firestarter-user — Mailing list for anything Firestarter related

Re: [Firestarter-user] Help Understanding Why Firestarter is blocking y VPN connection to Hidemyass Proxy VPN server!

[Mark L. W. <ma...@al...>]

Here is a part of my user-pre file (/etc/firestarter/user-pre) that 
works for me.  Note that you must allow forwarding of packets between 
the other side of the VPN and your local side...

I hope it helps!

--------------------------------------------------------------------------
#
# Allow ppp traffic (This Works!!! Last change 10/09/2008)
#
$IPT -A INPUT -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -i eth0 -p 47 -m state --state NEW,ESTABLISHED,RELATED -j 
ACCEPT
$IPT -A FORWARD -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#
$IPT -A INPUT -i ppp+ -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p esp -j ACCEPT
$IPT -A INPUT -p ah -j ACCEPT
$IPT -A FORWARD -d 192.168.0.0/16 -i ppp+ -o eth2 -p 47 -j ACCEPT
$IPT -A FORWARD -i ppp+ -d 192.168.0.0/16 -j ACCEPT
$IPT -A FORWARD -i ppp+ -s 192.168.0.0/16 -j ACCEPT
$IPT -A OUTPUT -o ppp+ -s 192.168.0.0/16 -j ACCEPT
#
# End VPN stuff
#
$IPT -A INPUT -s 192.168.0.0/16 -i eth0 -j ACCEPT
$IPT -A INPUT -s 192.168.0.0/16 -i eth2 -j ACCEPT
$IPT -A OUTPUT -d 192.168.0.0/16 -i eth0 -j ACCEPT
$IPT -A OUTPUT -d 192.168.0.0/16 -i eth2 -j ACCEPT
$IPT -A FORWARD --in-interface eth0 --out-interface eth2 -s 
192.168.0.0/16 -d 19
2.168.0.0/16 -j ACCEPT
$IPT -A FORWARD --in-interface eth2 --out-interface eth0 -s 
192.168.0.0/16 -d 19
2.168.0.0/16 -j ACCEPT
$IPT -A FORWARD --in-interface eth0 --out-interface eth0 -s 
192.168.0.0/16 -d 19
2.168.0.0/16 -j ACCEPT
------------------------------------------------------------------------------

Mark

On 10/27/2012 7:33 AM, Mike Edwards wrote:
> Hi, I just started using the web proxy service Hidemyass with my Ubuntu
> 12.04 box. I have set up the vpn connection in "Network Connections",
> however, I only get a successful connection if I stop the firewall with
> Firestarter. I have read lots and lots of forum threads and tried lots
> of different settings but every time I start the firewall the connection
> drops and every time I stop the firewall it works! I just can't find
> accessible information regarding how to set-up Firestarter to let the
> vpn connection through.
>
> My current set-up in Firestarter is:
>
> In the "Policy" tab > "Inbound traffic policy" > "Allow connections from
> host" > [my vpn IP address]
>
> In the "Policy" tab > "Inbound traffic policy":
>
> Allow service: unknown
> Port: 1723
> For: my vpn IP address]
> In /etc/firestarter/user-pre (i.e., $ sudo gedit
> /etc/firestarter/user-pre) I am using the following settings.
>
>    # Forward PPTP VPN client traffic
> $IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> I'm really stuck with this. Any help would be really appreciated.
>
> ------------------------------------------------------------------------------
> WINDOWS 8 is here.
> Millions of people.  Your app in 30 days.
> Visit The Windows 8 Center at Sourceforge for all your go to resources.
> http://windows8center.sourceforge.net/
> join-generation-app-and-make-money-coding-fast/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user
>

-- 
Mark L. Wise

Alpha II Service, Inc.
1312 Epworth Ave
Reynoldsburg, Ohio 43068-2116
USA

Office: (614) 868-5033
Fax: (614) 367-6922
Email: ma...@al...
WEB: www.alpha2.com

"People do not quit playing because they grow old; they grow old because 
they quit playing."

Oliver Wendell Holmes

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [Firestarter-user] Help Understanding Why Firestarter is blocking y VPN connection to Hidemyass Proxy VPN server!

[David C. <web...@au...>]

I suggest you swap and use iptables. Firestarter has been dead and unmaintained for years. Fedora dropped it back in the FC12 days. I don't understand why Ubuntu still package a dead project.

Sent from my iPad 4G

On 27/10/2012, at 4:33, Mike Edwards <mi...@ch...> wrote:

> Hi, I just started using the web proxy service Hidemyass with my Ubuntu 
> 12.04 box. I have set up the vpn connection in "Network Connections", 
> however, I only get a successful connection if I stop the firewall with 
> Firestarter. I have read lots and lots of forum threads and tried lots 
> of different settings but every time I start the firewall the connection 
> drops and every time I stop the firewall it works! I just can't find 
> accessible information regarding how to set-up Firestarter to let the 
> vpn connection through.
> 
> My current set-up in Firestarter is:
> 
> In the "Policy" tab > "Inbound traffic policy" > "Allow connections from 
> host" > [my vpn IP address]
> 
> In the "Policy" tab > "Inbound traffic policy":
> 
> Allow service: unknown
> Port: 1723
> For: my vpn IP address]
> In /etc/firestarter/user-pre (i.e., $ sudo gedit 
> /etc/firestarter/user-pre) I am using the following settings.
> 
>  # Forward PPTP VPN client traffic
> $IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state 
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state 
> NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state 
> NEW,ESTABLISHED,RELATED -j ACCEPT
> 
> I'm really stuck with this. Any help would be really appreciated.
> 
> ------------------------------------------------------------------------------
> WINDOWS 8 is here. 
> Millions of people.  Your app in 30 days.
> Visit The Windows 8 Center at Sourceforge for all your go to resources.
> http://windows8center.sourceforge.net/
> join-generation-app-and-make-money-coding-fast/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

[Firestarter-user] Help Understanding Why Firestarter is blocking y VPN connection to Hidemyass Proxy VPN server!

[Mike E. <mi...@ch...>]

Hi, I just started using the web proxy service Hidemyass with my Ubuntu 
12.04 box. I have set up the vpn connection in "Network Connections", 
however, I only get a successful connection if I stop the firewall with 
Firestarter. I have read lots and lots of forum threads and tried lots 
of different settings but every time I start the firewall the connection 
drops and every time I stop the firewall it works! I just can't find 
accessible information regarding how to set-up Firestarter to let the 
vpn connection through.

My current set-up in Firestarter is:

In the "Policy" tab > "Inbound traffic policy" > "Allow connections from 
host" > [my vpn IP address]

In the "Policy" tab > "Inbound traffic policy":

Allow service: unknown
Port: 1723
For: my vpn IP address]
In /etc/firestarter/user-pre (i.e., $ sudo gedit 
/etc/firestarter/user-pre) I am using the following settings.

