[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nat ipchains on debian woody

Francisco Castillo wrote:
> I'm novice on debian, i have decided recently to change from redhat
> or mandrake (fatal experiencie in two years), so excuse my ignorance.

Having recently gone through a similar change, I may be able to help a
little more.

> First i dont know how to do this step "The first thinng you must do
> is to install a kernel with IPTABLES support"

Debian "Woody" (aka stable, currently), installs with a 2.2.x kernel by
default.  You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.

First, install aptitude.  It makes life much easier searching for a
particular package IMO.

# apt-get install aptitude

This may bring in a number of other dependencies;  some of them will
definitely look a little odd.  :/

Run aptitude.  Search for kernel packages:  press "/", then enter
"kernel" in the search box.  Hit Enter.  You'll see the display change
in the top section to show a kernel-{something} package.  This is
*probably* either the installed kernel, or a kernel-source package.  Hit
"\" to repeat the search until you find a whole series of
"kernel-image-2.{something}" packages.  You should also be able to use
the arrow keys here to select a package.

I can't offer any particular advice on which 2.4 kernel to install; 
I've been using "kernel-image-2.4.18-1-686", but there are three or four
others that appear to be IDENTICAL.  (WTF?  Maybe someone else can
explain that!)

You *may* be able to get a suitable 2.4.x kernel image installed with
"apt-get install kernel-image-2.4", but I can't comment on whether that
would actually install a usable kernel for you.

> How can I do it ? How can i test if it is on my server?

dpkg -l |grep kern should list any packages with "kern" in the name or
short description.

> Second, I  have see this on my server
> morpheo:~# apt-get install iptables
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Sorry, iptables is already the newest version.

> It seems to be iptables installed but the previos errors said that
> iptables where not avaliable.

iptables is not usually available in 2.2-series kernels;  ipchains is.

The original error message you got with iptables:

> modprobe: Can't locate module ip_tables
> iptables v1.2.6a: can't initialize iptables table `nat': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

indicates that modprobe was unable to load the kernel module ip_tables.

I've long since switched all systems I administer over to a 2.4-series
kernel;  iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).

"Sendmail administration is not black magic.  There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
   - Unknown

Reply to: