You are correct, sir! Booted Debian kernel 2.6.38-2-686 and
it did indeed work like a charm. That was a long couple of days
but fresh eyes the next mornings moved things along.
I've been running custom built kernels so long I forgot
all the Netfilter dependencies for firestarter, which
seemed to be working alright with just a few modules which had been
selected with 'make localmodconfig'. After building all the
modules in 'net/netfilter', 'net/ipv4/netfilter' and
'/net/ipv6/netfilter',
it now works in the custom kernel also.
Two question I have:
1. Precisely which netfilter config options are
required for conntrack to work? I tried to enable just the modules
I needed to try to get things working quickly,
starting with 'NETFILTER_NETLINK(_QUEUE and _LOG)
(after seeing that 'IP_NF_QUEUE' was obsolete), but no dice,
although it failed a little further on. After that I added
in 'IP_NF_QUEUE' thinking that maybe 'libnetfilter-conntrack3'
hadn't started using the 'new' netfilter API, but still didn't work.
2. ... I forgot what the second question was.
In the end I spent more time trying to get one or two or a handful
of modules to work than it would have taken to build a kernel with
the net/netfilter stuff in there, but it wasn't a complete waste of
time, I learned some things. It's in the custom .config and ccache
now, though, never touching that again! lol
Sorry for the noise and it's OK to close.
