Subject: Re: help with iptables set-up, please
From: Jeffery P. Humes (humesj@bofus.org)
Date: Mon Mar 11 2002 - 18:59:08 MST
OK.....
Ralph Wiggums wrote:
> I have been 'roughly' following this link, but i do have questions that hopefully someone can help me out with. (the Oskar Andreasson Tutorial) http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial/iptables-tutorial.html#INSTALL_RH71
>
> ok, these are the sequential steps i followed and i'm not having any sucess.
>
> -I downloaded iptables-1.2.5 from netfilter. (to my internet downloads partition)
> -I unpacked with bzip2 -cd iptables-1.2.5.tar.bz2 | tar -xvf -
>
> -I made the package: make KERNEL_DIR=/boot/vmlinux
> and make install KERNEL_DIR=/boot/vmlinux
KERNEL_DIR defaults to /usr/src/linux, so if that is where the kernel "source" is, you dont need to say it here. You need to point it to where the kernel source is not the compiled kernel. (this also implies that you will need to recompile).
>
> -i made sure ipchains was off.
> chkconfig --level 0123456 ipchains off
>
> -i made sure the service was stopped. (which doesn't really matter because 'ipchains' is not compitible with my kernel so it won't work anyway.)
> service ipchains stop
OK
>
>
> -i ran 'modprobe ip_tables' and 'modprobe iptable_nat' to test the initial iptables-1.2.5 installation
>
> and 'lsmod' to see the modules were loaded, they seem to be there.
OK
>
>
> Now to make iptables run i tried:
> chkconfig --level 235 iptables on
> -which produced 'iptables not found'?
This is an chkconfig issue, not an iptables one. you need to go into the /etc/init.d directory and see if there is a corresponding "iptables" script in there. Since this list does not cover chkconfig, I will defer. I would like to suggest that you not use the default iptables scripts that come with most of the distros as they are
non prohibitive (they don't block too much :) you can go online and get one of several script that will fit the situation better. Just google it.
>
>
> -so of course i could not start it as well:
> service iptables start
> :'iptables not found'
Related to the previous question, if you have no script to start it then service wont do it either.
>
>
> -Now, does this just mean that iptables is not in my 'path'. I though when i 'make' a package is it automatically made in /sbin or where is 'should' be made, is this true? i don't really want it (ipchains) to reside where it currently is, where i 'unpacked it', on my 'internet downloads' partition.
Nope, to verify that iptables is in the PATH, just do an "which iptables" if it finds it it will tell you where it is. if not you will know.
>
>
> >From what i understand my kernel is already compiled to run 'iptables', i run Yellow dog Linux 2.1 kernel 2.4.10-12a - but if not i have never compilied a kernel and i would rather save some fun for later ;-) (i've only been running linux a short time but i have a cable provider and really need a decent firewall - hence iptables)
I am going step toward the edge and suggest that you upgrade the kernel also. 2.4.18 is the latest stable version and you can walk through the compilation and installation at www.linuxdoc.org in the kernel-howto.
Regards,
Jeff
This archive was generated by hypermail 2a24 : Mon Mar 11 2002 - 19:13:45 MST