-
September 13th, 2002, 04:26 AM
#1
If i follow this for my iptbales install???
Hello,
I was wandering if someone could go over this and tell me if im did soomething wrong in these steps i have tryed this many times but keep
getting errors wandering where im going wrong
Ok installed linux 7.2 it comes with iptables already installed iptablesv1.2.3 Now i want to install iptables 1.2.7 Soo here is what im
doing...
Re-Compile my kernel to 2.4.19 with
CONFIG_PACKET
CONFIG_NETFILTER
CONFIG_CONNTRACK
CONFIG_IP_NF_FTP
CONFIG_IP_NF_IRC
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_NAT
CONFIG_IP_NF_MATCH_STATE
CONFIG_IP_NF_TARGET_LOG
CONFIG_IP_NF_MATCH_LIMIT
CONFIG_IP_NF_TARGET_MASQUERADE
ALL built in the kernel:
***************************************************************************************************************************************
Next i am going to download IPTABLES-1.2.7 and install them
bzip2 -cd iptables-1.2.3.tar.bz2 | tar -xvf
make KERNEL_DIR=/usr/src/linux/
make install KERNEL_DIR=/usr/src/linux/
****************************************************************************************************************************************
Next im going to create a script for my iptables named "rc.firewall" in the "/etc/rc.d/" dir. where i create my rules:
then im going to
chown root.root /etc/rc.d/rc.firewall
chmod u=rwx /etc/rc.d/rc.firewall
sh /etc/rc.d/rc.firewall
And im going to add the following line "sh /etc/rc.d/rc.firewall" to the end of the "/etc/ec.d/rc.local" file: all this is soo it will
startup everytime compouters starts..
***************************************************************************************************************************************
Since i have a dynamic ip address im going to install "PUMP" from Linux instal disc 2
rpm -iv pump-1.1.11
Then im going to create a "PUMP.CONF" file in the "/etc" directpory which will look like this
-------------------------------------------------------------------
retries 3
script /etc/rc.d/rc.pump.done
device eth0 {
noisdomain
}
------------------------------------------------------------
And then the following shell commands can be placed in the firewall script some point after any HARDCODED definitions of IPADDRESS
-------------------------------------------------------------
if [ -f /etc/rc.d/pump.info ]; then
. /etc/rc.d/pump.info
else
echo "rc.firewall: dhcp is not configured."
sh /ect/init.d/iptables panic
exit 1
fi
------------------------------------------------
Sooo then in the "/etc/rc.d" i will create this script
--------------------------------------------------------------------------
#!/bin/bash
if [ "$1" = "down" ]; then
exit 0
fi
if [ "$1" = "lease" ]; then
echo address $3 assigned to network interface $2 > /dev/console
fi
/sbin/pump -i eth0 -s > /var/tmp/pump.out
IPADDR=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*IP: //"`
NETMASK=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Netmask: //"`
BROADCAST=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Broadcast: //"`
NETWORK=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Network: //"`
DHCP_SERVER=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*DHCP_SERVER: //"`
GATEWAY=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Gateway: //"`
DOMAIN=`fgrep IP: /var/tmp/pump.out | sed -e "s/.*Domain: //"`
rm /var/tmp/pump.out
echo IPADDR=$IPADDR . /etc/rc.d/pump.info
echo NETMASK=$NETMASK >> /etc/rc.d/pump.info
echo SUBNET_BASE=$NETWORK >> /etc/rc.d/pump.info
echo SUBNET_BROADCAST=$BROADCAST >> /etc/rc.d/pump.info
echo GATEWAY=$GATEWAY >> /etc/rc.d/pump.info
echo HOSTNAME=$HOSTNAME >> /etc/rc.d/pump.info
echo DHCP_SERVER=$DHCP_SERVER>> /etc/rc.d/pump.info
sh /etc/init.d/iptables restart
exit 0
-----------------------------------------------------------------------------------------
What im asking is if i follow these steps should i have any problems cause this is my 3 rd try with this i wanna know what i am doing wrong...since "iptables" is already installed with 7.2 will this setup gimme errors or soemthing??
thanks for the help guys!!!
-
September 13th, 2002, 04:41 AM
#2
It's hard to help without knowing what the error message is, but I will try to offer some general suggestions. What is the exact error you're geting?
A lot of firewall scripts expect iptables to load as a module and will choke if it's compiled directly into the kernel. Try recompiling as modules.
Next i am going to download IPTABLES-1.2.7 and install them
bzip2 -cd iptables-1.2.3.tar.bz2 | tar -xvf
make KERNEL_DIR=/usr/src/linux/
make install KERNEL_DIR=/usr/src/linux/
Did you uninstall the old iptables first? You need to rpm -e iptables before you install to avoid any version conflicts between the old and the new.
[EDIT] I would also compile iptables with ./configure --prefix=/usr to install it to /usr instead of /usr/local so everything goes back in the same place.
If you're going to do a clean reinstall, do one thing at a time to find out where the problem lies.
Try the firewall script on the default install and see if your script is OK. If the script works, then upgrade your iptables and see if it still works. If that works, then upgrade your kernel. Don't do everything at once, because then you have no way of knowing which part of the process is breaking it.
BTW, why are you upgrading all of this stuff? The Red Hat security advisories will cover any security issues that may come about. I'm just curious.......
Holy crap... you're adding and deleting posts faster than I can edit. LOL
Do what you want with the girl, but leave me alone!
-
September 13th, 2002, 05:01 AM
#3
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|