Re: no ipchains with 2.2/no network with 2.4

To: ixel@gmx.de, debian-firewall@lists.debian.org
Subject: Re: no ipchains with 2.2/no network with 2.4
From: "Pierre A. Damas" <pierredamas@hotmail.com>
Date: Sun, 09 Jan 2005 18:09:30 +0100
Message-id: <BAY18-F278A2EC1E84D867CB301D3AC960@phx.gbl>
In-reply-to: <20050108100045.GB4602@localdomain>

Thanks Martin.

I had installed the kernel-image-2.2.20-idepci because it was said:

"This version of the kernel image package only has ide and PCI devicesupport"

I believed: this _version only_ has ide and pci device support (and I needit), not this version _has only_ ide and PCI device support (and not otherthings I need).

I installed the 2.2.20 kernel, and ipchains is now supported by the kerneland up and running.


However, I have now the same problem as I described with kernel 2.40 :(

If I put all policies (input, output, forward) to ACCEPT and add only oneaccept rule with logging enabled, I see a lot of activity passing throughipchains, but not going anywhere though.(Ping hangs, frees or whatever, and produces 100% packet losts, on myinternal and external/dmz network)

Seems that the problem is not related to ipchains. Could it be routing,some wrong network configuration that was ignored before due to the lack ofnetwork kernel support that is now active? (ip forwarding is enabled).


Pierre A.

From: Martin Bock <ixel@gmx.de>
To: debian-firewall@lists.debian.org
Subject: Re: no ipchains with 2.2/no network with 2.4
Date: Sat, 8 Jan 2005 11:00:45 +0100

Pierre,

I just checked my old Woody box. I have the following modules loaded:

$ lsmod
Module             Size  Used by
ip_masq_autofw     2488   0  (unused)
ip_masq_ftp        3584   0  (unused)
rtl8139           11348   0  (unused)
af_packet          6152   0  (unused)
unix              11352   0  (autoclean)

correspondingly:

$ cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line.  Comments begin with
# a `#', and everything on the line after them are ignored.
unix
af_packet
rtl8139
ip_masq_ftp
ip_masq_autofw

with this configuration, I can, e.g.:

$ ipchains -P input DENY

without complaints. Though others have pointed out how to find
documentation to compile your kernel, compiling is not necessary if you
have reasonable distribution kernels installed. Which route you like
better is up to you ...

Good luck, mab

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org


_________________________________________________________________
Free e-mail? Try MSN Hotmail ! http://www.hotmail.com

Reply to:

Follow-Ups:
- Re: no ipchains with 2.2/no network with 2.4
  - From: Gian Piero Carrubba <gp-ml@rm-rf.it>
- Re: no ipchains with 2.2/no network with 2.4
  - From: Martin Bock <ixel@gmx.de>

References:
- Re: no ipchains with 2.2/no network with 2.4
  - From: Martin Bock <ixel@gmx.de>

Prev by Date: Re: iptables: reading counters
Next by Date: Firehol question
Previous by thread: Re: no ipchains with 2.2/no network with 2.4
Next by thread: Re: no ipchains with 2.2/no network with 2.4
Index(es):
- Date
- Thread