no ipchains with 2.2/no network with 2.4

To: debian-user@lists.debian.org
Subject: no ipchains with 2.2/no network with 2.4
From: "Pierre A. Damas" <pierredamas@hotmail.com>
Date: Wed, 05 Jan 2005 16:53:10 +0100
Message-id: <[🔎] BAY18-F3078D7C94D1B8E6CCDA6ACAC920@phx.gbl>

Hello,

I posted this also in firewall, but I think it can be installation related,so I post it also in the plain user list. Sorry for this cross posting, butI don't know yet the frequentation of both lists and where the problemreally belongs...


I am fairly new to debian and firewalls, although I can read
documentation ;-)
I want to reuse an old machine to serve as firewall/proxy between
two subnets (with Windows machines) (192.168.1.0 (internal) and
192.168.254.0 (dmz))

In the dmz, the router acts as additional firewall for access to my
ISP (gateway: 192.168.254.1)

I installed my old Pentium-MMX 200 65Mb RAM, two network adapters
(ne and 8139too).
Prerequisite: I don't want to compile my kernel myself (insmod
should be sufficient), certainly not on that machine (which is my
only linux).
I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2
and iptables for 2.4+.

Since I installed the woody distribution, I am the happy owner of a
kernel 2.2.

In that config, the network works fine (from the server, I can ping
the two subnets and access Internet).  I installed squid and
everything is ok.

I would like to use ipchains, but it is "not supported in this
Kernel", so I searched everywhere to find an ipchains.o module to
insmod for 2.2 (I found for 2.4).  In which package would it be ?

...

As an alternative, I installed the kernel 2.4.  There, iptables is
correctly configured, with ACCEPT policies by default.  But in this
config, the network doesn't work.  I checked with ifconfig, and
ensured that eth0 and eth1 are up (and it is the case), but I cannot
ping any other machine than the server itself on both subnets, and
of course cannot access internet.

Iptables seems to be out of cause, since if I halt it, my ping
requests are correctly rejected with a message, instead of
"hanging"...

For the rest, the network config is exactly the same as the one
defined for kernel 2.2.  But maybe there are changes in the network
between these two versions ?

So, my two questions:

a) where is ipchains.o for the kernel 2.2 ?
and/or
b) what component, installed by default in the
kernel-image-2.4.16-586, could be the cause of my network blockage ?

I invested more than 20 hours to read all google mailing-lists
information, firewall how-tos, etc., so a view on the problem by a
fresh mind would be appreciated...

Thanks,
Pierre A.

_________________________________________________________________
Try MSN Messenger 7.0 beta http://messenger.msn.be/beta

Reply to:

Follow-Ups:
- Re: no ipchains with 2.2/no network with 2.4
  - From: Sam Watkins <swatkins@fastmail.fm>

Prev by Date: Re: Debian on an old PC
Next by Date: Re: free vs commercial
Previous by thread: Re: debian-user and mail tools
Next by thread: Re: no ipchains with 2.2/no network with 2.4
Index(es):
- Date
- Thread