firestarter not starting at boot. - Debian

This is a discussion on firestarter not starting at boot. - Debian ; Hi all, I went looking for a firewall and found and love firestarter, except that it fails to load at startup. I have to start it manually after I log in, and that sucks. It tries to run when my ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: firestarter not starting at boot.

  1. firestarter not starting at boot.

    Hi all,

    I went looking for a firewall and found and love firestarter, except that
    it fails to load at startup. I have to start it manually after I log in,
    and that sucks. It tries to run when my computer is booting, but it fails.
    Anyone else have a simular problem? Whats the solution? Also, I'm being
    bombarded with incoming traffic on ports 1026, 1027, and 1028. All UPD
    protocol. Once my firewall is started, I don't really need to worry about
    these, but since my firewall isn't starting at boot, like it should, I'm
    worried that I might be at some sort of risk. Is this normal traffic?
    Should I be allowing these incoming connections? Anyone have any idea
    what these connection attempts are about?

    I've also had a number of high-risk connection attempts, though they are
    not nearly so frequent. I get SAMBA connection attempts on port 139 and
    microsoft-ds trying to connect on port 445. I'm thinking that these are
    some sort of hack attempt. The ips are always different, so I suspect my
    hackers are running sort of fakeip program. Is there anything I co do
    about this? or is it safe to ignore these things?

    Thanks All,

    Tony.

  2. Re: firestarter not starting at boot.

    On 08/21/2007 02:56 AM, Tony Peardon wrote:
    > Hi all,
    >
    > I went looking for a firewall and found and love firestarter, except that
    > it fails to load at startup. I have to start it manually after I log in,
    > and that sucks. It tries to run when my computer is booting, but it fails.
    > Anyone else have a simular problem? Whats the solution? Also, I'm being
    > bombarded with incoming traffic on ports 1026, 1027, and 1028. All UPD
    > protocol. Once my firewall is started, I don't really need to worry about
    > these, but since my firewall isn't starting at boot, like it should, I'm
    > worried that I might be at some sort of risk. Is this normal traffic?
    > Should I be allowing these incoming connections? Anyone have any idea
    > what these connection attempts are about?
    >


    UDP ports 1026-1028 relate to Windows; if you're running Debian, don't
    worry about your Debian machine.

    > I've also had a number of high-risk connection attempts, though they are
    > not nearly so frequent. I get SAMBA connection attempts on port 139 and
    > microsoft-ds trying to connect on port 445. I'm thinking that these are
    > some sort of hack attempt.


    Yes

    > The ips are always different, so I suspect my
    > hackers are running sort of fakeip program.


    No, the hackers have control of 500,000 to 1,000,000 different machines.

    > Is there anything I co do
    > about this? or is it safe to ignore these things?
    >
    > Thanks All,
    >
    > Tony.


    If you connect to the Internet using dial-up, I think you can configure
    Firestarter to activate when the ppp link comes up.

    If you have an always-on Internet connection, you might have to use
    update-rc.d (or some other method of renaming scripts in /etc/rcX.d) to
    get firestarter to load later in the boot process.

    IOW, S20firestarter might become S60firestarter. Later in the boot
    process more things are enabled, so the chances that Firestarter will
    load properly are increased.



  3. Re: firestarter not starting at boot.

    Tony Peardon wrote:

    > Hi all,
    >
    > I went looking for a firewall and found and love firestarter, except that
    > it fails to load at startup. I have to start it manually after I log in,
    > and that sucks. It tries to run when my computer is booting, but it fails.
    > Anyone else have a simular problem? Whats the solution? Also, I'm being
    > bombarded with incoming traffic on ports 1026, 1027, and 1028. All UPD
    > protocol. Once my firewall is started, I don't really need to worry about
    > these, but since my firewall isn't starting at boot, like it should, I'm
    > worried that I might be at some sort of risk. Is this normal traffic?
    > Should I be allowing these incoming connections? Anyone have any idea
    > what these connection attempts are about?
    >
    > I've also had a number of high-risk connection attempts, though they are
    > not nearly so frequent. I get SAMBA connection attempts on port 139 and
    > microsoft-ds trying to connect on port 445. I'm thinking that these are
    > some sort of hack attempt. The ips are always different, so I suspect my
    > hackers are running sort of fakeip program. Is there anything I co do
    > about this? or is it safe to ignore these things?
    >
    > Thanks All,
    >
    > Tony.

