[Précédent (date)] [Suivant (date)] [Précédent (sujet)] [Suivant (sujet)] [Index par date] [Index par sujet]
Re: ipchains (fwd)
- To:
- Subject: Re: ipchains (fwd)
- From:
- Date: Sat, 21 Aug 1999 10:44:02 -0400
---------- Forwarded message ----------
Date: Sat, 21 Aug 1999 02:30:35 -0400 (EDT)
From: [email protected]
To: [email protected]
Cc: [email protected]
Subject: Re: ipchains
Salut,
J'ai configuré récemment IP masquerading sur redhat 6.0
kernel 2.2.5
Le problème que j'avais était que certaines questions (lors d'un
make config à la compilation du kernel) n'étaient posées
que si je répondait 'y' à :
Prompt for development and/or incomplete code/drivers
(CONFIG_EXPERIMENTAL) [Y/n/?]
J'ai remarqué que tu n'avais pas configuré
CONFIG_IP_TRANSPARENT_PROXY=y
(Peut-être je me gourre mais il me semble que c'est
essentiel)
Je te joint mon fichier .config qui marche.
(certaines options pourraient être enlevées
pour faire un plus petit kernel)
Steeve Beaulieu
On Fri, 20 Aug 1999 [email protected] wrote:
> Caldera OpenLinux 2.2
>
> Bonjour,
>
> J'essaie de faire du "IP Masquerading" sur Linux avec un modem-cable.
>
> Le problème que j'ai en ce moment c'est que tout fonctionne sauf ipchains (je peux accéder à l'Internet et mes deux cartes Ethernet sont fonctionnelles).
>
> J'ai bien les binaires à /sbin/ipchains, et malgré que j'ai tenté de recompiler le kernel pour inclure ce module en suivant le mini-HOWTO consacré au sujet (voir l'URL plus bas), le kernel ne semble pas reconnaître ipchains.
>
> J'ai parcouru un texte à /usr/doc/ipchains-1.3.8/README dont voici un extrait pertinent:
>
> "You need to be running a kernel compiled with CONFIG_IP_FIREWALL (for
> 2.1.102 and above) or CONFIG_IP_FIREWALL_CHAINS set to `y'. You can
> tell that your current kernel is compiled with this by looking for
> `/proc/net/ip_fwchains' - if it exists, then your kernel is ready for
> the ipchains utility."
>
> Je n'ai pas ip_fwchains à /proc/net/.
>
> Quand je suis root et qu'à /usr/src/linux je fais
>
> $ grep -i _IP_ .config
>
> j'obtient le résultat suivant qui confirme que CONFIG_IP_FIREWALL est paramétrée à 'y'.
>
> CONFIG_IP_MULTICAST=y
> # CONFIG_IP_ADVANCED_ROUTER is not set
> # CONFIG_IP_PNP is not set
> CONFIG_IP_FIREWALL=y
> CONFIG_IP_FIREWALL_NETLINK=y
> CONFIG_IP_ALWAYS_DEFRAG=y
> # CONFIG_IP_TRANSPARENT_PROXY is not set
> CONFIG_IP_MASQUERADE=y
> CONFIG_IP_MASQUERADE_ICMP=y
> CONFIG_IP_MASQUERADE_MOD=y
> # CONFIG_IP_MASQUERADE_IPAUTOFW is not set
> CONFIG_IP_MASQUERADE_IPPORTFW=y
> # CONFIG_IP_MASQUERADE_MFW is not set
> CONFIG_IP_ROUTER=y
> # CONFIG_IP_MROUTE is not set
> # CONFIG_IP_ALIAS is not set
>
>
> Sauriez-vous me conseiller ? Cela fait seulement deux ou trois mois que j'ai installé Linux.
>
> Merci
>
> Au plaisir
>
> -Emmanuel
>
>
> Note: J'ai déjà envoyé un courriel sur la liste de Caldera qui est resté sans réponses et j'ai un peu la flemme de traduire ce qui suit en français.
>
> _DETAILS_
>
> My first NIC is eth0 and the ip address is 192.168.0.1. This is the address of my Linux box on my mini LAN (I have a 5 ports hubs with only the iMac, the Linux box and a printer that are pluged to it).
>
> The second NIC have for ip 192.168.0.3. This is the address for the cable-modem pluged on the Linux box (a PC).
>
> The iMac have for ip 192.168.0.2
>
> My connection to the Internet is working fine from my Linux box. But the ipchains stuff don't work.
>
> When I tried for example:
>
> % ipchains -F forward
> % ipchains -A forward -j MASQ -s 192.168.0.0/0 -d 0.0.0.0/0
>
> I get :
>
> % ipchains: Protocol not available
>
> Or if I do
>
> % ipchains -L
>
> I get:
>
> % ipchains: Incompatible with this kernel
>
> I have tried numerous variation that I took from the HOWTO (see below) with no avail.
