On Wed, Feb 07, 2007 at 06:35:52PM -0500, Darcy Roberts wrote: > I've solved the running twice issues, thanks. > > I'm kinda dense about the kernel support. I think I've turned on the correct > options, but there quite a few sub-options. Iptables still complains loudly. > I'm reluctant to turn everything on. > > Which items/subitems in > > Networking ⇒ Networking Options ⇒ Network Packet Filtering ⇒ Core > Netfilter Configuration (and) IP: Netfilter Configuration > > Are actually required to be ON ? >
None of them. I don't use iptables on any of my desktops ;) You see, that is the wrong question : any function in *your* iptables *rules* needs to have the applicable code selected. For my own (limited) rules on my firewall I have iptables all as modules, and I modprobe filter, nat, nat_ftp, MASQUERADE, conntrack, state, LOG, conntrack_ftp, REJECT. That box is still running a 2.4 kernel, possibly the module names have changed in 2.6. Certainly, I don't take advantage of recent additions to netfilter, and I'm not advertising public services. I can get out for http and ftp, from any of my machines behind the firewall. I don't do VOIP or torrent, maybe those need other options. I think you need to work out what you expect the rules to do (let you out, obviously, but are any other machines using this box as a gateway, and what sort of restrictions do you want to apply to incoming). In my case incoming unrelated are mostly logged and dropped, it's probably only when you need to throttle incoming connections that you need more. Read the help for each of the options, decide what you are going to use, write the rules, then test it to see if it works. > Regards, > Darcy Roberts > And [ pause for theme-music ] Please don't top post. Thank you. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
