Re: RH 8.0 gateway and iptables
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 09/07/03
- Next message: Nico Kadel-Garcia: "Re: Poor people's OS?"
- Previous message: Igor Jagec: "Re: Poor people's OS?"
- In reply to: Ramanan: "Re: RH 8.0 gateway and iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 6 Sep 2003 16:50:05 -0700
In article <3F5A5C75.9070600@uklinux.net>, Ramanan wrote:
> Apologies. You might catch me err more and please indicate.
We're even, because I set the Followup-To in the the wrong place. :) I
meant to put it in c.o.l.networking, although I suppose it could just as
well go to either (or to both. :)
>> You definitely do have a broken kernel.
>
> Broken and tainted too.
> I could not find a PCI ADSL card with free drivers...
Oh, okay. In that case it's quite likely that you do need a custom
kernel. "Tainted" as I suppose you know is a political warning. Not to
downplay its significance in that regard, of course ... but it sounds
like it might have functional meaning, which in most cases it does not.
>>>>>and it is not clear what other
>>>>>system tools and libraries were upgraded at this point.
>>
>> You don't know what you have upgraded?
>
> That is the root of the problem. It was recompiled by someone else
> who is not available.
In that case I think I'd euthanise it. :) I would want to know what it
has and what it's running. You can find out, of course, but it would be
quicker to reinstall.
> # IP: Netfilter Configuration
> #
> # CONFIG_IP_NF_CONNTRACK is not set
> # CONFIG_IP_NF_QUEUE is not set
> # CONFIG_IP_NF_IPTABLES is not set
> # CONFIG_IP_NF_ARPTABLES is not set
> # CONFIG_IP_NF_COMPAT_IPCHAINS is not set
> # CONFIG_IP_NF_COMPAT_IPFWADM is not set
> ...
>
> Do I need only two more drivers here (lines one and three) right?
Mine has a lot more lines than that. I don't know exactly what is the
minimum; I always aim for a bit beyond that to allow for flexibility in
the future. My firewall machine's kernel is 2.4.17, a bit old now, and
here's what it lists:
#v+
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_COMPAT_IPFWADM=m
CONFIG_IP_NF_NAT_NEEDED=y
#v-
(Yes, I see that the last line is a duplicate. Don't know why.)
In terms of the modules it's actually using:
#v+
ipt_mac 656 1 (autoclean)
ipt_REJECT 2784 7 (autoclean)
ip_conntrack_ftp 3216 0 (unused)
ip_nat_ftp 2944 0 (unused)
ipt_LOG 3184 4 (autoclean)
ipt_limit 960 4 (autoclean)
ipt_state 608 2 (autoclean)
iptable_filter 1728 0 (autoclean) (unused)
ipt_MASQUERADE 1200 1 (autoclean)
iptable_nat 13168 1 (autoclean) [ip_nat_ftp ipt_MASQUERADE]
ip_conntrack 12912 3 (autoclean) [ip_conntrack_ftp ip_nat_ftp ipt_state ipt_MASQUERADE iptable_nat]
ip_tables 10432 10 [ipt_mac ipt_REJECT ipt_LOG ipt_limit ipt_state iptable_filter ipt_MASQUERADE iptable_nat]
#v-
But that will vary depending on your rules.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Nico Kadel-Garcia: "Re: Poor people's OS?"
- Previous message: Igor Jagec: "Re: Poor people's OS?"
- In reply to: Ramanan: "Re: RH 8.0 gateway and iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
