[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: change in behavior of iptables with respect to firestarter

On 10/23/2010 12:15 PM, Rob Owens wrote:


If your firewall script references an IP address (which you don't have
when the network is down), I think it needs the network to be up in
order to run.

If the script only references the interface (eth0, for
example) it might run even if the network is down, as long as the kernel
is aware of eth0's existence.  But I'm not sure how wicd affects this.
I think your /etc/network/interfaces file will not have anything besides
the loopback device listed.

-Rob


Hi,

I hope you'll pardon my resurrection of this thread.
Your comments got me to thinking about this. Why would systems running wicd as the network manager fail to start the firewall when configured to switch between multiple fixed IP addresses, while other machines configured for only a single fixed IP address start the firewall without any trouble?
I looked at /etc/network/interfaces on the systems with a single fixed IP address. They contained (of course) the specifications for that network location. The systems switching among multiple fixed IP addresses had to have /etc/network/interfaces configured like this: 

-----------------------------------8<--------------------------------
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
-----------------------------------8<--------------------------------

For grins, I reconfigured /etc/network/interfaces on one of the single
network profile systems and, sure enough, firestarter fails to launch the firewall. If I switch back to a normal interfaces file, the firewall starts.
So, I guess the problem isn't with wicd, per se, but with the way I'm having to configure /etc/network interfaces in order to use wicd to switch among multiple network profiles with fixed IP addresses.
I'm not sure whether I'd call this a bug with firestarter or a bug with wicd or an unfortunate interaction or (more likely) a bug with the end user (PEBKAC).
I'm pretty sure I'm not going to get wicd to work with multiple fixed IP addresses without setting up /etc/network/interfaces in this manner. I really like both wicd and firestarter. Would anyone see a chance for me to get them to work together in my particular circumstances? 

Thanks for your patience and help,
Gilbert
Reply to: