Autor |
Sõnum |
johnsmith
Vana Pingviin
Vanus: 50
Liitunud: 24.07.2006
Postitused: 714
Asukoht: Universum
Distributsioon: Ubuntu/Gentoo/FreeBSD
|
|
Yritan saada netfitrit toimima tundub nagu midagi oleks puudu ei oska nagu enam kustkilt viga otsida. See on kerneli config netfiltri osalt:
Kood: |
CONFIG_IP_VS_FTP=m
# CONFIG_IPV6 is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
# CONFIG_NETLABEL is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK_SUPPORT=y
# CONFIG_IP_NF_CONNTRACK_SUPPORT is not set
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CT_PROTO_GRE=y
CONFIG_NF_CT_PROTO_SCTP=y
CONFIG_NF_CONNTRACK_AMANDA=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_H323=y
CONFIG_NF_CONNTRACK_IRC=y
CONFIG_NF_CONNTRACK_NETBIOS_NS=y
CONFIG_NF_CONNTRACK_PPTP=y
CONFIG_NF_CONNTRACK_SIP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
#
# IP: Netfilter Configuration
#
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
|
Kui ma nyyd yritan laadida mingeid proovireegleid näiteks:
Kood: |
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A OUTPUT --dst xxx.xxx.xxx.xxx -j ACCEPT //dns serveri ip
iptables -A OUTPUT --dst xxx.xxx.xxx.xxx -j ACCEPT //dns serveri ip
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT -see viimane annab sellise veateate:
iptables: No chain/target/match by that name
|
Ja kui annan käsu "iptables --list" siis ta laeb seda 5 minutit.......
Tööle oleks saada vaja umbes järgmised reeglid
Kood: |
LO_INT=127.0.0.1
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A OUTPUT --dst XXX:XXX:XXX -j ACCEPT //dns
iptables -A OUTPUT --dst XXX:XXX:XXX -j ACCEPT //dns
iptables -A OUTPUT --dst XXX.XXX:XXX -j ACCEPT //dns
iptables -A OUTPUT -p ALL -d 192.168.1.1 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p udp --dport 67 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport XXXXX -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m helper --helper ftp -j ACCEPT
iptables -A OUTPUT -p tcp -m helper --helper irc-6667 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -d XXX:XXX:XXX --dport 119 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p ALL -s $LO_INT -j ACCEPT
iptables -A INPUT -p ALL -d $LO_INT -j ACCEPT
|
ftp ja irc conntrack mooduleid ei ole muidugi aga see ei ole praegu nii oluline. Tundub, et state masina mingi moodul on puudu mis peab arvet loodud yhenduste kohta. Ma olen kernelit kompinud uuesti juba mingi kymme korda ja olen valinud köik netfiltri moodulid. Ilmselt mingi userlandi vidin on puudu.
Igasugune abi on teretulnud.
EDIT: Sellised reeglid toimivad ilusti aga see nagu eriti ei rahulda:
Kood: |
localhost ~ # iptables -P INPUT ACCEPT
localhost ~ # iptables -P OUTPUT DROP
localhost ~ # iptables -P FORWARD DROP
localhost ~ # iptables -A OUTPUT --dst XXX.XXX.XXX -j ACCEPT
localhost ~ # iptables -A OUTPUT --dst XXX.XXX.XXX -j ACCEPT
localhost ~ # iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
|
|
|
|
|
_________________ "Thinking is the hardest work there is, which is probably the reason why so few engage in it" - Henry Ford
|
|
|
|
johnsmith
Vana Pingviin
Vanus: 50
Liitunud: 24.07.2006
Postitused: 714
Asukoht: Universum
Distributsioon: Ubuntu/Gentoo/FreeBSD
|
|
Hakkan siis kompileerima vanilla kernelit. Tundub, et Gentoo kernel ei toetagi kõiki netfiltri võimalusi. See on mu config vanilla kernelist mis mul on Mepises:
Kood: |
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_NETBIOS_NS=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_PPTP=m
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
# CONFIG_IP_NF_MATCH_AH is not set
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
|
Kas keegi kasutab ka Gentoo enda kernelit ? Kui nii siis kas te paikate kerneli ära või te ei kasuta netfiltrit ?
|
|
|
|
_________________ "Thinking is the hardest work there is, which is probably the reason why so few engage in it" - Henry Ford
|
|
|
|
illukas
Vana Pingviin
Vanus: 44
Liitunud: 24.10.2006
Postitused: 2036
|
|
|
|
johnsmith
Vana Pingviin
Vanus: 50
Liitunud: 24.07.2006
Postitused: 714
Asukoht: Universum
Distributsioon: Ubuntu/Gentoo/FreeBSD
|
|
Mul önnestus probleem lokaliseerida aga lahendust veel pole......
