Re: Modem Gateway

To: debian-user@lists.debian.org
Subject: Re: Modem Gateway
From: Crispin Wellington <crispin@aeonline.net>
Date: 19 Jul 2002 11:01:00 +0800
Message-id: <[🔎] 1027047662.953.26.camel@void>
In-reply-to: <[🔎] 3D366CE1.14486.1BDBE5@localhost>
References: <[🔎] 3D366CE1.14486.1BDBE5@localhost>

On Thu, 2002-07-18 at 21:23, dan.hunt@st.brieux.com wrote:
> On 17 Jul 2002 at 18:47, dan.hunt@st.brieux.com wrote:
> 

--snip

> > This is what I would do, but may not be the most debianised options.
> > 
> > 1. Get rip of ipmasq completely. netfilter rocks so much, you don't need
> > it. apt-get remove ipmasq
> > 
> > 2. If your not going to use demand dialing (you are going to pon and
> > poff) then remove diald. apt-get remove diald
> I kept diald. 
> > 3. Clear out your iptables firewall completely. the quickest way is
> > 
> > for CHAIN in INPUT OUTPUT FORWARD POSTROUTING PREROUTING; do iptables -P
> > $CHAIN ACCEPT; iptables -F $CHAIN; done
> 
> The script above 
> (my first! thanks to Paul Sheer book "LINUX: Rute User's Tutorial and Exposition" ) 
> gave me the following output repeated several times.
> "modeprobe: can't locate module iptables
> iptables v1.26a:can't initalize iptables table 'filter'
> iptabels who?
> do you need to insmod?

Yes! It tried to modprobe and failed (it shouldn't have failed)

> Perhaps iptables or your kernel need to be upgraded."

What kernel are you running (uname -a). Is it a stock standard debian
kernel or did you build it yourself?

If you have a standard debian kernel, of the 2.4 series do the following
as root.

modconf

Then choose "kernel/net/ipv4/netfilter"
Then turn on the following (select them and keep pressing return until
it says the module was successfully installed

ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc	(only if you plan to use IRC inside your LAN)
ip_nat_ftp
ip_tables
ipt_LOG
ipt_MARK
ipt_MASQUERADE
ipt_MIRROR
ipt_REDIRECT
ipt_REJECT
ipt_TOS
ipt_length
ipt_limit
ipt_mark
ipt_multiport
ipt_owner
ipt_state

This is a very extensive set, more than you're ever going to use, but it
doesn't hurt to include them, and when you start building your firewall
you may wish to use some of the other ipt_ options.

The ones that are probably needed at the minimum for a simple
NAT/firewall machine will be

ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
ip_nat_ftp
ip_tables
ipt_LOG
ipt_MASQUERADE
ipt_REJECT
ipt_limit
ipt_state

After these have been included (modconf sets up the boot sequence to
load them aswell, so you don't need to worry about boots), all your
iptables commands should then work. Try the iptables cleaning script
line again.

Kind Regards
Crispin Wellington
http://www.aeonline.net/crispin/


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Modem Gateway
  - From: dan.hunt@st.brieux.com

Prev by Date: Re: Need Reasons for switching to Debian from Redhat
Next by Date: Re: concatenating two MPEG files
Previous by thread: Re: Modem Gateway
Next by thread: Re: Modem Gateway
Index(es):
- Date
- Thread