Firestarter service fails to start

Ioannis Vranos ivranos at freemail.gr
Wed Apr 16 15:36:40 UTC 2008 

Peter Garrett wrote:
> On Wed, 16 Apr 2008 16:24:51 +0300
> Ioannis Vranos <ivranos at freemail.gr> wrote:
> 
>> I removed the splash option from the kernel line in the grub
>> configuration file, and during boot I saw a message that Firestarter
>> service fails to start.
> 
> You can verify whether the firewall is running quite easily as follows:
> 
> Open a terminal ( Applications - Accessories - Terminal ) and type
> 
> sudo iptables -L  
> ( you are prompted for your password)
> 
> You should see a whole lot of rules. You don't need to understand them
> - they just mean Firestarter is doing its job. If, on the other hand,
> you only see:
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination      
> 
> Then the firewall is not running. I suspect that the error message you
> are seeing is just an error because Firestarter is trying to set up
> iptables before your network settings have taken effect. You may find
> that it tries again once the connection is in place, so it might not
> be important. The above test will confirm or deny this suspicion.


Do the following make any sense? AFAIK Firestarter is a front-end of
iptables, so why has it its own service?


root at john-desktop:~# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  .                    anywhere            tcp
flags:!FIN,SYN,RST,ACK/SYN
ACCEPT     udp  --  .                    anywhere
ACCEPT     0    --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            limit: avg
10/sec burst 5
DROP       0    --  anywhere             255.255.255.255
DROP       0    --  anywhere             192.168.1.255
DROP       0    --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       0    --  anywhere             base-address.mcast.net/8
DROP       0    --  255.255.255.255      anywhere
DROP       0    --  anywhere             0.0.0.0
DROP       0    --  anywhere             anywhere            state INVALID
LSI        0    -f  anywhere             anywhere            limit: avg
10/min burst 5
INBOUND    0    --  anywhere             anywhere
LOG_FILTER  0    --  anywhere             anywhere
LOG        0    --  anywhere             anywhere            LOG level
info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            limit: avg
10/sec burst 5
LOG_FILTER  0    --  anywhere             anywhere
LOG        0    --  anywhere             anywhere            LOG level
info prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.2          .                   tcp dpt:domain
ACCEPT     udp  --  192.168.1.2          .                   udp dpt:domain
ACCEPT     0    --  anywhere             anywhere
DROP       0    --  base-address.mcast.net/8  anywhere
DROP       0    --  anywhere             base-address.mcast.net/8
DROP       0    --  255.255.255.255      anywhere
DROP       0    --  anywhere             0.0.0.0
DROP       0    --  anywhere             anywhere            state INVALID
OUTBOUND   0    --  anywhere             anywhere
LOG_FILTER  0    --  anywhere             anywhere
LOG        0    --  anywhere             anywhere            LOG level
info prefix `Unknown Output'

Chain INBOUND (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:51638
ACCEPT     udp  --  anywhere             anywhere            udp dpt:51638
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:18122
ACCEPT     udp  --  anywhere             anywhere            udp dpt:18122
LSI        0    --  anywhere             anywhere

Chain LOG_FILTER (5 references)
target     prot opt source               destination

Chain LSI (2 references)
target     prot opt source               destination
LOG_FILTER  0    --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/RST
LOG        icmp --  anywhere             anywhere            icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP       icmp --  anywhere             anywhere            icmp
echo-request
LOG        0    --  anywhere             anywhere            limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP       0    --  anywhere             anywhere

Chain LSO (0 references)
target     prot opt source               destination
LOG_FILTER  0    --  anywhere             anywhere
LOG        0    --  anywhere             anywhere            limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT     0    --  anywhere             anywhere            reject-with
icmp-port-unreachable

Chain OUTBOUND (1 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
root at john-desktop:~#

More information about the ubuntu-users mailing list