Re: no ipchains with 2.2/no network with 2.4
Pierre,
I use Woody whith kernel 2.4 in my firewalls and i have no problem whith
this. If is it considered as stable i dont know, but if DEBIAN realese
woody as stable i think it is considered as stable too.
About your firewall: What rules you use in INPUT chain ? If you have no
rules in INPUT chain and the police is ACCEPT for this chain i think you
have problems with your kernel compilation. Try reinstall Woody whit
option "bf24". If after this the network doesn't work your NIC may be
whith problems.
Fernando Andrade.
Em Qui, 2005-01-06 às 05:38, Pierre A. Damas escreveu:
> ip_forward was already enabled via the configuration, so it didn't do
> anything.
>
> If 2.4 is available in woody installation, is it considered as stable ?
>
> By the way, I installed it via Internet with the minimal CD
> (LordSutch.com ISOLINUX mini-ISO image)
>
> Pierre A.
>
> >From: Fernando Andrade <fcaandrade@ig.com.br>
> >Reply-To: fcaandrade@ig.com.br
> >To: "Pierre A. Damas" <pierredamas@hotmail.com>
> >CC: debian-firewall@lists.debian.org
> >Subject: Re: no ipchains with 2.2/no network with 2.4
> >Date: Wed, 05 Jan 2005 14:21:42 -0400
> >
> >Hi,
> >
> >Try do this (with kernel 2.4 and iptables):
> >
> >#echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> >ps: you can install woody with kernel 2.4 using the option "bf24" in the
> >boot manager of the instalation CD.
> >
> >Fernando Andrade
> >
> >Em Qua, 2005-01-05 às 05:58, Pierre A. Damas escreveu:
> > > Hello,
> > >
> > > I am fairly new to debian and firewalls, although I can read
> >documentation
> > > ;-)
> > > I want to reuse an old machine to serve as firewall/proxy between two
> > > subnets (with Windows machines) (192.168.1.0 (internal) and
> >192.168.254.0
> > > (dmz))
> > >
> > > In the dmz, the router acts as additional firewall for access to my ISP
> > > (gateway: 192.168.254.1)
> > >
> > > I installed my old Pentium-MMX 200 65Mb RAM, two network adapters (ne
> >and
> > > 8139too).
> > > Prerequisite: I don't want to compile my kernel myself (insmod should be
> > > sufficient), certainly not on that machine (which is my only linux).
> > > I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2 and
> > > iptables for 2.4+.
> > >
> > > Since I installed the woody distribution, I am the happy owner of a
> >kernel
> > > 2.2.
> > >
> > > In that config, the network works fine (from the server, I can ping the
> >two
> > > subnets and access Internet). I installed squid and everything is ok.
> > >
> > > I would like to use ipchains, but it is "not supported in this Kernel",
> >so I
> > > searched everywhere to find an ipchains.o module to insmod for 2.2 (I
> >found
> > > for 2.4). In which package would it be ?
> > >
> > > ...
> > >
> > > As an alternative, I installed the kernel 2.4. There, iptables is
> >correctly
> > > configured, with ACCEPT policies by default. But in this config, the
> > > network doesn't work. I checked with ifconfig, and ensured that eth0
> >and
> > > eth1 are up (and it is the case), but I cannot ping any other machine
> >than
> > > the server itself on both subnets, and of course cannot access internet.
> > >
> > > Iptables seems to be out of cause, since if I halt it, my ping requests
> >are
> > > correctly rejected with a message, instead of "hanging"...
> > >
> > > For the rest, the network config is exactly the same as the one defined
> >for
> > > kernel 2.2. But maybe there are changes in the network between these
> >two
> > > versions ?
> > >
> > > So, my two questions:
> > >
> > > a) where is ipchains.o for the kernel 2.2 ?
> > > and/or
> > > b) what component, installed by default in the kernel-image-2.4.16-586,
> > > could be the cause of my network blockage ?
> > >
> > > I invested more than 20 hours to read all google mailing-lists
> >information,
> > > firewall how-tos, etc., so a view on the problem by a fresh mind would
> >be
> > > appreciated...
> > >
> > > Thanks,
> > > Pierre A.
> > >
> > > _________________________________________________________________
> > > Do you have your own space? http://spaces.msn.com
> > >
> >
>
> _________________________________________________________________
> Do you have your own space?! http://spaces.msn.com
>
Reply to: