Stop sending me these fucking e mails...I dont want them so fuck off!!!! -----Oorspronkelijk bericht----- Van: Kerin Millar [mailto:[EMAIL PROTECTED] Verzonden: maandag 22 september 2008 15:56 Aan: [email protected] Onderwerp: Re: [gentoo-server] Iptables Changes
2008/9/22 Ajai Khattri <[EMAIL PROTECTED]>: > On Mon, 22 Sep 2008, Ryan Gibbons wrote: > >> You should be able to find some information in your log files and >> possibily dmesg >> >> My guess is you are missing some modules for iptables in your kernel. > > I use connection-tracking and that has changed a lot over the past two years > and become very confusing (as far as kernel configuration goes). 2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not selected, should ensure that the most commonly used netfilter options are enabled. If that option does not appeal then note that the NF_CONNTRACK option has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list of options that constitute a set of reasonable/minimal defaults (that will support connection tracking): NF_CONNTRACK_IPV4 NF_CONNTRACK_MARK IP_NF_IPTABLES IP_NF_FILTER IP_NF_TARGET_REJECT IP_NF_TARGET_LOG NF_NAT IP_NF_TARGET_MASQUERADE IP_NF_TARGET_REDIRECT IP_NF_MANGLE NF_CONNTRACK_ENABLED I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be used in conjunction with the ulogd package so as to avoid polluting the kernel ring buffer with netfilter log messages. Regards, --Kerin
