[已解决][问题]Firestarter 防火墙不能启动，两种方法试了都不行

aaawhale · #1

sirxenofex · #2

你自己开一个终端，然后

代码：全选

ifconfig

看看输出包含不包含中文。一般情况下因为系统语言为中文，ifconfig输出也是中文。firestarter启动脚本要用到ifconfig的输出，但它默认认的是英文。

你先看看先

代码：全选

LANG=en_US

看看ifconfig是不是变成了英文。如果没有，就改为

代码：全选

export $LANG=en_US

应该就可以了。如果成功了，那就在启动脚本里添上这一行。

aaawhale · #3

mtmt111@mtmt111-desktop:~$ ifconfig
eth0 Link encap:以太网硬件地址 00:1d:7d:94:4c:41
inet6 地址: fe80::21d:7dff:fe94:4c41/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 跃点数:1
接收数据包:197642 错误:0 丢弃:0 过载:0 帧数:0
发送数据包:205446 错误:0 丢弃:0 过载:0 载波:0
碰撞:0 发送队列长度:1000
接收字节:88698752 (84.5 MB) 发送字节:45268920 (43.1 MB)
中断:221 基本地址:0x2000

lo Link encap:本地环回
inet 地址:127.0.0.1 掩码:255.0.0.0
inet6 地址: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 跃点数:1
接收数据包:13912 错误:0 丢弃:0 过载:0 帧数:0
发送数据包:13912 错误:0 丢弃:0 过载:0 载波:0
碰撞:0 发送队列长度:0
接收字节:27592225 (26.3 MB) 发送字节:27592225 (26.3 MB)

ppp0 Link encap:点对点协议
inet 地址:220.188.76.140 点对点:220.188.72.1 掩码:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 跃点数:1
接收数据包:197530 错误:0 丢弃:0 过载:0 帧数:0
发送数据包:205326 错误:0 丢弃:0 过载:0 载波:0
碰撞:0 发送队列长度:3
接收字节:84346312 (80.4 MB) 发送字节:39922578 (38.0 MB)

mtmt111@mtmt111-desktop:~$ LANG=en_US
mtmt111@mtmt111-desktop:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:1d:7d:94:4c:41
inet6 addr: fe80::21d:7dff:fe94:4c41/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:197705 errors:0 dropped:0 overruns:0 frame:0
TX packets:205532 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:88715379 (84.6 MB) TX bytes:45277983 (43.1 MB)
Interrupt:221 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13916 errors:0 dropped:0 overruns:0 frame:0
TX packets:13916 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27594269 (26.3 MB) TX bytes:27594269 (26.3 MB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:220.188.76.140 P-t-P:220.188.72.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:197592 errors:0 dropped:0 overruns:0 frame:0
TX packets:205411 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:84361515 (80.4 MB) TX bytes:39929367 (38.0 MB)

mtmt111@mtmt111-desktop:~$

我是这样改的mtmt111@mtmt111-desktop:~$ sudo gedit /etc/firestarter/firestarter.sh
mtmt111@mtmt111-desktop:~$

#!/bin/bash
#-----------( Firestarter Control Script )-----------#

# Load Configuration
source /etc/firestarter/configuration 2>&1

# --(Set program paths)--

IPT=/sbin/iptables
IFC=/sbin/ifconfig
MPB=/sbin/modprobe
LSM=/sbin/lsmod
RMM=/sbin/rmmod

# --(Extract Network Information)--
LANG=en_US
# External network interface data

IP=`/sbin/ifconfig $IF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
MASK=`/sbin/ifconfig $IF | grep Mas | cut -d : -f 4`
BCAST=`/sbin/ifconfig $IF |grep Bcast: | cut -d : -f 3 | cut -d \ -f 1`
NET=$IP/$MASK

if [ "$NAT" = "on" ]; then
# Internal network interface data
INIP=`/sbin/ifconfig $INIF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
INMASK=`/sbin/ifconfig $INIF | grep Mas | cut -d : -f 4`
INBCAST=`/sbin/ifconfig $INIF |grep Bcast: | cut -d : -f 3 | cut -d \ -f 1`
INNET=$INIP/$INMASK
fi

if [ "$MASK" = "" -a "$1" != "stop" ]; then
echo "External network device $IF is not ready. Aborting.."
exit 2
fi

if [ "$NAT" = "on" ]; then
if [ "$INMASK" = "" -a "$1" != "stop" ]; then
echo "Internal network device $INIF is not ready. Aborting.."
exit 3
fi
fi

# --(Helper Functions)--

# Scrub data parameters before use
scrub_parameters () {
target=`echo $target | sed 's/ //'g`
port=`echo $port | sed 's/ //'g | sed "s/-/:/"`
ext_port=`echo $ext_port | sed 's/ //'g | sed "s/-/:/"`
int_port_dashed=`echo $int_port | sed 's/ //'g | sed "s/:/-/"`
int_port=`echo $int_port | sed 's/ //'g | sed "s/-/:/"`
if [ "$target" == "everyone" ]; then target=0/0
else if [ "$target" == "firewall" ]; then target=$IP
else if [ "$target" == "lan" ]; then target=$INNET
fi fi fi
}

# --(Control Functions)--

# Create Firestarter lock file
lock_firestarter () {
if [ -e /var/lock/subsys ]; then
touch /var/lock/subsys/firestarter
else
touch /var/lock/firestarter
fi
}

# Remove Firestarter lock file
unlock_firestarter () {
if [ -e /var/lock/subsys ]; then

rm -f /var/lock/subsys/firestarter
else
rm -f /var/lock/firestarter
fi
}

# Start system DHCP server
start_dhcp_server () {
if [ "$DHCP_DYNAMIC_DNS" = "on" ]; then
NAMESERVER=
# Load the DNS information into the dhcp configuration
while read keyword value garbage
do
if [ "$keyword" = "nameserver" ]; then
if [ "$NAMESERVER" = "" ]; then
NAMESERVER="$value"
else
NAMESERVER="$NAMESERVER, $value"
fi
fi
done < /etc/resolv.conf

if [ "$NAMESERVER" != "" ]; then
if [ -f /etc/dhcpd.conf ]; then
sed "s/domain-name-servers.*$/domain-name-servers $NAMESERVER;/" /etc/dhcpd.conf > /etc/dhcpd.conf.tmp
mv /etc/dhcpd.conf.tmp /etc/dhcpd.conf
fi
if [ -f /etc/dhcp3/dhcpd.conf ]; then
sed "s/domain-name-servers.*$/domain-name-servers $NAMESERVER;/" /etc/dhcp3/dhcpd.conf > /etc/dhcp3/dhcpd.conf.tmp
mv /etc/dhcp3/dhcpd.conf.tmp /etc/dhcp3/dhcpd.conf
fi
else
echo -e "Warning: Could not determine new DNS settings for DHCP\nKeeping old configuration"
fi
fi

if [ -e /etc/init.d/dhcp3-server ]; then
/etc/init.d/dhcp3-server restart > /dev/null
elif [ -e /etc/init.d/dhcpd ]; then
/etc/init.d/dhcpd restart > /dev/null
elif [ -e /etc/init.d/dnsmasq ]; then
/etc/init.d/dnsmasq restart > /dev/null
else
/usr/sbin/dhcpd 2> /dev/null
fi

if [ $? -ne 0 ]; then
echo Failed to start DHCP server
exit 200
fi
}

# Start the firewall, enforcing traffic policy
start_firewall () {
lock_firestarter
source /etc/firestarter/firewall 2>&1
retval=$?
if [ $retval -eq 0 ]; then
echo "Firewall started"
else
echo "Firewall not started"
unlock_firestarter
exit $retval
fi
}

# Stop the firewall, traffic flows freely
stop_firewall () {
$IPT -F
$IPT -X
$IPT -Z
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t mangle -F 2>/dev/null
$IPT -t mangle -X 2>/dev/null
$IPT -t mangle -Z 2>/dev/null
$IPT -t nat -F 2>/dev/null
$IPT -t nat -X 2>/dev/null
$IPT -t nat -Z 2>/dev/null
retval=$?
if [ $retval -eq 0 ]; then
unlock_firestarter
echo "Firewall stopped"
fi
exit $retval
}

# Lock the firewall, blocking all traffic
lock_firewall () {
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
$IPT -F;
$IPT -X
$IPT -Z
retval=$?
if [ $? -eq 0 ]; then
echo "Firewall locked"
fi
exit $retval
}

# Report the status of the firewall
status () {
if [ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]; then
echo "Firestarter is running..."
else
echo "Firestarter is stopped"
fi
}

case "$1" in
start)
start_firewall
if [ "$NAT" = "on" -a "$DHCP_SERVER" = "on" ]; then
start_dhcp_server
fi
;;
stop)
stop_firewall
;;
lock)
lock_firewall
;;
status)
status
;;
reload-inbound-policy)
source /etc/firestarter/inbound/setup 2>&1
;;
reload-outbound-policy)
source /etc/firestarter/outbound/setup 2>&1
;;
*)
echo "usage: $0 {start|stop|lock|status}"
exit 1
esac
exit 0

lxvison · #4

你确定联网了吗？

yinliang108 · #5

是ifconifg中文的问题，论坛有很多相关的帖子，好好搜索一下，我就是这么解决的。

aaawhale · #6

我当然联网了，还是不行啊

aaawhale · #7

LANG=en_US ，并在首选项里选检测到的设备，PPP0
两个都是PPP0

zzd@ubuntu · #8

我收藏先。。。呵呵，好样的

RegentW · #9

试下用ufw吧，个人认为比firestarter方便直观

[已解决][问题]Firestarter 防火墙不能启动，两种方法试了都不行

[已解决][问题]Firestarter 防火墙不能启动，两种方法试了都不行

还是不行啊，问题在哪里

是ifconifg中文的问题

解决方法是