Re: no ipchains with 2.2/no network with 2.4
Pierre,
On Wed, Jan 05, 2005 at 10:58:31AM +0100, Pierre A. Damas wrote:
> Hello,
>
> I am fairly new to debian and firewalls, although I can read
> documentation ;-)
[snip]
> I installed my old Pentium-MMX 200 65Mb RAM, two network adapters (ne
> and 8139too).
ne seems very old to me; in the linux 2.4.20 documentation (sorry, no
older version here) I found it to need io=0xNNN parameter given at
insmod, which is most probably only necessary for ISA cards. Get any PCI
card and you will have no problem in getting it seen by the kernel.
> Prerequisite: I don't want to compile my kernel myself (insmod should
should be OK ...
[snip]
> be Since I installed the woody distribution, I am the happy owner of a
> kernel 2.2.
>
> In that config, the network works fine (from the server, I can ping
> the two subnets and access Internet). I installed squid and
> everything is ok.
>
> I would like to use ipchains, but it is "not supported in this
> Kernel", so I searched everywhere to find an ipchains.o module to
> insmod for 2.2 (I found for 2.4). In which package would it be ?
So what is the precise version of the kernel(2.2) package you installed?
> As an alternative, I installed the kernel 2.4. There, iptables is
> correctly configured, with ACCEPT policies by default. But in this
> config, the network doesn't work. I checked with ifconfig, and
> ensured that eth0 and eth1 are up (and it is the case),
You are sure that your interface related to ne is up?
> but I cannot ping any other machine than the server itself on both
> subnets, and of course cannot access internet.
>
> Iptables seems to be out of cause, since if I halt it, my ping requests are
> correctly rejected with a message, instead of "hanging"...
What do you mean by "halt it"?
> For the rest, the network config is exactly the same as the one
> defined for kernel 2.2. But maybe there are changes in the network
> between these two versions ?
Most certainly there are.
> So, my two questions:
>
> a) where is ipchains.o for the kernel 2.2 ?
> and/or
usually in /lib/modules/2.2.yourkernelversion
> b) what component, installed by default in the kernel-image-2.4.16-586,
> could be the cause of my network blockage ?
I would guess it is this ancient ne card you seem to be using. BTW let
me recommand you to update your system to the current, 4th release of
Woody. There have been *lots* of security fixes, in particular the
kernel 2.4.16 is outdated, you should use 2.4.18
> I invested more than 20 hours to read all google mailing-lists
> information, firewall how-tos, etc., so a view on the problem by a
> fresh mind would be appreciated...
Or you can use the upcoming Sarge release of Debian. I have set up a
firewall with a snapshot, kernel 2.4.26 and firehol (a firewall
generator), it works like charm on my probably even older P1 166.
Good luck, mab
> Thanks,
> Pierre A.
>
> _________________________________________________________________
> Do you have your own space? http://spaces.msn.com
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: