Hello,

Nikola Skoric a écrit :
>
> I connect to Internet using KNetworkManager over eth0 to ADSL
> modem. Everything works great, no problems there. But, today I
> connected my sister's winXP through a crossover to my eth1,
> started firestarter and did that incredibly trivial wizard.

Do you mean that you didn't use firestarter before ?

> When I click
> "save" on that wizard (or whenever i try to start the firewall) I get
> "Failed to start the firewall. The device eth0 is not ready." error.
> What do you mean "not ready", I'm using eth0 while writing this
> post...

The output of "ifconfig -a" may help tell what's wrong with eth0.

> And, of course, the winXP machine can't reach the Internet.

Are the two boxes able to communicate with each other at IP layer at least ?

Dana Mon, 10 Sep 2007 16:54:37 +0200,
Pascal Hambourg kaze:
> Hello,
>
> Nikola Skoric a écrit :
>>
>> I connect to Internet using KNetworkManager over eth0 to ADSL
>> modem. Everything works great, no problems there. But, today I
>> connected my sister's winXP through a crossover to my eth1,
>> started firestarter and did that incredibly trivial wizard.
>
> Do you mean that you didn't use firestarter before ?

Sorry for the delay, I had angina in the mean time :-)

No, I didn't use firestarter before.

>> When I click
>> "save" on that wizard (or whenever i try to start the firewall) I get
>> "Failed to start the firewall. The device eth0 is not ready." error.
>> What do you mean "not ready", I'm using eth0 while writing this
>> post...
>
> The output of "ifconfig -a" may help tell what's wrong with eth0.

nick@rilmir:~$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0E:2E:028:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:597 errors:0 dropped:0 overruns:0 frame:0
TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:739760 (722.4 KiB) TX bytes:32226 (31.4 KiB)
Interrupt:19 Base address:0x8000

eth1 Link encap:Ethernet HWaddr 00:40:F4:B3:67:31
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:20

eth0:avah Link encap:Ethernet HWaddr 00:0E:2E:028:C9
inet addr:169.254.7.190 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0x8000

eth1:avah Link encap:Ethernet HWaddr 00:40:F4:B3:67:31
inet addr:169.254.6.211 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
Interrupt:20

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3060 (2.9 KiB) TX bytes:3060 (2.9 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:78.0.79.74 P-t-P:172.29.252.37 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:542 errors:0 dropped:0 overruns:0 frame:0
TX packets:312 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:724456 (707.4 KiB) TX bytes:16550 (16.1 KiB)



>> And, of course, the winXP machine can't reach the Internet.
>
> Are the two boxes able to communicate with each other at IP layer at least ?

Nope. I set default gateway on the XP machine to point to my Linux machine,
but ping can't reach windows from linux and vice versa.

--
"Now the storm has passed over me
I'm left to drift on a dead calm sea
And watch her forever through the cracks in the beams
Nailed across the doorways of the bedrooms of my dreams"

>Nope. I set default gateway on the XP machine to point to my Linux machine,
>but ping can't reach windows from linux and vice versa.
-Now you have 2 problems and not 1, The Firestarter 1 and why Linux
can't reach Windows and vice versa.
you should first look why Linux can't reach Windows and vice versa?
Check the cables first for example may there is amatter. From Linux
check the cables and connections with tools like mii-tool and
ethtool eth1 and give us what you find there, And you can check the
cables with atester for example?
-I didn't use firestarter but once, And really I didn't see this error
before but we can search. When you are sure that Linux can reach
Windows and vice versa then you can use alternatives to firestarter
for example to see what's there or the cause of the problem, Do you
use natting for example? So configure it manually may it work tell you
know the cause of the Firestarter problem or error? For example if
your Linux wan interface is eth0 and you use nat flush the iptables
rules and use this rule to configure Linux as agateway for your lan
and enable ip_forward,
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
And you may see Firestarter log may it help you.

Nikola Skoric wrote:
> Dana Mon, 10 Sep 2007 16:54:37 +0200,
> Pascal Hambourg kaze:
>> Hello,
>>
>> Nikola Skoric a écrit :
>>>
>>> I connect to Internet using KNetworkManager over eth0 to ADSL
>>> modem. Everything works great, no problems there. But, today I
>>> connected my sister's winXP through a crossover to my eth1,
>>> started firestarter and did that incredibly trivial wizard.
>>
>> Do you mean that you didn't use firestarter before ?

> Sorry for the delay, I had angina in the mean time :-)

> No, I didn't use firestarter before.

>>> When I click
>>> "save" on that wizard (or whenever i try to start the firewall) I get
>>> "Failed to start the firewall. The device eth0 is not ready." error.
>>> What do you mean "not ready", I'm using eth0 while writing this
>>> post...
>>
>> The output of "ifconfig -a" may help tell what's wrong with eth0.

> nick@rilmir:~$ ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:0E:2E:028:C9
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:597 errors:0 dropped:0 overruns:0 frame:0
> TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:739760 (722.4 KiB) TX bytes:32226 (31.4 KiB)
> Interrupt:19 Base address:0x8000

The eth0 interface doesn't have an IP address assigned, almost certainly
because it's the Ethernet interface for your PPPoE connection. Moreover,
firestarter apparently expects eth0 to be configured with your Internet
IP, which is incorrect.

> eth1 Link encap:Ethernet HWaddr 00:40:F4:B3:67:31
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> Interrupt:20

A private LAN IP address should be configured for eth1 and another in
the same LAN for the M$ machine. However there is no RUNNING present so
something may be amiss with the interface or interface driver. (I've had
very little success in finding out exactly what RUNNING really means.)

> eth0:avah Link encap:Ethernet HWaddr 00:0E:2E:028:C9
> inet addr:169.254.7.190 Bcast:169.254.255.255 Mask:255.255.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Interrupt:19 Base address:0x8000

> eth1:avah Link encap:Ethernet HWaddr 00:40:F4:B3:67:31
> inet addr:169.254.6.211 Bcast:169.254.255.255 Mask:255.255.0.0
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> Interrupt:20

I'd guess the "avah" configurations are related to an M$ idiosyncrasy and
are pretty much useless. Well, unless eth0:avah somehow allows direct
access to the modem. The eth1:avah also doesn't show RUNNING, which might
explain the ping failures in the event that the M$ machine actually has
an IP on it's side of the crossover cable in the 169.254.0.0/16 range.

On reflection, it seems that both eth1 and eth1:avah also lack a "Base
address", aka I/O port. The missing RUNNINGs could well be related to
this lack. You may need to move the card's base address to something
else to avoid conflict with some other hardware port, or specify the
base address at runtime or at module insertion. A "dmesg|grep eth1:"
should show whether or not there is a base address assigned.

> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:36 errors:0 dropped:0 overruns:0 frame:0
> TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3060 (2.9 KiB) TX bytes:3060 (2.9 KiB)

> ppp0 Link encap:Point-to-Point Protocol
> inet addr:78.0.79.74 P-t-P:172.29.252.37 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:542 errors:0 dropped:0 overruns:0 frame:0
> TX packets:312 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:724456 (707.4 KiB) TX bytes:16550 (16.1 KiB)

Your Internet interface is ppp0, not eth0. If firestarter is unable
use ppp0 then you might try modifying this firewall script:

http://iptables-tutorial.frozentux.n...c.firewall.txt

It can be called from /etc/ppp/ip-up and configured using parameters
that pppd passes to ip-up. It also provides SNAT which allows the M$
machine Internet access. It's not incredibly trivial however.

>>> And, of course, the winXP machine can't reach the Internet.
>>
>> Are the two boxes able to communicate with each other at IP layer at least?

> Nope. I set default gateway on the XP machine to point to my Linux machine,
> but ping can't reach windows from linux and vice versa.

Forget firewalling until you get the pings to work.

--
Clifford Kite
/* Bluffing in a poker game can win big; bluffing in a newsgroup
only attracts sharks. */