Firewall Wizards mailing list archives
Re: Red Hat 7.1 and Iptables
From: tony bourke <tony () vegan net>
Date: Sat, 9 Jun 2001 19:32:34 -0400 (EDT)
Hi Bill, You need to recompile the kernel with iptables enabled if you havn't done so already. I would recommend compiling it into the kernel, rather than a module option, that way there is not question on whether the module is loaded. Under networking options: [*] Packet socket x x [ ] Packet socket: mmapped IO x x [ ] Kernel/User netlink socket x x [*] Network packet filtering (replaces ipchains) Network packet filtering is the option. There is also an option in that menu for: IP: Netfilter Configuration ---> Select that menu. In it, enable connection tracking, probably want to enable FTP support, IP tables support, packet filtering, reject target support. x x [*] Connection tracking (required for masq/NAT) x x [*] FTP protocol support x x [*] IP tables support (required for filtering/masq/NAT) -------- [*] Packet filtering [*] REJECT target support Also, VERY IMPORTANT is to select Connection state match support: [*] Connection state match support This allows you to let inbound EST connections on random ports, so you cant block all ports > 1022 completely in your ruleset, while still allowiong outgoing connections to grab a local > 1022 port. I'm not certain but I think connection state support wasn't an option in either ipfwadm or ipchains (2.0 and 2.2, resp.) This alone is why I upgraded to 2.4.x Check out the other options as they pertain to what you are trying to do. I've got an example host firewall config, but it doesn't take into account NAT. I'd be happy to forward it to you. Tony On Thu, 7 Jun 2001, Bill Asher wrote:
I'm running RedHat 7.1, kernel 2.4.2-2. Does anyone know how to enable iptables instead of the default ipchains. I am trying to set up a firewall for a small business network 2 nics, eth0-internet, eth1 - LAN. I'd like to begin using iptables,but am unsure how to enable iptables. If I run command: iptables -L I get: /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed iptables v1.2.1a: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. ipchains -L works fine so it is up and running... any help would be GREAT! B . A s h e r IT Manager S C H U L T Z D E S I G N (636)936-2900 www.schultz-design.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
-- -------------- -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke tony () vegan net _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Red Hat 7.1 and Iptables Bill Asher (Jun 08)
- Re: Red Hat 7.1 and Iptables Martin Peikert (Jun 11)
- Re: Red Hat 7.1 and Iptables Peter Lukas (Jun 12)
- Re: Red Hat 7.1 and Iptables Luca Berra (Jun 11)
- Re: Red Hat 7.1 and Iptables tony bourke (Jun 11)
- Re: Red Hat 7.1 and Iptables tony bourke (Jun 11)
- <Possible follow-ups>
- RE: Red Hat 7.1 and Iptables mark . wiater (Jun 11)
- RE: Red Hat 7.1 and Iptables Chris 'Chipper' Chiapusio (Jun 12)
- RE: Red Hat 7.1 and Iptables Bruce Platt (Jun 12)
- Re: Red Hat 7.1 and Iptables Martin Peikert (Jun 14)
- RE: Red Hat 7.1 and Iptables Swift Griggs (Jun 14)
- Re: Red Hat 7.1 and Iptables Martin Peikert (Jun 11)