FireStarter

here is what I get :
rpm -i firestarter-0.9.3-1mdk.i586.rpm=20
error: Failed dependencies:
        libgnome-keyring.so.0 is needed by firestarter-0.9.3-1mdk
and when I try to install libgnome-keyring it says I need /sbin/ldconfig
  ----- Original Message -----=20
  From: Darkman=20
  To: firestarter-user@...
  Sent: Friday, May 28, 2004 9:55 PM
  Subject: [Firestarter-user] helpl installing


  I have been using firestarter for several years now and this time i =
have some problems installing. OS =3D mandrake community 10.0 default =
desktop is kde. I try to do the rpm -i and i get  a dependancy error for =
libgnome-keyring, so I downloaded that and I got another dependancy =
error for /sbin/ldconfig, or /sbin/postun-ldconfig.
  so I DLed .9.1 and it says I need a kernel of 2.4 or greater, which I =
have 2.6....
  can someone help me out a little? thanks

Darkman wrote:
> I have been using firestarter for several years now and this time i
> have some problems installing. OS = mandrake community 10.0 default
> desktop is kde. I try to do the rpm -i and i get  a dependancy error
> for libgnome-keyring, so I downloaded that and I got another
> dependancy error for /sbin/ldconfig, or /sbin/postun-ldconfig. so I
> DLed .9.1 and it says I need a kernel of 2.4 or greater, which I have
> 2.6.... can someone help me out a little? thanks

FS 0.9.1 is too old to work with Mandrake 10, and apparently 0.9.3 is 
too new (build against a development version). Sorry about that. Perhaps 
someone on this list could build me a new Mandrake RPM for MDK10?

Firestarter 0.9.2 will however install on Mandrake 10 and there's not 
that many changes compared to the newer 0.9.3. You can get it from here:
http://prdownloads.sourceforge.net/firestarter/firestarter-0.9.2-6mdk.i586.rpm?download

Regards,
Tomas

ok, got that .9.2 installed without a hitch, and as usual firestarter is
really nice....thanks you.
I do have some additional questions, it said when I installed it, that I
would have to decide whether I wanted IPTables to start  at init or let
firestarter handle the firewalling. of course I like ot use firestarter so I
just ran hte firewall wizard, and the added the tray app, and let it go.
looked great. then I logged out and down to the command prompt and i noticed
of course that firestarter wasn't in the list when I did a ps -A. so I just
went into the /etc/firestarter dir, and ran ./firewall.sh
and let it go.  I am assuming that doing this will initialize the firewall
firestarter built? and that it would keep wokring after the gui has been
taken down? or should i start iptables also formt he init scripts at
startup?
here is what I need, I run a webserver on this machine and I want it to be
firewalled against stuff but I want throughput for webservices and SMTP.
which is what I told it in the wizard. so is it doing that after I shut down
to command prompt or what? thanks, Larry

----- Original Message ----- 
From: "Tomas Junnonen" <majix@...>
To: <firestarter-user@...>
Sent: Saturday, May 29, 2004 11:09 AM
Subject: Re: [Firestarter-user] helpl installing


> Darkman wrote:
> > I have been using firestarter for several years now and this time i
> > have some problems installing. OS = mandrake community 10.0 default
> > desktop is kde. I try to do the rpm -i and i get  a dependancy error
> > for libgnome-keyring, so I downloaded that and I got another
> > dependancy error for /sbin/ldconfig, or /sbin/postun-ldconfig. so I
> > DLed .9.1 and it says I need a kernel of 2.4 or greater, which I have
> > 2.6.... can someone help me out a little? thanks
>
> FS 0.9.1 is too old to work with Mandrake 10, and apparently 0.9.3 is
> too new (build against a development version). Sorry about that. Perhaps
> someone on this list could build me a new Mandrake RPM for MDK10?
>
> Firestarter 0.9.2 will however install on Mandrake 10 and there's not
> that many changes compared to the newer 0.9.3. You can get it from here:
>
http://prdownloads.sourceforge.net/firestarter/firestarter-0.9.2-6mdk.i586.rpm?download
>
> Regards,
> Tomas
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Firestarter-user mailing list
> Firestarter-user@...
> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>
>

Clifford Snow wrote:
> I want to add the following to user-post but restarting firestarter
> gives an error message.  
> 
> 	$IPT -A INPUT -p igmp -j DROP
> 
> The error is -A: command not found.
> 
> Adding the same line in firewall.sh works.  Since any new version will
> probably replace firewall.sh, I would rather add it to user0-post.  What
> syntax is needed to add an item to iptables?

The variables defined in the main firewall.sh script are unfortunately 
not available in user-post and user-pre. In this case $IPT is causing 
the "command not found" error. You must specificy the entire path to 
iptables in the form of:

   /sbin/iptables -A INPUT -p igmp -j DROP

or you can redefine $IPT in the beginning of the user scripts. Note that 
you can however use the chains definied in the main firewall script, 
such as LD, in your own scripts.

Regards,
Tomas

On Sat, 2004-05-29 at 10:43, Tomas Junnonen wrote:
> Clifford Snow wrote:
> > I want to add the following to user-post but restarting firestarter
> > gives an error message. =20
> >=20
> > 	$IPT -A INPUT -p igmp -j DROP
> >=20
> > The error is -A: command not found.
> >=20
> > Adding the same line in firewall.sh works.  Since any new version will
> > probably replace firewall.sh, I would rather add it to user0-post.  Wha=
t
> > syntax is needed to add an item to iptables?
>=20
> The variables defined in the main firewall.sh script are unfortunately=20
> not available in user-post and user-pre. In this case $IPT is causing=20
> the "command not found" error. You must specificy the entire path to=20
> iptables in the form of:
>=20
>    /sbin/iptables -A INPUT -p igmp -j DROP
>=20
> or you can redefine $IPT in the beginning of the user scripts. Note that=20
> you can however use the chains definied in the main firewall script,=20
> such as LD, in your own scripts.
Duh - it's always the obvious. Thanks, it works perfect now.   =20
--=20
Clifford Snow

On Thu, 2004-05-27 at 23:41, Anna wrote:
> Hi,
>=20
> I have this odd (to me) problem where all outgoing
> access is blocked by the firewall after a cold boot,
> outgoing access is restored (with one exception, the
> modem itself) if I stop the firewall for a couple of
> seconds and restart it.  It then remains OK until the
> next cold boot.

Sounds like firestarter is trying to start before networking. To verify,
check the line chkconfig in /etc/init.d/network and in
/etc/init.d/firestarter.  You should see an entry like =20
# chkconfig: 2345 10 90

The first set of numbers, 2345 in this example, are the run levels and
the next, 10, is the priority (order) that each is started.  Make sure
that firestarter is starting right after the network service is
started.  The chkconfig command is used to change the startup options.=20
Use "man chkconfig" for more information on chkconfig.

<snip>
--=20
Clifford Snow

Anna wrote:
> Hi,
> 
> I have this odd (to me) problem where all outgoing
> access is blocked by the firewall after a cold boot,
> outgoing access is restored (with one exception, the
> modem itself) if I stop the firewall for a couple of
> seconds and restart it.  It then remains OK until the
> next cold boot.

> The internet connection worked, and I ran the
> firestarter wizard again to change my settings for the
> always on ADSL.  This time I selected eth0 (the ppp0
> option is not available, presumably because I'm using
> the pppoe client on the modem), use DHCP, and all the
> other defaults.  When I finished and clicked save I
> got an error message 

You're correct in assuming that ppp0 will not show up if the modem acts 
as your PPPoE client. You made a good choice going with a box that does 
PPPoE for you, since that's one less evil you will have to deal with on 
your PC.

> " No DHCP client configuration found. The firewall
> will not be loaded automatically on a lease renewal.
> Please make sure the external interface is configured
> properly or deselect the DHCP option if you are using
> static settings." 

This error message (which is overly confusing and was actually removed 
in Firestarter 0.9.3) means Firestarter couldn't figure out your DHCP 
client configuration. This can be because of many reasons, most probably 
because Xandros uses some client I haven't tested for.

This is however not a big problem and is not the reason for your 
connectivity problems after boot. You can safely leave the option 
unselected in this case.

> My problem is the blocking of outgoing access.  Most
> of the time when I boot up from a poweroff and I try 
> to connect to the net my connection is blocked.  I
> call up firestarter, click the 'stop firewall button'
> - after I get the 'firewall stopped' message my
> internet connection works.  A bit of fiddling around
> revealed that 1-2 seconds after getting the 'firewall
> stopped' message I can click the 'start firewall'
> button, which gives me the 'firewall running' message,
> and my browsing and email still work fine.  I've been
> to grc and the firewall *is* working - at least all
> the probe sees is my dynamic address and firestarter
> is logging hits.

I think Clifford already came up with the solution. The problem is that 
Firestarter is loading too early in the boot process on Xandros. It's 
really Xandros' problem since they're the ones packaging it for their 
Xandros Network system and they should know this stuff better than me.

