Re: nat ipchains on debian woody
Hi,
I have been outside this days, excuse me to respond later.
Now i have done "apt-get install kernel-image-2.4.18..." it seems to go fine
because i have see no errors while installing and i has got a /boot/"kernel
2.4...."
But my problem now is another different. When I installed my woody i put a
floppy disk bootting system in order to load my debian woody kernel (this is
a large history because i have 2 hard disk on this machine and I cant start
debian in a classic lilo) , so my bootting disk gone to run my old kernel
(2.2) and i dont now how i can create a new floppy disk in order to load the
new kernel so, this options of create a new floppy disk didnt appear when i
install the kernel-image2.4 package (only offer me to put on my lilo load
system). So in order to solve this problem,
how could i do a new floppy boot disk (i want to save my boot with the old
kernel) to load a new kernel which have been installed on /boot/"kernel 2.4
" ?
Thanks for your previous numerous interested response.
Francisco.
----- Original Message -----
From: "Kris Deugau" <kdeugau@vianet.ca>
To: <debian-isp@lists.debian.org>
Sent: Tuesday, June 29, 2004 5:30 PM
Subject: Re: nat ipchains on debian woody
Francisco Castillo wrote:
> I'm novice on debian, i have decided recently to change from redhat
> or mandrake (fatal experiencie in two years), so excuse my ignorance.
Having recently gone through a similar change, I may be able to help a
little more.
> First i dont know how to do this step "The first thinng you must do
> is to install a kernel with IPTABLES support"
Debian "Woody" (aka stable, currently), installs with a 2.2.x kernel by
default. You'll need to find a 2.4.x kernel- either installed from
source, or from a stock kernel package.
First, install aptitude. It makes life much easier searching for a
particular package IMO.
# apt-get install aptitude
This may bring in a number of other dependencies; some of them will
definitely look a little odd. :/
Run aptitude. Search for kernel packages: press "/", then enter
"kernel" in the search box. Hit Enter. You'll see the display change
in the top section to show a kernel-{something} package. This is
*probably* either the installed kernel, or a kernel-source package. Hit
"\" to repeat the search until you find a whole series of
"kernel-image-2.{something}" packages. You should also be able to use
the arrow keys here to select a package.
I can't offer any particular advice on which 2.4 kernel to install;
I've been using "kernel-image-2.4.18-1-686", but there are three or four
others that appear to be IDENTICAL. (WTF? Maybe someone else can
explain that!)
You *may* be able to get a suitable 2.4.x kernel image installed with
"apt-get install kernel-image-2.4", but I can't comment on whether that
would actually install a usable kernel for you.
> How can I do it ? How can i test if it is on my server?
dpkg -l |grep kern should list any packages with "kern" in the name or
short description.
> Second, I have see this on my server
>
> morpheo:~# apt-get install iptables
> Reading Package Lists... Done
> Building Dependency Tree... Done
> Sorry, iptables is already the newest version.
> It seems to be iptables installed but the previos errors said that
> iptables where not avaliable.
iptables is not usually available in 2.2-series kernels; ipchains is.
The original error message you got with iptables:
> modprobe: Can't locate module ip_tables
> iptables v1.2.6a: can't initialize iptables table `nat': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
indicates that modprobe was unable to load the kernel module ip_tables.
I've long since switched all systems I administer over to a 2.4-series
kernel; iptables is more flexible than ipchains, and allows (for
instance) connection state tracking for SSH sessions that just go
*through* the NAT host (rather than starting or ending there).
-kgd
--
"Sendmail administration is not black magic. There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
- Unknown
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: