Guest DoghouseRielly Posted December 8, 2002 Report Share Posted December 8, 2002 I've searched and read but can seem to find anyone that has had any trouble installing Firestarter .9.0 on ML9. The GUI install works wonderfully and as promised it was up in running in 9 clicks. The only problem is that I lose all connectivity when the firewall is running. When I start Firestarter from a Konsole I get the following message: Iptables v1.2.6a: invalid mask `' specified Try `iptables -h' or 'iptables --help' for more information [repeats a lot] Firewall script restarted I have uninstalled shorewall, iptables, and Firestarter then re-installed Firestarter and iptables with the same results. I downloaded the RPM for Firestarter from Texstar and used the iptables 1.2.6a on the Mandrake CDs. I have a sneaking suspicion I need to initialize iptables but I haven't a clue how. Of course I don't have any idea what an "invalid mask" is either. Any help is appreciated, but type slow because I'm a day 6 Linux newbie and loving every minute! ------------------------------------------------------------------------------------- Ok, I've done some digging around and I may have found the problem (the solution is still a bit elusive). I ran ifconfig and came up with the following result: eth0 Link encap:Ethernet HWaddr 00:C0:F0:74:33:E9 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:73 errors:0 dropped:0 overruns:0 frame:0 TX packets:97 errors:1 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:100 RX bytes:5625 (5.4 Kb) TX bytes:6068 (5.9 Kb) Interrupt:5 Base address:0xd000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:700 (700.0 b) TX bytes:700 (700.0 b) ppp0 Link encap:Point-to-Point Protocol inet addr:64.219.xxx.xxx P-t-P:64.219.xxx.xxx Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:3 errors:11 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:54 (54.0 b) TX bytes:54 (54.0 b) I am assuming that the mask (subnet mask?) of 255.255.255.255 for my ppp0 is the culprit, but I can't find where this is set. I've looked in /etc/ppp/* but could'nt find any files that included a mask or subnet mask. I have also checked in MCC/Network & Internet/Connection, but the only subnet mask is for eth0 and that one is set properly (255.255.255.0) Does anyone know how ppp0 gets the mask? Thanks, DoghouseRielly ---------------------------------------------------------------------------------------------- Ok, still more digging. I've found the firestarter.sh and started to take it apart. I found the following section which may be part of the problem. # --------( Initial Setup - Network Information (required) )-------- IF=eth0 IP=`/sbin/ifconfig $IF | grep inet | cut -d : -f 2 | cut -d -f 1` MASK=`/sbin/ifconfig $IF | grep Mas | cut -d : -f 4` NET=$IP/$MASK If I'm reading that correctly it's running ifconfig on eth0 and searching for Mas, then specifiying a cut, which is where things start to get fuzzy. I know the -d means use a deliminter other than TAB and the -f means output only the 2nd field, but that doesn't really help much. Can anyone help me figure out what the value of MASK will be using the ifconfig I've posted above? I'm typing out loud at this point, feel free to jump in whenever you'd like. If anyone is looking for a howto on iptables, you might try this one: http://www.telematik.informatik.uni-karlsr...HOWTO.html#toc7 Quote Link to comment Share on other sites More sharing options...
Guest GorGor Posted December 16, 2002 Report Share Posted December 16, 2002 Hullo Theres a few posts on the old board about firestarter. I can't help you with firestarter as I did not like it. Others recommended "guarddog" (double d is corrct) and I haven't had to worry since. try it from http://www.simonzone.com/software/guarddog/ If its your network card forget I spoke Quote Link to comment Share on other sites More sharing options...
Guest Liono Posted December 20, 2002 Report Share Posted December 20, 2002 I find myself not being able to use any firewalls without having major problems connecting to anything. Seems like an iptables thing... Quote Link to comment Share on other sites More sharing options...
Guest BooYah Posted February 8, 2003 Report Share Posted February 8, 2003 Did this ever get solved? I get the same 'invalid mask' message. I don't have inet on my computer, but I have xinetd. Can I edit the firestarter script, changing inet to xinetd (IP=`/sbin/ifconfig $IF | grep xinetd | cut -d : -f 2 | cut -d -f 1`)? From the man, I gather that xinetd is the replacement for inet. What is Mas? I can't find it man entry for that one and it dosen't show up on rpmdrake searches. Or...I'm going about this all wrong? (editing) Way off on that one! OK. So, the firestarter script runs ifconf and extracts the inet and mask values. Right? So the mistake would be here, MASK=`/sbin/ifconfig $IF | grep Mas | cut -d : -f 4` I changed it to MASK=`/sbin/ifconfig $IF | grep Mask | cut -d : -f 4` I don't get an ivalid mask error when I restart the firewall anymore, but now I get these: iptables v1.2.6a: invalid TCP port/service `-j' specified Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.6a: invalid UDP port/service `-j' specified Try `iptables -h' or 'iptables --help' for more information. Someone, stop me if I'm screwing something up. I'll go back to the howto's now. Quote Link to comment Share on other sites More sharing options...
Guest Liono Posted February 9, 2003 Report Share Posted February 9, 2003 I'm not quite sure how I got mine working...I just re-installed iptables and guarddog about 5 times and it finally started working o_O Quote Link to comment Share on other sites More sharing options...
Guest BooYah Posted February 11, 2003 Report Share Posted February 11, 2003 Yeah, I gave up and went to guarddog. Firestarter was cool because I could watch the hits as they came in. With guaddog I don't know how to see if it's working or not. Quote Link to comment Share on other sites More sharing options...
Guest GorGor Posted February 13, 2003 Report Share Posted February 13, 2003 I am not sure if I should reply to someone else thread on firestarter so forgive me For those having guarddog problems, can I state the blinding obvious , you get more control if after install you run it with su or root priviliges. By running console, su and guarddog I configure my iptables for all users. (2) You do not need to watch your hits, sounds a bit boring, test your firewall at either www.pcflank.com or www.auditmypc.com (these were recommended by others on prev posts) goal is to have closed ports, stealth if you are paranoid, WHO said that. heh heh. (3) you can enable logs if you wish, I don't bother, but I am guessing you need syslog service enabled. (4) Others have reported problems with shorewall firewall, I had trouble myself b4 discovering g/dog. a simple solution is to un-install and re-install iptables. hope that helps Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.