| 1 |
2008/9/22 Ajai Khattri <ajai@××××.net>: |
| 2 |
> On Mon, 22 Sep 2008, Ryan Gibbons wrote: |
| 3 |
> |
| 4 |
>> You should be able to find some information in your log files and |
| 5 |
>> possibily dmesg |
| 6 |
>> |
| 7 |
>> My guess is you are missing some modules for iptables in your kernel. |
| 8 |
> |
| 9 |
> I use connection-tracking and that has changed a lot over the past two years |
| 10 |
> and become very confusing (as far as kernel configuration goes). |
| 11 |
|
| 12 |
2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not |
| 13 |
selected, should ensure that the most commonly used netfilter options |
| 14 |
are enabled. |
| 15 |
|
| 16 |
If that option does not appeal then note that the NF_CONNTRACK option |
| 17 |
has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list |
| 18 |
of options that constitute a set of reasonable/minimal defaults (that |
| 19 |
will support connection tracking): |
| 20 |
|
| 21 |
NF_CONNTRACK_IPV4 |
| 22 |
NF_CONNTRACK_MARK |
| 23 |
IP_NF_IPTABLES |
| 24 |
IP_NF_FILTER |
| 25 |
IP_NF_TARGET_REJECT |
| 26 |
IP_NF_TARGET_LOG |
| 27 |
NF_NAT |
| 28 |
IP_NF_TARGET_MASQUERADE |
| 29 |
IP_NF_TARGET_REDIRECT |
| 30 |
IP_NF_MANGLE |
| 31 |
NF_CONNTRACK_ENABLED |
| 32 |
|
| 33 |
I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be |
| 34 |
used in conjunction with the ulogd package so as to avoid polluting |
| 35 |
the kernel ring buffer with netfilter log messages. |
| 36 |
|
| 37 |
Regards, |
| 38 |
|
| 39 |
--Kerin |
Archives