  # Forward PPTP VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state 
NEW,ESTABLISHED,RELATED -j ACCEPT

I'm really stuck with this. Any help would be really appreciated.

Re: [Firestarter-user] Firestarter-user Digest, Vol 47, Issue 1

[<rm....@ja...>]

There's a bit of a difference.  It's iptables that is securing
the server.  Firestarter is simply the front-end tool that
translates the list of rules from something a sysadmin can
readily understand to something that can be fed to iptables.
If the each change to the ruleset is tested successfully,
there isn't a problem.

Now, someone who doesn't test ruleset changes: That's scary!

Just a thought...

Robert


> From: David Cottle <web...@au...>
> Date: Mon, 12 Mar 2012 14:26:15 +1100
> To: "fir...@li..."
> 	<fir...@li...>
>
>
>
> If your seriously securing a server using an abandoned package - that's scary!
>
> Fedora and redhat dropped firestarter. Un maintained means not patched or updated.

Re: [Firestarter-user] Using firestarter on Debian -- Is there a programmer in the house ?

[Spud <spu...@gm...>]

A few years back a few people tried to do what your suggesting and it went
nowhere, no one seemed interested.

I do however hope you have more luck then they did.


On 12 March 2012 09:09, Fuzzy TheBear <fuz...@gm...> wrote:

> Gentlemen
>
> I been using firestarter for years on the gateway and been subscribed to
> this list
> since 2005 and kept an eye on the status of the project and always was
> interrested in it.
> It's a great little peice of software that was written and abandoned.
>
> Im not a programmer ,but im a linux user for 11 years .
>
> I still hope a programmer will have one day the time and interrest in
> picking this project back up.
>
> It cannot be a one man project.
> There is support , this list , bug reports , decisions on what direction
> to take Firestarter and
> a bunch of people on IRC that need help with a product like this.
>
> It is a worthy endeavour. That firewall kept me safe since 2005 and i
> haven't had a case of
> anyone behind my firewall ever being intruded upon , though i been inder
> several attacks from the outside.
>
> It is a robust protection . There is interrest in the product and an
> update to it would be welcomed.
> Question is .. will a programmer show interrest  ?
>
> Is there a programmer in the house willing to help  ?
>
> There's a bunch of willing people to back your efforts on this list.
>
>
> Sincerely
>
> Richard Hebert
>
>
>
>
> On 03/11/2012 05:00 AM, Bret Busby wrote:
> > On 11/03/2012, rob stone<flo...@gm...>  wrote:
> >> Hello,
> >>
> >> Debian version:-
> >> Linux roblaptop 3.2.0-1-amd64 #1 SMP Fri Feb 17 05:17:36 UTC 2012 x86_64
> >> GNU/Linux
> >>
> >> Firestarter version 1.0.3
> >>
> >> Installing firestarter via synaptic puts the shell script in the rcS.d
> >> path and is run prior to any network being available and subsequently
> >> killed by network-manager. It should be in rc2.d, etc. paths and start
> >> AFTER all other network services.
> >>
> >> My suggestion would be to run it in two stages. In rcS.d run a script
> >> that sets up the kernel variables and loads iptables, and then after
> >> networking has been established, start the gui.
> >>
> >> Also, it is the isc-dhcp-client packages that provide DHCP and
> >> consequently the documentation needs updating.
> >>
> >> Where can I find documentation about the scripts and configuration files
> >> held in /etc/firestarter??? I can see that some things are updateable
> >> via the preferences tab, but how do you use user-post and user-pre
> >> scripts??
> >>
> >> The current version of iptables supports the ulog daemon. I suggest that
> >> you use this instead of flooding syslog. That way dropped packets are
> >> all in the one log.
> >>
> >> My logs were being flooded with firestarter dropped packages at the rate
> >> of one per minute, so I cobbled together my own rules for iptables,
> >> using the ulog daemon, and now firestarter just reports the odd packet
> >> with a condition not being trapped by "my" rules. This is NOT ideal. Is
> >> it O.K. if I modify your scripts to use the ulog daemon???
> >>
> >> Regards,
> >> Rob
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Virtualization&  Cloud Management Using Capacity Planning
> >> Cloud computing makes use of virtualization - but cloud computing
> >> also focuses on allowing computing to be delivered as a service.
> >> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> >> _______________________________________________
> >> Firestarter-user mailing list
> >> To unsubscribe, visit
> >> https://lists.sourceforge.net/lists/listinfo/firestarter-user
> >>
> >
> > Hello.
> >
> > In response to a query that I posted a while ago, it was posted on
> > this list that Firestarter has been abandoned.
> >
> > Refusing to accept that, I sent messages to both the developer of
> > Firestarter, and, to the Debian package maintainer for Firestarter,
> > querying the status of Firestarter.
> >
> > I have not received even an acknowledgment from either of those
> > people, so Firestarter appears to be" dead in the water" - abandoned
> > by the people held to be responsible for the development and
> > maintenance of it.
> >
> > So, your posting of suggestions for improvements of Firestarter, would
> > appear to be as likely to have an effect, as dropping a bottle with a
> > message asking for a rescue, down an abandoned well.
> >
> > It is unfortunate, and I regret posting this message, but I believe
> > that it needs to be said.
> >
>
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit
> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>



-- 
db

It denos't mtater waht oredr the ltteers in a wrod are, it's olny iprmoatnt
taht the frist and lsat ltteer be at the rghit pclae.The rset can be a
total mses and you can sitll raed it wouthit porbelm.Tihs is bcuseae the
huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.

Re: [Firestarter-user] Firestarter-user Digest, Vol 47, Issue 1

[David C. <web...@au...>]

If your seriously securing a server using an abandoned package - that's scary!

Fedora and redhat dropped firestarter. Un maintained means not patched or updated.


