[lug] RH 7.x word of caution

D. Stimits stimits at idcomm.com
Thu Jun 7 13:28:35 MDT 2001 

David Trowbridge wrote:
> 
> Here's what you need to do in menuconfig:
> Select network packet filtering. A submenu called 'Netfilter
> configuration' or something similar will appear. Within that menu,
> ipchains compatibility is only available if both connection tracking and
> iptables are modular/disabled. Any configuration where either of those are
> compiled in will not have the options to build the ipchains module.

No such menu appears. Under "Network packet filtering", activation only
creates "Network packet filtering debugging". Nor is there any option
related to connection tracking or iptables as a submenu of that menu,
with or without select of Network packet filter. My source must be
screwy. What source version is this? 2.4.5? I'm trying that and 2.4.6
pre1. If it is the stock redhat source, it probably means a patch was
required.

D. Stimits, stimits at idcomm.com

> 
> -David
> 
> -------------------
> David Trowbridge
> jupiter at flatirons.org
> http://jupiter.babylonia.flatirons.org
> 
> "Base 8 is just like base 10 really...if you're missing two fingers"
>         -Tom Lehrer
> 
> On Thu, 7 Jun 2001, D. Stimits wrote:
> 
> > kevin at scrye.com wrote:
> > >
> > > >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
> > ...
> > >
> > > Yes, it is part of the standard kernel. It's:
> > >
> > > CONFIG_IP_NF_COMPAT_IPCHAINS
> > > ipchains (2.2-style) support
> > > CONFIG_IP_NF_COMPAT_IPCHAINS
> > >   This option places ipchains (with masquerading and redirection
> > >   support) back into the kernel, using the new netfilter
> > >   infrastructure.  It is not recommended for new installations (see
> > >   `Packet filtering').  With this enabled, you should be able to use
> > >   the ipchains tool exactly as in 2.2 kernels.
> > >
> > >   If you want to compile it as a module, say M here and read
> > >   Documentation/modules.txt.  If unsure, say `N'.
> > >
> > > If you built iptables or ipfwadm into the kernel, you won't see this
> > > one. You can only have one at a time. You can build them all as
> > > modules tho...when you load the ipchains module, everything will work
> > > like you are on a 2.2.x kernel with ipchains.
> > ...
> >
> > I have verified that this is definitely available in the
> > Documentation/Configure.help, but I am trying without luck to find how
> > to activate this in make menuconfig. I understand what you are saying
> > about activation of ipchains other items causing this one to disappear,
> > but I have been swimming around this for quite some time (in make
> > menuconfig interface) and cannot find an item that actually matches
> > this. I am assuming the following...
> > Start in make menuconfig;
> > Go to "Networking options";
> > Somewhere in here...?
> >
> > At this point I see:
> > <*> Packet socket
> > [ ]   Packet socket: mmapped IO
> > [ ] Kernel/User netlink socket
> > [ ] Network packet filtering (replaces ipchains)
> > [ ] Socket Filtering
> > <*> Unix domain sockets
> > [*] TCP/IP networking
> > [*]   IP: multicasting
> > [ ]   IP: advanced router
> > [ ]   IP: kernel level autoconfiguration
> > < >   IP: tunneling
> > < >   IP: GRE tunnels over IP
> > [ ]   IP: multicast routing
> > [ ]   IP: TCP Explicit Congestion Notification support
> > [ ]   IP: TCP syncookie support (disabled per default)
> > ---
> > < > The IPX protocol
> > < > Appletalk protocol support
> > < > DECnet Support
> > < > 802.1d Ethernet Bridging
> > QoS and/or fair queueing  --->
> >
> >
> > Most interesting is the "Network packet filtering (replaces ipchains)".
> > I've tried with and without this, and all kinds of other possible
> > iptables or ipchains related items, with no success at finding the
> > actual item for CONFIG_IP_NF_COMPAT_IPCHAINS (checking help on each). I
> > do have it set to prompt for incomplete or devel, so that is not the
> > problem. I must be overlooking something terribly simple, staring right
> > at me. Under the assumption that it is set to prompt for devel or
> > incomplete packages, is the submenu "Networking options" not the place
> > to set this? Did you manually edit your .config and add this in? I keep
> > thinking all I need to do is bang my head on the wall a little
> > harder....
> >
> > D. Stimits, stimits at idcomm.com
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list