[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nat ipchains on debian woody


I have been outside this days, excuse me to respond later.

Now i have done "apt-get install kernel-image-2.4.18..." it seems to go fine
because i have see no errors while installing and i has got a /boot/"kernel

But my problem now is another different. When I installed my woody i put a
floppy disk bootting system in order to load my debian woody kernel (this is
a large history because i have 2 hard disk on this machine and I cant start
debian in a classic lilo) , so my bootting disk gone to run my old kernel
(2.2) and i dont now how i can create a new floppy disk in order to load the
new kernel so, this options of create a new floppy disk didnt appear when i
install the kernel-image2.4 package (only offer me to put on my lilo load
system). So in order to solve this problem,

how could i do a new floppy boot disk (i want to save my boot with the old
kernel) to load a new kernel which have been installed on /boot/"kernel 2.4
" ?

Thanks for your previous numerous interested response.


----- Original Message -----
From: "Kris Deugau" <kdeugau@vianet.ca>
To: <debian-isp@lists.debian.org>
Sent: Tuesday, June 29, 2004 5:30 PM
Subject: Re: nat ipchains on debian woody

Francisco Castillo wrote:
> I'm novice on debian, i have decided recently to change from redhat
> or mandrake (fatal experiencie in two years), so excuse my ignorance.

Having recently gone through a similar change, I may be able to help a
little more.

> First i dont know how to do this step "The first thinng you must do
> is to install a kernel with IPTABLES support"

Debian "Woody" (aka stable, currently), installs with a 2.2.x kernel by
default.  You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.

First, install aptitude.  It makes life much easier searching for a
particular package IMO.

# apt-get install aptitude

This may bring in a number of other dependencies;  some of them will
definitely look a little odd.  :/

Run aptitude.  Search for kernel packages:  press "/", then enter
"kernel" in the search box.  Hit Enter.  You'll see the display change
in the top section to show a kernel-{something} package.  This is
*probably* either the installed kernel, or a kernel-source package.  Hit
"\" to repeat the search until you find a whole series of
"kernel-image-2.{something}" packages.  You should also be able to use
the arrow keys here to select a package.

I can't offer any particular advice on which 2.4 kernel to install;
I've been using "kernel-image-2.4.18-1-686", but there are three or four
others that appear to be IDENTICAL.  (WTF?  Maybe someone else can
explain that!)

You *may* be able to get a suitable 2.4.x kernel image installed with
"apt-get install kernel-image-2.4", but I can't comment on whether that
would actually install a usable kernel for you.

> How can I do it ? How can i test if it is on my server?

dpkg -l |grep kern should list any packages with "kern" in the name or
short description.

> Second, I  have see this on my server
> morpheo:~# apt-get install iptables
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Sorry, iptables is already the newest version.

> It seems to be iptables installed but the previos errors said that
> iptables where not avaliable.

iptables is not usually available in 2.2-series kernels;  ipchains is.

The original error message you got with iptables:

> modprobe: Can't locate module ip_tables
> iptables v1.2.6a: can't initialize iptables table `nat': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

indicates that modprobe was unable to load the kernel module ip_tables.

I've long since switched all systems I administer over to a 2.4-series
kernel;  iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).

"Sendmail administration is not black magic.  There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
   - Unknown

To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: