Hi, I'm using Firestarter as my firewall. If I restart the network or my DSL line goes down, I have to manually restart Firestarter. I have sh /etc/firestarter/firestarter.sh stop and then sh /etc/firestarter/firestarter.sh start in my ip-up.local file. I confirmed ip-up.local us being executed by placing an entry in the logs, but it appears firestarter is not or at least not correctly. Does anyone have a suggestion as how I could further troubleshoot this problem? Thanks for your help.
Ed Warner wrote:> Hi, > > I'm using Firestarter as my firewall. If I restart the network or my DSL line goes down, I have to manually restart Firestarter. > > I have sh /etc/firestarter/firestarter.sh stop and then sh /etc/firestarter/firestarter.sh start in my ip-up.local file. > > I confirmed ip-up.local us being executed by placing an entry in the logs, but it appears firestarter is not or at least not correctly. > > Does anyone have a suggestion as how I could further troubleshoot this problem? > Thanks for your help. > >why aren't you starting your firewall from /etc/rc.d/init.d/firestarter, with symlinks in the usual /etc/rc.d/rc?.d/{K|S}##firestarter I've never -heard- of dinking with the ifup-***** scripts for any reason
> Message: 22 > Date: Mon, 10 Aug 2009 02:09:58 +0200 > From: Olaf Mueller <daily-planet at istari.de> > Subject: Re: [CentOS] Execution from ip-up.local > To: centos at centos.org > Message-ID: <1587893.OjVOrq4qrm at weidenwinde.istari.de> > Content-Type: text/plain; charset=us-ascii > > John R Pierce wrote: > > > Ed Warner wrote: > >> I'm using Firestarter as my firewall. If I restart > the network or my > >> DSL line goes down, I have to manually restart > Firestarter. > > >> Does anyone have a suggestion as how I could > further troubleshoot > >> this problem? > Remove the original firestarter line from > /etc/ppp/ip-up.local and add > the following line to /etc/ppp/ip-up.local: > /etc/firestarter/firestarter.sh start > > And the following line to /etc/ppp/ip-down.local: > /etc/firestarter/firestarter.sh stop > > Also disable firestarter as a service (chkconfig > firestarter off) and > take a look in /etc/ppp/ip-up.local for broken code. > Is /etc/ppp/ip-up.local executable in a bash console? > > > why aren't you starting your firewall from > > /etc/rc.d/init.d/firestarter, with symlinks in the > usual > > /etc/rc.d/rc?.d/{K|S}##firestarter > Cause ip changes on every dial-in for internet connections > without a > static ip. > > > I've never -heard- of dinking with the ifup-***** > scripts for any > > reason > This is an option in firestarter configuration since 2005. > See for more > in firestarter Changelog: > > 2005-01-09 Tomas Junnonen <tomas at fs-security.com> > [...] > * src/scriptwriter.c: > - Set execute permissions on > ip-up.local > [...] > > And in scriptwriter.c: > > #define PPP_HOOK_FILE "/etc/ppp/ip-up.local" > const gchar* FIRESTARTER_HOOK = "sh > "FIRESTARTER_CONTROL_SCRIPT" > start\n"; > > > > regards > OlafI tried your suggestions without success. ip-up.local is executable in a bash console and if I do so, I get this message: "iptables v1.3.5: invalid mask '255' specified Try 'iptables -h' for more information. Firewall started
-- On Mon, 8/10/09, Ed Warner <edwarner99 at yahoo.com> wrote:> From: Ed Warner <edwarner99 at yahoo.com> > Subject: Re: CentOS Digest, Vol 55, Issue 10 > To: centos at centos.org > Date: Monday, August 10, 2009, 5:39 PM > > I tried your suggestions without > success. ip-up.local is executable in > > a bash console and if I do so, I get this message: > "iptables v1.3.5: > > invalid mask '255' specified Try 'iptables -h' for > more information. > > A subent mask of 255? In my opinion it should be > something like > > <address>/24 or 255.255.255.0. > > Seems to me that your settings are not correct, > firestarter doesn't know > > your subnet mask. > > > > > > regards > > Olaf > > > > >That message is what I don't understand. My subnet is declared correctly, I even went back and checked. Firestarter says it starts but doesn't seem to enable NAT because nothing behind the firewall can reach the internet. Regards Ed Warner