Re: change in behavior of iptables with respect to firestarter

[Gilbert Sullivan <whirlygig@comcast.net>]

On 10/23/2010 08:16 AM, Rob Owens wrote:
> What if the network isn't up when firestarter is asked to start?  Would
> it start anyway?  Would it fail to start and log an error?  Or would it
> fail silently?
>
> I'm not sure of the answers to the above.  Maybe you could try shutting
> down your network manually, then start firestarter manually, and see
> what happens.

Good call. I booted the systems and disconnected their network 
connectors. I tried two commands with results as follows:

# /etc/init.d/firestarter start
Starting the Firestarter firewall... failed!

# /etc/firestarter/firestarter.sh start
External network device eth0 is not ready. Aborting..

Greg Madden had suggested looking at the /etc.rc2.d/S19firestarter link, 
and that's what led me to trying those two different commands.

I had finally pulled my head out and realized that I might see something 
if I switched to tty1. As I told Greg, this is what I found:

Starting MTA: exim4.
Starting the Firestarter firewall... failed!
Starting kerneloops:

...and, a little later...

Starting Network connection manager: wicd.
startpar: service(s) returned failure: firestarter ... failed!
Running scripts in rc2.d/ took xx seconds.

After a reboot and logging in each time, if I have a working network 
connection, either of the aforementioned commands succeeds.

I'm guessing that maybe the firewall isn't starting because the network 
connection hasn't yet been established. My wife's systems both have only 
one network configuration. My systems have two network configurations. 
Even though I usually remember to set wicd to use the next network I'm 
going to be using before I shut down, do you suppose it's possible that 
the multiple network connections configuration causes some change in 
behavior that slows the establishment of a connection, and that could be 
the reason the firewall isn't coming up when the systems are started?

> Another idea:  You could edit /etc/init.d/firestarter to make it pause
> long enough that you can read any errors on the boot screen.  Just enter
> a "read" statement where you want it to pause.  On second thought, it
> might be easier to put the "read" statement at the beginning of the
> script that comes *after* firestarter in the boot process.  That'll be
> the file in /etc/rc2.d that comes after the firestarter script (in
> alphanumeric order).
>
> Note, you have to hit<enter>  to get past the "read" statement.
>
> -Rob

I tried editing /etc/rc2.d/S19kerneloops, which seems to be the next 
script to be executed after /etc.rc2.d/S19firestarter, but I couldn't 
see anything. I just added

read

at the beginning of that script. Is that what you were suggesting? The 
gdm screen came up and blocked my view of the scrolling text. When I 
switched to tty1 I just saw these lines

Starting the Firestarter firewall... failed!
read: 1: arg count
$Starting kerneloops:

instead of

Starting the Firestarter firewall... failed!
Starting kerneloops:

Sorry if I'm being dumb. I don't know what a read statement is, but I 
figured it would be sort of like adding

pause

in a DOS batch file?

Thanks again for your time and effort,
Gilbert