iptables and kernel 2.4 etc

To: Debian User List <debian-user@lists.debian.org>
Subject: iptables and kernel 2.4 etc
From: David Purton <dcpurton@chariot.net.au>
Date: Sat, 19 May 2001 17:15:17 +0930 (CST)
Message-id: <[🔎] Pine.LNX.4.21.0105191705090.1576-100000@twoflower.net.au>

Hi,


I just upgraded to kernel 2.4.4 and I'm now trying to return my computer
to some state of normality.

after finding I missed a crucial option for ppp and a second recompile
:) I'm now up to getting ipmasqing to work.


I wasn't really sure what options to go for in the kernel - so I checked
everything as modules.  An ended up with the following:

ip_conntrack.o      ipt_MASQUERADE.o  ipt_mac.o        ipt_unclean.o
ip_conntrack_ftp.o  ipt_MIRROR.o      ipt_mark.o       iptable_filter.o
ip_nat_ftp.o        ipt_REDIRECT.o    ipt_multiport.o  iptable_mangle.o
ip_queue.o          ipt_REJECT.o      ipt_owner.o      iptable_nat.o
ip_tables.o         ipt_TCPMSS.o      ipt_state.o
ipt_LOG.o           ipt_TOS.o         ipt_tcpmss.o


of course I don't have a huge idea what most of these are, but I've
managed to sort of get things working by a modprobe -a \*, then running
ipmasq (problems with which I'll deal with in a sec). and things sort of
go.

So what I want to know is which of the above modules do I need for a
masqed network and simple firewalling as a minimum?

And where do I tell the kernel which I want loaded at boot time in the
usual way - and everything will be happy?

Also - when I run ipmasq, it cunningly iserts alsorts of rules into the
filter table with the net result being that I can't access the net at
all.  (at least - packets get out - but are denied on the way in again).
This is not helpful as a default (which it is, since I reinstalled the
ipmasq package after purging it in the hope that my probs would go away)

Is this a prob with ipmasq and 2.4 kernels or is something else wrong?

btw - I found out that ipmasq was at least getting the masqing bit right
but flushing all the chains in the filter table and changing the policy
to ACCEPT. (obviously not a permenant solution)


cheers,

dc

--------------------------------------------------------
Today people in droves hurry up past Heumoz to Villars 
on the road to the ski hills, so they can rush down them
as fast as possible, so they can hurry up again in order
to rush down again.  In a way this is funny,...

			Francis A Schaeffer

David Purton

http://www.chariot.net.au/~dcpurton/
dcpurton@chariot.net.au

Reply to:

Follow-Ups:
- Re: iptables and kernel 2.4 etc
  - From: David Purton <dcpurton@chariot.net.au>
- Re: iptables and kernel 2.4 etc
  - From: Wayne Topa <wtopa@dmcom.net>

Prev by Date: create your own GNU/linux distribution on 3 floppies
Next by Date: Re: iptables and kernel 2.4 etc
Previous by thread: Re: create your own GNU/linux distribution on 3 floppies
Next by thread: Re: iptables and kernel 2.4 etc
Index(es):
- Date
- Thread