New to Ubuntu, but experienced sys admin but firestarter totally
confused me for a bit. This Bug report was very useful in finding a
solution, so thanks to all who commented previously.
First I ran the wizard to install and continually was got the ghastly MS
style message in a pop-up :
Failed to start the firewall
An unknown error occured.
Please check your network settings and make sure you internet
connection is active.
With iptables --list showed it's rules were actually OK, and my net
settings were up and active.
At that point, I had no DHCP server installed, but knew I needed one;
and though the tool was broke, the rules were actually quite reasonable.
There's actually 2 problems related to DHCP dameon :
1) As described previously, firestarter doesn't know the real service
name in init.d, nor is it able to report any sensible error output from
it's attempt to start up DHCP service, nor does it fail gracefully if no
DHCP daemon is installed.
2) Configuration file error, generating dhcpd.conf
Installing dhcp DHCP V2 server first, using firestarter's
/etc/dhcpd.conf, and then dhcp3-server and configuring
/etc/dhcp3/dhcpd.conf manually, I noticed an error in the
/etc/dhcpd.conf produced for the DHCP V2 server, dhcp, and
/etc/dhcp3/dhcpd.conf file which are identical and written out in
duplicate by firestarter:
# DHCP configuration generated by Firestarter
subnet 10.5.5.0 netmask 255.255.255.0 {
option routers 10.5.5.5;
option subnet-mask 255.255.255.0;
option domain-name-servers 194.168.4.100, 194.168.8.100;
option ip-forwarding off;
range dynamic-bootp 192.168.0.100 192.168.0.254;
!!!! Wrong Network
default-lease-time 21600;
max-lease-time 43200;
}
This is probably an artefact of a developer's network setting. So I fixed that
up and got DHCP dhcp3-server started by hand :
***************
*** 106,108 ****
--- 106,119 ----
# range 10.0.29.10 10.0.29.230;
# }
#}
+
+ #
+ # DHCP configuration generated by Firestarter
+ #
+
+ subnet 10.5.5.0 netmask 255.255.255.0 {
+ option routers 10.5.5.5;
+ option subnet-mask 255.255.255.0;
+ option domain-name-servers 194.168.4.100 194.168.8.100;
+ range 10.5.5.190 10.5.5.199;
+ }
All of a sudden firestarter was able to start & stop the firewall, as
described by initial bug report. But then a crash with "Active
Connections" showing, you can be left with empty netfilter rules in the
kernel without realising it, whilst initially the firestarter rules
remained in situ no matter what.
With broken config file and making the symlink, you get the same error
explaining why "polach" reports failure on symlink work round. I think in
Wizard it's perfectly possible for someone to accidentally have firestarter
attempt to configure and start DHCP service unkowingly and then be triply
confused later, as they debug their policy.
As you should install firewall first, and then your services;
firestarter would be better served not trying to be too clever, but
requesting the completed config file name, and daemon name in
/etc/init.d to activate DHCP support (by relaxing the firewall rules on
LAN side for DHCP).
DHCP configuration should be left to a DHCP server tool, as this is
SECURITY software not some shoot'em up game program. As is, it's making
firestart hard to maintain and ensure correctness on multiple systems.
--
Firestarter can't start DHCP-server
https://bugs.launchpad.net/bugs/43784
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
