| View previous topic :: View next topic |
| Author |
Message |
MOS-FET
Apprentice
Joined: 20 May 2003
Posts: 291
Location: Cologne, Germany
|
 Posted: Thu Aug 21, 2003 7:08 am Post subject: firestarter / iptables and reboots |
 |
|
hello,
i've emerged firestarter + iptables. when i start firestarter, config everything like i want it works perfectly. firewall is up and running. but how the heck do i save the firewall rules and load them at boot? currently, i've tried this:
start firestarter, config everything, start firewall
/etc/init.d/iptables save to save firewall rules
rc-update add iptables default
this seems to work, when i reboot, iptables is started at boot. but when i then try to browse, it can't reach ANY sites, i'm just totally blocked! am i doing the wrong thing? where are the firewall rules saved? thanks for your help! |
|
| Back to top |
|
 |
MrPyro
Tux's lil' helper
Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
|
| Posted: Thu Aug 21, 2003 2:21 pm Post subject: |
|
|
The firewall rules are saved in /var/lib/iptables/rules-save, but the format of that file is a little incomprehensible, especially if you're used to a GUI like firestarter (iptables rules are horrible to read).
As far as I'm aware, the process you've used to save the rules is correct (in fact, I just suggested similar steps to somebody in a different forum).
_________________
Back off man, I'm a computer scientist |
|
| Back to top |
|
|
MrPyro
Tux's lil' helper
Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
|
| Posted: Thu Aug 21, 2003 2:35 pm Post subject: |
|
|
Does anything get logged in /var/log/syslog when you try to access the outside world?
_________________
Back off man, I'm a computer scientist |
|
| Back to top |
|
|
JBapt
n00b
Joined: 08 Aug 2003
Posts: 9
|
| Posted: Thu Aug 21, 2003 3:19 pm Post subject: |
|
|
Check your input policies... they must be in reject
|
|
| Back to top |
|
|
MOS-FET
Apprentice
Joined: 20 May 2003
Posts: 291
Location: Cologne, Germany
|
| Posted: Thu Aug 21, 2003 4:58 pm Post subject: |
|
|
hmm as far as i know iptables saves the rules in /var/lib/iptables/rules-save when i do an /etc/init.d/iptables save. i've looked into this file, and it seems that iptables somehow also saves my current ip address. could that be the reason? i mean, iptables is creating all rules specifically for my current ip address, and when i reboot, i have another ip addr and i can't get trough the firewall anymore. i've now created the iptables rules with firehol which works perfectly when i run "firehol start". could i rc-update add firehol? there's no firehol script in /etc/init.d. can i put a link there?
thanks
tom |
|
| Back to top |
|
|
kyck-ling
n00b
Joined: 30 Aug 2003
Posts: 1
|
| Posted: Sat Aug 30, 2003 2:32 pm Post subject: |
|
|
| any solution to this? i have exactly the same problem... |
|
| Back to top |
|
|
TheWart
Guru
Joined: 10 May 2002
Posts: 432
Location: Nashville,TN - USA
|
| Posted: Sat Aug 30, 2003 3:15 pm Post subject: |
|
|
That is odd.
I use shorewall, and I am able to simply:
rc-update add shorewall default
_________________
Face it, we are all noobs.
On the box it said it was designed for Win XP or better, so why won't it work with Linux? |
|
| Back to top |
|
|
d3c3it
l33t
Joined: 01 Mar 2003
Posts: 765
Location: Manchester, UK
|
| Posted: Sat Sep 06, 2003 5:00 pm Post subject: |
|
|
| MrPyro wrote: | | Does anything get logged in /var/log/syslog when you try to access the outside world? |
for some reason firestarter says syslog doesnt exist ?
_________________
Some people go to counselling,
others use linux |
|
| Back to top |
|
|
SmokeX
n00b
Joined: 28 Jul 2003
Posts: 40
|
| Posted: Sat Sep 06, 2003 5:08 pm Post subject: |
|
|
check the iptables policy using
to set the policy use
| Code: |
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
|
each for each chain
also try to "Flush" the rules table if there's any rule that blocking ya...
| Code: |
iptables -F OUTPUT
...
etc.
|
generaly i prefer to use my own ruleset and not some GUI's rules,
and add the ruleset to rc-update.
learn about iptables
# man iptables
SmokeX. |
|
| Back to top |
|
|
d3c3it
l33t
Joined: 01 Mar 2003
Posts: 765
Location: Manchester, UK
|
| Posted: Sat Sep 06, 2003 6:31 pm Post subject: |
|
|
| SmokeX wrote: | check the iptables policy using
to set the policy use
| Code: |
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
|
each for each chain
also try to "Flush" the rules table if there's any rule that blocking ya...
| Code: |
iptables -F OUTPUT
...
etc.
|
generaly i prefer to use my own ruleset and not some GUI's rules,
and add the ruleset to rc-update.
learn about iptables
# man iptables
SmokeX. |
the problem was this actually
https://forums.gentoo.org/viewtopic.php?t=59506&highlight=firestarter
i was using a gui firewall as it seemed to be easier? its turned out not to be seen as the rules i made with it have stopped me from using rsync and any im's. im going to try and make my own manually i think
_________________
Some people go to counselling,
others use linux |
|
| Back to top |
|
|
|
Networking & Security
