firestarter question, NAT at boot time?

I have a new fedora core 3 install and to make the network, firewall, and
routing simple, I installed firestarter-1.0.3-1, from a fresh download.
(Yeah I know, it was a simplistic solution, but it works.) I have edited
fstab to make the machine boot to run level 3 rather than run level 5.

Config is eth0 to ADSL modem, rp-pppoe-3.5-22 makes the pppoe connection
at boot and brings up ppp0, firestarter then firewalls and should NAT at
this time for eth1 out to hub and LAN. The problem is that the machine
will boot and have internet, but NAT does not seem to work unless I start
xwindows and open the firestarter GUI, then NAT is back and the home LAN
is on the net.

My previous install of an earlier version of firestarter always gave me
NAT when the machine booted up. This is not going to work because if I am
away and for some reason, the wife has to restart or start the linux
gateway, she has no internet now unless I can come home and start the
firestarter GUI, then I can exit xwindows and log out of the system.

Why is this? Is it perhaps my /etc/rc.d/rc3.d sequence? Maybe firestarter
is not starting at the right time? network starts at 10 and firestarter
starts at 11. (Not sure about why isdn starts at 9, I do not use isdn,
new install, maybe uncessary?)

Could someone please have a look and tell me what you think or where I
might got to solve this small issue? This always worked just fine in
redhat 9. Thanks.

(ls > /root/rc3, catting output to make the ls output easy to post)

[root@ohmster ~]# cat rc3
K01yum
K02NetworkManager
K05saslauthd
K10dc_server
K10psacct
K12dc_client
K12mailman
K15httpd
K20nfs
K24irda
K25squid
K30spamassassin
K35smb
K35vncserver
K35winbind
K36lisa
K36mysqld
K50netdump
K50snmpd
K50snmptrapd
K50tux
K50vsftpd
K54dovecot
K73ypbind
K74nscd
K85mdmpd
K89netplugd
K90bluetooth
K92iptables
K94diskdump
K99microcode_ctl
K99readahead
K99readahead_early
S05kudzu
S06cpuspeed
S09isdn
S09pcmcia
S10network
S11firestarter
S12syslog
S13irqbalance
S13portmap
S14nfslock
S15mdmonitor
S18rpcgssd
S19rpcidmapd
S19rpcsvcgssd
S25netfs
S26apmd
S26lm_sensors
S28autofs
S33nifd
S34mDNSResponder
S40smartd
S44acpid
S55cups
S55sshd
S56xinetd
S58ntpd
S65dovecot
S80sendmail
S85gpm
S85httpd
S90crond
S90xfs
S91smb
S95anacron
S95atd
S97messagebus
S97rhnsd
S98cups-config-daemon
S98haldaemon
S99local
S99webmin
[root@ohmster ~]#

--
~Ohmster
ohmster at newsguy dot com

Ohmster <(E-Mail Removed)> wrote in
news:Xns9654CC10FAA2EMyBigKitty@216.77.188.18:

> Why is this? Is it perhaps my /etc/rc.d/rc3.d sequence? Maybe
> firestarter is not starting at the right time? network starts at 10
> and firestarter starts at 11. (Not sure about why isdn starts at 9, I
> do not use isdn, new install, maybe uncessary?)

> S10network
> S11firestarter

The firestarter options are:
Start/restart firewall on program startup
Start/restart firewall on dial-out
Start/restart firewall on DHCP lease renewal

Since network starts first, "dial-out" has already occured. Does this
mean that the firestarter rules then do not start because firestarter has
not detected any of the above conditions?

This is maddening, the darned firewall is set to start up at boot, right
after network, why are the firestarter rules not being applied unless the
GUI is started manually?

--
~Ohmster
ohmster at newsguy dot com

Ohmster wrote:
> Could someone please have a look and tell me what you think or where I
> might got to solve this small issue? This always worked just fine in
> redhat 9. Thanks.

an option might be to use iptables-save to save the iptables rules that
firestarter created. then user iptables-restore (something like cat
/etc/iptables-save | iptables-restore -c) to bring them back up at boot.
add the iptables-restore command to something like rc.local or some
other runlevel. then stop firestarter from coming up at boot.

it's dirty, but it might work. no gui needed.

--
there's no place like ~
there's no place like ~
(remove _eh to email.)

johnny bobby bee <(E-Mail Removed)> wrote in news:GpZge.107711
$3V3.18106@edtnps89:

> an option might be to use iptables-save to save the iptables rules that
> firestarter created. then user iptables-restore (something like cat
> /etc/iptables-save | iptables-restore -c) to bring them back up at
boot.
> add the iptables-restore command to something like rc.local or some
> other runlevel. then stop firestarter from coming up at boot.
>
> it's dirty, but it might work. no gui needed.


Heh heh, yeah, I know, sometimes you gotta do the dirty job just to get
it done in time. I opted for another "dirty" solution, I restart
firestarter from rc.local...

#Restart firestarter filewall to apply rules after booting
/etc/init.d/firestarter restart

It works, I get the firestarter rules message at boot now, NAT is back,
firewall runs properly.

I thought about your idea but want to retain the simplicity of the
firestarter GUI for when I need it. I use it to setup port forwarding and
it makes things easier to block errant IPs, poke holes for services, etc.
iptables are pretty darned frightening for me, I am just awe stricken by
anyone that really understands it all. Your idea would work but then I
would have to save new rules every time I changed anything in the GUI. It
would have worked, though. Thanks.

--
~Ohmster
ohmster at newsguy dot com

Ohmster wrote:
> Heh heh, yeah, I know, sometimes you gotta do the dirty job just to get
> it done in time. I opted for another "dirty" solution, I restart
> firestarter from rc.local...
>
> #Restart firestarter filewall to apply rules after booting
> /etc/init.d/firestarter restart
>
> It works, I get the firestarter rules message at boot now, NAT is back,
> firewall runs properly.

ya - good call. glad it worked.

--
there's no place like ~
there's no place like ~
(remove _eh to email.)

johnny bobby bee <(E-Mail Removed)> wrote in news:FR8he.59353
$HR1.4821@clgrps12:

>> #Restart firestarter filewall to apply rules after booting
>> /etc/init.d/firestarter restart
>>
>> It works, I get the firestarter rules message at boot now, NAT is back,
>> firewall runs properly.
>
> ya - good call. glad it worked.

Yah, we'll get this done, somehow. Take care Bobby.

--
~Ohmster
ohmster at newsguy dot com