Sent from my iPhone

On 12/03/2012, at 13:10, Balasubramaniam Natarajan <bal...@gm...> wrote:

> Though it is abandoned it still does the basic job very well.
> 
> 
> Hello.
> 
> In response to a query that I posted a while ago, it was posted on
> this list that Firestarter has been abandoned.
> 
> Refusing to accept that, I sent messages to both the developer of
> Firestarter, and, to the Debian package maintainer for Firestarter,
> querying the status of Firestarter.
> 
> I have not received even an acknowledgment from either of those
> people, so Firestarter appears to be" dead in the water" - abandoned
> by the people held to be responsible for the development and
> maintenance of it.
> 
> So, your posting of suggestions for improvements of Firestarter, would
> appear to be as likely to have an effect, as dropping a bottle with a
> message asking for a rescue, down an abandoned well.
> 
> It is unfortunate, and I regret posting this message, but I believe
> that it needs to be said.
> 
> --
> Bret Busby
> Armadale
> West Australia
> ..............
> 
> "So once you do know what the question actually is,
>  you'll know what the answer means."
> - Deep Thought,
>  Chapter 28 of Book 1 of
>  "The Hitchhiker's Guide to the Galaxy:
>  A Trilogy In Four Parts",
>  written by Douglas Adams,
>  published by Pan Books, 1992
> 
> ....................................................
> 
> 
> 
> ------------------------------
> 
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> 
> ------------------------------
> 
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user
> 
> End of Firestarter-user Digest, Vol 47, Issue 1
> ***********************************************
> 
> 
> 
> -- 
> Regards,
> Balasubramaniam Natarajan
> www.etutorshop.com/moodle/
> 
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

Re: [Firestarter-user] Firestarter-user Digest, Vol 47, Issue 1

[Balasubramaniam N. <bal...@gm...>]

Though it is abandoned it still does the basic job very well.


> Hello.
>
> In response to a query that I posted a while ago, it was posted on
> this list that Firestarter has been abandoned.
>
> Refusing to accept that, I sent messages to both the developer of
> Firestarter, and, to the Debian package maintainer for Firestarter,
> querying the status of Firestarter.
>
> I have not received even an acknowledgment from either of those
> people, so Firestarter appears to be" dead in the water" - abandoned
> by the people held to be responsible for the development and
> maintenance of it.
>
> So, your posting of suggestions for improvements of Firestarter, would
> appear to be as likely to have an effect, as dropping a bottle with a
> message asking for a rescue, down an abandoned well.
>
> It is unfortunate, and I regret posting this message, but I believe
> that it needs to be said.
>
> --
> Bret Busby
> Armadale
> West Australia
> ..............
>
> "So once you do know what the question actually is,
>  you'll know what the answer means."
> - Deep Thought,
>  Chapter 28 of Book 1 of
>  "The Hitchhiker's Guide to the Galaxy:
>  A Trilogy In Four Parts",
>  written by Douglas Adams,
>  published by Pan Books, 1992
>
> ....................................................
>
>
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>
> ------------------------------
>
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit
> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>
> End of Firestarter-user Digest, Vol 47, Issue 1
> ***********************************************
>



-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/

[Firestarter-user] Using firestarter on Debian -- Is there a programmer in the house ?

[Fuzzy T. <fuz...@gm...>]

Gentlemen

I been using firestarter for years on the gateway and been subscribed to 
this list
since 2005 and kept an eye on the status of the project and always was 
interrested in it.
It's a great little peice of software that was written and abandoned.

Im not a programmer ,but im a linux user for 11 years .

I still hope a programmer will have one day the time and interrest in 
picking this project back up.

It cannot be a one man project.
There is support , this list , bug reports , decisions on what direction 
to take Firestarter and
a bunch of people on IRC that need help with a product like this.

It is a worthy endeavour. That firewall kept me safe since 2005 and i 
haven't had a case of
anyone behind my firewall ever being intruded upon , though i been inder 
several attacks from the outside.

It is a robust protection . There is interrest in the product and an 
update to it would be welcomed.
Question is .. will a programmer show interrest  ?

Is there a programmer in the house willing to help  ?

There's a bunch of willing people to back your efforts on this list.


Sincerely

Richard Hebert




On 03/11/2012 05:00 AM, Bret Busby wrote:
> On 11/03/2012, rob stone<flo...@gm...>  wrote:
>> Hello,
>>
>> Debian version:-
>> Linux roblaptop 3.2.0-1-amd64 #1 SMP Fri Feb 17 05:17:36 UTC 2012 x86_64
>> GNU/Linux
>>
>> Firestarter version 1.0.3
>>
>> Installing firestarter via synaptic puts the shell script in the rcS.d
>> path and is run prior to any network being available and subsequently
>> killed by network-manager. It should be in rc2.d, etc. paths and start
>> AFTER all other network services.
>>
>> My suggestion would be to run it in two stages. In rcS.d run a script
>> that sets up the kernel variables and loads iptables, and then after
>> networking has been established, start the gui.
>>
>> Also, it is the isc-dhcp-client packages that provide DHCP and
>> consequently the documentation needs updating.
>>
>> Where can I find documentation about the scripts and configuration files
>> held in /etc/firestarter??? I can see that some things are updateable
>> via the preferences tab, but how do you use user-post and user-pre
>> scripts??
>>
>> The current version of iptables supports the ulog daemon. I suggest that
>> you use this instead of flooding syslog. That way dropped packets are
>> all in the one log.
>>
>> My logs were being flooded with firestarter dropped packages at the rate
>> of one per minute, so I cobbled together my own rules for iptables,
>> using the ulog daemon, and now firestarter just reports the odd packet
>> with a condition not being trapped by "my" rules. This is NOT ideal. Is
>> it O.K. if I modify your scripts to use the ulog daemon???
>>
>> Regards,
>> Rob
>>
>>
>> ------------------------------------------------------------------------------
>> Virtualization&  Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Firestarter-user mailing list
>> To unsubscribe, visit
>> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>>
>
> Hello.
>
> In response to a query that I posted a while ago, it was posted on
> this list that Firestarter has been abandoned.
>
> Refusing to accept that, I sent messages to both the developer of
> Firestarter, and, to the Debian package maintainer for Firestarter,
> querying the status of Firestarter.
>
> I have not received even an acknowledgment from either of those
> people, so Firestarter appears to be" dead in the water" - abandoned
> by the people held to be responsible for the development and
> maintenance of it.
>
> So, your posting of suggestions for improvements of Firestarter, would
> appear to be as likely to have an effect, as dropping a bottle with a
> message asking for a rescue, down an abandoned well.
>
> It is unfortunate, and I regret posting this message, but I believe
> that it needs to be said.
>

Re: [Firestarter-user] Using firestarter on Debian -- suggested improvements

[Bret B. <bre...@gm...>]

On 11/03/2012, rob stone <flo...@gm...> wrote:
> Hello,
>
> Debian version:-
> Linux roblaptop 3.2.0-1-amd64 #1 SMP Fri Feb 17 05:17:36 UTC 2012 x86_64
> GNU/Linux
>
> Firestarter version 1.0.3
>
> Installing firestarter via synaptic puts the shell script in the rcS.d
> path and is run prior to any network being available and subsequently
> killed by network-manager. It should be in rc2.d, etc. paths and start
> AFTER all other network services.
>
> My suggestion would be to run it in two stages. In rcS.d run a script
> that sets up the kernel variables and loads iptables, and then after
> networking has been established, start the gui.
>
> Also, it is the isc-dhcp-client packages that provide DHCP and
> consequently the documentation needs updating.
>
> Where can I find documentation about the scripts and configuration files
> held in /etc/firestarter??? I can see that some things are updateable
> via the preferences tab, but how do you use user-post and user-pre
> scripts??
>
> The current version of iptables supports the ulog daemon. I suggest that
> you use this instead of flooding syslog. That way dropped packets are
> all in the one log.
>
> My logs were being flooded with firestarter dropped packages at the rate
> of one per minute, so I cobbled together my own rules for iptables,
> using the ulog daemon, and now firestarter just reports the odd packet
> with a condition not being trapped by "my" rules. This is NOT ideal. Is
> it O.K. if I modify your scripts to use the ulog daemon???
>
> Regards,
> Rob
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit
> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>


Hello.

