-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, I have been a satisfied - and increasingly impressed (and aware) - Firestarter user for some time on a stand-alone Debian unstable machine running ker 2.6.5, until I decided to set up a simple one machine home network ...
~ The thing was to declare eth1 as a trusted interface to the
firewall. Inspired by
Jim McDougalls's ltsp FAQ [section 7.2.4.1 in http://www.ltsp.org/documentation/ltsp-4.1/ltsp-4.1-2-en.html ]
I dived into iptables and adapted Oskar Andreasson's flush-iptables script
[
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#ABOUTTHEAUTHOR
]
which I attach below. It works. LTSP rocks (I credit Jim) and I have an
impressed 80 yr. old compulsive emailer on my hands.
Firestarter seemed to work for a while but now when I start it from Applications->Internet->Firestarter I get the message
"A proper configuration for Firestarter was not found. If you are running Firestarter from the directory you built it in, run 'make install-data-local' to install a configuration, or simply 'make install' to install the whole program.
Firestarter will now close."
I apt-installed Firestarter, and regularly updated it, so the above does not apply. Searching for its configuration files I can only find /var/lib/dpkg/info/firestarter.conffiles which gives me /etc/firestarter/non-routables /etc/init.d/firestarter .. and Tux:~# /etc/init.d/firestarter start Starting the Firestarter firewall: failed.
I'm fairly agnostic about firestarter and iptables - I just want a secure system and I appreciated firestarters real-time visualisation of external probes, although the masochist (perhaps) in me would like to master iptables. At the moment I'm not sure what is happening and suspect there is minimal protection although ker 2.6.5 includes selinux libs.
Constructive suggestions appreciated.
Adam Bogacki, [EMAIL PROTECTED]
NOTE: My 'flush-iptables' script.
#Configurations
###IPTABLES="/usr/sbin/iptables"
#reset the default policies in the filter table
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
#reset the default policies in the nat table
iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT
#reset the default policies in the mangle table
iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P OUTPUT ACCEPT
#flush all the rules in the filter & nat tables
iptables -F iptables -t nat -F iptables -t mangle -F
~ the chains that's not default in the filter #& nat table
iptables -X iptables -t nat -X iptables -t mangle -X
#accept eth1 as a trusted interface
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -d 0.0.0.0/0 -j ACCEPT
#save this setup for next use
iptables-save
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCA12l18X1Fk5VORARArB9AJ4+kFMVYuFA2RzLYpqJyeChA/RhKACfdyw+ BLq+EjbA/+E44YGYoKp9mMo= =XySG -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
