On Fri, Feb 01, 2002 at 05:23:06PM -0700, John Aasen wrote:
> I always end up with some combination of Hmm.. non-reproducability is bad. > (1.) No "Bridge firewalling registered" message > upon booting the new kernel, It shouldn't show until you load the bridge module (iff you have bridging as a module). > (2.) Iptables complaining that it can't > find the location of a list of its modules and failing to run and/or > (3.) compiling bzImage failing due to errors when I recompile the kernel > after installing Iptables including running "make most-of-pom". Why do you want to recompile iptables? Most of the patches from patch-o-matic that I have tried (pool, iplimit, among others) are plain broken anyway. > I've usually done the patching in this order. Patching in this order > succeeds with only "1 of 4 hunks" failing on the "bridge-nf-0.0.6...." > patch after I answer N, N to reverting one hunk. Is this a correct > order? Yes. The bridge-nf patch exports a symbol that the 02 patch also exports (br_dev_xmit). This is harmless. > I am also confused about installing IPtables. Should one do the "make > KERNEL_DIR=/x/y/z...." step, then do "make install > KERNEL_DIR=/x/y/z...." step, and then do "make most-of-pom > KERNEL_DIR=/......" ? You can use the plain iptables that comes with your distro if you want. > Is it necessary to exactly match features > selected in the kernel "make xconfig" step against what is selected in > "make most-of-pom" step of installing IPtables? Nope, don't think so. > I am also confused about some of the networking options in kernel > .config. Could an expert email me a .config file that is configured to > achieve the standard transparent bridge-netfilter operation so that that > I could compare its network section to mine? Basically, CONFIG_NETFILTER=y CONFIG_BRIDGE=m/y CONFIG_IP_NF_*=n/m/y (depending on your needs) > (I want to note that the core bridge and bridge utilities that Lennert > maintains are easy to install, well documented and always work > correctly--only the IPtables portion is giving me fits. I've tried to make it easier by offering precompiled kernels, but it seems that patching kernels still isn't easy for the most as I had thought.. :/ > The Netfilter > Web site doesn't seem to address use of IPtables with the bridge except > in a passing mention.) I know. I don't hang out with netfilter people, I'm not on their lists, and I generally don't make a lot of noise about it. My bad, probably. > Also, my problems may be caused by starting with the Mandrake 8.1 > distro. Has any one else succeeded starting with Mandrake 8.1? I don't see why it shouldn't work. cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