In response to a query that I posted a while ago, it was posted on
this list that Firestarter has been abandoned.

Refusing to accept that, I sent messages to both the developer of
Firestarter, and, to the Debian package maintainer for Firestarter,
querying the status of Firestarter.

I have not received even an acknowledgment from either of those
people, so Firestarter appears to be" dead in the water" - abandoned
by the people held to be responsible for the development and
maintenance of it.

So, your posting of suggestions for improvements of Firestarter, would
appear to be as likely to have an effect, as dropping a bottle with a
message asking for a rescue, down an abandoned well.

It is unfortunate, and I regret posting this message, but I believe
that it needs to be said.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

[Firestarter-user] Using firestarter on Debian -- suggested improvements

[rob s. <flo...@gm...>]

Hello,

Debian version:-
Linux roblaptop 3.2.0-1-amd64 #1 SMP Fri Feb 17 05:17:36 UTC 2012 x86_64
GNU/Linux

Firestarter version 1.0.3

Installing firestarter via synaptic puts the shell script in the rcS.d
path and is run prior to any network being available and subsequently
killed by network-manager. It should be in rc2.d, etc. paths and start
AFTER all other network services.

My suggestion would be to run it in two stages. In rcS.d run a script
that sets up the kernel variables and loads iptables, and then after
networking has been established, start the gui.

Also, it is the isc-dhcp-client packages that provide DHCP and
consequently the documentation needs updating. 

Where can I find documentation about the scripts and configuration files
held in /etc/firestarter??? I can see that some things are updateable
via the preferences tab, but how do you use user-post and user-pre
scripts??

The current version of iptables supports the ulog daemon. I suggest that
you use this instead of flooding syslog. That way dropped packets are
all in the one log.

My logs were being flooded with firestarter dropped packages at the rate
of one per minute, so I cobbled together my own rules for iptables,
using the ulog daemon, and now firestarter just reports the odd packet
with a condition not being trapped by "my" rules. This is NOT ideal. Is
it O.K. if I modify your scripts to use the ulog daemon???

Regards,
Rob 

Re: [Firestarter-user] Query about firestarter and IPV6

[David C. <web...@au...>]

Here Bret this is off Ubuntu forums saying don't use it as its dead - unmaintained.

http://ubuntuforums.org/archive/index.php/t-1416373.html



Sent from my iPhone

On 29/02/2012, at 15:17, Bret Busby <bre...@gm...> wrote:

> On 29/02/2012, web...@au... <web...@au...> wrote:
>> Bret,
>> 
>> Firestarter has been abandoned for ages.
> 
> If that is the case, then it is quite unfortunate.
> 
> Due to a number of reasons, when I lost my firewall/gateway server
> that had been running Smoothwall Express, early last year, as I had
> posted on this list, I went through a bit of trouble, and, with
> assistance, managed to get firestarter up and running at about the
> start of April last year, and have been running it since.
> 
> If what you have said is correct, that means, with all of the other
> difficulties in life, I now have to start again from scratch, and
> install and set up and try to get working, another firewall/gateway
> system.
> 
> Just when we start to think that we have a chance to get out of the
> mire, something else drags us back down.
> 
> Several years ago, before I started using Smoothwall Express, I had
> been using an iptables script that had been set up by a local Linux
> User, but it was complicated and I could not update or maintain the
> script, due to its complexity. Then, along came Smoothwall Express,
> which seemed okay to install and set up, but (it was, I think,
> Smoothwall Express 2) I could never figure out how to update it. When
> my firewall/gateway computer that I had been using, failed, I could
> not get Smoothwall Express 3 working, and found a lack of support. So,
> I searched and found firestarter.
> 
> With (I believe) much assistance from Mark Wise, who I assumed to have
> been the developer, or, if not, a very helpful and knowledgeable
> person regarding firestarter, I got the firestarter computer up and
> running, and it has been working away, for the last (almost) year,
> since the start of April last year.
> 
> If firewall has indeed been abandoned, then, I think, it is definitely
> a "Woe is me" situation.
> 
> I have just searcher for, and, found, the web site at
> http://www.fs-security.com/ , which apparently shows the developer of
> firestarter to be Tomas Junnonen
> ("Firestarter and all the contents on this page are © 2000-2007 Tomas
> Junnonen.").
> 
> That web page, being the home page for the firestarter web site, does
> not include mention of Firestarter having been abandoned.
> 
> The web page at  http://en.wikipedia.org/wiki/Firestarter_(firewall)
> shows the status of Firestarter to be discontinued, so I will
> investigate this further.
> 
> So, I have now sent an email message to Tomas Junnonen, asking for
> clarification of the status of Firestarter.
> 
> -- 
> Bret Busby
> Armadale
> West Australia
> ..............
> 
> "So once you do know what the question actually is,
> you'll know what the answer means."
> - Deep Thought,
> Chapter 28 of Book 1 of
> "The Hitchhiker's Guide to the Galaxy:
> A Trilogy In Four Parts",
> written by Douglas Adams,
> published by Pan Books, 1992
> 
> ....................................................
> 
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

Re: [Firestarter-user] Query about firestarter and IPV6

[David C. <web...@au...>]

It's abandoned fedora dropped firestarter back with either fc12 or 13. As its fc16 now your talking years and years ago.

Just as other distros continue to supply it, redhat and fedora dropped it as it is not ipv6 and its been untouched for many years.

