Re: firewall and ip-masquerading
Runar Bell <runarbel@powertech.no> writes:
> I want to set up a firewall and ip-masquerading on my linux-box.
Please have a look at:
http://www.newt.com/firewall/
which captures my experience doing the same thing. Others are
encouraged to send me suggestions.
Note that I still haven't updated this file per a recent
conversation on this list. I will be moving the eth0 and eth1
configuration to /etc/network/interfaces, the `echo "1" >
/proc/sys/net/ipv4/ip_forward' line to /etc/network/options, and the
rest of the script to /etc/network/firewall.
> 1) where do I find the information on how to compile (and install) a
> regular kernel with support for ip-masquerading ? (Or could any of you
> please provide me with the information needed?)
As one person mentioned, use kernel-package. I've included a script
that I use to drive the process. Please read and understand what
each step does before running it!
> 2) What is the chance of success for a first-timer?
50%.
#! /bin/sh
#
# $Id: makekernel,v 1.6 2000/11/23 19:50:27 wohler Exp $
#
# Configure, build and install a new kernel. This script expects to be run in a
# directory called kernel-source-nnnn; the version of the kernel is
# extracted from nnnn.
#
cwd=`pwd`
if [ `expr $cwd : '.*kernel-source-'` -eq 0 ]; then
echo "$0: must be in a kernel-source directory"
exit 1
fi
version=`pwd | sed 's/.*kernel-source-//'`
buildversionfile=../.build-$version
# If LOGNAME is root, try to set LOGNAME to the actual person that is
# logged in.
if [ -z "$LOGNAME" -o "$LOGNAME" = root ]; then
LOGNAME=`who am i | sed -e 's/^[^!]*!//' -e 's/ .*$//'`
fi
# Set custom version string.
hostname=`uname --nodename|sed 's/\..*//'`
revision=$hostname.1
buildversion=1
if [ -f $buildversionfile ]; then
buildversion=`cat $buildversionfile`
buildversion=`expr $buildversion + 1`
revision=$hostname.$buildversion
fi
# Create configuration file.
if [ -z "$DISPLAY" ]; then
echo "DISPLAY environment variable not set; "
echo "attempt to use X display :0.0, text-only menu, skip configuration,"
echo -n "or abort? [Xtsa] "
read ans
echo $ans
if [ -z "$ans" -o "$ans" = "x" -o "$ans" = "X" ]; then
DISPLAY=:0.0 make xconfig || exit 1
elif [ "$ans" = "t" -o "$ans" = "T" ]; then
make menuconfig || exit 1
elif [ "$ans" = "s" -o "$ans" = "S" ]; then
echo "Skipping configuration..."
else
exit 0
fi
else
make xconfig
fi
# Build everything.
set -x
make-kpkg clean
make-kpkg --revision=${revision} kernel_image
make-kpkg kernel_headers # --revision saved between invocations
make-kpkg kernel_doc
# Prepare to install.
# Removing the modules directory eliminates the warning you get during
# the kernel-image install about mismatched modules.
set +x
modules=/lib/modules/$version
echo "The modules directory for this version needs to be removed"
echo "before installing the kernel in order to prevent a mismatch"
echo "between the kernel and the modules. Verify that the correct"
echo "module directory is to be removed and hit return. If it is"
echo "not correct, interrupt with C-c and correct the error."
echo ""
echo -n "Hit return to remove $modules, C-c to abort: "
read
set -x
rm -rf $modules
# Install everything.
dpkg -i ../kernel-image-${version}_${revision}_i386.deb
dpkg -i ../kernel-headers-${version}_${revision}_i386.deb
dpkg -i ../kernel-doc-${version}_${revision}_all.deb
# Post installation chores.
if [ -e /usr/bin/vmware-config.pl ]; then
vmware-config.pl
fi
echo $buildversion > $buildversionfile
--
Bill Wohler <wohler@newt.com> http://www.newt.com/wohler/
Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.
Reply to: