Re: nat ipchains on debian woody

To: debian-isp@lists.debian.org
Subject: Re: nat ipchains on debian woody
From: Kris Deugau <kdeugau@vianet.ca>
Date: Tue, 29 Jun 2004 11:30:49 -0400
Message-id: <[🔎] 40E18B29.1F5DE7AF@vianet.ca>
Reply-to: debian-isp@lists.debian.org, debian-isp@lists.debian.org
References: <[🔎] 006801c45d42$1234a040$1700a8c0@fcastillrrn93j><[🔎] 40E0730C.1060704@xtraport.de> <[🔎] 20040628150909.05fb28ca.enrique@datalink.net.mx> <[🔎] 00f001c45d50$2ac97870$1700a8c0@fcastillrrn93j>

Francisco Castillo wrote:
> I'm novice on debian, i have decided recently to change from redhat
> or mandrake (fatal experiencie in two years), so excuse my ignorance.

Having recently gone through a similar change, I may be able to help a
little more.

> First i dont know how to do this step "The first thinng you must do
> is to install a kernel with IPTABLES support"

Debian "Woody" (aka stable, currently), installs with a 2.2.x kernel by
default.  You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.

First, install aptitude.  It makes life much easier searching for a
particular package IMO.

# apt-get install aptitude

This may bring in a number of other dependencies;  some of them will
definitely look a little odd.  :/

Run aptitude.  Search for kernel packages:  press "/", then enter
"kernel" in the search box.  Hit Enter.  You'll see the display change
in the top section to show a kernel-{something} package.  This is
*probably* either the installed kernel, or a kernel-source package.  Hit
"\" to repeat the search until you find a whole series of
"kernel-image-2.{something}" packages.  You should also be able to use
the arrow keys here to select a package.

I can't offer any particular advice on which 2.4 kernel to install; 
I've been using "kernel-image-2.4.18-1-686", but there are three or four
others that appear to be IDENTICAL.  (WTF?  Maybe someone else can
explain that!)

You *may* be able to get a suitable 2.4.x kernel image installed with
"apt-get install kernel-image-2.4", but I can't comment on whether that
would actually install a usable kernel for you.

> How can I do it ? How can i test if it is on my server?

dpkg -l |grep kern should list any packages with "kern" in the name or
short description.

> Second, I  have see this on my server
> 
> morpheo:~# apt-get install iptables
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Sorry, iptables is already the newest version.

> It seems to be iptables installed but the previos errors said that
> iptables where not avaliable.

iptables is not usually available in 2.2-series kernels;  ipchains is.

The original error message you got with iptables:

> modprobe: Can't locate module ip_tables
> iptables v1.2.6a: can't initialize iptables table `nat': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

indicates that modprobe was unable to load the kernel module ip_tables.

I've long since switched all systems I administer over to a 2.4-series
kernel;  iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).

-kgd
-- 
"Sendmail administration is not black magic.  There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
   - Unknown

Reply to:

References:
- nat ipchains on debian woody
  - From: "Francisco Castillo" <fcastillo@hostgreen.com>
- Re: nat ipchains on debian woody
  - From: Christoph Löffler <cl-list01@xtraport.de>
- Re: nat ipchains on debian woody
  - From: Enrique Dorantes <enrique@datalink.net.mx>
- Re: nat ipchains on debian woody
  - From: "Francisco Castillo" <fcastillo@hostgreen.com>

Prev by Date: Re: email server - how to
Next by Date: Re: ttysnoop openssh woody
Previous by thread: Re: nat ipchains on debian woody
Next by thread: Re: nat ipchains on debian woody
Index(es):
- Date
- Thread