>
> I have followed with attention the mini HOWTO at :
> http://www.tor.shaw.wave.ca/~ambrose/ipmasq-HOWTO-1.65.html
>
> I have done the four tests on this page:
> http://www.tor.shaw.wave.ca/~ambrose/ipmasq-HOWTO-1.65-5.html
>
> I pass the first three, but not the fourth. I can't ping the IP allocated by the DHCP server from my iMac. Its seems that this is related to "ICMP Masquerading" but I really don't know this beast.
>
> I know that my LAN is working since I can mount a Linux partition on the desktop of my iMac ( I run netatalk), and also can telnet/HTTP/FTP to the ip address of the first NIC (192.168.0.1) of the Linux box.
>
#
# Automatically generated by make menuconfig: don't edit
#
#
# Code maturity level options
#
CONFIG_EXPERIMENTAL=y
#
# Processor type and features
#
CONFIG_M386=y
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M686 is not set
# CONFIG_MATH_EMULATION is not set
# CONFIG_MTRR is not set
# CONFIG_SMP is not set
#
# Loadable module support
#
CONFIG_MODULES=y
# CONFIG_MODVERSIONS is not set
# CONFIG_KMOD is not set
#
# General setup
#
CONFIG_NET=y
CONFIG_PCI=y
# CONFIG_PCI_GOBIOS is not set
# CONFIG_PCI_GODIRECT is not set
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_QUIRKS=y
# CONFIG_PCI_OPTIMIZE is not set
CONFIG_PCI_OLD_PROC=y
# CONFIG_MCA is not set
# CONFIG_VISWS is not set
CONFIG_SYSVIPC=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_SYSCTL=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_MISC=y
# CONFIG_BINFMT_JAVA is not set
# CONFIG_PARPORT is not set
# CONFIG_APM is not set
#
# Plug and Play support
#
CONFIG_PNP=y
#
# Block devices
#
CONFIG_BLK_DEV_FD=y
CONFIG_BLK_DEV_IDE=y
# CONFIG_BLK_DEV_HD_IDE is not set
CONFIG_BLK_DEV_IDEDISK=y
# CONFIG_BLK_DEV_IDECD is not set
# CONFIG_BLK_DEV_IDETAPE is not set
# CONFIG_BLK_DEV_IDEFLOPPY is not set
# CONFIG_BLK_DEV_IDESCSI is not set
CONFIG_BLK_DEV_CMD640=y
CONFIG_BLK_DEV_CMD640_ENHANCED=y
CONFIG_BLK_DEV_RZ1000=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_BLK_DEV_OFFBOARD is not set
CONFIG_IDEDMA_AUTO=y
# CONFIG_BLK_DEV_OPTI621 is not set
# CONFIG_BLK_DEV_TRM290 is not set
# CONFIG_BLK_DEV_NS87415 is not set
# CONFIG_BLK_DEV_VIA82C586 is not set
# CONFIG_BLK_DEV_CMD646 is not set
# CONFIG_IDE_CHIPSETS is not set
CONFIG_BLK_DEV_LOOP=m
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_MD is not set
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_INITRD=y
# CONFIG_BLK_DEV_XD is not set
CONFIG_PARIDE_PARPORT=y
# CONFIG_PARIDE is not set
# CONFIG_BLK_DEV_HD is not set
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_FIREWALL=y
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK=y
CONFIG_IP_MULTIPLE_TABLES=y
# CONFIG_IP_ROUTE_MULTIPATH is not set
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
CONFIG_IP_ROUTE_NAT=y
# CONFIG_IP_PNP is not set
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=m
CONFIG_IP_MASQUERADE_IPPORTFW=m
CONFIG_IP_MASQUERADE_MFW=m
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_ALIAS is not set
CONFIG_ARPD=y
CONFIG_SYN_COOKIES=y
# CONFIG_INET_RARP is not set
# CONFIG_SKB_LARGE is not set
# CONFIG_IPV6 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_BRIDGE is not set
# CONFIG_LLC is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_FASTROUTE is not set
# CONFIG_NET_HW_FLOWCONTROL is not set
# CONFIG_CPU_IS_SLOW is not set
#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set
#
# SCSI support
#
# CONFIG_SCSI is not set
#
# Network device support
#
CONFIG_NETDEVICES=y
# CONFIG_ARCNET is not set
CONFIG_DUMMY=y
# CONFIG_EQUALIZER is not set
# CONFIG_ETHERTAP is not set
CONFIG_NET_ETHERNET=y
