Linux-Noob Forums
FIRESTARTER Firewall - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Noob (https://www.linux-noob.com/forums/forum-3.html)
+--- Forum: Network Problems (https://www.linux-noob.com/forums/forum-58.html)
+--- Thread: FIRESTARTER Firewall (/thread-2855.html)



FIRESTARTER Firewall - GDMorry - 2005-02-10


FIRESTARTER

 

[Image: shot1.jpg]

 

Okay Guys this is the Program that I'm using with Fedora Core 3 (on a Dual Pent 3 1GHz server -1Gb Ram)

 

The Server has 2 Etho Cards and Eth0 is DSL Eth Modem!

 

My network consists of 4 permanent Windows XP SP2 machines (and upto 30 Various operating Systems on the occasional LAN Parties)

 

MY problem is That whislt Gaming (Soldier Of Fortune - II - Double Helix) on one of the Windows Machines the game will lag for a second or two every 15 seconds ???

 

This does not happen when the server (Dual BOOT) boots into Windows XP as the SERVER??

 

Any IDEAS?? is it this Firewall program? (or is it a possible service? set up by default in FED3 ?) is there a better way of FireWalling AND enabling Internet connection sharing? (which firestarter does)




FIRESTARTER Firewall - GDMorry - 2005-02-10


SORRY Guys I realize I may have posted this in the wrong sect ? :(

 

However my services running using lsmod are

 

Quote:[root@localhost ~]# lsmodModule                  Size  Used by

ipt_TCPMSS              8001  1

ipt_limit            6337  7

ip_nat_irc              8369  0

ip_nat_ftp              8881  0

iptable_mangle          6721  0

ipt_LOG                10049  7

ipt_MASQUERADE          7745  1

iptable_nat            27237  4 ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE

ipt_TOS              6337  0

ipt_REJECT          10433  0

ip_conntrack_irc    75505  1 ip_nat_irc

ip_conntrack_ftp    76145  1 ip_nat_ftp

ipt_state            5825  6

ip_conntrack        45701  8 ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,iptable_nat,ip_conntrack_irc,ip_conntrack_f

p,ipt_state

iptable_filter          6721  1

ip_tables              20929  10 ipt_TCPMSS,ipt_limit,iptable_mangle,ipt_LOG,ipt_MASQUERADE,iptable_nat,ipt_TOS,i

t_REJECT,ipt_state,iptable_filter

lp                  14893  0

autofs4                21700  0

i2c_dev                13249  0

i2c_core            25921  1 i2c_dev

sunrpc                136997  1

button              10449  0

battery                12485  0

ac                      8773  0

md5                  8001  1

ipv6                  235105  10

usblp                  16449  0

uhci_hcd            32729  0

parport_pc          27777  1

parport                40969  2 lp,parport_pc

snd_ymfpci          60421  2

snd_ac97_codec      65169  1 snd_ymfpci

snd_pcm_oss            50809  0

snd_mixer_oss          20929  2 snd_pcm_oss

snd_pcm                89669  2 snd_ymfpci,snd_pcm_oss

snd_opl3_lib        13761  1 snd_ymfpci

snd_timer              27077  3 snd_ymfpci,snd_pcm,snd_opl3_lib

snd_hwdep              13125  1 snd_opl3_lib

snd_page_alloc      13641  2 snd_ymfpci,snd_pcm

gameport                8513  1 snd_ymfpci

snd_mpu401_uart        11329  1 snd_ymfpci

snd_rawmidi            27109  1 snd_mpu401_uart

snd_seq_device      11849  2 snd_opl3_lib,snd_rawmidi

snd                    54821  13 snd_ymfpci,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_opl3_lib,snd_tim

r,snd_hwdep,snd_mpu401_uart,snd_rawmidi,snd_seq_device

soundcore              12961  2 snd

3c59x                  39401  0

8139too                27329  0

mii                  8641  1 8139too

floppy              57297  0

dm_snapshot            20837  0

dm_zero              6337  0

dm_mirror              24989  2

ext3                  117961  2

jbd                    59353  1 ext3

dm_mod              56773  6 dm_snapshot,dm_zero,dm_mirror

[root@localhost ~]#



FIRESTARTER Firewall - GDMorry - 2005-02-10


oh also iptables is

Quote:[root@localhost ~]# iptables -LChain INPUT (policy DROP)

target  prot opt source            destination

ACCEPT  tcp  --  resolv.internode.on.net  anywhere            tcp flags:!SYN, RST,ACK/SYN

