On Fri, 15 Aug 2003 22:07:39 +0200 Olav Vitters <[EMAIL PROTECTED]> wrote:
> Most iptables functions work with a 2.6.x kernel. Some (REDIRECT, > MASQUERADE) do not. To fix this, 2.6.x kernels must have an iptables > which was compiled against a 2.6.x kernel. Iptables 1.2.8 does not > compile when /usr/src/linux points to a 2.6.x kernel. I've had to use > iptables from CVS (20030813) to make it compile and had to remove the > experimental stuff from the spec file. You shouldn't use a 2.6 kernel for a production firewall at this time. A few releases ago there were about 100 security patches waiting to be ported from 2.4 to 2.6. An option is to make a iptables_kernel_2.6 package in contrib, so people who still want to use it on 2.6 can do that. Would that make you happy? It will not be installable next to the 2.4 iptables because of file conflicts, but if you can live with that.... > Example: > # uname -r > 2.6.0-test3 > # rpm -q iptables > iptables-1.2.8-1mdk > # /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 53 -j REDIRECT > # --to-ports 22 > iptables: Target problem > # rpm -Uvh ~src/RPMS/i586/iptables-1.2.8-1.1.kernel26.mdk.i586.rpm > Preparing... ########################################### > [100%] > 1:iptables ########################################### > [100%] > # /sbin/iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 53 -j REDIRECT > # --to-ports 22 > # > > As this test shows, the iptables CVS version compiled against 2.6.x works > ok. > > I've also recompiled the CVS version against the 2.4 mdk kernel source. > This still generates an 'iptables: Target problem' error message. > > Note that most function of iptables for 2.4 do work under 2.6.x. -- Marcel Pol