# CONFIG_NET_VENDOR_3COM is not set
# CONFIG_LANCE is not set
CONFIG_NET_VENDOR_SMC=y
CONFIG_WD80x3=y
# CONFIG_ULTRA is not set
# CONFIG_ULTRA32 is not set
# CONFIG_SMC9194 is not set
# CONFIG_NET_VENDOR_RACAL is not set
# CONFIG_RTL8139 is not set
# CONFIG_YELLOWFIN is not set
# CONFIG_ACENIC is not set
# CONFIG_NET_ISA is not set
# CONFIG_NET_EISA is not set
# CONFIG_NET_POCKET is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_DLCI is not set
CONFIG_PPP=y
CONFIG_SLIP=y
CONFIG_SLIP_COMPRESSED=y
# CONFIG_SLIP_SMART is not set
# CONFIG_SLIP_MODE_SLIP6 is not set
# CONFIG_NET_RADIO is not set
# CONFIG_TR is not set
# CONFIG_SHAPER is not set
# CONFIG_HOSTESS_SV11 is not set
# CONFIG_COSA is not set
# CONFIG_RCPCI is not set
#
# Amateur Radio support
#
# CONFIG_HAMRADIO is not set
#
# IrDA subsystem support
#
# CONFIG_IRDA is not set
#
# ISDN subsystem
#
# CONFIG_ISDN is not set
#
# Old CD-ROM drivers (not SCSI, not IDE)
#
# CONFIG_CD_NO_IDESCSI is not set
#
# Character devices
#
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL=y
# CONFIG_SERIAL_CONSOLE is not set
# CONFIG_SERIAL_EXTENDED is not set
# CONFIG_SERIAL_NONSTANDARD is not set
# CONFIG_UNIX98_PTYS is not set
# CONFIG_MOUSE is not set
# CONFIG_QIC02_TAPE is not set
# CONFIG_WATCHDOG is not set
# CONFIG_NVRAM is not set
# CONFIG_RTC is not set
#
# Video For Linux
#
# CONFIG_VIDEO_DEV is not set
#
# Joystick support
#
# CONFIG_JOYSTICK is not set
# CONFIG_DTLK is not set
#
# Ftape, the floppy tape device driver
#
# CONFIG_FTAPE is not set
#
# Filesystems
#
# CONFIG_QUOTA is not set
# CONFIG_AUTOFS_FS is not set
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_HFS_FS is not set
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
# CONFIG_UMSDOS_FS is not set
CONFIG_VFAT_FS=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
# CONFIG_MINIX_FS is not set
# CONFIG_NTFS_FS is not set
# CONFIG_HPFS_FS is not set
CONFIG_PROC_FS=y
# CONFIG_QNX4FS_FS is not set
CONFIG_ROMFS_FS=m
CONFIG_EXT2_FS=y
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
#
# Network File Systems
#
CONFIG_CODA_FS=m
CONFIG_NFS_FS=m
# CONFIG_NFSD is not set
CONFIG_SUNRPC=m
CONFIG_LOCKD=m
CONFIG_SMB_FS=y
CONFIG_SMB_WIN95=y
# CONFIG_NCP_FS is not set
#
# Partition Types
#
# CONFIG_BSD_DISKLABEL is not set
# CONFIG_MAC_PARTITION is not set
# CONFIG_SMD_DISKLABEL is not set
# CONFIG_SOLARIS_X86_PARTITION is not set
# CONFIG_UNIXWARE_DISKLABEL is not set
CONFIG_NLS=y
#
# Native Language Support
#
CONFIG_NLS_CODEPAGE_437=y
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
CONFIG_NLS_CODEPAGE_863=y
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
#
# Console drivers
#
CONFIG_VGA_CONSOLE=y
CONFIG_VIDEO_SELECT=y
# CONFIG_MDA_CONSOLE is not set
CONFIG_FB=y
CONFIG_DUMMY_CONSOLE=y
# CONFIG_FB_PM2 is not set
# CONFIG_FB_VESA is not set
CONFIG_VIDEO_SELECT=y
# CONFIG_FB_MATROX is not set
# CONFIG_FB_ATY is not set
# CONFIG_FB_VIRTUAL is not set
CONFIG_FBCON_ADVANCED=y
CONFIG_FBCON_MFB=y
CONFIG_FBCON_CFB2=y
CONFIG_FBCON_CFB4=y
CONFIG_FBCON_CFB8=y
CONFIG_FBCON_CFB16=y
CONFIG_FBCON_CFB24=y
# CONFIG_FBCON_CFB32 is not set
# CONFIG_FBCON_AFB is not set
# CONFIG_FBCON_ILBM is not set
# CONFIG_FBCON_IPLAN2P2 is not set
# CONFIG_FBCON_IPLAN2P4 is not set
# CONFIG_FBCON_IPLAN2P8 is not set
# CONFIG_FBCON_MAC is not set
# CONFIG_FBCON_VGA is not set
# CONFIG_FBCON_FONTWIDTH8_ONLY is not set
# CONFIG_FBCON_FONTS is not set
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
#
# Sound
#
# CONFIG_SOUND is not set
#
# Kernel hacking
#
# CONFIG_MAGIC_SYSRQ is not set