Hi, you are not alone. On Sun, Jan 27, 2002 at 06:02:49PM -0800, Chris Palmer wrote: > I'm another "normal" Debian user (non-newbie/non-guru <grin>) and I have > some questions on iptables and using modules under 2.4.x.
Yep transition 2.2 -> 2.4 using debian kernel-image is kind of tricky. > I've been running an older Debian system for a while and started out > with ipfwadm on a 2.0.x kernel. Sometime later I upgraded and a wrapper > for ipchains was installed. I had intended to go thru things and learn > ipchains and re-write all my rules to that format, but never got around > to it. Today, I upgraded this machine to woody and built a 2.4.x kernel > and installed iptables. If you down load ipmasq package with" apt-get -d install" option and look into package with "mc", it gives nice correspiondance idea between these ip-packet filter commands. Of course, "man" page is always there for you. > I think it went well, as I did some reading and created new rules for my > firewall using iptables, but I think I probably have a bunch of older files > from my 2.0.x kernel install that are probably handled a new way today. Yep. Kernel is more modular. Some modules need to be loaded by insmod/depmod manually. Way to do it is listing them in "/etc/modules". Most of "IP packet filtering", "apm", "scsi" ... are all modules now. That is the reason behind using "initrd" image during boot time :) My web page http://qref/sf.net/quick may help. Check kernel section at http://qref/sf.net/quick/ch-kernel.en.html#s-kernel-net My firewall machine has long /etc/modules: # net/ipv-4 ip_gre ipip # net/ipv-4/netfilter # iptable (in order) ip_tables ip_conntrack ip_conntrack_ftp iptable_nat iptable_filter iptable_mangle # ip_nat_ftp ip_queue # ipt_LOG ipt_MARK ipt_MASQUERADE ipt_MIRROR ipt_REDIRECT ipt_REJECT ipt_TCPMSS ipt_TOS ipt_limit ipt_mac ipt_mark ipt_multiport ipt_owner ipt_state ipt_tcpmss ipt_tos ipt_unclean # #ipchains #ipfwadm Not all of them may not be needed because of kmod but will not harm :) > I'm also hoping to get some help on modules. It looks like kmod is the > current system, but I also have a /etc/modules file that is getting run > by /etc/intit.d/modutils, but I think this is the old way and might be > interfering with things getting loaded properly now (things aren't loading > as I'd expect them to). Really? Post your /etc/modules, if this parsists. -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]>, GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://qref.sourceforge.net/quick/ +
