In a terminal as root run "/usr/sbin/firestarter" to bring up the
firestarter gui. Once the firestarter gui is running then firestarter
will appear in ps output. Use the firestarter gui to configure
firestarter to restart on dial-out but not to restart on program (gui)
startup. These options can be found by clicking on the Preferences
button, choosing "firewall" on the list on the left pane and ticking the
appropriate boxes. If these options are not set correctly then
Firestarter the firewall will not restart each time you dial-out.

If all that works then all you need to do is configure sudo and the
gnome session manager like I described above. That will automate you
having the firestarter gui started on login minimized to the system

Again, I hope I'm not telling you things you already know/tried.
The important point to take away is that Firestarter the gui program and
the firestarter (iptables) firewall are two seperate entities. Only the
gui shows up in ps output as firestarter. The gui is just a
configuration and monitoring tool for the firestarter firewall (service)
Ken Wahl

Attachment: signature.asc
Description: Digital signature

Reply to: