Re: change in behavior of iptables with respect to firestarter

To: debian-user@lists.debian.org
Subject: Re: change in behavior of iptables with respect to firestarter
From: Rob Owens <rowens@ptd.net>
Date: Wed, 27 Oct 2010 19:23:37 -0400
Message-id: <[🔎] 20101027232337.GB32617@aurora.owens.net>
In-reply-to: <[🔎] 4CC7179C.6070405@comcast.net>
References: <[🔎] 20101022175614.GA28226@aurora.owens.net> <[🔎] 4CC1DF58.6020809@comcast.net> <[🔎] 20101022202944.GA28939@aurora.owens.net> <[🔎] 4CC214C2.5060802@comcast.net> <[🔎] 20101023001813.GA30780@aurora.owens.net> <[🔎] 4CC2428F.1010001@comcast.net> <[🔎] 20101023121600.GA1649@aurora.owens.net> <[🔎] 4CC304FD.6080103@comcast.net> <[🔎] 20101023161523.GA3258@aurora.owens.net> <[🔎] 4CC7179C.6070405@comcast.net>

On Tue, Oct 26, 2010 at 02:02:04PM -0400, Gilbert Sullivan wrote:
> On 10/23/2010 12:15 PM, Rob Owens wrote:
>
>> If your firewall script references an IP address (which you don't have
>> when the network is down), I think it needs the network to be up in
>> order to run.
>>
>> If the script only references the interface (eth0, for
>> example) it might run even if the network is down, as long as the kernel
>> is aware of eth0's existence.  But I'm not sure how wicd affects this.
>> I think your /etc/network/interfaces file will not have anything besides
>> the loopback device listed.
>>
>> -Rob
>
> Hi,
>
> I hope you'll pardon my resurrection of this thread.
>
> Your comments got me to thinking about this. Why would systems running  
> wicd as the network manager fail to start the firewall when configured  
> to switch between multiple fixed IP addresses, while other machines  
> configured for only a single fixed IP address start the firewall without  
> any trouble?
>
> I looked at /etc/network/interfaces on the systems with a single fixed  
> IP address. They contained (of course) the specifications for that  
> network location. The systems switching among multiple fixed IP  
> addresses had to have /etc/network/interfaces configured like this:
>
> -----------------------------------8<--------------------------------
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> allow-hotplug eth0
> iface eth0 inet static
> -----------------------------------8<--------------------------------
>
> For grins, I reconfigured /etc/network/interfaces on one of the single
> network profile systems and, sure enough, firestarter fails to launch  
> the firewall. If I switch back to a normal interfaces file, the firewall  
> starts.
>
> So, I guess the problem isn't with wicd, per se, but with the way I'm  
> having to configure /etc/network interfaces in order to use wicd to  
> switch among multiple network profiles with fixed IP addresses.
>
> I'm not sure whether I'd call this a bug with firestarter or a bug with  
> wicd or an unfortunate interaction or (more likely) a bug with the end  
> user (PEBKAC).
>
> I'm pretty sure I'm not going to get wicd to work with multiple fixed IP  
> addresses without setting up /etc/network/interfaces in this manner. I  
> really like both wicd and firestarter. Would anyone see a chance for me  
> to get them to work together in my particular circumstances?
>

I'm inclined to call it a bug in firestarter, but to be sure, test it
out with Network Manager instead of wicd.  See if you have the same
problem.  I think you will, which will indicate the problem is with
firestarter (or possibly with the way you configured firestarter).

-Rob

Reply to:

Follow-Ups:
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>

References:
- Re: change in behavior of iptables with respect to firestarter
  - From: Rob Owens <rowens@ptd.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Rob Owens <rowens@ptd.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Rob Owens <rowens@ptd.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Rob Owens <rowens@ptd.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Rob Owens <rowens@ptd.net>
- Re: change in behavior of iptables with respect to firestarter
  - From: Gilbert Sullivan <whirlygig@comcast.net>

Prev by Date: [Solved]Re: Burning CD stuck on sending CUE sheet
Next by Date: how to use wifi, retrieve .deb files of of a flash drive
Previous by thread: Re: change in behavior of iptables with respect to firestarter
Next by thread: Re: change in behavior of iptables with respect to firestarter
Index(es):
- Date
- Thread