Tag Archives: IP address

How to configure Firestarter to use VPN services on Linux

VPN LinuxIn my experience Firestarter is a effective firewall and, on Linux, it starts automatically every time we boot up Ubuntu. But, when I decided to use a VPN tunnel through openvpn, I had some connection problems. In fact I was able to initialize my VPN services but, after a while, all the internet connections were mysteriously shut down.

The “problem” was Firestarter which cut off the connection as forbidden considering my inbound/outbound Policy.

To solve this matter you have to open a tunnel on Firestarter to allow VPN working:

1- open the configuration file my VPN provider gives to its users (generally its a text file containing all the configuration info used, in my case, by openvpn) and I searched for the IP address of the default starting connection used to authenticate the VPN services (e.g. 177.458.563.25). Save somewhere or memorize this VPN IP address.

2- open a Terminal and type:

sudo nautilus

3- using nautilus go to File System (it’s before home folder) and open etc–>firestarter and open the file user-pre using Gedit (or your preferred text editor)

4- the user-pre file is usually empty so don’t panic and write these lines into it:

iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport -sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport -dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

Now you have to substitute the xxx.xxx.xxx.xxx with the VPN IP address you have found at step 1 (in my example was 177.458.563.25).

5- Save the user-pre file and close Gedit and Nautilus

6- open a new Terminal and restart Firestarter typing:

sudo /etc/init.d/firestarter restart

That’all! Now your VPN works on your Linux computer and Firestarter has accepted a new Routed IP Tunnel into its allowed policies configuration.  AddThis

July, 6: how to censor the web. The Italian way…

Since this week, the Italian Authority for Communications, when a copyright violation is just reported (not proved by a Court as in all the other countries), can remove or inhibit any Italian or foreign website by blocking the IP address or the Domain Name Systems. This new regulation (not a law) actually represents a violation of the Net Neutrality.


Some Linux security tips for Rootkit Hunter

If you run Rootkit Hunter and you haven’t modified your stock Red Hat configuration of the SSH service (sshd), chances are it will find that you allow root logins. Rootkit Hunter considers these as possible security risks. However, to fix this, you can simply login as root, fire up a text editor, and edit the file


Make the following changes:
You’ll find a commented line like this:
#Protocol 2,1
Uncomment it and change it to:
Protocol 2
This will disallow logins using the older versions of the protocol

Look for the commented line
#PermitRootLogin yes
Uncomment the line and change it so it reads:
PermitRootLogin no
This will configure sshd NOT to allow root logins.

After this, be sure to restart sshd (assuming you run the service in the first place so:
Service sshd restart

By the way Rootkit scanner is scanning tool to ensure you for about 99.9% you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits.

AddThis mp3 link