no ipchains with 2.2/no network with 2.4
Hello,
I am fairly new to debian and firewalls, although I can read documentation
;-)
I want to reuse an old machine to serve as firewall/proxy between two
subnets (with Windows machines) (192.168.1.0 (internal) and 192.168.254.0
(dmz))
In the dmz, the router acts as additional firewall for access to my ISP
(gateway: 192.168.254.1)
I installed my old Pentium-MMX 200 65Mb RAM, two network adapters (ne and
8139too).
Prerequisite: I don't want to compile my kernel myself (insmod should be
sufficient), certainly not on that machine (which is my only linux).
I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2 and
iptables for 2.4+.
Since I installed the woody distribution, I am the happy owner of a kernel
2.2.
In that config, the network works fine (from the server, I can ping the two
subnets and access Internet). I installed squid and everything is ok.
I would like to use ipchains, but it is "not supported in this Kernel", so I
searched everywhere to find an ipchains.o module to insmod for 2.2 (I found
for 2.4). In which package would it be ?
...
As an alternative, I installed the kernel 2.4. There, iptables is correctly
configured, with ACCEPT policies by default. But in this config, the
network doesn't work. I checked with ifconfig, and ensured that eth0 and
eth1 are up (and it is the case), but I cannot ping any other machine than
the server itself on both subnets, and of course cannot access internet.
Iptables seems to be out of cause, since if I halt it, my ping requests are
correctly rejected with a message, instead of "hanging"...
For the rest, the network config is exactly the same as the one defined for
kernel 2.2. But maybe there are changes in the network between these two
versions ?
So, my two questions:
a) where is ipchains.o for the kernel 2.2 ?
and/or
b) what component, installed by default in the kernel-image-2.4.16-586,
could be the cause of my network blockage ?
I invested more than 20 hours to read all google mailing-lists information,
firewall how-tos, etc., so a view on the problem by a fresh mind would be
appreciated...
Thanks,
Pierre A.
_________________________________________________________________
Do you have your own space? http://spaces.msn.com
Reply to: