Cluster-Handbook/Firestarter
Firestarter
editWhat is Firestarter?
editFirestarter is a firewall in Linux, which protects against viruses. “It is merely a graphical front-end for creating iptable[check spelling] rules and for displaying information on the network interface ”(see http://wiki.ubuntuusers.de/Firestarter).
Firestarter is intended only as a “surface”. “It reaches deep into the system and should be run as a tray in the background.”
Installation of Firestarter
editWith
sudo apt-get install firestarter
you install the firewall Firestarter. The command
sudo gksu gedit /etc/firestarter/user-pre
installs in addition the interface. Furthermore
sudo /etc/init.d/firestarter restart
restarts the system, so the installation can be completed.
Applications -> Internet -> Firestarter
activates opens the Firestarter gui. Then the Firestarter settings will be adapted using a Setup menu.
Adaption of Firestarter
editStep 1:
- Network device setup
For this one must make the following settings:
- Set detected device ethernet to eth1
- IP Address is assigned via DHCP checkmark
- click forward
Step 2
- Ready to start your firewall
- Start firewall now, restart system
- click save, Firestarter should start now
Step 3
Internet connection sharing setup
- internet connection sharing setup menu
- internet connection sharing setup
- change to IP tunnel
- click DHCP Server details
- forward
(Example of https://help.ubuntu.com/community/Firestarter)
VPN-Connection
editWhen the PC is only connected through a VPM to the Internet, you have to enter:
Example of: Allowing a VPN connection (replace xxx.xxx.xxx.xxx by a IP address of the VPN server)
/sbin/iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
/sbin/iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport –sports isakmp,10000
/sbin/iptables -A INPUT -j ACCEPT -i tun+
/sbin/iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
/sbin/iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport –dports isakmp,10000
/sbin/iptables -A OUTPUT -j ACCEPT -o tun+
Lock Firewall locks the firewall.
Stop Firewall stops the firewall
Network displays the current activities of the various network servers.
The firewall should start when calling the system to protect the program.
Eth0 is the network card of the system that is connected to the local Internet.
The textbf Help function provides various help information to assist with standard issues. These have occurred as often. This is a FAQ that has listed the common error and their aids. The user can then look to see if he can solve the problem. The wiki forums are also a good help to find codes that one does not know or to get help with specific problems.
Simplicity of Use
Firestarter is quite easy to install, but a very complex security system. You can define which connection attempts should be blocked on the log, useful for known viruses or websites. There is a central hub where you manage inbound and outbound rules. It does not need to be used on a desktop system, due in Linux no services are provided to the outside
(see http://www.tecchannel.de/produkte/sicherheit/desktop-firewalls/
firestarter/test/). An almost easy to install system because the system takes a user through the installation.
Firestarter Errors and Cleanup
editWith Firestarter a problem is that the firewall is engaged too deeply into the operating system. Linux is not quite so often attacked as Windows, because of the underlying infrastructure of the system. A firewall should be installed yet. The packets of each software require a very large number of MB and requires corresponding time before the system unpacked it. The VPN configuration is somewhat complicated for the user. It requires appropriate exercise time until you get familiar with the system. The codes are initially easily mistyped in the beginning, if you are not so familiar. The firewall should start when booting the system to protect it accordingly.