    Here's what works for my Sid/KDE install

    * In /home/your_username/.kde/Autostart, create a file called firestarter,
    containing this:
    #!/bin/sh
    sudo firestarter --start-hidden
    Set permissions rwx-r-xr-x

    * Add this to /etc/sudoers:
    your_username ALL=NOPASSWD: /usr/sbin/firestarter

    I normally connect to the internet through a router which does a great
    job of filtering out incoming, but I run Firestarter as well. Without
    the router, I see a lot of traffic on ports 1026/7/8 too.



  4. Re: firestarter not starting at boot.

    On Tue, 21 Aug 2007 07:56:41 +0000, Tony Peardon wrote:

    > Hi all,
    >
    > I went looking for a firewall and found and love firestarter, except
    > that it fails to load at startup. I have to start it manually after I
    > log in, and that sucks. It tries to run when my computer is booting, but
    > it fails. Anyone else have a simular problem? Whats the solution?


    Well, firestarter is just a GUI frontend for IP tables, you don't need to
    have the GUI up in order to have the ports closed. If you think about it,
    it seems natural that it couldn't start until the network interface is up
    (since that is what it is going to monitor), which is related to what
    Munia W told you.


    > Also, I'm being
    > bombarded with incoming traffic on ports 1026, 1027, and 1028. All UPD
    > protocol. Once my firewall is started, I don't really need to worry
    > about these, but since my firewall isn't starting at boot, like it
    > should, I'm worried that I might be at some sort of risk. Is this normal
    > traffic? Should I be allowing these incoming connections? Anyone have
    > any idea what these connection attempts are about?
    >


    Yes, normal traffic on the Internet these days. Have a look at your
    syslog, are any of those connections getting through or are they dropped?

    Some could be scans looking for open ports to exploit a vulnerability,
    some are probably just packets that are trying to reach a computer that
    previously had that IP address.


    > I've also had a number of high-risk connection attempts, though they are
    > not nearly so frequent. I get SAMBA connection attempts on port 139 and
    > microsoft-ds trying to connect on port 445. I'm thinking that these are
    > some sort of hack attempt. The ips are always different, so I suspect my
    > hackers are running sort of fakeip program. Is there anything I co do
    > about this? or is it safe to ignore these things?
    >


    Define "high-risk connection attempts". As long as they only try but get
    dropped, can't do you much good to worry about them.

  5. Re: firestarter not starting at boot.

    On Tue, 21 Aug 2007 06:49:18 -0700, Rodney wrote:

    > On Tue, 21 Aug 2007 07:56:41 +0000, Tony Peardon wrote:


    [snip]

    > Well, firestarter is just a GUI frontend for IP tables, you don't need
    > to have the GUI up in order to have the ports closed. If you think about
    > it, it seems natural that it couldn't start until the network interface
    > is up (since that is what it is going to monitor), which is related to
    > what Munia W told you.


    Are you saying that I don't need to have my firewall running in order to
    protect my computer. It will still only allow connections that I've
    authorized with the firewall? If that's the case, then that is great,
    since my machine doesn't have lots of memory. I've got firestarter set to
    restrictive by default, so if I understand correctly, I should only need
    to run firestarter when I want to change something in the firewall, like
    authorize an out-going connection. Is that right? If so, how can I stop
    firestarter from trying to start when my computer boots. If you recall,
    it is failing anyhow.


    >
    >> Also, I'm being
    >> bombarded with incoming traffic on ports 1026, 1027, and 1028. All UPD
    >> protocol. Once my firewall is started, I don't really need to worry
    >> about these, but since my firewall isn't starting at boot, like it
    >> should, I'm worried that I might be at some sort of risk. Is this
    >> normal traffic? Should I be allowing these incoming connections?
    >> Anyone have any idea what these connection attempts are about?
    >>
    >>

    > Yes, normal traffic on the Internet these days. Have a look at your
    > syslog, are any of those connections getting through or are they
    > dropped?


    Sorry, I'm so new. I have no idea where I would find my syslog. From what
    I'm now understanding though, it's unlikely that any of these connection
    attempts has gotten through.

    Thanks lots.

    Tony.

    PS. Where can I get a look at my IP-Tables? And what exactly are they?

  6. Re: firestarter not starting at boot.

    Government satellites recorded Tony Peardon saying:
    >
    > Are you saying that I don't need to have my firewall running in order to
    > protect my computer. It will still only allow connections that I've
    > authorized with the firewall? If that's the case, then that is great,
    > since my machine doesn't have lots of memory. I've got firestarter set to
    > restrictive by default, so if I understand correctly, I should only need
    > to run firestarter when I want to change something in the firewall, like
    > authorize an out-going connection. Is that right? If so, how can I stop
    > firestarter from trying to start when my computer boots. If you recall,
    > it is failing anyhow.


    The supplied kernel has a built-in "table" which is "stealthy" (as some call it)
    and ping is "closed". There is an easier way which I use and doesn't rely on
    iptables, other applications, memory or the kernel and its upgrades: a router. I
    use one and have no problems at all. Should you be wondering which I use, it is
    a di604e by d-link (about 35 USD).

    --
    sk8r-365

    http://goodbye-microsoft.com/

  7. Re: firestarter not starting at boot.

    On 08/21/2007 04:42 PM, Tony Peardon wrote:
    > [...]
    > PS. Where can I get a look at my IP-Tables? And what exactly are they?


    Iptables is a complicated, low-level way to configure the Linux
    firewall. If you're new to Linux, you want to stay with Firestarter.


  8. Re: firestarter not starting at boot.

    Mumia W. wrote:
    > On 08/21/2007 04:42 PM, Tony Peardon wrote:
    >> [...]
    >> PS. Where can I get a look at my IP-Tables? And what exactly are they?

    >
    > Iptables is a complicated, low-level way to configure the Linux
    > firewall. If you're new to Linux, you want to stay with Firestarter.
    >

    Complicated? Not at all. Go here
    http://monmothas.shacknet.nu/firewall/download/
    download the script make it executable drop it in your /etc/rc.d
    directory. Read README for better explanation.

    --
    [Hello to all my friends and fans in domestic surveillance!]
    SHA Nazi NASA Osama MD5 Leuken-Baden Area 51 IMF Dick Cheney cypherpunk
    Cohiba encryption number key military AVN

  9. Re: firestarter not starting at boot.

    [edit]
    >
    > Are you saying that I don't need to have my firewall running in order to
    > protect my computer. It will still only allow connections that I've
    > authorized with the firewall? If that's the case, then that is great,
    > since my machine doesn't have lots of memory. I've got firestarter set
    > to restrictive by default, so if I understand correctly, I should only
    > need to run firestarter when I want to change something in the firewall,
    > like authorize an out-going connection. Is that right? If so, how can I
    > stop firestarter from trying to start when my computer boots. If you
    > recall, it is failing anyhow.
    >
    >


    I'm saying you don't need to have the GUI running on your desktop all
    the time if you installed a Debian package of Firestarter. It sets up
    firestarter to run as a service during init.

    A good place to find the docs on Firestarter is:
    http://www.fs-security.com/docs
    You may want to pay special attention the the topic "persistence of the
    firewall" in the advanced topics section.


    >
    > Sorry, I'm so new. I have no idea where I would find my syslog. From
    > what I'm now understanding though, it's unlikely that any of these
    > connection attempts has gotten through.
    >
    >


    Syslog is in the directory /var/log/
    You don't actually need to look in the syslog if you have the Firestarter
    GUI up because because it has the information displayed on the "Events"
    tab. That could be one reason you might want to use the GUI, if you wanted
    to monitor the hits.


    > PS. Where can I get a look at my IP-Tables? And what exactly are they?


    Well, I would suggest first you enter man iptables in a terminal and read
    through the manual page, then decide if you want to look at the raw
    data or continue to use the GUI for configuration. The policy tab in
    Firestarter has the "rules".

+ Reply to Thread