Cheers,
David  

Sent from my iPhone

On 29/02/2012, at 15:17, Bret Busby <bre...@gm...> wrote:

> On 29/02/2012, web...@au... <web...@au...> wrote:
>> Bret,
>> 
>> Firestarter has been abandoned for ages.
> 
> If that is the case, then it is quite unfortunate.
> 
> Due to a number of reasons, when I lost my firewall/gateway server
> that had been running Smoothwall Express, early last year, as I had
> posted on this list, I went through a bit of trouble, and, with
> assistance, managed to get firestarter up and running at about the
> start of April last year, and have been running it since.
> 
> If what you have said is correct, that means, with all of the other
> difficulties in life, I now have to start again from scratch, and
> install and set up and try to get working, another firewall/gateway
> system.
> 
> Just when we start to think that we have a chance to get out of the
> mire, something else drags us back down.
> 
> Several years ago, before I started using Smoothwall Express, I had
> been using an iptables script that had been set up by a local Linux
> User, but it was complicated and I could not update or maintain the
> script, due to its complexity. Then, along came Smoothwall Express,
> which seemed okay to install and set up, but (it was, I think,
> Smoothwall Express 2) I could never figure out how to update it. When
> my firewall/gateway computer that I had been using, failed, I could
> not get Smoothwall Express 3 working, and found a lack of support. So,
> I searched and found firestarter.
> 
> With (I believe) much assistance from Mark Wise, who I assumed to have
> been the developer, or, if not, a very helpful and knowledgeable
> person regarding firestarter, I got the firestarter computer up and
> running, and it has been working away, for the last (almost) year,
> since the start of April last year.
> 
> If firewall has indeed been abandoned, then, I think, it is definitely
> a "Woe is me" situation.
> 
> I have just searcher for, and, found, the web site at
> http://www.fs-security.com/ , which apparently shows the developer of
> firestarter to be Tomas Junnonen
> ("Firestarter and all the contents on this page are © 2000-2007 Tomas
> Junnonen.").
> 
> That web page, being the home page for the firestarter web site, does
> not include mention of Firestarter having been abandoned.
> 
> The web page at  http://en.wikipedia.org/wiki/Firestarter_(firewall)
> shows the status of Firestarter to be discontinued, so I will
> investigate this further.
> 
> So, I have now sent an email message to Tomas Junnonen, asking for
> clarification of the status of Firestarter.
> 
> -- 
> Bret Busby
> Armadale
> West Australia
> ..............
> 
> "So once you do know what the question actually is,
> you'll know what the answer means."
> - Deep Thought,
> Chapter 28 of Book 1 of
> "The Hitchhiker's Guide to the Galaxy:
> A Trilogy In Four Parts",
> written by Douglas Adams,
> published by Pan Books, 1992
> 
> ....................................................
> 
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

Re: [Firestarter-user] Query about firestarter and IPV6

[Bret B. <bre...@gm...>]

On 29/02/2012, web...@au... <web...@au...> wrote:
> Bret,
>
> Firestarter has been abandoned for ages.

If that is the case, then it is quite unfortunate.

Due to a number of reasons, when I lost my firewall/gateway server
that had been running Smoothwall Express, early last year, as I had
posted on this list, I went through a bit of trouble, and, with
assistance, managed to get firestarter up and running at about the
start of April last year, and have been running it since.

If what you have said is correct, that means, with all of the other
difficulties in life, I now have to start again from scratch, and
install and set up and try to get working, another firewall/gateway
system.

Just when we start to think that we have a chance to get out of the
mire, something else drags us back down.

Several years ago, before I started using Smoothwall Express, I had
been using an iptables script that had been set up by a local Linux
User, but it was complicated and I could not update or maintain the
script, due to its complexity. Then, along came Smoothwall Express,
which seemed okay to install and set up, but (it was, I think,
Smoothwall Express 2) I could never figure out how to update it. When
my firewall/gateway computer that I had been using, failed, I could
not get Smoothwall Express 3 working, and found a lack of support. So,
I searched and found firestarter.

With (I believe) much assistance from Mark Wise, who I assumed to have
been the developer, or, if not, a very helpful and knowledgeable
person regarding firestarter, I got the firestarter computer up and
running, and it has been working away, for the last (almost) year,
since the start of April last year.

If firewall has indeed been abandoned, then, I think, it is definitely
a "Woe is me" situation.

I have just searcher for, and, found, the web site at
http://www.fs-security.com/ , which apparently shows the developer of
firestarter to be Tomas Junnonen
("Firestarter and all the contents on this page are © 2000-2007 Tomas
Junnonen.").

That web page, being the home page for the firestarter web site, does
not include mention of Firestarter having been abandoned.

The web page at  http://en.wikipedia.org/wiki/Firestarter_(firewall)
shows the status of Firestarter to be discontinued, so I will
investigate this further.

So, I have now sent an email message to Tomas Junnonen, asking for
clarification of the status of Firestarter.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

Re: [Firestarter-user] Query about firestarter and IPV6

[<web...@au...>]

Bret,

Firestarter has been abandoned for ages. I suggest you swap to  
iptables and ip6tables for your needs.

Cheers,

David

Quoting Bret Busby <bre...@gm...>:

> Hello.
>
> I have tonight found the message below, on a local Linux User Group
> (PLUG) mailing list.
>
> I ask whether any implications arise, involving firestarter.
>
> Would we have to reinstall/reconfigure our installations of
> firestarter, upon the implementation of IPV6, and, is firestarter
> compatible with IPV6?
>
> Thank you in anticipation.
>
> --
> Bret Busby
> Armadale
> West Australia
> ..............
>
> "So once you do know what the question actually is,
>  you'll know what the answer means."
> - Deep Thought,
>  Chapter 28 of Book 1 of
>  "The Hitchhiker's Guide to the Galaxy:
>  A Trilogy In Four Parts",
>  written by Douglas Adams,
>  published by Pan Books, 1992
>
> ....................................................
>
> Hi all,
>
> Some of us might be getting IPv6 this year so I though to prepare
> myself for when the time it right. What I found out was that IPv6 does
> not support NAT which shocked me initially. I really like the
> separation of an internal and external network. It allowed me to
> configure my internal firewall to allow access to all machines on the
> internal network by simply specifying 192.168.1.0/24 for example.
> Using NAT on my router also provided me with added security as I could
> map specific protocols to specific computers on the internal network.
> The fact that the internet was running out of addresses was really
> secondary in my thoughts as all I needed was a single IP address.
>
> No with IPv6 on the horizon this is all about to change. I was
> wondering since several of the plug services already support IPv6 if
> anybody could give me some suggestion on how to deal with this ?
>
> Will I need to setup a firewall around each and every device on my
> network ? Since each of them has an "external" address what is
> preventing anybody from accessing it if it didn't have a firewall.
>
> In particular:
> How can I identify all internal devices, do I have to list them
> individually ? Is this done with the prefix ?
>
> My router allows me to set a prefix for internal devices which get
> their address from it using DHCP ? What is preventing me from picking
> the same prefix as somebody else and how is this handled ?
>
> If my local DHCP server is offering IPv6 addresses how are conflicts  
> handled ?
>
> Is it possible to use a personalised scheme in the address. For
> example each machines in a given building (99) use a specific range
> (192.168.99.x). (Not that I have building, just in theory).
> ....................................................
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit  
> https://lists.sourceforge.net/lists/listinfo/firestarter-user
>

[Firestarter-user] Query about firestarter and IPV6

[Bret B. <bre...@gm...>]

Hello.

I have tonight found the message below, on a local Linux User Group
(PLUG) mailing list.

I ask whether any implications arise, involving firestarter.

Would we have to reinstall/reconfigure our installations of
firestarter, upon the implementation of IPV6, and, is firestarter
compatible with IPV6?

Thank you in anticipation.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

Hi all,

Some of us might be getting IPv6 this year so I though to prepare
myself for when the time it right. What I found out was that IPv6 does
not support NAT which shocked me initially. I really like the
separation of an internal and external network. It allowed me to
configure my internal firewall to allow access to all machines on the
internal network by simply specifying 192.168.1.0/24 for example.
Using NAT on my router also provided me with added security as I could
map specific protocols to specific computers on the internal network.
The fact that the internet was running out of addresses was really
secondary in my thoughts as all I needed was a single IP address.

No with IPv6 on the horizon this is all about to change. I was
wondering since several of the plug services already support IPv6 if
anybody could give me some suggestion on how to deal with this ?

Will I need to setup a firewall around each and every device on my
network ? Since each of them has an "external" address what is
preventing anybody from accessing it if it didn't have a firewall.

In particular:
How can I identify all internal devices, do I have to list them
individually ? Is this done with the prefix ?

My router allows me to set a prefix for internal devices which get
their address from it using DHCP ? What is preventing me from picking
the same prefix as somebody else and how is this handled ?

If my local DHCP server is offering IPv6 addresses how are conflicts handled ?

Is it possible to use a personalised scheme in the address. For
example each machines in a given building (99) use a specific range
(192.168.99.x). (Not that I have building, just in theory).
....................................................

Re: [Firestarter-user] Firestarter blocks connections to Guest OS's Hostonly interface

[Balasubramaniam N. <bal...@gm...>]

Any pointers ?

I am unable to ping the Hostonly Interface of the Guest OS from the Host OS
once I start the Firestarter as soon as I disable it I am allowed to ping.

Is there any specific set of entries which I need to set up ? I tried
allowing connections for 192.168.56.0/24, however that did not work :-(

Kindly have a look at the attached Video link I have recorded what I am
encountering.

http://www.youtube.com/watch?v=nYddt0RzBNs



On Fri, Nov 25, 2011 at 5:06 PM, Balasubramaniam Natarajan <
bal...@gm...> wrote:

> Hi Team,
>
> Any updates on how to solve the problem shown.
>
>
> On Thu, Nov 24, 2011 at 10:13 PM, Balasubramaniam Natarajan <
> bal...@gm...> wrote:
>
>> Hi
>>
>> I am unable to ping the Hostonly Interface of the Guest OS from the Host
>> OS once I start the Firestarter as soon as I disable it I am allowed to
>> ping.
>>
>> Is there any specific set of entries which I need to set up ? I tried
>> allowing connections for 192.168.56.0/24, however that did not work :-(
>>
>> Kindly have a look at the attached Video link I have recorded what I am
>> encountering.
>>
>> http://www.youtube.com/watch?v=nYddt0RzBNs
>>
>> --
>> Regards,
>> Balasubramaniam Natarajan
>> www.etutorshop.com/moodle/
>>
>>
>>
>
>
> --
> Regards,
> Balasubramaniam Natarajan
> www.etutorshop.com/moodle/
>
>
>


-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/

Re: [Firestarter-user] Firestarter blocks connections to Guest OS's Hostonly interface

[Balasubramaniam N. <bal...@gm...>]

Hi Team,

Any updates on how to solve the problem shown.

On Thu, Nov 24, 2011 at 10:13 PM, Balasubramaniam Natarajan <
bal...@gm...> wrote:

> Hi
>
> I am unable to ping the Hostonly Interface of the Guest OS from the Host
> OS once I start the Firestarter as soon as I disable it I am allowed to
> ping.
>
> Is there any specific set of entries which I need to set up ? I tried
> allowing connections for 192.168.56.0/24, however that did not work :-(
>
> Kindly have a look at the attached Video link I have recorded what I am
> encountering.
>
> http://www.youtube.com/watch?v=nYddt0RzBNs
>
> --
> Regards,
> Balasubramaniam Natarajan
> www.etutorshop.com/moodle/
>
>
>


-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/

Re: [Firestarter-user] Firestarter blocks connections to Guest OS's Hostonly interface

[<rm....@ja...>]

I am a long way from being a Firestarter expert, and I
don't know for sure whether this will help, but it might
be worth a try:

Ping response is controlled separately from port access.
To set ping response, click on 'Preferences' to bring up
a 'Preferences' window.  Click on 'ICMP Filtering'.  Then,
uncheck the 'Enable ICMP Filtering' and/or check the box
that enables ping responses.

HTH

Robert


> Date: Thu, 24 Nov 2011 22:13:47 +0530
> From: Balasubramaniam Natarajan <bal...@gm...>
> To: fir...@li...
>
>
>
> Hi
>
> I am unable to ping the Hostonly Interface of the Guest OS from the Host OS
> once I start the Firestarter as soon as I disable it I am allowed to ping.
>
> Is there any specific set of entries which I need to set up ? I tried
> allowing connections for 192.168.56.0/24, however that did not work :-(
>
> Kindly have a look at the attached Video link I have recorded what I am
> encountering.
>
> http://www.youtube.com/watch?v=nYddt0RzBNs
>
> -- 
> Regards,
> Balasubramaniam Natarajan
> www.etutorshop.com/moodle/

[Firestarter-user] Firestarter blocks connections to Guest OS's Hostonly interface

[Balasubramaniam N. <bal...@gm...>]

Hi

I am unable to ping the Hostonly Interface of the Guest OS from the Host OS
once I start the Firestarter as soon as I disable it I am allowed to ping.

Is there any specific set of entries which I need to set up ? I tried
allowing connections for 192.168.56.0/24, however that did not work :-(

Kindly have a look at the attached Video link I have recorded what I am
encountering.

http://www.youtube.com/watch?v=nYddt0RzBNs

-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/

Re: [Firestarter-user] Blocking ping requests

[sistersays <sis...@gm...>]

Thanks for the prompt reply.  That fixed the problem.  Now I'm
wondering of there's a down side to that configuration.  Would
appreciate any further thoughts . . .

----------------------------------------------

Your system has achieved a perfect "TruStealth" rating. Not a single
packet — solicited or otherwise — was received from your system as a
result of our security probing tests. Your system ignored and refused
to reply to repeated Pings (ICMP Echo Requests). From the standpoint
of the passing probes of any hacker, this machine does not exist on
the Internet. Some questionable personal security systems expose their
users by attempting to "counter-probe the prober", thus revealing
themselves. But your system wisely remained silent in every way. Very
nice.

Re: [Firestarter-user] Blocking ping requests

[<rm....@ja...>]

I'm not an expert on Firestarter, but I think this is what
you want:

If you click on 'Preferences', it will bring up a 'Preferences'
window.  Click on 'ICMP Filtering'.  Then, check the 'Enable
ICMP Filtering' box but leave all the other boxes _UN_checked.

HTH

Robert


> Date: Sun, 13 Nov 2011 21:29:05 -0600
> From: sistersays <sis...@gm...>
> To: firestarter-user <fir...@li...>
>
> I am running Firestarter in its basic configuration on Debian Squeeze.
>   I ran a test on GRC and got the results posted below.  How can I
> prevent a reply to a ping request?  I know absolutely nothing about
> configuring a firewall.  Googled a bit and looked at the manual but
> didn't see anything understandable. I'm on dialup BTW if that makes a
> difference.  Thanks.
>
> ----------------------------------------------
>
> Results from scan of ports: 0-1055
>
>     0 Ports Open
>     0 Ports Closed
>  1056 Ports Stealth
> ---------------------
>  1056 Ports Tested
>
> ALL PORTS tested were found to be: STEALTH.
>
> TruStealth: FAILED - ALL tested ports were STEALTH,
>                    - NO unsolicited packets were received,
>                    - A PING REPLY (ICMP Echo) WAS RECEIVED.
>
> Solicited TCP Packets: PASSED ? No TCP packets were received from your
> system as a direct result of our attempts to elicit some response from
> any of the ports listed below ? they are all either fully stealthed or
> blocked by your ISP. However . . .
>
> Unsolicited Packets: PASSED ? No Internet packets of any sort were
> received from your system as a side-effect of our attempts to elicit
> some response from any of the ports listed above. Some questionable
> personal security systems expose their users by attempting to
> "counter-probe the prober", thus revealing themselves. But your system
> remained wisely silent. (Except for the fact that not all of its ports
> are completely stealthed as shown below.)
>
> Ping Reply: RECEIVED (FAILED) ? Your system REPLIED to our Ping (ICMP
> Echo) requests, making it visible on the Internet. Most personal
> firewalls can be configured to block, drop, and ignore such ping
> requests in order to better hide systems from hackers. This is highly
> recommended since "Ping" is among the oldest and most common methods
> used to locate systems prior to further exploitation.
>
> ------------------------------------------------------------------------------
> RSA(R) Conference 2012
> Save $700 by Nov 18
> Register now
> http://p.sf.net/sfu/rsa-sfdev2dev1
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

[Firestarter-user] Blocking ping requests

[sistersays <sis...@gm...>]

I am running Firestarter in its basic configuration on Debian Squeeze.
  I ran a test on GRC and got the results posted below.  How can I
prevent a reply to a ping request?  I know absolutely nothing about
configuring a firewall.  Googled a bit and looked at the manual but
didn't see anything understandable. I'm on dialup BTW if that makes a
difference.  Thanks.

----------------------------------------------

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

Solicited TCP Packets: PASSED — No TCP packets were received from your
system as a direct result of our attempts to elicit some response from
any of the ports listed below — they are all either fully stealthed or
blocked by your ISP. However . . .

Unsolicited Packets: PASSED — No Internet packets of any sort were
received from your system as a side-effect of our attempts to elicit
some response from any of the ports listed above. Some questionable
personal security systems expose their users by attempting to
"counter-probe the prober", thus revealing themselves. But your system
remained wisely silent. (Except for the fact that not all of its ports
are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP
Echo) requests, making it visible on the Internet. Most personal
firewalls can be configured to block, drop, and ignore such ping
requests in order to better hide systems from hackers. This is highly
recommended since "Ping" is among the oldest and most common methods
used to locate systems prior to further exploitation.

Re: [Firestarter-user] another question about multiple interfaces

[<rm....@ja...>]

Thank you!!!  That will undoubtedly do the trick!

Robert


> Date: Mon, 31 Oct 2011 09:49:43 -0400
> From: "Mark L. Wise" <ma...@al...>
> To: fir...@li...
>
> Without modifying firestarter scripts at all, you could add the IPCHAINS 
> rules in user-pre (or user-post)
>
> $IPT -A INPUT -s 192.168.10.0/24 -i eth1 -j ACCEPT
> $IPT -A OUTPUT -d 192.168.10.0/24 -o eth1 -j ACCEPT
>
> (Substitute your internal net address of course!)
>
> Mark
>
> On 10/30/2011 9:01 PM, Robert M. Riches Jr. wrote:
> > (New list subscriber--Googled but came up empty--didn't find a
> > way to search the list archives.)
> >
> > I'm trying to set up something like an LTSP situation: one
> > machine with eth0 connected to the outside world (through a NAT
> > box, of course) and eth1 connected to some small client machines.
> > The client machines will run only a VNC client, JACK (for audio),
> > and maybe something to do USB over IP.  I need to allow traffic
> > over eth1 but _NOT_ do forwarding.
> >
> > On the Firestarter website, I saw mention from 2005 that a new
> > version was being developed to support multiple interfaces.  Is
> > there any news since six years ago on that topic?
> >
> > I had things set up that I thought would work, with eth0 marked
> > as the external interface and eth1 as the internal interface but
> > with no sharing.  However, the INBOUND and OUTBOUND chains are
> > operative only over eth0 ($IF in the scripts).
> >
> > With Firestarter 1.0.3 on Mageia 1, I see the rules for INBOUND
> > and OUTBOUND chains at lines 408 and 419 of 'firewall'.  As a
> > quick-and-dirty hack until something else better comes along,
> > would there be anything too seriously dangerous about adding a
> > IFHACK variable to inbound/setup and outbound/setup and making
> > copies of those two lines using $IFHACK instead of $IF?
> >
> > Is there a better way to allow traffic over my eth1?
> >
> > Thanks,
> >
> > Robert
> > spa...@ja...
> > (Yes, that is one of my valid email addresses.)
> >
> > ------------------------------------------------------------------------------
> > Get your Android app more play: Bring it to the BlackBerry PlayBook
> > in minutes. BlackBerry App World&#153; now supports Android&#153; Apps
> > for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple
> > it is! http://p.sf.net/sfu/android-dev2dev
> > _______________________________________________
> > Firestarter-user mailing list
> > To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user
> >
>
> -- 
> Mark L. Wise
>
> Alpha II Service, Inc.
> 1312 Epworth Ave
> Reynoldsburg, Ohio 43068-2116
> USA
>
> Office: (614) 868-5033
> Fax: (614) 868-1060
> Email: ma...@al...
> WEB: www.alpha2.com
>
> "People do not quit playing because they grow old; they grow old because 
> they quit playing."
>
> Oliver Wendell Holmes
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> ------------------------------------------------------------------------------
> Get your Android app more play: Bring it to the BlackBerry PlayBook 
> in minutes. BlackBerry App World&#153; now supports Android&#153; Apps 
> for the BlackBerry&reg; PlayBook&#153;. Discover just how easy and simple 
> it is! http://p.sf.net/sfu/android-dev2dev
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user

Re: [Firestarter-user] Service Forwarding.

