This is surely the greenest of green questions (sorry), but I finally got my
kernel re-compiled the way I want it using the 2.4.19 sources from
kernel.org. It loads, seems to be working fine, except ipchains and
iptables... ipchains insists that it is incompatible with my kernel, and
iptables isn't sure what's going on but it thinks maybe something (itself or
the kernel) needs upgrading. Well fine. I downloaded the latest versions of
ipchains/tables from rpmfind and upgraded, same thing.
Details: OS is RH 7.3 on an i686 (P3), kernel was 2.4.18-3 that comes with
RH 7.3, ipchains was 1.3.10-10, updated to 1.3.10-17 but when I do
ipchains -V, it says it's still 1.3.10 built in Sep. 2000. iptables was
1.2.5 but is now 1.2.6a.
I haven't been able to find any actual solutions off google for this... a
few people mention the same problem but no fixes. Can someone point this
rookie in the right direction to fix my packet filters? :-)
Also a quick question: can anyone give me either a real quick answer or a
link to more reading on which is better for routing/firewalling/VPN,
ipchains or iptables?
Many thanks!
# Nathan
Hi Nathan,
> This is surely the greenest of green questions (sorry), but I finally got my
> kernel re-compiled the way I want it using the 2.4.19 sources from
> kernel.org. It loads, seems to be working fine, except ipchains and
> iptables... ipchains insists that it is incompatible with my kernel, and
> iptables isn't sure what's going on but it thinks maybe something (. Well
> fine. I downloaded the latest versions of ipchains/tables from rpmfind and
> upgraded, same thing.
"Incompatible with this kernel" for ipchains seems so that you have compiled
Netfilter stuff into your kernel.
"itself or the kernel needs upgrading" for iptables seems so that you either
haven't compiled netfilter as module(s) or static into the kernel and forgot
something in the kernel config.
> I haven't been able to find any actual solutions off google for this... a
> few people mention the same problem but no fixes. Can someone point this
> rookie in the right direction to fix my packet filters? :-)
Check your kernel config. "make menuconfig" or "xconfig" and goto:
Networking options --->
IP: Netfilter Configuration --->
and look if you did it properly.
--
Kind regards
Marc-Christian Petersen
http://sourceforge.net/projects/wolk
PGP/GnuPG Key: 1024D/569DE2E3DB441A16
Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16
Key available at http://www.keyserver.net. Encrypted e-mail preferred.
I saw the config option for netfilter that said if you use this it won't use
ipchains, so I said no to that...
The section of my .config file from make config (yeah I'm a glutton for
punishment):
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
# CONFIG_NETFILTER is not set
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_TOS is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
CONFIG_NET_IPGRE=y
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_INET_ECN is not set
CONFIG_SYN_COOKIES=y
CONFIG_IPV6=y
# CONFIG_KHTTPD is not set
# CONFIG_ATM is not set
# CONFIG_VLAN_8021Q is not set
----- Original Message -----
From: "Marc-Christian Petersen" <[email protected]>
To: <[email protected]>
Cc: "Nathan" <[email protected]>
Sent: Thursday, September 26, 2002 11:02 AM
Subject: Re: Updated to kernel 2.4.19 and now ipchains and iptables are
broke.
Hi Nathan,
> This is surely the greenest of green questions (sorry), but I finally got
my
> kernel re-compiled the way I want it using the 2.4.19 sources from
> kernel.org. It loads, seems to be working fine, except ipchains and
> iptables... ipchains insists that it is incompatible with my kernel, and
> iptables isn't sure what's going on but it thinks maybe something (. Well
> fine. I downloaded the latest versions of ipchains/tables from rpmfind and
> upgraded, same thing.
"Incompatible with this kernel" for ipchains seems so that you have compiled
Netfilter stuff into your kernel.
"itself or the kernel needs upgrading" for iptables seems so that you either
haven't compiled netfilter as module(s) or static into the kernel and forgot
something in the kernel config.
> I haven't been able to find any actual solutions off google for this... a
> few people mention the same problem but no fixes. Can someone point this
> rookie in the right direction to fix my packet filters? :-)
Check your kernel config. "make menuconfig" or "xconfig" and goto:
Networking options --->
IP: Netfilter Configuration --->
and look if you did it properly.
--
Kind regards
Marc-Christian Petersen
http://sourceforge.net/projects/wolk
PGP/GnuPG Key: 1024D/569DE2E3DB441A16
Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16
Key available at http://www.keyserver.net. Encrypted e-mail preferred.
On Thursday 26 September 2002 19:11, Nathan wrote:
Hi Nathan,
> I saw the config option for netfilter that said if you use this it won't
> use ipchains, so I said no to that...
Yep, that's true if you build Netfilter into your kernel, not as Module(s).
Build both, Netfilter + stuff and ipchains as modules and you are happy.
So you are able to use both (not at the same time for sure.
Just "modprobe ipchains" and use ipchains.
If you want to play with Netfilter, just "rmmod ipchains; modprobe ip_tables"
and you can use iptables.
--
Kind regards
Marc-Christian Petersen
http://sourceforge.net/projects/wolk
PGP/GnuPG Key: 1024D/569DE2E3DB441A16
Fingerprint: 3469 0CF8 CA7E 0042 7824 080A 569D E2E3 DB44 1A16
Key available at http://www.keyserver.net. Encrypted e-mail preferred.