Anyway, I'll reiterate the solution here for completeness:

Edit the file /etc/init.d/firestarter file
look for the line

# chkconfig: 2345 11 92

bump the number 11 to something higher. Ideally it should be the number 
at the same place in your /etc/init.d/network script +1, but it can also 
be higher. After this you should run:

/sbin/chkconfig firestarter reset

as root to apply the change.

> The only thing I need to have the firewall completely
> stopped for is to connect to the modem - it has it's
> own url for configuration but I can't connect to it
> unless I stop the firewall.

This is a bug in Firestarter 0.9.2 that is fixed in 0.9.3. Xandros 
doesn't offer this new version at the moment. It's nothing serious 
though, you can temporarily disable the firewall when you need to 
configure the modem, which probably isn't that often.

> I've only been using linux for about 5 weeks and it's
> a steep learning curve!  I don't know enough about
> firewalls to play with them at a console level - I
> don't even know where to look, and I have no idea what
> would be happening in the 1 second or so the firewall
> is stopped, to allow outgoing access to work properly
> thereafter.  I'd like to set things up so this stop /
> start of the firewall isn't necessary, in case of
> reboot when there's no-one at the pc I want to give
> the root password to.

The learning curve is steep and many things are still way too difficult. 
But it's getting better all the time :)

Regards,
Tomas

On Wed, 26 May 2004 vecna@... wrote:

> Hello , I am using the latest RPM on a Fedora Core 2 , I like firestarter 
> for it's simplicity just I'm quite fed up it logs to /var/log/messages
> how can I log to an alternate file?

Firestart itself don't log to /var/log/messages, but it's the default 
setting in Redhat syslogd settings that makes syslogd to log a lot of 
stuff into /var/log/messages. If you reconfigure the syslogd settings or 
happen to use another distro, and don't use /var/log/messages to log 
"network traffic", then you have to modify the sourcecode of firestarter 
so that firestarter will look into another file.

You could download the latest sourceRPM, "install" it

rpm -i firestarter-<version>.src.rpm

Then you will have the source in /usr/src/redhat/SOURCES.
Now you have some options, make a patch and make your own RPM, 
modify the source directly and repack the source to a new tgz and then 
rebuild the RPM, or just modify the source and compile the source.
I do recommend that you do make a RPM, as otherwise you may get dependency 
problems (in case someone would make a package depnding on Firestarter).

What you have to search for is "/var/log/messages", this can be easilly 
done with grep: grep "/var/log/messages" firestarter/src/*
Replace the text with the path to the fiel you have configured syslogd 
should use for network logging.


-- 
     //Aho                                                   \|||/
                                                             (. .)
 ----------------------------------------------------------oOoo-ooOo-----
  E-Mail: trizt@...            URL: http://www.kotiaho.net/~trizt/
     ICQ: 13696780
  System: MorphOS/Linux System                (PPC750/600  AMD K7A/1000)
 ------------------------------------------------------------------------
            EU forbids you to send spam without my permission
 ------------------------------------------------------------------------

On Wed, 26 May 2004 16:02:51 +0200
vecna@... wrote:

> Hello , I am using the latest RPM on a Fedora Core 2 , I like firestarter 
> for it's simplicity just I'm quite fed up it logs to /var/log/messages
> how can I log to an alternate file?
> 
> Thanks
> 
> 
> Thomas OZENNE
> vecna@...
> http://www.vecnix.net

I get megabytes of firewall hits a day and just decided to eliminate the
logging altogether.  After running the Firestarter Wizard, I commented
out the single line:
  $IPT -A LD -j LOG
in /etc/firestarter/firewall.sh

As far as I can tell from "ShieldsUp" probes by grc.com, this hasn't
compromised the effectiveness of the firewall.

Comments anyone?

Regards,
Charles Sullivan

Charles Sullivan wrote:

>>Hello , I am using the latest RPM on a Fedora Core 2 , I like firestarter 
>>for it's simplicity just I'm quite fed up it logs to /var/log/messages
>>how can I log to an alternate file?
>>
>>Thanks
>>
>>
>>Thomas OZENNE
>>vecna@...
>>http://www.vecnix.net
> 
> 
> I get megabytes of firewall hits a day and just decided to eliminate the
> logging altogether.  After running the Firestarter Wizard, I commented
> out the single line:
>   $IPT -A LD -j LOG
> in /etc/firestarter/firewall.sh
> 
> As far as I can tell from "ShieldsUp" probes by grc.com, this hasn't
> compromised the effectiveness of the firewall.
> 
> Comments anyone?

It's perfectly safe to do this. You should however not in normal use be 
getting a megabyte of logs per day. I think it's a good idea to have 
some logging, for example you'd probably want to know if someone is 
probing SSH or other real services you have on your machine.

