Re: no ipchains with 2.2/no network with 2.4

["Pierre A. Damas" <pierredamas@hotmail.com>]

Thanks Rem for your answer, but as you can expect, it doesn't help ;-)

> > Prerequisite: I don't want to compile my kernel myself (insmod
> > should be sufficient), certainly not on that machine (which is my
> > only linux).

I have of course nothing that would me make think that I am more
able to rebuild a kernel than the debian person who created the 
kernel-image,
and if I can reach his level (after reading a lot of documentation and 
trying a lot),
nothing makes me believe that exactly the same problem would not occur...

Of course, I may have only a "weak" security (and once I have a better 
config,
I'll ask you to run your thing to check it), but it is why I rely on 
knowledgable people
building the kernels and modules for me and giving me good advice.

But for each domain I touch in my computer life, there is always a balance 
between the
benefit I expect from it, and the time and effort I can invest.

If I need a database, I would use a distribution, although some advised 
postgres guru
could say me that I should really take the sources and recompile it, to be 
more performant
or more secure, or more ...

I think (I hope) I have a good 2.4 kernel, and with everything open in 
iptables (I want first to be sure that it works), I cannot connect to any 
network.

In fact, I think I have a very secure config ;-)

Thanks anyway for the time you took answering me...

Pierre A.

> From: Rem <remy.harel@gmail.com>
> Reply-To: Rem <remy.harel@gmail.com>
> To: "Pierre A. Damas" <pierredamas@hotmail.com>
> Subject: Re: no ipchains with 2.2/no network with 2.4
> Date: Wed, 5 Jan 2005 17:05:26 +0100
>
>  Hi,
>
>   I think you'd really better try to read a documentation and overall
> recompile your own kernel ( it's very simple, maybe not the first
> time, but after some tries, it's really easy ). You should recompile
> the last 2.4 kernel for your server, and then learn basics about
> iptables and make some good iptables rules, or find a good how-to or
> script. Ask the firewall list for a base script.
>
>  Today, you'd probably have a very poor security. If you want to mail
> me your @ip i could run a good nmap on it and tell you back if it's
> secure or not. And by the way, you should use ipconntrack too, with
> iptables, it's very important.
>
>  Rem
>
>
> On Wed, 05 Jan 2005 16:53:10 +0100, Pierre A. Damas
> <pierredamas@hotmail.com> wrote:
> > Hello,
> >
> > I posted this also in firewall, but I think it can be installation 
> related,
> > so I post it also in the plain user list.  Sorry for this cross posting, 
> but
> > I don't know yet the frequentation of both lists and where the problem
> > really belongs...
> >
> > I am fairly new to debian and firewalls, although I can read
> > documentation ;-)
> > I want to reuse an old machine to serve as firewall/proxy between
> > two subnets (with Windows machines) (192.168.1.0 (internal) and
> > 192.168.254.0 (dmz))
> >
> > In the dmz, the router acts as additional firewall for access to my
> > ISP (gateway: 192.168.254.1)
> >
> > I installed my old Pentium-MMX 200 65Mb RAM, two network adapters
> > (ne and 8139too).
> > Prerequisite: I don't want to compile my kernel myself (insmod
> > should be sufficient), certainly not on that machine (which is my
> > only linux).
> > I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2
> > and iptables for 2.4+.
> >
> > Since I installed the woody distribution, I am the happy owner of a
> > kernel 2.2.
> >
> > In that config, the network works fine (from the server, I can ping
> > the two subnets and access Internet).  I installed squid and
> > everything is ok.
> >
> > I would like to use ipchains, but it is "not supported in this
> > Kernel", so I searched everywhere to find an ipchains.o module to
> > insmod for 2.2 (I found for 2.4).  In which package would it be ?
> >
> > ...
> >
> > As an alternative, I installed the kernel 2.4.  There, iptables is
> > correctly configured, with ACCEPT policies by default.  But in this
> > config, the network doesn't work.  I checked with ifconfig, and
> > ensured that eth0 and eth1 are up (and it is the case), but I cannot
> > ping any other machine than the server itself on both subnets, and
> > of course cannot access internet.
> >
> > Iptables seems to be out of cause, since if I halt it, my ping
> > requests are correctly rejected with a message, instead of
> > "hanging"...
> >
> > For the rest, the network config is exactly the same as the one
> > defined for kernel 2.2.  But maybe there are changes in the network
> > between these two versions ?
> >
> > So, my two questions:
> >
> > a) where is ipchains.o for the kernel 2.2 ?
> > and/or
> > b) what component, installed by default in the
> > kernel-image-2.4.16-586, could be the cause of my network blockage ?
> >
> > I invested more than 20 hours to read all google mailing-lists
> > information, firewall how-tos, etc., so a view on the problem by a
> > fresh mind would be appreciated...
> >
> > Thanks,
> > Pierre A.
> >
> > _________________________________________________________________
> > Try MSN Messenger 7.0 beta http://messenger.msn.be/beta
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> >
> >
>
>
> --
> Remy HAREL - remy.harel@gmail.com
> Linux Registered User #224740
> http://remyharel.homelinux.com

_________________________________________________________________
Free e-mail? Try MSN Hotmail ! http://www.hotmail.com