In fact, I would say that recompile a kernel is not very difficult, really. You have some commands to know, some packages to install, and it's allright.
If you speak french, I have written a tutorial debian for newbie, where I explain how to recompile a personnal kernel ( normal way and debian way ) : http://www.pcinpact.com/forum/index.php?showtopic=24097 and a friend of mine has written another one where he explains the differents options in the kernel configuration interface. Am I'm sure that there is a lot of good tutorials about recompiling its own kernel. About iptables, I think the best you have to do is to download one from another debian user, I could send you mine, which assumes ipconntrack too. It run on a gateway with Apache server. And if you read french, I could send you a very good ( and simple ) how-to about iptables. I haven't yet written my own tutorial about iptables/ipconntrack. And don't forget : "Linux is user friendly, it's just very selective about who his friends are." Rem On Wed, 05 Jan 2005 18:26:56 +0100, Pierre A. Damas <[EMAIL PROTECTED]> wrote: > Thanks Rem for your answer, but as you can expect, it doesn't help ;-) > > > > Prerequisite: I don't want to compile my kernel myself (insmod > > > should be sufficient), certainly not on that machine (which is my > > > only linux). > > I have of course nothing that would me make think that I am more > able to rebuild a kernel than the debian person who created the > kernel-image, > and if I can reach his level (after reading a lot of documentation and > trying a lot), > nothing makes me believe that exactly the same problem would not occur... > > Of course, I may have only a "weak" security (and once I have a better > config, > I'll ask you to run your thing to check it), but it is why I rely on > knowledgable people > building the kernels and modules for me and giving me good advice. > > But for each domain I touch in my computer life, there is always a balance > between the > benefit I expect from it, and the time and effort I can invest. > > If I need a database, I would use a distribution, although some advised > postgres guru > could say me that I should really take the sources and recompile it, to be > more performant > or more secure, or more ... > > I think (I hope) I have a good 2.4 kernel, and with everything open in > iptables (I want first to be sure that it works), I cannot connect to any > network. > > In fact, I think I have a very secure config ;-) > > Thanks anyway for the time you took answering me... > > Pierre A. > > >From: Rem <[EMAIL PROTECTED]> > >Reply-To: Rem <[EMAIL PROTECTED]> > >To: "Pierre A. Damas" <[EMAIL PROTECTED]> > >Subject: Re: no ipchains with 2.2/no network with 2.4 > >Date: Wed, 5 Jan 2005 17:05:26 +0100 > > > > Hi, > > > > I think you'd really better try to read a documentation and overall > >recompile your own kernel ( it's very simple, maybe not the first > >time, but after some tries, it's really easy ). You should recompile > >the last 2.4 kernel for your server, and then learn basics about > >iptables and make some good iptables rules, or find a good how-to or > >script. Ask the firewall list for a base script. > > > > Today, you'd probably have a very poor security. If you want to mail > >me your @ip i could run a good nmap on it and tell you back if it's > >secure or not. And by the way, you should use ipconntrack too, with > >iptables, it's very important. > > > > Rem > > > > > >On Wed, 05 Jan 2005 16:53:10 +0100, Pierre A. Damas > ><[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > I posted this also in firewall, but I think it can be installation > >related, > > > so I post it also in the plain user list. Sorry for this cross posting, > >but > > > I don't know yet the frequentation of both lists and where the problem > > > really belongs... > > > > > > I am fairly new to debian and firewalls, although I can read > > > documentation ;-) > > > I want to reuse an old machine to serve as firewall/proxy between > > > two subnets (with Windows machines) (192.168.1.0 (internal) and > > > 192.168.254.0 (dmz)) > > > > > > In the dmz, the router acts as additional firewall for access to my > > > ISP (gateway: 192.168.254.1) > > > > > > I installed my old Pentium-MMX 200 65Mb RAM, two network adapters > > > (ne and 8139too). > > > Prerequisite: I don't want to compile my kernel myself (insmod > > > should be sufficient), certainly not on that machine (which is my > > > only linux). > > > I understood that ipfwadm is used for kernel 2.0, ipchains for 2.2 > > > and iptables for 2.4+. > > > > > > Since I installed the woody distribution, I am the happy owner of a > > > kernel 2.2. > > > > > > In that config, the network works fine (from the server, I can ping > > > the two subnets and access Internet). I installed squid and > > > everything is ok. > > > > > > I would like to use ipchains, but it is "not supported in this > > > Kernel", so I searched everywhere to find an ipchains.o module to > > > insmod for 2.2 (I found for 2.4). In which package would it be ? > > > > > > ... > > > > > > As an alternative, I installed the kernel 2.4. There, iptables is > > > correctly configured, with ACCEPT policies by default. But in this > > > config, the network doesn't work. I checked with ifconfig, and > > > ensured that eth0 and eth1 are up (and it is the case), but I cannot > > > ping any other machine than the server itself on both subnets, and > > > of course cannot access internet. > > > > > > Iptables seems to be out of cause, since if I halt it, my ping > > > requests are correctly rejected with a message, instead of > > > "hanging"... > > > > > > For the rest, the network config is exactly the same as the one > > > defined for kernel 2.2. But maybe there are changes in the network > > > between these two versions ? > > > > > > So, my two questions: > > > > > > a) where is ipchains.o for the kernel 2.2 ? > > > and/or > > > b) what component, installed by default in the > > > kernel-image-2.4.16-586, could be the cause of my network blockage ? > > > > > > I invested more than 20 hours to read all google mailing-lists > > > information, firewall how-tos, etc., so a view on the problem by a > > > fresh mind would be appreciated... > > > > > > Thanks, > > > Pierre A. > > > > > > _________________________________________________________________ > > > Try MSN Messenger 7.0 beta http://messenger.msn.be/beta > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > >[EMAIL PROTECTED] > > > > > > > > > > > >-- > >Remy HAREL - [EMAIL PROTECTED] > >Linux Registered User #224740 > >http://remyharel.homelinux.com > > _________________________________________________________________ > Free e-mail? Try MSN Hotmail ! http://www.hotmail.com > > -- Remy HAREL - [EMAIL PROTECTED] Linux Registered User #224740 http://remyharel.homelinux.com
