[EMAIL PROTECTED] writes:
Hello there,
> >> If I enable Snort in the Alert section and reboot SNF, it stops
> loading
> >> when it tries to start the bastille-firewall?
> >> But if I don't reboot, everything works great, including Snort? Is
> >> there a workaround for this? or is it just me having this problem :)
ok, I have just installed the latest iso image, June the 8th.
I've experienced the same problems. I have something like 5 network
interfaces on that test machine and if I activate snort and bastille, the
firewall waits a long time while rebooting. This problems occurs only
during the boot because one can do a "service network restart" or "service
bastille-firewall start" or "service snortd restart" without a problem.
It's even funnier: while removing bastille-firewall at boot time, the eth2
NIC (in my case the external one - the one that snort watches) cannot be
"ifuped". And this happens even after the boot. Now, if I deactivate snort
at boot, everything works fine. Weird !
What can be done ?
- first of all, a firewall shouldn't be rebooted ;)
- another idea would be not to start snortd while booting and start it by
hand afterwards. A "chkconfig --del snortd" command will do the thing.
- When it blocks while booting, reboote it using the SysReq
(ctr+alt+PrintScreen+S for synchronising, ctr+alt+PrintScreen+U for
unmounting, ctr+alt+PrintScreen+B for booting), then reboot in single mode
(type "linux single" when you see LILO: ), then use the "chkconfig --del
snortd" command)
The you can reboot your firewall, use the same command "chkconfig --level
345 on"
- Another solution would be to change te priorities in the
/etc/init.d/snortd initscript and modify the line ... # chkconfig: 2345
40 60 into something like # chkconfig: 2345 80 30 (the one used by
prelude, which, BTW, doesn't have this problem - cool, Yoann ;)
The initscript is the result of a template, so you'd better change the
template: /usr/share/naat/templates/etc/init.d/snortd
> >> If I use my own internal DNS in /etc/resolv.conf and then fix the
> >> correct settings for it in the firewall services section, everything
> >> works great until I reboot. It then stops loading on eth0 because it
> >> doesn't have the rights to use the internal DNS..yet :) But if I wait
>
> >> for an hour or 2 it will then finally boot up (get the feeling from
> >> another OS?). Can I do a something to fix this issue?
>
> >the internal DNS server is on the firewall or on some other pc ?
>
> the DNS server is on another pc that's placed on the inside (LAN side).
> I even tried to run a DNS on the firewall it self, but something in the
> firewall shut it down all the time??
you could try to update the information needed in the /etc/hosts file
> >> And the last thing wich is a little bit annoying..
> >> If I use the internet section to forward access (port 80) to my
> >> internal www-server, Squid stops working??
>
> >squid is in which mode here ?
>
> I use squid in transparent-proxy mode.
I've tried that here and it works for me. Go to Restrict Access ->
Internet Traffic -> Add -> in predefined-services choose the one from the
top, Web, intenet pages (http) that is -> Next -> Apply
> BTW, why isn't it possible to forward udp port 514 from the outside to
> the inside?
>
Sure you can,
do the same thing as above, but use the Or add Custom services AND the
Protocol sections on the right, on the same screen.
sincerely,
--
Florin http://www.mandrakesoft.com