ACCEPT  udp  --  resolv.internode.on.net  anywhere

ACCEPT  all  --  anywhere          anywhere

ACCEPT  icmp --  anywhere          anywhere            limit: avg 10/sec b urst 5

NR      all  -- !ppp129-0.lns1.adl2.internode.on.net/24  anywhere

DROP    all  --  anywhere          255.255.255.255

DROP    all  --  anywhere          ppp129-255.lns1.adl2.internode.on.net

DROP    all  --  BASE-ADDRESS.MCAST.NET/8  anywhere

DROP    all  --  anywhere          BASE-ADDRESS.MCAST.NET/8

DROP    all  --  255.255.255.255      anywhere

DROP    all  --  anywhere          0.0.0.0

DROP    all  --  anywhere          anywhere            state INVALID

LS      all  -f  anywhere          anywhere            limit: avg 10/min b urst 5

INBOUND    all  --  anywhere          anywhere

INBOUND    all  --  anywhere          192.168.0.1

INBOUND    all  --  anywhere          ppp129-202.lns1.adl2.internode.on.net

INBOUND    all  --  anywhere          192.168.0.255

LOG        all  --  anywhere          anywhere            LOG level info pref ix `Unknown '

 

Chain FORWARD (policy DROP)

target  prot opt source            destination

ACCEPT  icmp --  anywhere          anywhere            limit: avg 10/sec b urst 5

TCPMSS  tcp  --  anywhere          anywhere            tcp flags:SYN,RST/S YN TCPMSS clamp to PMTU

OUTBOUND all  --  anywhere          anywhere

ACCEPT  tcp  --  anywhere          192.168.0.0/24      tcp dpts:1024:65535  state RELATED,ESTABLISHED

ACCEPT  udp  --  anywhere          192.168.0.0/24      udp dpts:1023:65535  state RELATED,ESTABLISHED

LOG        all  --  anywhere          anywhere            LOG level info pref ix `Unknown '

 

Chain OUTPUT (policy DROP)

target  prot opt source            destination

ACCEPT  tcp  --  ppp129-202.lns1.adl2.internode.on.net  resolv.internode.on.n et tcp dpt:domain

ACCEPT  udp  --  ppp129-202.lns1.adl2.internode.on.net  resolv.internode.on.n et udp dpt:domain

ACCEPT  all  --  anywhere          anywhere

DROP    all  --  BASE-ADDRESS.MCAST.NET/8  anywhere

DROP    all  --  anywhere          BASE-ADDRESS.MCAST.NET/8

DROP    all  --  255.255.255.255      anywhere

DROP    all  --  anywhere          0.0.0.0

DROP    all  --  anywhere          anywhere            state INVALID

OUTBOUND all  --  anywhere          anywhere

OUTBOUND all  --  anywhere          anywhere

LOG        all  --  anywhere          anywhere            LOG level info pref ix `Unknown '

 

Chain INBOUND (4 references)

target  prot opt source            destination

ACCEPT  tcp  --  anywhere          anywhere            tcp dpts:1024:65535  state RELATED,ESTABLISHED

ACCEPT  udp  --  anywhere          anywhere            udp dpts:1023:65535  state RELATED,ESTABLISHED

ACCEPT  all  --  192.168.0.254        anywhere

ACCEPT  tcp  --  192.168.0.0/24    anywhere            tcp dpt:bootps

ACCEPT  udp  --  192.168.0.0/24    anywhere            udp dpt:bootps

ACCEPT  tcp  --  192.168.0.0/24    anywhere            tcp dpts:netbios-ns :netbios-ssn

ACCEPT  udp  --  192.168.0.0/24    anywhere            udp dpts:netbios-ns :netbios-ssn

LS      all  --  anywhere          anywhere

 

Chain LS (91 references)

target  prot opt source            destination

DROP    udp  --  anywhere          anywhere            udp dpt:microsoft-d s

DROP    tcp  --  anywhere          anywhere            tcp dpt:microsoft-d s

DROP    udp  --  anywhere          anywhere            udp dpt:microsoft-d s

DROP    tcp  --  anywhere          anywhere            tcp dpt:microsoft-d s

DROP    all  --  211.51.171.66        anywhere

DROP    all  --  211.51.171.66        anywhere

LOG        tcp  --  anywhere          anywhere            tcp flags:SYN,RST,A CK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '

DROP    tcp  --  anywhere          anywhere            tcp flags:SYN,RST,A CK/SYN

LOG        tcp  --  anywhere          anywhere            tcp flags:FIN,SYN,R ST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '

DROP    tcp  --  anywhere          anywhere            tcp flags:FIN,SYN,R ST,ACK/RST

LOG        icmp --  anywhere          anywhere            icmp echo-request l imit: avg 1/sec burst 5 LOG level info prefix `Inbound '

DROP    icmp --  anywhere          anywhere            icmp echo-request

LOG        all  --  anywhere          anywhere            limit: avg 5/sec bu rst 5 LOG level info prefix `Inbound '

DROP    all  --  anywhere          anywhere

 

Chain NR (1 references)

target  prot opt source            destination

LS      all  --  0.0.0.0/8            ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  1.0.0.0/8            ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  2.0.0.0/8            ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  5.0.0.0/8            ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  7.0.0.0/8            ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  10.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  23.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  27.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  31.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  36.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  37.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  39.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  41.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  42.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  49.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  50.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  71.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  72.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  73.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  74.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

LS      all  --  75.0.0.0/8        ppp129-0.lns1.adl2.internode.on.net/24

etc.etc.



FIRESTARTER Firewall - hijinks - 2005-02-10


what does a dmesg give you.

 

Sometimes these firewalls will rate limit incoming outgoing tcp connections and the queue can become full so it will drop packets. Then due to how tcp works you need to request that packet again




FIRESTARTER Firewall - anyweb - 2005-02-10


a simple test would be to disable the firewall and see does the issue go away, if so then aat least you know where to start pointing the finger at

 

that said, i had a similar issue a few years ago with quake 3, and about 5 reinstalls of windows xp later i figured it out, nothing wrong with the os, but my firewire card was causing the issue, disabling it in device manager and i havnt seen the problem since

 

cheers

 

anyweb




FIRESTARTER Firewall - GDMorry - 2005-02-10


Thanks guys

 

Yeah has me beat runs fine exact same sys in wnidows BUT boot into Fed3 and NFG :(

 

I used FireStarter Primarily as an easy way to enable Internet connection sharing because it was a part of the proggy :P

 

Any other programes you might suggest for firewalling and/or connection sharing ?

 

I know I've gotta read your IpTables sect. o_O but I was looking for a "quick fix" o_O

 

Will have to learn to do things the right way even if it takes a little more effort ;)

 

 

"dmesg" ?? never hear of it >LOL< will have to try next time in FED :P




FIRESTARTER Firewall - dallas - 2005-02-10


Hi there,

 

Avoid running firestarter as an application and/or in the systray, as it is a resource intensive application. you can run fs as a service (service firestarter restart) so it's all run in the background.

 

of course if this is what you are doing... then I don't know what the issue is... maybe a hardware issue?

 

as for dmesg... cat /var/log/dmesg or type dmesg... it will show you all that cool stuff that linux (used to) show you when you boot up.

 

da!!as




FIRESTARTER Firewall - GDMorry - 2005-02-11

Great Many thanks I'll try it :)



FIRESTARTER Firewall - GDMorry - 2005-03-03


Okay I havn't played with it much recently BUT just a thgt would it have anything to do with "SELinux (Security-Enhanced Linux)" new to FED3 isn't it??

 

anyone now how to play with the settings?




FIRESTARTER Firewall - anyweb - 2005-03-03


it could be

 

vi /etc/sysconfig/selinux

 

set it to disabled and reboot

 

cheers

 

anyweb