If a lot of uninteresting traffic is being captured when you're running 
the GUI, select the most common ports the traffic is occurring on, 
right-click and select "Block and stop logging port". This keeps the 
entries from being written to the system log. For example, if you 
explicitly block ports 137 & 138 you can filter out all SMB traffic from 
your logs, which makes up the most common unwanted log spam.

Regards,
Tomas

well I got .9.1 to install but when i try to run it from the gui icon it
says I need to be root, well yea, but before it used ot let me type in the
passwor dand run it, so I try from a rooted command prompt and it says I
need a kernel of 2.4 or better, well I have 2.6.....
any suggestions?

Chris wrote:
> I've been running firestarter for quite awhile now and I'm still a
> little confused as to the output shown at sites like GRC.com.  When
> running a common ports test, ports 21, 23, and 80 show up as open,
> all others show closed.  How the heck can I setup ports to show as
> stealthed?  I'm running FS V0.9.0 on Mandrake 9.0.  I believe I've
> tried upgrading to a newer version of firestarter in the past and
> have run into problems, but I can't remember what they were.

Firestarter 0.9.0 has a problem in that it doesn't tell you in the GUI 
if you the firewall craps out, Firestarter 0.9.1+ do. Please run 
/etc/firestarter/firewall.sh from a console manually and observe any 
error messages.

When Firestarter is running correctly, GRC will report all ports as 
stealthed. There are a some exceptions to this rule. For example, if you 
have a DSL/cable box doing NAT for you the scan will show the port 
status of your NAT box and not your Linux computer. Even if you're not 
using NAT some boxes will report port 80 as always being open.

Regards,
Tomas

Rene Vahtel wrote:

> Resolved the 2 bugs:
> * when you press reload the old reading is stopped, hitview cleared and 
> it starts reading
> the file from beggining.
> * before reloading we take the file size and read only that much, so 
> when new hits come in
> they are appended to the list and are not duplicated.
> 
> 
> Also another diff for *bug 119313:* application gui hangs. Patch is 
> basically the same
> as for hitview( it uses async gnome-vfs calls).
> 
> As before consider these patches experimental.

Looks good. One problem is however the requirement of a very up to date 
gnome-vfs and a glib > 2.3.x. For example, Fedora Core 1 does not 
fulfill these requirements, since its gnome-vfs is at 2.4.1 and glib is 
2.2.3. I would prefer not to raise the bar above this at the moment.

Specifically the issue is with the usage of gnome_vfs_async_seek and 
g_strsplit_set. The g_strsplit_set case can be worked around, but the 
lack of gnome_vfs_async_seek is really a blocker. Any ideas?

Regards,
Tomas

Tomas Junnonen wrote:

>
> Looks good. One problem is however the requirement of a very up to 
> date gnome-vfs and a glib > 2.3.x. For example, Fedora Core 1 does not 
> fulfill these requirements, since its gnome-vfs is at 2.4.1 and glib 
> is 2.2.3. I would prefer not to raise the bar above this at the moment.
>
> Specifically the issue is with the usage of gnome_vfs_async_seek and 
> g_strsplit_set. The g_strsplit_set case can be worked around, but the 
> lack of gnome_vfs_async_seek is really a blocker. Any ideas?


Yes, it looks like gnome_vfs_async_seek was commited after gnome-vfs 
2.4.1 release. Didn't
thought to check that before started to write :) ( i use Slackware 
current + dropline gnome).
Debian also requires gnome-vfs >= 2.4.1, don't know about Mandrake.

Basically gnome_vfs_async_seek is used for seeking back after read in 
case the last line was not
a full line, this can be rewritten without the seek (buffering the last 
non full line).
In logread.c gnome_vfs_async_seek is used for seeking to the end of 
file, this place is little bit
tricky, can't see an alternative right now.

One possibility is to have old and new code and check gnome-vfs version 
on compile and
choose the one that works or you can postpone the patches to later time 
when distros update their libs.

Regards
rene

Tomas Junnonen wrote:
> But the problem is however more likely fragmentation as you suspected. 
> You can try to disable defragmentation of incoming packets by changing 
> the line that says "echo 1 > /proc/sys/net/ipv4/ip_always_defrag" to 
> "echo 1 > /proc/sys/net/ipv4/ip_always_defrag" in 
> /etc/firestarter/firewall.sh

That should of course be "echo 0 > /proc/sys/net/ipv4/ip_always_defrag"
the second time. Guess it's time for my morning coffee...

Regards,
Tomas