Tom Bryan wrote:
Hi, all. I'm back to trying Debian again. The good news is that I made more progress this time. I grabbed one of the mini-CD images listed on http://www.debian.org/CD/netinst/, and it configured my network card from DHCP and let me use tasksel to get a decent system installed.It's very likely that you copied the kernel from your installation medium, which is intentionally a bit of stripped down kernel so that it can optimize the space on the installation disks. If ipchains is sufficient, I'd recommend installing a 2.2 kernel using apt-get. "apt-get install kernel-image-2.2.20". You can do a search for all available 2.2 kernels with: "apt-cache search kernel-image-2.2". I'd be extremely suprised if these kernels don't contain ipchains support, but you might have to load a module to enable the support. I honestly don't remember as it's been quite a while since using a 2.2 kernel on debian for me.
Now, I run no services that I want others to see, so the first thing that I want to do is put up a ipchains or iptables firewall that basically drops anything incoming that's not a response to one of my requests (DHCP, DNS, HTTP, FTP, POP, or IMAP-SSL to machines outside my network). I also plan to use this box as a firewall doing NAT for the rest of my network.
The Debian Woody box runs, boots, and seems to function. My first step after initial software installation was to check what my firewall rulelist looked like. Since the install gave me a 2.2 kernel, I tried ipchains -L. I got an error message saying that ipchains was not compatible with my kernel. I noticed that iptables was also installed. So, I tried running iptables -L, hoping that Debian simply installed a 2.2 kernel with whatever it needed for iptables instead of ipchains. Nope. I get an error saying
"modprobe: Can't locate module ip_tables iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded."
For this machine, ipchains would be fine with me, but when I go looking for information on this topic, I keep finding instructions about how to upgrade my woody kernel to 2.4 so that I can use iptables. That sounds like more work than I really want to do at the moment.
Has anyone hit this problem with a fresh Debian Woody install?
If you're willing to go with a 2.4 kernel, then follow Criumsun's advice for the setup. I also highly recommend Shorewall with a 2.4 kernel.
Best of luck, David -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
