|
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter is able to protect your desktop or laptop, but can also be installed on a server. It is able to secure your internal network acting as a gateway or dedicated firewall using Internet connection sharing. This workshop describes the Firestarter installation on a Linux Mandrake server.
1. Introduction
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter is able to protect your desktop or laptop, but can also be installed on a server. It is able to secure your internal network acting as a gateway or dedicated firewall using Internet connection sharing.
Firestarter features : - Open Source software, available free of charge
- User friendly, easy to use, graphical interface
- A wizard walks you through setting up your firewall on your first time
- Suitable for use on desktops, servers and gateways
- Real-time firewall event monitor shows intrusion attempts as they happen
- Enables Internet connection sharing, optionally with DHCP service for the clients
- Allows you to define both inbound and outbound access policy
- Open or stealth ports, shaping your firewalling with just a few mouse clicks
- Enable port forwarding for your local network in just seconds
- Option to whitelist or blacklist traffic
- Real time firewall events view
- View active network connections, including any traffic routed through the firewall
- Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
- Support for tuning ICMP parameters to stop Denial of Service ( DoS ) attacks
- Support for tuning ToS parameters to improve services for connected client computers
- Ability to hook up user defined scripts or rulesets before or after firewall activation
- Supports Linux Kernels 2.4 and 2.6
- Translations available for many languages
The physical Workshop setup and necessary network devices
To keep the network setup as simple as possible, we will be assuming that the Internet connected device on the firewall is an Ethernet card. You can also use an ISDN card or modem as an alternative. For our example we just need a computer (the firewall) with two network cards, a HUB or SWITCH and another computer acting as a client.
The physical setup should look like this:
2. Installation
Firestarter is available as RPM package for the known distributions like Fedora, Suse or Mandrake. The best way to install the latest version is to compile it and installing it from source. To avoid error messages during the compilation, you should first check if you have Gnome installed on you system. Firestarter also needs iptables and library files ready on your system. Please use the Mandrake Control Centre to install the following RPM packages:
gnome2-2.6.2
libgnome2_0-2.6.1
libgnome2_0-devel
libglade2.0_0-2.4.0
libglade -gnome
libglade2.0_0-devel-2.4.0
libgnomeui2_0
libgnomeui2_0-devel
gtk+2.0
gtk+licq -base
If you need more RPM packages installed on your system during the installation process, be prepared to go one step back . It is time to download the current tar.gz version of Firestarter from here. Unpack the file and move into the created subdirectory.
tar xzf firestarter-version.tar.gz
cd firestarter-version
|
Next run the configuration script. Normally it is not necessary to give any parameter, but you can check available option with
./ configure --help.
Please watch the output carefully for error messages. If an error appears, please go back and install the missing RPM package from your installation CD-ROM using the rpm command or Mandrake Control Centre. If the configure stage completed without problem you should now be able to compile and install the program:
make
su
make install
make clean
|
Per default Firestarter binary will be installed in /usr/local/bin and the configuration file you’ll find in /usr/local/etc/firestarter .
3. Installing the Firestarter init script
You can start Firestarter from a console as root like this:
su
/usr/local/bin/firestarter |
But, it is always better to install Firestarter as a service on your computer and to start it manually or automatically. Therefore we have to copy the init script (fedora.init) to /etc/ init.d and to rename it to firerstarter . Please keep in mind that just root has the permission to do it.
su
cd firestarter-version
cp fedora.init /etc/init.d/firestarter
chkconfig firestarter reset
|
Unfortunately the “Fedora script” was not properly working on my Mandrake system. To get it running, please open the script with your favourite editor and adjust the “FS_Control” part. It should look like this:
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
FS_CONTROL="/usr/local/etc/firestarter/firestarter.sh "
[ -x $FS_CONTROL ] || exit 0
[ -s /usr/local/etc/firestarter/configuration ] || exit 0
|
|
Just adjust the red marked code, the rest can stay like it is.
4. Running Firestarter for the first time
If you start Firestarter for the first time, a wizard is launched. Please keep in mind: Firestarter will just run with root privileges! Following the welcome screen, you will be asked to select your network device from a list of detected choices for your firewall. First select the Ethernet card providing the Internet connection and next select the local network connected device from the list of detected devices. If you wish for the clients to acquire their network settings automatically, simply check the option to enable DHCP for local network .
Having completed the wizard, please do not forget to click the save button. The firewall is now ready and running. Firestarter now works in its default mode, which is a restrictive policy for incoming traffic and a permissive stance towards outgoing connections. This means you are fully protected against connection attempts from the outside, but are still able to browse the web as normal. There is no need to further configure Firestarter if you are satisfied with these defaults.
su
/usr/local/bin/firestarter
|
|
Firestarter shows how easy a firewall configuration could be. Its excellent online tutorial and manual are well written and provide clear instructions on how the software is structured. Additional information how to configure and secure your LAN with Firestarter you can find here.
|
