1 |
2008/9/22 Ajai Khattri <ajai@××××.net>: |
2 |
> On Mon, 22 Sep 2008, Ryan Gibbons wrote: |
3 |
> |
4 |
>> You should be able to find some information in your log files and |
5 |
>> possibily dmesg |
6 |
>> |
7 |
>> My guess is you are missing some modules for iptables in your kernel. |
8 |
> |
9 |
> I use connection-tracking and that has changed a lot over the past two years |
10 |
> and become very confusing (as far as kernel configuration goes). |
11 |
|
12 |
2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not |
13 |
selected, should ensure that the most commonly used netfilter options |
14 |
are enabled. |
15 |
|
16 |
If that option does not appeal then note that the NF_CONNTRACK option |
17 |
has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list |
18 |
of options that constitute a set of reasonable/minimal defaults (that |
19 |
will support connection tracking): |
20 |
|
21 |
NF_CONNTRACK_IPV4 |
22 |
NF_CONNTRACK_MARK |
23 |
IP_NF_IPTABLES |
24 |
IP_NF_FILTER |
25 |
IP_NF_TARGET_REJECT |
26 |
IP_NF_TARGET_LOG |
27 |
NF_NAT |
28 |
IP_NF_TARGET_MASQUERADE |
29 |
IP_NF_TARGET_REDIRECT |
30 |
IP_NF_MANGLE |
31 |
NF_CONNTRACK_ENABLED |
32 |
|
33 |
I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be |
34 |
used in conjunction with the ulogd package so as to avoid polluting |
35 |
the kernel ring buffer with netfilter log messages. |
36 |
|
37 |
Regards, |
38 |
|
39 |
--Kerin |