kernel configuration, 3 unique setups?

To: debian-firewall@lists.debian.org
Subject: kernel configuration, 3 unique setups?
From: Henry Hollenberg <speed@barney.iamerica.net>
Date: Tue, 3 Mar 1998 07:05:57 -0600 (CST)
Message-id: <[🔎] Pine.LNX.3.95.980303064609.24245j-100000@barney.iamerica.net>

I guess we'll need three unique setups for the builds of lean kernels ie
make menuconfig.  Since I've not set up ipfw or masquerade before some of
the subtlies may be escaping me.

Please look over these and post corrections to the list, thanks!


here's the topology for reference:

Firewall Architecture = screened subnet:

 				       .4
                                     bastion
                                        |
                                        |
inet pipeline50 -- paket filter A -----hub------ paket filter B -LAN
    206.81.41.1    .2	        .3              .5     192.168.1.1

BTW, are the IP's above sane?

outer packet filter:

	Ip filter settings:

#
# Networking options
#
CONFIG_FIREWALL=y
# CONFIG_NET_ALIAS is not set
CONFIG_INET=y
# CONFIG_IP_FORWARD is not set
# CONFIG_IP_MULTICAST is not set
CONFIG_SYN_COOKIES=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y
CONFIG_IP_MASQUERADE=y <<<<<<<<<<<<<<<<<<<<<< turn_this_off
# CONFIG_IP_MASQUERADE_IPAUTOFW is not set
CONFIG_IP_MASQUERADE_ICMP=y <<<<<<<<<<<<<<<<< turn_this_off
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set <<<<<<<<<<<<<<< ?????????????
# CONFIG_NET_IPIP is not set
# CONFIG_INET_PCTCP is not set
CONFIG_INET_RARP=y
# CONFIG_NO_PATH_MTU_DISCOVERY is not set
CONFIG_IP_NOSR=y
# CONFIG_SKB_LARGE is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_AX25 is not set
# CONFIG_NETLINK is not set

	
	

inner packet filter:

	masquerade and ip filter settings:

#
# Networking options
#
CONFIG_FIREWALL=y
# CONFIG_NET_ALIAS is not set
CONFIG_INET=y
# CONFIG_IP_FORWARD is not set
# CONFIG_IP_MULTICAST is not set
CONFIG_SYN_COOKIES=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y
CONFIG_IP_MASQUERADE=y
# CONFIG_IP_MASQUERADE_IPAUTOFW is not set
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set <<<<<<<<<<<<<<<<<< ?????????
# CONFIG_NET_IPIP is not set
# CONFIG_INET_PCTCP is not set
CONFIG_INET_RARP=y
# CONFIG_NO_PATH_MTU_DISCOVERY is not set
CONFIG_IP_NOSR=y
# CONFIG_SKB_LARGE is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_AX25 is not set
# CONFIG_NETLINK is not set



bastion:

	turn off masquerade and ip filters

#
# Networking options
#
CONFIG_FIREWALL=y  <<<<<<<<<<<<<<<<<<<<<<< turn_this_off
# CONFIG_NET_ALIAS is not set
CONFIG_INET=y
# CONFIG_IP_FORWARD is not set
# CONFIG_IP_MULTICAST is not set
CONFIG_SYN_COOKIES=y
CONFIG_IP_FIREWALL=y <<<<<<<<<<<<<<<<<<<<< turn_this_off
CONFIG_IP_FIREWALL_VERBOSE=y <<<<<<<<<<<<< turn_this_off
CONFIG_IP_MASQUERADE=y <<<<<<<<<<<<<<<<<<< turn_this_off
# CONFIG_IP_MASQUERADE_IPAUTOFW is not set
CONFIG_IP_MASQUERADE_ICMP=y <<<<<<<<<<<<<< turn_this_off
CONFIG_IP_ALWAYS_DEFRAG=y <<<<<<<<<<<<<<<< turn_this_off
CONFIG_IP_ACCT=y <<<<<<<<<<<<<<<<<<<<<<<<< ?????????????
# CONFIG_IP_ROUTER is not set
# CONFIG_NET_IPIP is not set
# CONFIG_INET_PCTCP is not set
CONFIG_INET_RARP=y
# CONFIG_NO_PATH_MTU_DISCOVERY is not set
CONFIG_IP_NOSR=y
# CONFIG_SKB_LARGE is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_AX25 is not set
# CONFIG_NETLINK is not set


	Henry Hollenberg     speed@barney.iamerica.net 



--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to:

Prev by Date: Re: Priming the pump III
Next by Date: Re: WEB-Page: Debian based Firewall
Previous by thread: Using dpkg for a custom installation from cdrom media
Next by thread: Re: WEB-Page: Debian based Firewall
Index(es):
- Date
- Thread