[TriLUG] Debian woody and ipchains/iptables

crimsun at fungus.sh.nu crimsun at fungus.sh.nu
Sun Oct 31 08:32:15 EST 2004


On Sun, Oct 31, 2004 at 08:27:47AM -0500, Tom Bryan wrote:
> like.  Since the install gave me a 2.2 kernel, I tried ipchains -L.  I got an 
> error message saying that ipchains was not compatible with my kernel.  I 
> noticed that iptables was also installed.  So, I tried running iptables -L, 
> hoping that Debian simply installed a 2.2 kernel with whatever it needed for 
> iptables instead of ipchains.  Nope.  I get an error saying

netfilter+iptables is only available for 2.4+ kernels.

The easiest upgrade path is:

# apt-get install kernel-image-2.4.18-1-x86
where you'd replace 'x' with {3,5,6} depending on whether you have an
i386, Pentium, or Pentium Pro (or newer) CPU. When in doubt, use 386.

After that's finished (you'll have to reboot into 2.4.18), use:

# apt-get install shorewall
and check out the documentation here:
http://shorewall.net/1.2/shorewall_quickstart_guide.htm

Debian Woody ships with Shorewall 1.2, which the web site says is no
longer supported. Never fear. There are a bevy of other tools and
scripts you can install via apt-get, dselect, aptitude, synaptic, etc.:

$ apt-cache search iptables
Among the relevant returns are: ferm, firewall-easy, fwbuilder-iptables.

The basics are highly sane, so you'll be able to move between different
tools and scripts easily in time.

-- 
Daniel T. Chen          crimsun at fungus.sh.nu
GPG key:   www.sh.nu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20041031/ab6b1a76/attachment.pgp>


More information about the TriLUG mailing list