kernel compilation, ethernet card modules
Hi,
I has now instaled a 2.4.18 kernel on my debian woody, i has installed it
with lilo running my old kernel 2.2.20 too. My new kernel only has a
problem, that is :
it seems to not have loaded the module of the ethernet card, so it give me
the error " Error while getting eth0 interface no such device "
My error is described on
http://www.esdebian.org/forum/viewtopic.php?showtopic=18898
I has do various make menuconfig trying to set my ethernet card ( i have put
all drivers in order to catch my card), but i has not solve the problem.
I has seen differences between the /lib/modules/2.4.18 and the
/lib/modules/2.2.20 (i attach a ls of this directories) , it has no "net"
directory (the 2.4.18)
So i ask for help:
How could i solve my problem?
How colud i setup the eth0 interface ?
Is make menuconfig the best choice in order to do it?
Thanks in advance,
Francisco.
PD. I could public more info of my problem if you need it.
morpheo:/lib/modules/2.4.18# ls -la
total 60
drwxr-xr-x 4 root root 4096 Jul 12 18:25 .
drwxr-xr-x 10 root root 4096 Jul 12 18:25 ..
lrwxrwxrwx 1 root root 29 Jul 12 18:25 build ->
/usr/src/kernel-source-2.4.18
drwxr-xr-x 3 root root 4096 Jul 12 18:25 kernel
-rw-r--r-- 1 root root 2999 Jul 12 18:25 modules.dep
-rw-r--r-- 1 root root 31 Jul 12 18:25
modules.generic_string
-rw-r--r-- 1 root root 73 Jul 12 18:25 modules.ieee1394map
-rw-r--r-- 1 root root 957 Jul 12 18:25 modules.isapnpmap
-rw-r--r-- 1 root root 29 Jul 12 18:25 modules.parportmap
-rw-r--r-- 1 root root 14407 Jul 12 18:25 modules.pcimap
-rw-r--r-- 1 root root 24 Jul 12 18:25 modules.pnpbiosmap
-rw-r--r-- 1 root root 189 Jul 12 18:25 modules.usbmap
drwxr-xr-x 2 root root 4096 Jul 12 18:21 pcmcia
morpheo:/lib/modules/2.2.20# ls -la
total 112
drwxr-xr-x 12 root root 4096 Jul 8 19:21 .
drwxr-xr-x 10 root root 4096 Jul 12 18:25 ..
drwxr-xr-x 2 root root 4096 Jul 8 19:21 block
drwxr-xr-x 2 root root 4096 Jul 8 19:21 cdrom
drwxr-xr-x 2 root root 4096 Jul 8 19:21 fs
drwxr-xr-x 2 root root 4096 Jul 8 19:21 ipv4
drwxr-xr-x 2 root root 4096 Jul 8 19:21 ipv6
drwxr-xr-x 2 root root 8192 Jul 8 19:21 misc
-rw-r--r-- 1 root root 30732 Jul 8 19:45 modules.dep
-rw-r--r-- 1 root root 31 Jul 8 19:45
modules.generic_string
-rw-r--r-- 1 root root 73 Jul 8 19:45 modules.ieee1394map
-rw-r--r-- 1 root root 81 Jul 8 19:45 modules.isapnpmap
-rw-r--r-- 1 root root 29 Jul 8 19:45 modules.parportmap
-rw-r--r-- 1 root root 99 Jul 8 19:45 modules.pcimap
-rw-r--r-- 1 root root 24 Jul 8 19:45 modules.pnpbiosmap
-rw-r--r-- 1 root root 189 Jul 8 19:45 modules.usbmap
drwxr-xr-x 2 root root 4096 Jul 8 19:21 net
drwxr-xr-x 2 root root 4096 Jul 8 19:21 scsi
drwxr-xr-x 2 root root 4096 Jul 8 19:21 usb
drwxr-xr-x 2 root root 4096 Jul 8 19:21 video
----- Original Message -----
From: "Kris Deugau" <kdeugau@vianet.ca>
To: <debian-isp@lists.debian.org>
Sent: Thursday, July 08, 2004 5:34 PM
Subject: Re: nat ipchains on debian woody
Francisco Castillo wrote:
> Then i do a apt-get install kernel-image-2.18.14-686, and this
> installations works fine. Then it puts me a entry on the lilo in
> order to load the new kernel (the old kernel is a 2.2 original woody,
> it has a 686 ) but the problem for me now is that when i reboot the
> kernel can´t load. It give me a kernel panic message , unable to load
> the boot.1006. It seems like this new kernel dont works on my hard
> plataform, but it happens the same with the
> kernel-image.2.18-14-586tsc.
>
> This could be true?
I've heard of this happening (typically with Compaq servers, for some
reason), but I've yet to have it happen to me.
If you really want to run a 2.4 kernel, or you really want iptables,
you'll probably have to compile a custom kernel. :/ IIRC you *can*
use iptables with a 2.2 kernel, but it's a pain to get up and running.
> How can i Knew what is the soft or version of kernel-image i must use
> in my hard system?
Anyone else? I've found stock kernels work fine for me, but I've
occasionally run into hardware that doesn't run with them.
> Could be posible to has a kernel 2.2 of woody and a nat configuration
> (ipmasquerade) ?
> Could i do it with ipchanis?
It can be done; it also has some very specific flaws and limitations
that make it less flexible than iptables.
> What could be this procedure to setup this configuration?
Here's a very trimmed-down version of a firewall script I used to use;
for a variety of reasons I no longer use this particular script or
anything like it on most of my systems. (Among other reasons, all my
systems are running 2.4 kernels, and so I'm using iptables instead of
ipchains.)
You'll need to modify interface names and IPs to your setup, and decide
whether to use the kernel TCP tuning listed here (I've never seen
problems with it, but...)
=====BEGIN rc.firewall=====
#!/bin/sh
case $1 in start|stop|restart)
# Setting up firewall variables
#External Interface
EXT_IF="eth0"
EXT_IP="10.10.10.24"
#Internal Interface
INT_IF="eth1"
INT_IP="192.168.2.1"
#Network stuff
INT_NET="192.168.0.0/16"
BROADCAST_SRC="0.0.0.0"
BROADCAST_DEST="255.255.255.255"
CWD=`pwd`
echo -n "Doing assorted network shiznit..."
#Disable TCP source routing
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 > $f;
done
#Turn on source address verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f;
done
#Disable ICMP redirection
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo 0 > $f;
done
#Turn on packet forwarding (for masquerading)
echo 1 > /proc/sys/net/ipv4/ip_forward
#Turn OFF ICMP replies
#echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
#Use TCP SYN cookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#Assorted TCP/IP crap (turning off unused extensions, etc.)
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo "done."
#Adding masquerading modules to make life easier.
echo -n "Adding masquerading modules..."
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_irc.o
/sbin/modprobe ip_masq_quake.o
/sbin/modprobe ip_masq_raudio.o
/sbin/modprobe ip_masq_vdolive.o
/sbin/modprobe ip_masq_portfw.o
/sbin/modprobe ip_masq_autofw.o
/sbin/modprobe ip_masq_user.o
echo "done."
# Check to see how this script was called.
case "$1" in
stop)
echo "Stopping FIREWALL services."
echo -n " Flushing chains..."
/sbin/ipchains -F
echo "done."
echo "FIREWALL services stopped."
;;
start)
echo "Starting FIREWALL services."
echo -n " Setting forwarding rules..."
/sbin/ipchains -A forward -j MASQ -s $INT_NET
echo "done."
echo " Setting input filter rules..."
echo -n " regular input rules..."
/sbin/ipchains -A input -j ACCEPT -s any/0 domain -p tcp -i $EXT_IF
/sbin/ipchains -A input -j ACCEPT -s any/0 domain -p udp -i $EXT_IF
/sbin/ipchains -A input -j ACCEPT -s any/0 time -p tcp -i $INT_IF
/sbin/ipchains -A input -j ACCEPT -s any/0 time -p udp -i $INT_IF
/sbin/ipchains -A input -j REJECT -d $EXT_IP tftp -p udp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP sunrpc -p tcp -i $EXT_IF
-l
/sbin/ipchains -A input -j REJECT -d $EXT_IP auth -p tcp -i $EXT_IF -l
# Since we don't use nntp anyway...
/sbin/ipchains -A input -j REJECT -d $EXT_IP nntp -p tcp -i $EXT_IF -l
# Samba and friends; we don't want to have anything to do with
# these over the public interface
/sbin/ipchains -A input -j REJECT -d $EXT_IP 134 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 135 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 136 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 137 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 138 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 139 -p tcp -i $EXT_IF -l
# Should probably close this up
/sbin/ipchains -A input -j REJECT -d $EXT_IP snmp -p udp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 513 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 514 -p tcp -i $EXT_IF -l
/sbin/ipchains -A input -j REJECT -d $EXT_IP 515 -p tcp -i $EXT_IF -l
# Added for swat support
/sbin/ipchains -A input -j REJECT -d $EXT_IP 901 -p tcp -i $EXT_IF -l
# X? Maybe? Don't remember... might be VNC...
/sbin/ipchains -A input -j REJECT -d any/0 5800:7000 -p tcp -i $EXT_IF
-l
echo "done."
echo " Done setting normal input rules."
echo " Done setting input rules."
echo " Setting output firewall rules..."
#Block outbound traffic to private networks
echo -n " Blocking traffic to private networks..."
/sbin/ipchains -A output -j DENY -s 10.0.0.0/8 -i $EXT_IF
/sbin/ipchains -A output -j DENY -s 172.16.0.0/12 -i $EXT_IF
/sbin/ipchains -A output -j DENY -s $INT_NET -i $EXT_IF -l
/sbin/ipchains -A output -j DENY -s 127.0.0.0/8 -i $EXT_IF
/sbin/ipchains -A output -j DENY -s 224.0.0.0/4 -i $EXT_IF
/sbin/ipchains -A output -j DENY -s 240.0.0.0/5 -i $EXT_IF
/sbin/ipchains -A output -j DENY -d 10.0.0.0/8 -i $EXT_IF
/sbin/ipchains -A output -j DENY -d 172.16.0.0/12 -i $EXT_IF
/sbin/ipchains -A output -j DENY -d $INT_NET -i $EXT_IF -l
/sbin/ipchains -A output -j DENY -d 127.0.0.0/8 -i $EXT_IF
/sbin/ipchains -A output -j DENY -d 224.0.0.0/4 -i $EXT_IF
/sbin/ipchains -A output -j DENY -d 240.0.0.0/5 -i $EXT_IF
echo "done."
echo " Done setting output firewall rules."
echo "FIREWALL services started."
;;
restart)
cd $CWD
$0 stop
$0 start
;;
esac
;;
*)
echo "Usage: firewall {start|stop|restart}"
;;
esac
exit 0
=====END rc.firewall=====
-kgd
--
Get your mouse off of there! You don't know where that email has been!
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: