From: Rem <remy.harel@gmail.com>
Reply-To: Rem <remy.harel@gmail.com>
To: "Pierre A. Damas" <pierredamas@hotmail.com>
Subject: Re: no ipchains with 2.2/no network with 2.4
Date: Wed, 5 Jan 2005 17:05:26 +0100
Hi,
I think you'd really better try to read a documentation and overall
recompile your own kernel ( it's very simple, maybe not the first
time, but after some tries, it's really easy ). You should recompile
the last 2.4 kernel for your server, and then learn basics about
iptables and make some good iptables rules, or find a good how-to or
script. Ask the firewall list for a base script.
Today, you'd probably have a very poor security. If you want to mail
me your @ip i could run a good nmap on it and tell you back if it's
secure or not. And by the way, you should use ipconntrack too, with
iptables, it's very important.
Rem
On Wed, 05 Jan 2005 16:53:10 +0100, Pierre A. Damas
<pierredamas@hotmail.com> wrote:
> Hello,
>
> I posted this also in firewall, but I think it can be installation
related,
> so I post it also in the plain user list. Sorry for this cross posting,
but
> I don't know yet the frequentation of both lists and where the problem
> really belongs...
>
> I am fairly new to debian and firewalls, although I can read
> documentation ;-)
> I want to reuse an old machine to serve as firewall/proxy between
> two subnets (with Windows machines) (192.168.1.0 (internal) and
> 192.168.254.0 (dmz))
>
> In the dmz, the router acts as additional firewall for access to my
> ISP (gateway: 192.168.254.1)
>
> I installed my old Pentium-MMX 200 65Mb RAM, two network adapters
> (ne and 8139too).
> Prerequisite: I don't want to compile my kernel myself (insmod
> should be sufficient), certainly not on that machine (which is my
> only linux).
> I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2
> and iptables for 2.4+.
>
> Since I installed the woody distribution, I am the happy owner of a
> kernel 2.2.
>
> In that config, the network works fine (from the server, I can ping
> the two subnets and access Internet). I installed squid and
> everything is ok.
>
> I would like to use ipchains, but it is "not supported in this
> Kernel", so I searched everywhere to find an ipchains.o module to
> insmod for 2.2 (I found for 2.4). In which package would it be ?
>
> ...
>
> As an alternative, I installed the kernel 2.4. There, iptables is
> correctly configured, with ACCEPT policies by default. But in this
> config, the network doesn't work. I checked with ifconfig, and
> ensured that eth0 and eth1 are up (and it is the case), but I cannot
> ping any other machine than the server itself on both subnets, and
> of course cannot access internet.
>
> Iptables seems to be out of cause, since if I halt it, my ping
> requests are correctly rejected with a message, instead of
> "hanging"...
>
> For the rest, the network config is exactly the same as the one
> defined for kernel 2.2. But maybe there are changes in the network
> between these two versions ?
>
> So, my two questions:
>
> a) where is ipchains.o for the kernel 2.2 ?
> and/or
> b) what component, installed by default in the
> kernel-image-2.4.16-586, could be the cause of my network blockage ?
>
> I invested more than 20 hours to read all google mailing-lists
> information, firewall how-tos, etc., so a view on the problem by a
> fresh mind would be appreciated...
>
> Thanks,
> Pierre A.
>
> _________________________________________________________________
> Try MSN Messenger 7.0 beta http://messenger.msn.be/beta
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
--
Remy HAREL - remy.harel@gmail.com
Linux Registered User #224740
http://remyharel.homelinux.com