Re: Adding a kernel module - to get iptables to work.
Hi,
Dr. David Kirkby wrote:
> Anyway, this error occured on the default kernel, which I think is 2.2.20.
> I think iptables runs on the 2.4 kernel and ipchains on the 2.2, so perhaps
> its not surprising it did not work on 2.2.20.
That's right, iptables can only be used with 2.4 kernels and higher.
> I assume I need to load a module into the kernel, but are not sure if I load
> it with 'modload', whether I need to rebuild the kernel again, or whether I
> should remove the iptables package and download the source for iptables.
You would use the "modprobe" command, found in the modutils package (for
kernel 2.4) or the module-init-tools package (for kernel 2.6).
Alternatively you can have the modules loaded automatically at boot time
by putting their names (one per line) in the file /etc/modules (or, for
a 2.6 kernel, /etc/modules-2.6).
There should be no need to recompile iptables. You may need to
recompile your kernel if you did not originally have it configured to
build all of the iptables-related modules. But why not use a
Debian-provided kernel package, which is certain to contain all of the
necessary modules?
The modules I use in my firewall (2.4 kernel) are:
ip_tables iptable_filter ip_conntrack ip_conntrack_ftp
iptable_nat ip_nat_ftp ipt_limit ipt_multiport
iptable_mangle ipt_state ipt_REJECT ipt_LOG
but you may not need all of these, depending upon what you are doing.
regards,
--
Kevin B. McCarty <kmccarty@princeton.edu> Physics Department
WWW: http://www.princeton.edu/~kmccarty/ Princeton University
GPG public key ID: 4F83C751 Princeton, NJ 08544
Reply to: