hi, wonder if anyone can help...

I just got a new (leased) server (debian sarge 3.1, kernel 2.6.10), and the 1st thing i do is to try and set up a firewall and find it doesn't seem to have iptables support configured. This isnt the first time this has happened, my last debian box didn't either but I redid the kernel and included it and all was well....

I can't see anywhere to do this on this new system, and am wondering if it's been taken out and made into a module.

I don't have a clue how to create an ipstable module, and I've looked all over and only ended up getting more confused. I have apt-get install'ed iptables, but got no further.

I've been using unix/linux for years but i don't really get enough time to stay up-to-date is my problem - any pointers would be very welcome....

Thanks,
woosh

I was going to reply to your other post but since you started tihs one...look here:
http://www.debian.org/doc/manuals/se...firewall-setup

edit ;-)

still can't figure out how to install iptables... can't see anywhere in make menuconfig to include it or Mod it....

I'll be OK if i can get that far... (I think!)

Wooshy

hah - finally found it in make menuconfig....

under 'device drivers/networking support/networking options/network packet filter/netfilter config/IP tables support'.... phew!

but it appears to be 'on' : theres a * by networl packet filtering, and an M by IP tables support, so there *should* be a module for ip_tables for the kernel to load, but I can't see one anywhere - it certainly isnt in /etc/modules;

when i look in
/lib/modules/2.4.18-bf2.4/kernel/drivers/net/
there are quite a lot of files with .o at the end (are these modules?) but nothing that looks like ip_tables or netfilter, and in
/lib/modules/2.6.10/kernel/drivers/net where I should think they SHOULD go (?) there aren't many at all, just 5:
drwxr-xr-x 2 root root 4096 Jan 27 10:21 bonding
-rw-r--r-- 1 root root 3832 Jan 17 10:25 dummy.ko
-rw-r--r-- 1 root root 6531 Jan 17 10:25 eql.ko
-rw-r--r-- 1 root root 7534 Jan 17 10:25 shaper.ko
-rw-r--r-- 1 root root 8296 Jan 17 10:25 tun.ko


I hate it when someone else sets a system up for you - you spend ages just trying to find out wehats been done...

HEEELP !

wooshy

Try in /lib/modules/2.6.10/kernel/net/ipv4/netfilter

....doesnt even have a /lib/modules/2.6.10/kernel/net directory

only arch, drivers and fs

wooshy

How did you install that kernel? And check if it exists in the 2.4.18-bf2 directory..

It may be possible that they are complied into the kernel..
Read /boot/config-2.6.10 if it exists and see if modules were made M, or compiled in *..

You will have to install the "testing" packages to match that 2.6.10 kernel..

unfortunately I dint install the kernel - I lease the box...
I did check th 2.4.18-bf2 directory - nothing there either...
Looking at make menuconfig settings (I loaded the config file), it has been compiled with Network packet filtering built-in(*) and IP tables support as a Module (M)...
[Don't really know what to look 4 in /boot/config (symlink) file - no occurences of ip_tables or netfilter (but there isnt in my other server and that is running ip_tables fine - albeit built-in to kernel)]
...where have all me modules gone?
I did a modprobe ip_tables and it says:
FATAL: Module ip_tables not found.

should i just remake the kernel? if i do will this put all my modules in the right place(s)?

????????

Better to apt-get the standard kernel package and iptables package
Check /etc/apt/sources.list and make sure you have entries for testing..
eg
deb ftp://ftp.nl.debian.org/debian testing main contrib non-free
deb http://security.debian.org/ testing/updates main contrib non-free

The mirror list is at http://www.debian.org/mirror/list

Do apt-get update to referesh the list
Do apt-get upgrade to get a list of packages that need upgrading
See if kernel and iptables are in the list. If so you can say yes..
There may be other upgrades that will require some interactive work answering config questions, so make the list shorter manually if you want..
You may need to redo lilo manually. Do it anyway after the install to be sure it's done.
Check /boot to make sure the kernel has installed and /lib/modules/2.6.10/kernel/net/ipv4/netfilter, then do lilo -v
Check the config files that were updated and reboot, smiling..

did apt-get upgrade but neither kernel nor anything with 'net' or 'ip' were in resulting list...

oops that's bust webmin, lah-di-lah

wooshy

Ok, so it can be done manually..

Do dpkg -l kernel* to see what's listed..
then do apt-get --reinstall install kernel-image-2.6.10 iptables

How about this then ?

#!/bin/bash
xterm '/path/to/server1 <arg>' &
xterm '/path/to/server2' &
.
.
xterm '/path/to/serverN <arg> <arg>' &
wait


Each xterm will run its command in a new window.
The "wait" command will wait for all of the xterm commands to finish.

can't see anyhting like ip_tables or netfilter in the dpkg -l kernel*, but then it is in columns and the first is too narrow to read all the names...
Also there is no kernel-image-2.6.10 in there... there are loads of kernel-images up to 2.6.9-2-686 and a plain 'kernel-image' - do you think this is kernel-image-2.6.10 by another name?
should i go ahead? (or will ibe downgrading something??)

...getting more and more lost....

wooshy