| 1 |
Stop sending me these fucking e mails...I dont want them so fuck |
| 2 |
off!!!! |
| 3 |
|
| 4 |
-----Oorspronkelijk bericht----- |
| 5 |
Van: Kerin Millar [mailto:kerframil@×××××.com] |
| 6 |
Verzonden: maandag 22 september 2008 15:56 |
| 7 |
Aan: gentoo-server@l.g.o |
| 8 |
Onderwerp: Re: [gentoo-server] Iptables Changes |
| 9 |
|
| 10 |
2008/9/22 Ajai Khattri <ajai@××××.net>: |
| 11 |
> On Mon, 22 Sep 2008, Ryan Gibbons wrote: |
| 12 |
> |
| 13 |
>> You should be able to find some information in your log files and |
| 14 |
>> possibily dmesg |
| 15 |
>> |
| 16 |
>> My guess is you are missing some modules for iptables in your kernel. |
| 17 |
> |
| 18 |
> I use connection-tracking and that has changed a lot over the past two |
| 19 |
years |
| 20 |
> and become very confusing (as far as kernel configuration goes). |
| 21 |
|
| 22 |
2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not |
| 23 |
selected, should ensure that the most commonly used netfilter options |
| 24 |
are enabled. |
| 25 |
|
| 26 |
If that option does not appeal then note that the NF_CONNTRACK option |
| 27 |
has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list |
| 28 |
of options that constitute a set of reasonable/minimal defaults (that |
| 29 |
will support connection tracking): |
| 30 |
|
| 31 |
NF_CONNTRACK_IPV4 |
| 32 |
NF_CONNTRACK_MARK |
| 33 |
IP_NF_IPTABLES |
| 34 |
IP_NF_FILTER |
| 35 |
IP_NF_TARGET_REJECT |
| 36 |
IP_NF_TARGET_LOG |
| 37 |
NF_NAT |
| 38 |
IP_NF_TARGET_MASQUERADE |
| 39 |
IP_NF_TARGET_REDIRECT |
| 40 |
IP_NF_MANGLE |
| 41 |
NF_CONNTRACK_ENABLED |
| 42 |
|
| 43 |
I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be |
| 44 |
used in conjunction with the ulogd package so as to avoid polluting |
| 45 |
the kernel ring buffer with netfilter log messages. |
| 46 |
|
| 47 |
Regards, |
| 48 |
|
| 49 |
--Kerin |
Archives