1 |
Stop sending me these fucking e mails...I dont want them so fuck |
2 |
off!!!! |
3 |
|
4 |
-----Oorspronkelijk bericht----- |
5 |
Van: Kerin Millar [mailto:kerframil@×××××.com] |
6 |
Verzonden: maandag 22 september 2008 15:56 |
7 |
Aan: gentoo-server@l.g.o |
8 |
Onderwerp: Re: [gentoo-server] Iptables Changes |
9 |
|
10 |
2008/9/22 Ajai Khattri <ajai@××××.net>: |
11 |
> On Mon, 22 Sep 2008, Ryan Gibbons wrote: |
12 |
> |
13 |
>> You should be able to find some information in your log files and |
14 |
>> possibily dmesg |
15 |
>> |
16 |
>> My guess is you are missing some modules for iptables in your kernel. |
17 |
> |
18 |
> I use connection-tracking and that has changed a lot over the past two |
19 |
years |
20 |
> and become very confusing (as far as kernel configuration goes). |
21 |
|
22 |
2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not |
23 |
selected, should ensure that the most commonly used netfilter options |
24 |
are enabled. |
25 |
|
26 |
If that option does not appeal then note that the NF_CONNTRACK option |
27 |
has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list |
28 |
of options that constitute a set of reasonable/minimal defaults (that |
29 |
will support connection tracking): |
30 |
|
31 |
NF_CONNTRACK_IPV4 |
32 |
NF_CONNTRACK_MARK |
33 |
IP_NF_IPTABLES |
34 |
IP_NF_FILTER |
35 |
IP_NF_TARGET_REJECT |
36 |
IP_NF_TARGET_LOG |
37 |
NF_NAT |
38 |
IP_NF_TARGET_MASQUERADE |
39 |
IP_NF_TARGET_REDIRECT |
40 |
IP_NF_MANGLE |
41 |
NF_CONNTRACK_ENABLED |
42 |
|
43 |
I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be |
44 |
used in conjunction with the ulogd package so as to avoid polluting |
45 |
the kernel ring buffer with netfilter log messages. |
46 |
|
47 |
Regards, |
48 |
|
49 |
--Kerin |