[Mark L. W. <ma...@al...>]

It is very possible that the forwarding is working properly, but 
something is blocking the replies from the web server.  Make sure that 
you have not blocked outbound traffic ORIGINATING on the firestarter server.

You can debug this by running tcpdump -ieth0 on the firestarter machine 
(assuming eth0 is the public side and eth1 is the private side)

Then attempt from the outside to access the web server.

You should see TCP traffic coming into the firestarter box AND REPLIES 
GOING BACK.  If you don't see the reply traffic, then I would guess that 
you have a setting or user-pre/user-post entry that is blocking outbound 
tcp traffic originating from your firestarter box.

You could add this rule to the /etc/firestarter/user-pre file:

$IPT -A OUTPUT -s 192.168.10.0/24 -d 0.0.0.0/0 -o eth0 -j ACCEPT
$IPT -A OUTPUT -s 192.168.10.0/24 -d 0.0.0.0/0 -i eth1 -j ACCEPT

These rules should allow any traffic from the network 192.168.10. on 
eth1 to go out eth0.

(Substitute your internal IP address space for the 192.168.10.0 network)

I am surprised that there is not an entry in 
/etc/firestarter/inbound/forward

It should look like this:

HTTP, 80, 192.168.10.1, 80, Allow access to internal web server

(Again, modify the 192.168.10.1 IP to be your internal web IP)

I hope this points you in the right direction.

Mark



On 10/28/2011 7:11 PM, ad...@mm... wrote:
> Mark,
>
> Yes I can ping outside machines from my local net and browse the web and
> everything works fine.
> The only thing that refuses to work is forwarding ports to my webserver.
>
> The webserver is a raq550 with Bluequartz and works perfectly.
> I can access it perfectly on the internal lan.
>
> I did an nmap against the webserver, and forwarded all the open ports
> with firewall.
> It is way more than is needed, but still it will not be visible from the
> outside.
> I check from the outside with a laptop at my router before the firewalll
> as well as with an iphone through 3G.
>
>
> I have in my local.rc file the entry
>
> echo "1">  /proc/sys/net/ipv4/ip_forward
>
> so I make sure it is set at every boot.
>
> If that were the problem then, I wouldn't have been able to browse the
> internet from the internal lan.
> Again, I can do anything with any of the internal lan machines.
>
> I even installed firefox on the raq550 and can browse from it too, so
> there is absolutely no problem there with DNS else browsing would be
> impossible. The gateway entries are also correct and shows to the
> firewall where firestarter resides.
>
> The problem is with Firestarter exporting ports to the raq550 and I
> narrowed the problem down to firestarter.
> Firestarter does everything else right, Doing a portscan with nmap
> against my static IP shows everything stealth when I do not forward
> ports, but shows the ports I forwarded as open once I do port forwarding.
>
> But,
> $] cat /etc/firestarter/inbound/forward
> is an empty file.
>
> Another problem I noticed is that firestarter cannot show active
> connections.
> The var log messages says:
> Error reading /proc/net/IP_conntrack No Such File or Directory.
>
> Firestarter is running on
> ~]# cat /proc/version
> Linux version 2.6.23.17-88.fc7 (moc...@xe...)
> (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) #1 SMP Thu May 15
> 00:35:10 EDT 2008
> The servers are all rackservers and the firewall is an IBM 336 Dual
> 64-bit CPU  Dual core 3.x GHZ.
> It is the slowest machine I have to use as a firewall.
>
> I fell back to FC7 as Firestarter absolutely refuses to work on FC-15 or
> the Latest Debian.
> On both FC-15 and Debian, firestarter shuts down the interfaces after an
> hour.
> ifconfig, shows that, and when I remove firestarter the interfaces are
> not shut down after an hour.
>
> I used Firestarter on FC7 for years without problems, so I fell back to it.
> It works really great on FC-7 except for port forwarding, which is
> seemingly dead as a doornail.
> One test I did was to verify that firestarter does forward Port 80 to
> the webserver correctly, but it seemingly refuses the replies which
> doesn't make sense at all.
>
> I would hate to learn IPtables again as I was burnt learning ipchains,
> just to have them change everything to iptables as soon as I understood
> ipchains.
>
> With my minimum knowledge of Iptables, I could write a script that works
> better than firestarter to forward the needed ports and I could at least
> start getting responses from my webserver from the internet, but my
> knowledge is too limited to trust that it is ready to be used.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Mark L. Wise wrote:
>> Would you be able to post the contents of
>> /etc/firestarter/inbound/forward here?
>>
>> Can you ping outside machines from your local net?
>>
>> do more /proc/sys/net/ipv4/ip_forward   (Your location may be different,
>> this is Fedora)
>>
>> Does it contain a "1"?
>>
>> Mark
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> Get your Android app more play: Bring it to the BlackBerry PlayBook
> in minutes. BlackBerry App World™ now supports Android™ Apps
> for the BlackBerry® PlayBook™. Discover just how easy and simple
> it is! http://p.sf.net/sfu/android-dev2dev
> _______________________________________________
> Firestarter-user mailing list
> To unsubscribe, visit https://lists.sourceforge.net/lists/listinfo/firestarter-user
>

-- 
Mark L. Wise

Alpha II Service, Inc.
1312 Epworth Ave
Reynoldsburg, Ohio 43068-2116
USA

Office: (614) 868-5033
Fax: (614) 868-1060
Email: ma...@al...
WEB: www.alpha2.com

"People do not quit playing because they grow old; they grow old because 
they quit playing."

Oliver Wendell Holmes

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[Firestarter-user] Failed to open system log

[BR W. <bwr...@gm...>]

I am running Ubuntu 11.10.  Ever since Ubuntu 11.04, when you launch 
Firestarter you get the "Firestarter error" message as follows.

Failed to open the system log

No event information will be available

My question is:  How does one open a "Firestarter system log", where is 
it located, what is it named, and can this be done manually by me?

Thanks for any help you can give.