Linux-Tip News

We are proud to present Linux-Tip Europe. This page is designed to provide the Linux users community (not only in Europe) with news and articles that are of interest to them. It works by allowing members of the community to submit news and articles relating to Linux hardware and software. This same community can then decide what tips should be promoted based on what they consider to be the most important or interesting to the community by voting stories up and down. Stories that receive enough votes are promoted to the Linux-Tip Europe homepage. Bookmark and Share
 
Home arrow Workshops arrow Firewall/IDS arrow Installing Firestarter on Linux Mandrake 10
Installing Firestarter on Linux Mandrake 10 Print E-mail
Sunday, 23 January 2005
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter is able to protect your desktop or laptop, but can also be installed on a server. It is able to secure your internal network acting as a gateway or dedicated firewall using Internet connection sharing. This workshop describes the Firestarter installation on a Linux Mandrake server.

1. Introduction

Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter is able to protect your desktop or laptop, but can also be installed on a server. It is able to secure your internal network acting as a gateway or dedicated firewall using Internet connection sharing.

Firestarter features :
  • Open Source software, available free of charge
  • User friendly, easy to use, graphical interface
  • A wizard walks you through setting up your firewall on your first time
  • Suitable for use on desktops, servers and gateways
  • Real-time firewall event monitor shows intrusion attempts as they happen
  • Enables Internet connection sharing, optionally with DHCP service for the clients
  • Allows you to define both inbound and outbound access policy
  • Open or stealth ports, shaping your firewalling with just a few mouse clicks
  • Enable port forwarding for your local network in just seconds
  • Option to whitelist or blacklist traffic
  • Real time firewall events view
  • View active network connections, including any traffic routed through the firewall
  • Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
  • Support for tuning ICMP parameters to stop Denial of Service ( DoS ) attacks
  • Support for tuning ToS parameters to improve services for connected client computers
  • Ability to hook up user defined scripts or rulesets before or after firewall activation
  • Supports Linux Kernels 2.4 and 2.6
  • Translations available for many languages



















The physical Workshop setup and necessary network devices


To keep the network setup as simple as possible, we will be assuming that the Internet connected device on the firewall is an Ethernet card. You can also use an ISDN card or modem as an alternative. For our example we just need a computer (the firewall) with two network cards, a HUB or SWITCH and another computer acting as a client.

The physical setup should look like this:



2. Installation

Firestarter is available as RPM package for the known distributions like Fedora, Suse or Mandrake. The best way to install the latest version is to compile it and installing it from source. To avoid error messages during the compilation, you should first check if you have Gnome installed on you system. Firestarter also needs iptables and library files ready on your system. Please use the Mandrake Control Centre to install the following RPM packages:

gnome2-2.6.2
libgnome2_0-2.6.1
libgnome2_0-devel
libglade2.0_0-2.4.0
libglade -gnome
libglade2.0_0-devel-2.4.0
libgnomeui2_0
libgnomeui2_0-devel
gtk+2.0
gtk+licq -base

If you need more RPM packages installed on your system during the installation process, be prepared to go one step back. It is time to download the current tar.gz version of Firestarter from here. Unpack the file and move into the created subdirectory.

tar xzf firestarter-version.tar.gz
cd firestarter-version

Next run the configuration script. Normally it is not necessary to give any parameter, but you can check available option with

./ configure --help.

./configure

Please watch the output carefully for error messages. If an error appears, please go back and install the missing RPM package from your installation CD-ROM using the rpm command or Mandrake Control Centre. If the configure stage completed without problem you should now be able to compile and install the program:

make
su
make install
make clean


Per default Firestarter binary will be installed in /usr/local/bin and the configuration file you’ll find in /usr/local/etc/firestarter .





3. Installing the Firestarter init script



You can start Firestarter from a console as root like this: 

su
/usr/local/bin/firestarter

But, it is always better to install Firestarter as a service on your computer and to start it manually or automatically. Therefore we have to copy the init script (fedora.init) to /etc/ init.d and to rename it to firerstarter . Please keep in mind that just root has the permission to do it.

su
cd firestarter-version
cp fedora.init /etc/init.d/firestarter
chkconfig firestarter reset



 
Unfortunately the “Fedora script” was not properly working on my Mandrake system. To get it running, please open the script with your favourite editor and adjust the “FS_Control” part. It should look like this:

# Check that networking is up.


[ ${NETWORKING} = "no" ] && exit 0




FS_CONTROL="/usr/local/etc/firestarter/firestarter.sh "




[ -x $FS_CONTROL ] || exit 0


[ -s /usr/local/etc/firestarter/configuration ] || exit 0






Just adjust the red marked code, the rest can stay like it is.




4. Running Firestarter for the first time


If you start Firestarter for the first time, a wizard is launched. Please keep in mind: Firestarter will just run with root privileges! Following the welcome screen, you will be asked to select your network device from a list of detected choices for your firewall. First select the Ethernet card providing the Internet connection and next select the local network connected device from the list of detected devices. If you wish for the clients to acquire their network settings automatically, simply check the option to enable DHCP for local network .
Having completed the wizard, please do not forget to click the save button. The firewall is now ready and running. Firestarter now works in its default mode, which is a restrictive policy for incoming traffic and a permissive stance towards outgoing connections. This means you are fully protected against connection attempts from the outside, but are still able to browse the web as normal. There is no need to further configure Firestarter if you are satisfied with these defaults.


su
/usr/local/bin/firestarter






Firestarter shows how easy a firewall configuration could be. Its excellent online tutorial and manual are well written and provide clear instructions on how the software is structured. Additional information how to configure and secure your LAN with Firestarter you can find here.

 
< Prev   Next >
[ Back ]

Bookmark this article

Main Menu

Home
News
Tips and Tricks
Workshops
Video-Tutorials
Search
Contact Us
Disclaimer

Virus Info Feed

Alexa Traffic Stats

Sedo - Domains kaufen und verkaufen das Projekt linux-tip.eu steht zum Verkauf Besucherstatistiken von linux-tip.eu etracker® Web-Controlling statt Logfile-Analyse
Urlaub Spanien