Hi there, I have posted quite a few 1

[Tels]

Hi there, I have posted quite a few related questions to what I am about to ask, I am hoping that the Linux experts out there have the answers I need!

Basically, I am configging our Network (Win2000 native domain) for a permanant registered IP.

The idea is, we have a gateway proxy/firewall machine and we route VPN through it into the Win2k server.

The VPN connections also come in from fixed IP's

After hearing many good things about Linux's firewalling and stability, I decided to give it a shot (and I may well bloody shoot it too) This is where I am now.

Theory is fine, practise is harder. I am lost here, I try to use the iptable command, tells me that insmod can't insmod the ip_tables.o (using redhat 7.1-kernel 2.4.2-2)
something like Init_module: device or resource busy

Anyway, I've been told that I may need to recompile the kernel. I know what this means, I havn't got a clue how to. I've read the o so easy HowTo's but I am still without a clue.

(They tell you step by step easy enough but I don't know what I need in the first place and they assume you have all the bits you need - maybe I do but I don't know what or where they are, the 'source code', for example)

Secondly, so that I can tweak and test it to perfection (once I have it running even) I want to set it up on a test rig.
The Linux box has 2 NIC's, eth1 & eth0, one is connected to the network, 192.168.0.0 and the other is connected to a win2000 pro machine, 192.168.4.0 - The linux box can ping anything on the network so I know the NIC config and hardware are OK.

So far (3 days) I have been using KDE's Network Config panel to try and configure routing, (making sure that the firewall's default policies are ACCEPT of course)
and so far I have had no joy.

Please, If anybody has a clue what to do, where to go, what to recompile please let me know, I am getting bored of reading cryptic error messages and I want a result or two to brighten up my day

PS If anyone points me to any help pages, please point me to ones with examples. I thrive on examples which is why I hate MAN pages more than any other form of help on this world

Lastly, if anyone knows anywhere to source good VPN/Firewall software for Linux, please let us know. Open source or not, I need some suggestions.

Thanks to anybody and everybody who posts a response to this really long question (grin)
))

Tels for pint$ = 1 to 20
for pint$ = pint$ + 1
if pint$ = 20 goto HOME
next pint$

 

[ifincham]

Hi,
Firstly ipchains is the pre-decessor to iptables and you can't run both on the same box. RH7.x even with a 2.4.x series kernel still defaults to ipchains. If redhat have provided all the iptables modules in the 'vanilla' version then the reason you can't load iptables could be because ipchains is active. Do a 'ls /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter' to see what iptables modules are shipped by redhat.

So, try '/sbin/service ipchains stop' and then try again to insmod ip_tables . If it works then do '/sbin/chkconfig --level 2345 ipchains off' which will turn off ipchains completely.

For full iptables functionality you probably need to load a number of the 'netfilter' modules incidentally. If in doubt you can always do : '/sbin/insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/* '.

Going from memory, the newest network config tool from redhat is '/sbin/netconf' - which is a lovely gui similar to '/sbin/linuxconf'.

If you foregoing doesn't work and you do need a customised kernel ...

First download the kernel source ...
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.9.tar.bz2

Save in /usr/src

As root do the following commands from an 'X' console (xterm):

cd /usr/src
bunzip2 linux-2.4.9.tar.bz2
tar xvf linux-2.4.9.tar
mv linux linux-2.4.9
ln -sf linux-2.4.9 linux
cd linux
make xconfig         (select what u need & save)
make dep
make clean
make bzImage
make modules
make modules_install
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.9
cp System.map /boot/System.map-2.4.9

You <may> need an initrd image - see from your /etc/lilo.conf if it says initrd=/boot/initrd-2.4.2-2.img
or suchlike. If not don't bother, otherwise do :

/sbin/mkinitrd /boot/initrd-2.4.9.img 2.4.9

Then add a section to /etc/lilo.conf
image=/boot/vmlinuz-2.4.9
     label=linux249
     root=/dev/hda1          <--- copy from existing block
     read-only

(Also copy any 'append', 'initrd' or other lines you have in your existing 'image' block.)
Then update the binary lilo image..

/sbin/lilo -v

Reboot and you should have another option on the boot menu.

OK.. thats enough for now
Regards

 

[Tels]

Brilliant. I havn't yet done anything but it all makes sense. I had a suspicion regarding iptables and ipchains, namely that ipchains worked, iptables didn't and I read somewhere that they might not like each other, so I think you hit it on the head (with instructions - thats the best part)

As for linuxconf, doesn't seem to work. Therefore I'll assume redhat have made netconf the new vanilla? the redhat release we have is the latest I think, so theres a chance.

I'll try it all out early tomorrow morning and let you know how it went.....

Thanx!! Tels for pint$ = 1 to 20
for pint$ = pint$ + 1
if pint$ = 20 goto HOME
next pint$