[lug] RH 7.x word of caution

Thu Jun 7 13:13:00 MDT 2001

Here's what you need to do in menuconfig:
Select network packet filtering. A submenu called 'Netfilter
configuration' or something similar will appear. Within that menu,
ipchains compatibility is only available if both connection tracking and
iptables are modular/disabled. Any configuration where either of those are
compiled in will not have the options to build the ipchains module.

-David

-------------------
David Trowbridge
jupiter at flatirons.org
http://jupiter.babylonia.flatirons.org

"Base 8 is just like base 10 really...if you're missing two fingers"
	-Tom Lehrer

On Thu, 7 Jun 2001, D. Stimits wrote:

> kevin at scrye.com wrote:
> >
> > >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
> ...
> >
> > Yes, it is part of the standard kernel. It's:
> >
> > CONFIG_IP_NF_COMPAT_IPCHAINS
> > ipchains (2.2-style) support
> > CONFIG_IP_NF_COMPAT_IPCHAINS
> >   This option places ipchains (with masquerading and redirection
> >   support) back into the kernel, using the new netfilter
> >   infrastructure.  It is not recommended for new installations (see
> >   `Packet filtering').  With this enabled, you should be able to use
> >   the ipchains tool exactly as in 2.2 kernels.
> >
> >   If you want to compile it as a module, say M here and read
> >   Documentation/modules.txt.  If unsure, say `N'.
> >
> > If you built iptables or ipfwadm into the kernel, you won't see this
> > one. You can only have one at a time. You can build them all as
> > modules tho...when you load the ipchains module, everything will work
> > like you are on a 2.2.x kernel with ipchains.
> ...
>
> I have verified that this is definitely available in the
> Documentation/Configure.help, but I am trying without luck to find how
> to activate this in make menuconfig. I understand what you are saying
> about activation of ipchains other items causing this one to disappear,
> but I have been swimming around this for quite some time (in make
> menuconfig interface) and cannot find an item that actually matches
> this. I am assuming the following...
> Start in make menuconfig;
> Go to "Networking options";
> Somewhere in here...?
>
> At this point I see:
> <*> Packet socket
> [ ]   Packet socket: mmapped IO
> [ ] Kernel/User netlink socket
> [ ] Network packet filtering (replaces ipchains)
> [ ] Socket Filtering
> <*> Unix domain sockets
> [*] TCP/IP networking
> [*]   IP: multicasting
> [ ]   IP: advanced router
> [ ]   IP: kernel level autoconfiguration
> < >   IP: tunneling
> < >   IP: GRE tunnels over IP
> [ ]   IP: multicast routing
> [ ]   IP: TCP Explicit Congestion Notification support
> [ ]   IP: TCP syncookie support (disabled per default)
> ---
> < > The IPX protocol
> < > Appletalk protocol support
> < > DECnet Support
> < > 802.1d Ethernet Bridging
> QoS and/or fair queueing  --->
>
>
> Most interesting is the "Network packet filtering (replaces ipchains)".
> I've tried with and without this, and all kinds of other possible
> iptables or ipchains related items, with no success at finding the
> actual item for CONFIG_IP_NF_COMPAT_IPCHAINS (checking help on each). I
> do have it set to prompt for incomplete or devel, so that is not the
> problem. I must be overlooking something terribly simple, staring right
> at me. Under the assumption that it is set to prompt for devel or
> incomplete packages, is the submenu "Networking options" not the place
> to set this? Did you manually edit your .config and add this in? I keep
> thinking all I need to do is bang my head on the wall a little
> harder....
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>