Probleem on conntrack moodulis vöi öigemini selle puudumises:
Kood: | CONFIG_IP_NF_CONNTRACK - This module is needed to make connection tracking. Connection tracking is used by, among other things, NAT and Masquerading. If you need to firewall machines on a LAN you most definitely should mark this option. |
Seda läheb tarvis siis dynaamiliste reeglite kasutamiseks. Mingil pöhjusel mul ei önnestu seda kernelisse lisada ei gentoo ega vanilla kernelisse (emerge vanilla-sources ja 2.6.20.7)
Kui ma nyyd salvestan confi faili siis järgmine käsk näitab, et moodul peaks olema sees :
Kood: | localhost linux # cat /root/vanilla | grep -i conntrack
CONFIG_NF_CONNTRACK_ENABLED=m
# CONFIG_NF_CONNTRACK_SUPPORT is not set
CONFIG_IP_NF_CONNTRACK_SUPPORT=y
[B]CONFIG_IP_NF_CONNTRACK=m[/B]
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CONNTRACK_NETLINK is not set
Imelik aga kui ma samas kontrollin localhost linux # cat .config | grep -i conntrack
# CONFIG_NF_CONNTRACK_ENABLED is not set
|
Gentoo kasutajad vöiksid proovida käsku
Kood: | cat /proc/net/ip_conntrack |
ja anda teada kas töötab ja mis kernel ja mis configa. Kui see käsk mingeid tulemusi ei anna siis ip_conntrack moodul ei ole laetud. Loomulikult "modprobe ip_conntrack" tulemusi ei anna ja sellist moodulit kerneli moodulite all ei leidu.
|
|
|
|
_________________ "Thinking is the hardest work there is, which is probably the reason why so few engage in it" - Henry Ford
|
|
|
|
obundra
Vana Pingviin
Vanus: 49
Liitunud: 04.08.2005
Postitused: 1213
Asukoht: 127.0.0.1
Distributsioon: RHEL, Solaris, Debian, Gentoo
|
|
Käsitsi iptablesit ja kernelit pätsida pole proovind?Teinekord olen sellest abi saanud. Link
|
|
|
|
_________________ IT teenused
|
|
|
|
johnsmith
Vana Pingviin
Vanus: 50
Liitunud: 24.07.2006
Postitused: 714
Asukoht: Universum
Distributsioon: Ubuntu/Gentoo/FreeBSD
|
|
Vanilla 2.6 kernelit pole siiamaani vaja pätsida olnud, nagu ma aru saan netfiltri pätsid on 2.4 kerneli jaoks. Ma oleks huvitatud sellest mis kernelit teised gentoo kasutajad rullivad ja mis moodi on kernel konfitud, et state masinaga seotud reeglid toimivad.
|
|
|
|
_________________ "Thinking is the hardest work there is, which is probably the reason why so few engage in it" - Henry Ford
|
|
|
|
Dev
Uus kasutaja
Liitunud: 16.12.2006
Postitused: 5
Distributsioon: Gentoo/Sabayon
|
|
Tere,
avastasin, et pole masinat tükk aega uuendanud ja state flag'ide põhiseid filtreid ei kasuta, aga conntrack töötab küll.
Panen natuke infot kaasa, ehk aitab.
Kood: | $ uname -sr
Linux 2.6.18-gentoo-r6
|
Kood: |
$ lsmod|grep ip
iptable_mangle 2560 0
ipt_MASQUERADE 2944 1
iptable_nat 6916 1
ip_nat 14892 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 42772 3 ipt_MASQUERADE,iptable_nat,ip_nat
ipt_TCPMSS 3840 1
ipt_REJECT 4736 2
iptable_filter 2688 1
ip_tables 11592 3 iptable_mangle,iptable_nat,iptable_filter
|
Kood: |
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CONNTRACK_NETLINK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
CONFIG_IP_NF_SIP=m
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_SIP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
|
|
|
|
|
|
|
|
|
johnsmith
Vana Pingviin
Vanus: 50
Liitunud: 24.07.2006
Postitused: 714
Asukoht: Universum
Distributsioon: Ubuntu/Gentoo/FreeBSD
|
|
Kõigepealt tänud kõigile kes vastasid.
Lahendus oli siis selline, kopeerisin teise linuxi installatsiooni /usr/src/linux/.config faili Gentoo /usr/src/linux/.config asemele ja andsin käsu "make && make modules_install" Seepeale küsiti kas tahan ip_conntracki ja muid netfiltri omadusi. Peale rebooti olid vajalikud moodulid kõik olemas.
Ühesõnaga make menuconfig ei salvesta .config faili vajalike optioneid. Kui ma salvestan make menuconfiguga konf faili siis seal on kõik vajalik olemas aga .config failis mitte. Nüüd oli ka kernel mitu mega väiksem kui enne ilmselt ma siis enne kasutasin vaikimisi asetustega kernelit rõõmsalt.......
Huvitav oleks teada kas selline imelik lugu juhtus ainult minul või on teisigi "optimeeritud" kerneli kasutajaid.
Üldiselt mulle Gentoo meeldib, kindlasti parim distro mida olen kasutanud ja dokumentatsioon on ka tasemel. Peaaegu nagu FreeBSD
|
|
|
|
_________________ "Thinking is the hardest work there is, which is probably the reason why so few engage in it" - Henry Ford
|
|
|
|
illukas
Vana Pingviin
Vanus: 44
Liitunud: 24.10.2006
Postitused: 2036
|
|
|
|
|