[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: no ipchains with 2.2/no network with 2.4

ip_forward was already enabled via the configuration, so it didn't do anything. 

If 2.4 is available in woody installation, is it considered as stable ?

By the way, I installed it via Internet with the minimal CD
(LordSutch.com ISOLINUX mini-ISO image)

Pierre A.


From: Fernando Andrade <fcaandrade@ig.com.br>
Reply-To: fcaandrade@ig.com.br
To: "Pierre A. Damas" <pierredamas@hotmail.com>
CC: debian-firewall@lists.debian.org
Subject: Re: no ipchains with 2.2/no network with 2.4
Date: Wed, 05 Jan 2005 14:21:42 -0400

Hi,

Try do this (with kernel 2.4 and iptables):

#echo 1 > /proc/sys/net/ipv4/ip_forward

ps: you can install woody with kernel 2.4 using the option "bf24" in the
boot manager of the instalation CD.

Fernando Andrade

Em Qua, 2005-01-05 às 05:58, Pierre A. Damas escreveu:
> Hello,
>
> I am fairly new to debian and firewalls, although I can read documentation 
> ;-)
> I want to reuse an old machine to serve as firewall/proxy between two
> subnets (with Windows machines) (192.168.1.0 (internal) and 192.168.254.0 
> (dmz))
>
> In the dmz, the router acts as additional firewall for access to my ISP
> (gateway: 192.168.254.1)
>
> I installed my old Pentium-MMX 200 65Mb RAM, two network adapters (ne and 
> 8139too).
> Prerequisite: I don't want to compile my kernel myself (insmod should be
> sufficient), certainly not on that machine (which is my only linux).
> I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2 and
> iptables for 2.4+.
>
> Since I installed the woody distribution, I am the happy owner of a kernel 
> 2.2.
>
> In that config, the network works fine (from the server, I can ping the two 
> subnets and access Internet).  I installed squid and everything is ok.
>
> I would like to use ipchains, but it is "not supported in this Kernel", so I > searched everywhere to find an ipchains.o module to insmod for 2.2 (I found 
> for 2.4).  In which package would it be ?
>
> ...
>
> As an alternative, I installed the kernel 2.4. There, iptables is correctly 
> configured, with ACCEPT policies by default.  But in this config, the
> network doesn't work. I checked with ifconfig, and ensured that eth0 and > eth1 are up (and it is the case), but I cannot ping any other machine than 
> the server itself on both subnets, and of course cannot access internet.
>
> Iptables seems to be out of cause, since if I halt it, my ping requests are 
> correctly rejected with a message, instead of "hanging"...
>
> For the rest, the network config is exactly the same as the one defined for > kernel 2.2. But maybe there are changes in the network between these two 
> versions ?
>
> So, my two questions:
>
> a) where is ipchains.o for the kernel 2.2 ?
> and/or
> b) what component, installed by default in the kernel-image-2.4.16-586,
> could be the cause of my network blockage ?
>
> I invested more than 20 hours to read all google mailing-lists information, > firewall how-tos, etc., so a view on the problem by a fresh mind would be 
> appreciated...
>
> Thanks,
> Pierre A.
>
> _________________________________________________________________
> Do you have your own space? http://spaces.msn.com
>



_________________________________________________________________
Do you have your own space?! http://spaces.msn.com
Reply to: