Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th February 2005, 12:02 PM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
Firewall conflicts with firestarter...

Hi all,
I'm still in the process of debugging a server configuration and stumbled on a couple of interesting issues with 'firestarter'. I have "Webmin" installed as an interface for remote admin, and it runs on its own server on port 10000 by default. This application is extremely versatile and you can configure iptables from within the interface in the networking module.

Out of curiosity I installed 'firestarter v1.0.1' and ran the wizard, but did not set up any specific configuration and exited 'firestarter'.
This means that I have 3 utilities installed with which I could affect iptables, apart from the shell.
1. The 'security level' tool that comes with FC3 by default.
2. The 'Webmin' iptables module
3. 'Firestarter'

Previous to the install of 'firestarter', I had no issues with rebooting and accessing web-content. In other words, the iptables configuration via the 'Webmin' interface remained intact. Once 'firestarter' was installed I consistently was unable to access httpd from other machines on the network, after the server was restarted. After re-applying the "Webmin" iptables config locally, access to the httpd service was restored. I was able to follow the configuration changes via the 'services' app and selecting 'iptables' and querying the status pane. I decided to uninstall 'firestarter' with Synaptic. Synaptic has this cool feature at the end of the uninstall process, warning you of saved files. One of the files was
/etc/firestarter/firewall.rpmsave....a quick su - and 'more firewall.rpmsave' leads me to believe that 'firestarter' can basically hijack an iptables configuration from another app.

I am aware of the conflict that can arise from using the 'security level' tool, but 'firestarter'
seemingly does not dynamically adjust to configuration changes. It just happily hangs onto its configuration and resets iptables on a restart. Funny and vexing.
This is possibly a good thing and I obviously don't want to have a hodgepodge of firewalls
on a server. Just thought this was interesting.

Last edited by Zigzagcom; 27th February 2005 at 12:07 PM.
Reply With Quote
  #2  
Old 28th February 2005, 04:31 AM
Jman Offline
Registered User
 
Join Date: Mar 2004
Location: Minnesota, USA
Age: 28
Posts: 7,909
Firestarter replaces the default iptables script with it's own and starts it's own service, replacing it. How this relates to webmin I don't know.
Reply With Quote
  #3  
Old 2nd March 2005, 01:06 AM
aztlan Offline
Registered User
 
Join Date: Mar 2005
Posts: 2
firewall

Why install the firestarter and use it over what comes with fc3? Is there an advantage?
Reply With Quote
  #4  
Old 2nd March 2005, 03:46 AM
crackers Offline
Retired Community Manager
 
Join Date: Feb 2004
Location: Seattle, WA, USA
Age: 57
Posts: 3,423
You get a much finer-grained control over ports, IP addresses, masquerading/NAT, and basically the full power of IPTables in a very easy to use GUI.
__________________
Linux User #28251 (April '93)
Professional Java Geek :cool:
Reply With Quote
  #5  
Old 2nd March 2005, 05:43 AM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
aztlan,
it was an experiment. Just as in Windows, certain firewall and AV utilities do not play well with one another when installed in parallel. I installed firestarter out of curiosity. I wanted to see what it does, how it works and the overall functionality overall. It would be a great firewall for a desktop environment. I have since removed it from the configuration, as it conflicted with the Webmin interface.
For me it is important to have remote access via a GUI, since I am still learning iptables via the shell and therfore is a good crutch. I have only been doing this for 1 1/2 months on linux (FC3 of course).
Reply With Quote
  #6  
Old 2nd March 2005, 11:29 AM
aztlan Offline
Registered User
 
Join Date: Mar 2005
Posts: 2
Thank you for explaining in detail. I am new to fdc3 but not linux. I have installed fd3 on a laptop that I use at hot spots and was hoping that I have it sufficiently locked down to use in an open environment.
Reply With Quote
  #7  
Old 5th March 2005, 11:02 PM
SeanOS Offline
Registered User
 
Join Date: Feb 2005
Location: Ireland, Dublin
Age: 31
Posts: 15
I used firestarter for all of a day.
found that it wasn't the best at the rules it did & in my case it didn't do as it was supposed to (it blocked things I set it to not block).

after that I just configured iptables manually ... found it fairly easy, took a few hours to read up on iptables & configure the firewall for what I wanted.
Reply With Quote
Reply

Tags
conflicts, firestarter, firewall

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall - FireStarter Xavior Security and Privacy 0 17th June 2007 01:59 AM
Configure Firewall (Firestarter) Jman Guides & Solutions (No Questions) 3 21st June 2005 03:31 PM
Firestarter firewall boomer ang Servers & Networking 6 3rd November 2004 07:26 PM


Current GMT-time: 02:16 (Sunday, 31-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat