I know this post will test your patience. I am relatively new to iptables, but have a solid foundation in routing and switching. My question specifically pertains to the netfilter option under the 802.1d bridging selection that should be visible after enabling netfilter within 'make menuconfig.' I can get the bridging portion up and running no problem, but I noticed that the netfilter option was not present under the 802.1d settings within the kernel.
Using:
Kernel 2.4.1.8
Iptables 1.2.6a
Bridge-nf-0.0.7-against-2.4.18.diff
Bridge-utils-0.9.5
Interesting concept, fascinating bridging, frustrating firewalling. I am not sure why the netfilter option would not be present after applying the patch and running a make menuconfig. Here are the steps I followed in as detailed a form as I know how to post.
##KERNEL###
Cd /usr/src
Tar -zxvf linux-2.4.18.tar.gz
Cd /usr/src/linux
Cp /root/bridge-nf-0.0.7-against-2.4.18.diff
Patch -p1 < bridge-nf-0.0.7-against-2.4.18.diff
Make menuconfig (This is where the netfilter option is not present for 802.1d bridging) Check the netfilter configuration, select everything except nat under that Check the 802.1d bridging Check to make sure ext3 filesystem is supported Exit from menuconfig, saving new kernel Make dep
##COMPILE KERNEL IMAGE###
Make bzImage
Cp /usr/src/linux/arch/i386/boot/bzImage /boot/bzImage.bridge
##EDIT LILO.CONF##
Vi /etc/lilo.conf
Add the following lines:
Image=/boot/bzImage.bridge
label=bridge
root=/dev/hda2
read-only
initrd=boot/initrd-2.4.7-10.img
Lilo
Lilo -q
Shutdown -r now
(boots with module errors, no problem)
##ADD MODULE DEPENDENCIES##
Cd /usr/src/linux
Make modules
Make modules_install
Shutdown -r now
(boots with no errors)
##BRIDGING SETUP###
Tar -zxvf bridge-utils-0.9.5.tar.gz
Cd bridge-utils
Make
Cp ./brctl/brctl /usr/bin
Cp ./brctl/brctld /usr/bin
Brctl addbr mybridge (defines bridge)
Ifconfig mybridge up (If I don't do this, the bridge stays down) Brctl addif mybridge eth0 Brctl addif mybridge eth1 Ifconfig eth0 0.0.0.0 promisc Ifconfig eth1 0.0.0.0 promisc (now we have a working bridge)
##IPTABLES SETUP##
Tar -xvf iptables-1.2.6a.tar
Cd iptables-1.2.6a
Make
Make install
Iptables -A INPUT -p tcp --syn -j DROP
(should allow surfing, but not tcp syn packets...so no externally initiated tcp sessions) At this point I have a bridge, but no firewall. If you get a chance, take a look at it. I'm going to post this to a newsgroup today.
Jeremiah A. Junginger
[EMAIL PROTECTED]
The information contained in this message and any attachment may contain privileged or confidential information protected from disclosure. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this transmission in error, please notify the sender immediately by replying to this message and destroying the original and all copies. Thank you.
smime.p7s
Description: application/pkcs7-signature
