| View previous topic :: View next topic |
| Author |
Message |
gonad
n00b
Joined: 05 Aug 2003
Posts: 31
|
 Posted: Fri Aug 15, 2003 6:44 am Post subject: iptables as modules - working |
 |
|
I had an absolutely painful time trying to get iptables going how it should - when compiling it as modules, not directly into the kernel.
Below I've shared what I did to *finally* get it working, and the part of my .config that matters.
I'm fairly new to gentoo, but so far so good. Mostly thanks to other users on this forum - without you I'd probably have given up by now. This is the way Linux should be, thank you.
using :
grep CONFIG_IP_NF /usr/src/linux/.config :
| Code: | # CONFIG_IP_NF_CONNTRACK is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_QUOTA=m
CONFIG_IP_NF_POOL=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_MPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
# CONFIG_IP_NF_MATCH_TIME is not set
CONFIG_IP_NF_MATCH_RANDOM=m
CONFIG_IP_NF_MATCH_PSD=m
CONFIG_IP_NF_MATCH_NTH=m
# CONFIG_IP_NF_MATCH_IPV4OPTIONS is not set
CONFIG_IP_NF_MATCH_FUZZY=m
CONFIG_IP_NF_MATCH_CONDITION=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STEALTH=m
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_STRING is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_NETLINK=m
CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP=m
# CONFIG_IP_NF_TARGET_MIRROR is not set
# CONFIG_IP_NF_TARGET_TARPIT is not set
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_IMQ=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_CONNMARK is not set
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set |
to compile :
| Code: | cd /usr/src/linux
make mrproper
cp ~/good.config .config
make menuconfig (then exit)
make dep && make clean bzImage modules modules_install |
build iptables :
|
|
| Back to top |
|
 |
nephros
Advocate
Joined: 07 Feb 2003
Posts: 2139
Location: Graz, Austria (Europe - no kangaroos.)
|
| Posted: Fri Aug 15, 2003 1:47 pm Post subject: |
|
|
This might seem like a stupid tip, but remember you have to modprobe the modules before using their features in your firewall script.
If iptables complains, double check that the modules are loaded. Trust me  .
_________________
Please put [SOLVED] in your topic if you are a moron. |
|
| Back to top |
|
|
cesar
Tux's lil' helper
Joined: 15 Aug 2003
Posts: 124
|
| Posted: Thu Aug 28, 2003 6:00 am Post subject: Re: iptables as modules - working |
|
|
Hello:
I've been playing with Gentoo for a couple of weeks now and need your help regarding securing the distro. I used stage3 from LiveCDs and current kernel is 2.4.20-gentoo-r5.
I'm new to doing lots of things by hand (writing scripts) so please be patient with me if I ask something very simple/obvious. Here are my points
1./ Is my box secured using just plain default installation? There was never an option for using a firewall during the installation process.
2./ How do I know if iptables were included into my default kernel installation? I've tried to install a firewall from portage (guarddog, kmyfirewall, even I tried http://projectfiles.com/firewall/), and when they tried to load some modules, I got errors.
For example, for rc.firewall script:
| Code: |
Running './rc.firewall check'. Output will follow ...
-> Projectfiles.com Linux Firewall version 2.0rc9 running.
-> Performing sanity checks...... [ FAILED ]
-> FATAL: Could not find 'filter' table. Did you compile support for all necessary modules?
Errors were detected in your system configuration.
See the output above for specific details.
A copy of the Linux Firewall initialization script preconfigured by this
program is located in /tmp/rc.firewall
|
3./ If IPTABLES is just non-existent in my configuration, where do I need to select them from? I typed the following, as the first post did, just to see a list of something,
| Code: |
#grep CONFIG_IP_NF /usr/src/linux/.config
#
|
and it returned empty. Am I missing something really basic here?
The only services I'd like to activate are samba, ssh, and ftp.
I appreciate your help |
|
| Back to top |
|
|
cesar
Tux's lil' helper
Joined: 15 Aug 2003
Posts: 124
|
| Posted: Thu Aug 28, 2003 9:02 am Post subject: Re: iptables as modules - working |
|
|
Got it! I'll follow this guide http://lxuser.tripod.com/linux/installiptables.html
I thought Gentoo would have configured them by default, but I now I've checked my settings and realized that everything was empty. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
