IPChains NHF
--
Introduction
In this NHF, I'm going to attempt to tell
you how to get IPchains working. I'm going to show you how
to do it manually. This way anyone with a 2.2.x kernel should
be able to get it working. I'm assuming that if your reading
this NHF, you have more then 1 machine connected together
via Ethernet (whether that be a *nix box, windows box, etc),
that you have the NIC (Network Interface Cards) setup correctly,
and that you have a linux box connected to the net via modem.
I'm also going to tell you what you need to have compiled
into your kernel to get this to work. If you don't know how
to recompile a kernel, your going to want to look at the README
file in /usr/src/linux for more detail on how to recompile
your kernel.
Recompiling Your Kernel
I am showing you how to do this with Slackware 4.0, kernel
2.2.6, but it should work with any 2.2.x kernel, and just
about any distro.
Lets get started with what is needed to be compiled
into the kernel to get IPmasq working. Here is a list that should get you
started. If you still have questions about recompiling a new kernel, I
would recommend you check out this site
Heres a quick demo of how you would go about recompiling your kernel. I'm
not going to go into great detail.
-
Make sure you're root, and do the following:
# cd /usr/src/linux
# make menuconfig (config, or
xconfig)
This is what you will need for IPchains to work:
- Code maturity level options --->
[*] Prompt for development and/or incomplete code/drivers
---
- Loadable module support --->
[*] Enable loadable module support
---
- General setup --->
[*] Networking support
- Networking options --->
[*] Packet socket
[*] Kernel/User netlink socket
[*] Routing messages
[M] Netlink device emulation
[*] Network firewalls
[*] Unix domain sockets
[*] TCP/IP networking
[*] IP: multicasting
[*] IP: firewalling
[*] IP: always defragment (required for masquerading)
[*] IP: transparent proxy support
[*] IP: masquerading
[*] IP: masquerading special modules support
[M] IP: ipautofw masq support
[M] IP: ipportfw masq support
[M] IP: ip fwmark masq-forwarding support
[M] IP: tunneling
[M] IP: GRE tunnels over IP
[*] IP: TCP syncookie support
[M] IP: Reverse ARP
- Network Device Support --->
[*] Network device support
[*] Dummy net driver support
*note* You'll want to check whatever kind of NIC card
you'll be using also. You will also want to make sure you
compile anything else that your system will need into the
kernel.
After that do the following:
*Note* Make sure you save your old modules in /lib/modules/2.2.x before
doing the next step
*Note* Make sure you backup /vmlinuz before running the next command!
*Note* These directions might not work for you, but should be pretty
close. If you have any problems, I would recommend you refer to this site on
recompiling your kernel.
|
|
