If i follow this for my iptbales install???

[Natasha69]

Hello,

I was wandering if someone could go over this and tell me if im did soomething wrong in these steps i have tryed this many times but keep

getting errors wandering where im going wrong

Ok installed linux 7.2 it comes with iptables already installed iptablesv1.2.3 Now i want to install iptables 1.2.7 Soo here is what im

doing...

Re-Compile my kernel to 2.4.19 with
CONFIG_PACKET
CONFIG_NETFILTER
CONFIG_CONNTRACK
CONFIG_IP_NF_FTP
CONFIG_IP_NF_IRC
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_NAT
CONFIG_IP_NF_MATCH_STATE
CONFIG_IP_NF_TARGET_LOG
CONFIG_IP_NF_MATCH_LIMIT
CONFIG_IP_NF_TARGET_MASQUERADE
ALL built in the kernel:
***************************************************************************************************************************************
Next i am going to download IPTABLES-1.2.7 and install them
bzip2 -cd iptables-1.2.3.tar.bz2 | tar -xvf
make KERNEL_DIR=/usr/src/linux/
make install KERNEL_DIR=/usr/src/linux/
****************************************************************************************************************************************
Next im going to create a script for my iptables named "rc.firewall" in the "/etc/rc.d/" dir. where i create my rules:
then im going to
chown root.root /etc/rc.d/rc.firewall
chmod u=rwx /etc/rc.d/rc.firewall
sh /etc/rc.d/rc.firewall
And im going to add the following line "sh /etc/rc.d/rc.firewall" to the end of the "/etc/ec.d/rc.local" file: all this is soo it will

startup everytime compouters starts..
***************************************************************************************************************************************
Since i have a dynamic ip address im going to install "PUMP" from Linux instal disc 2
rpm -iv pump-1.1.11

Then im going to create a "PUMP.CONF" file in the "/etc" directpory which will look like this
-------------------------------------------------------------------
retries 3
script /etc/rc.d/rc.pump.done

device eth0 {
noisdomain
}
------------------------------------------------------------
And then the following shell commands can be placed in the firewall script some point after any HARDCODED definitions of IPADDRESS
-------------------------------------------------------------
if [ -f /etc/rc.d/pump.info ]; then
. /etc/rc.d/pump.info
else

echo "rc.firewall: dhcp is not configured."
sh /ect/init.d/iptables panic
exit 1
fi
------------------------------------------------
Sooo then in the "/etc/rc.d" i will create this script
--------------------------------------------------------------------------
#!/bin/bash

if [ "$1" = "down" ]; then
exit 0
fi

if [ "$1" = "lease" ]; then
echo address $3 assigned to network interface $2 > /dev/console
fi

/sbin/pump -i eth0 -s > /var/tmp/pump.out

IPADDR=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*IP: //"`
NETMASK=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Netmask: //"`
BROADCAST=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Broadcast: //"`
NETWORK=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Network: //"`
DHCP_SERVER=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*DHCP_SERVER: //"`
GATEWAY=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Gateway: //"`
DOMAIN=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Domain: //"`

rm /var/tmp/pump.out

echo IPADDR=$IPADDR . /etc/rc.d/pump.info
echo NETMASK=$NETMASK >> /etc/rc.d/pump.info
echo SUBNET_BASE=$NETWORK >> /etc/rc.d/pump.info
echo SUBNET_BROADCAST=$BROADCAST >> /etc/rc.d/pump.info
echo GATEWAY=$GATEWAY >> /etc/rc.d/pump.info
echo HOSTNAME=$HOSTNAME >> /etc/rc.d/pump.info
echo DHCP_SERVER=$DHCP_SERVER>> /etc/rc.d/pump.info

sh /etc/init.d/iptables restart

exit 0
-----------------------------------------------------------------------------------------

What im asking is if i follow these steps should i have any problems cause this is my 3 rd try with this i wanna know what i am doing wrong...since "iptables" is already installed with 7.2 will this setup gimme errors or soemthing??

thanks for the help guys!!!

[problemchild]

It's hard to help without knowing what the error message is, but I will try to offer some general suggestions. What is the exact error you're geting?

ALL built in the kernel:

A lot of firewall scripts expect iptables to load as a module and will choke if it's compiled directly into the kernel. Try recompiling as modules.

Next i am going to download IPTABLES-1.2.7 and install them
bzip2 -cd iptables-1.2.3.tar.bz2 | tar -xvf
make KERNEL_DIR=/usr/src/linux/
make install KERNEL_DIR=/usr/src/linux/

Did you uninstall the old iptables first? You need to rpm -e iptables before you install to avoid any version conflicts between the old and the new.

[EDIT] I would also compile iptables with ./configure --prefix=/usr to install it to /usr instead of /usr/local so everything goes back in the same place.

If you're going to do a clean reinstall, do one thing at a time to find out where the problem lies.

Try the firewall script on the default install and see if your script is OK. If the script works, then upgrade your iptables and see if it still works. If that works, then upgrade your kernel. Don't do everything at once, because then you have no way of knowing which part of the process is breaking it.

BTW, why are you upgrading all of this stuff? The Red Hat security advisories will cover any security issues that may come about. I'm just curious.......

Holy crap... you're adding and deleting posts faster than I can edit. LOL

[Natasha69]

Thank you soo much for your help

Im going to run
rpm -e iptables-1.2.3
First and then installl the newer iptables... and for my kernel im load my
config_packet
config_conntertrack
etc
as modules and then neear the end of recompiling the kernel do i still run the command
"make modules make modules_install"

while i am recompiling

And the errors i use to get was
iptables: libiptc/libip4tc.C:386 do_check Assertion 'h--->info.valid_hooks == (1 <<0 | 1 << 3)' Failed
/etc/rc3.d/s08 iptables:line -246 280 ABORTED iptables -t $i -F
There was somemore but this what i only worte down
Thanks