[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: change in behavior of iptables with respect to firestarter

On Sat, Oct 23, 2010 at 11:53:33AM -0400, Gilbert Sullivan wrote:
>
> Starting Network connection manager: wicd.
> startpar: service(s) returned failure: firestarter ... failed!
> Running scripts in rc2.d/ took xx seconds.
>
Ah, you're using wicd.  For each network connection, click on the
"scripts" button.  Tell it to run firestarter when the connection is
activated.  (Ideally you'd want it to run *before* the connection is
activated, but it sounds like that isn't going to work based on your
experiences).

> I'm guessing that maybe the firewall isn't starting because the network  
> connection hasn't yet been established. My wife's systems both have only  
> one network configuration. My systems have two network configurations.  
> Even though I usually remember to set wicd to use the next network I'm  
> going to be using before I shut down, do you suppose it's possible that  
> the multiple network connections configuration causes some change in  
> behavior that slows the establishment of a connection, and that could be  
> the reason the firewall isn't coming up when the systems are started?
>
I'm not sure what the reason for the different behaviour of the two
systems is.

> I tried editing /etc/rc2.d/S19kerneloops, which seems to be the next  
> script to be executed after /etc.rc2.d/S19firestarter, but I couldn't  
> see anything. I just added
>
> read
>
> at the beginning of that script. Is that what you were suggesting? The  
> gdm screen came up and blocked my view of the scrolling text. When I  
> switched to tty1 I just saw these lines
>
That is what I was suggesting.  But I guess my suggestion didn't work...
And yes, a "read" statement in bash is like a "pause" statement in DOS
batch.

If your firewall script references an IP address (which you don't have
when the network is down), I think it needs the network to be up in
order to run.  

If the script only references the interface (eth0, for
example) it might run even if the network is down, as long as the kernel
is aware of eth0's existence.  But I'm not sure how wicd affects this.
I think your /etc/network/interfaces file will not have anything besides
the loopback device listed.

-Rob
Reply to: