Re: firewall and ip-masquerading

[Bill Wohler <wohler@newt.com>]

Runar Bell <runarbel@powertech.no> writes:
> I want to set up a firewall and ip-masquerading on my linux-box.

  Please have a look at:

    http://www.newt.com/firewall/

  which captures my experience doing the same thing. Others are
  encouraged to send me suggestions.

  Note that I still haven't updated this file per a recent
  conversation on this list. I will be moving the eth0 and eth1
  configuration to /etc/network/interfaces, the `echo "1" >
  /proc/sys/net/ipv4/ip_forward' line to /etc/network/options, and the
  rest of the script to /etc/network/firewall.

> 1) where do I find the information on how to compile (and install) a
> regular kernel with support for ip-masquerading ? (Or could any of you
> please provide me with the information needed?)

  As one person mentioned, use kernel-package. I've included a script
  that I use to drive the process. Please read and understand what
  each step does before running it!

> 2) What is the chance of success for a first-timer?

  50%.
  

#! /bin/sh
#
# $Id: makekernel,v 1.6 2000/11/23 19:50:27 wohler Exp $
#
# Configure, build and install a new kernel. This script expects to be run in a 
# directory called kernel-source-nnnn; the version of the kernel is
# extracted from nnnn.
#
cwd=`pwd`
if [ `expr $cwd : '.*kernel-source-'` -eq 0 ]; then
    echo "$0: must be in a kernel-source directory"
    exit 1
fi

version=`pwd | sed 's/.*kernel-source-//'`
buildversionfile=../.build-$version

# If LOGNAME is root, try to set LOGNAME to the actual person that is
# logged in.
if [ -z "$LOGNAME" -o "$LOGNAME" = root ]; then
    LOGNAME=`who am i | sed -e 's/^[^!]*!//' -e 's/ .*$//'`
fi

# Set custom version string.
hostname=`uname --nodename|sed 's/\..*//'`
revision=$hostname.1
buildversion=1
if [ -f $buildversionfile ]; then
    buildversion=`cat $buildversionfile`
    buildversion=`expr $buildversion + 1`
    revision=$hostname.$buildversion
fi

# Create configuration file.
if [ -z "$DISPLAY" ]; then
    echo "DISPLAY environment variable not set; "
    echo "attempt to use X display :0.0, text-only menu, skip configuration,"
    echo -n "or abort? [Xtsa] "
    read ans
    echo $ans
    if [ -z "$ans" -o "$ans" = "x" -o "$ans" = "X" ]; then
        DISPLAY=:0.0 make xconfig || exit 1
    elif [ "$ans" = "t" -o "$ans" = "T" ]; then
        make menuconfig || exit 1
    elif [ "$ans" = "s" -o "$ans" = "S" ]; then
        echo "Skipping configuration..."
    else
        exit 0
    fi
else
    make xconfig
fi

# Build everything.
set -x
make-kpkg clean
make-kpkg --revision=${revision} kernel_image
make-kpkg kernel_headers	# --revision saved between invocations
make-kpkg kernel_doc

# Prepare to install.
# Removing the modules directory eliminates the warning you get during
# the kernel-image install about mismatched modules.
set +x
modules=/lib/modules/$version
echo "The modules directory for this version needs to be removed"
echo "before installing the kernel in order to prevent a mismatch"
echo "between the kernel and the modules. Verify that the correct"
echo "module directory is to be removed and hit return. If it is"
echo "not correct, interrupt with C-c and correct the error."
echo ""
echo -n "Hit return to remove $modules, C-c to abort: "
read
set -x
rm -rf $modules

# Install everything.
dpkg -i ../kernel-image-${version}_${revision}_i386.deb
dpkg -i ../kernel-headers-${version}_${revision}_i386.deb
dpkg -i ../kernel-doc-${version}_${revision}_all.deb

# Post installation chores.
if [ -e /usr/bin/vmware-config.pl ]; then
    vmware-config.pl
fi
echo $buildversion > $buildversionfile

        
-- 
Bill Wohler <wohler@newt.com>  http://www.newt.com/wohler/
Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian!
If you're passed on the right, you're in the wrong lane.