Re: iptables and 2.4.4 kernel in testing

To: debian-user@lists.debian.org
Subject: Re: iptables and 2.4.4 kernel in testing
From: Wayne Topa <wtopa@dmcom.net>
Date: Sun, 3 Jun 2001 12:34:11 -0400
Message-id: <[🔎] 20010603123411.A11846@dmcom.net>
Mail-followup-to: Wayne Topa <wtopa@dmcom.net>, debian-user@lists.debian.org
Reply-to: wtopa@dmcom.net
In-reply-to: <[🔎] E156OoM-0006aY-00@prax.unix.csis.american.edu>; from simon@unix.csis.american.edu on Sat, Jun 02, 2001 at 11:44:17PM -0400
References: <[🔎] E156OoM-0006aY-00@prax.unix.csis.american.edu>

	Subject: iptables and 2.4.4 kernel in testing
	Date: Sat, Jun 02, 2001 at 11:44:17PM -0400

In reply to:Simon Read

Quoting Simon Read(simon@unix.csis.american.edu):
> Folks,
> 
> I'm trying  to build a firewall  using the 2.4.4  kernel and iptables.
> The kernel seems  to configure and build without  problems, but when I
> try to run iptables to specify a rule I get a message like:
> 
> modprobe: Can't locate module ip_tables
> iptables v1.2.2: can't initialize iptables table `nat': iptables who? (do you ne
> ed to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

I also compiled 'all' of the modules into the kernel, at first.  I
found one problem with that method tho. When conntrack was compiled
in, any lost connections were not dropped in /proc/net/ip_conntrack.
I found that I had many connections there that were over a week old.
Altho that is no big deal, I didn't like the idea that they were still
there.  So I recompiled all of the netfiler selections as modules.
The 'lost connections' are now deleated.  FWIIW here are the modules I
am using with seccess in my firewall script.

grep -i ip_nf /usr/src/linux/.config
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_MAC is not set
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set

:-) HTH, YMMV, HAND :-)
-- 
Press CTRL-ALT-DEL to continue....
_______________________________________________________

Reply to:

Follow-Ups:
- Re: iptables and 2.4.4 kernel in testing
  - From: "Krzysztof Mazurczyk" <kmazurczyk@wskiz.poznan.pl>

References:
- iptables and 2.4.4 kernel in testing
  - From: Simon Read <simon@unix.csis.american.edu>

Prev by Date: Re: [PLUG] File copy method that is twice as fast as "cp -a".
Next by Date: Re: modem problem: No dial tone (solved)
Previous by thread: Re: iptables and 2.4.4 kernel in testing
Next by thread: Re: iptables and 2.4.4 kernel in testing
Index(es):
- Date
- Thread