|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Bridging Firewall with traffic-shaping
From: Philippe Vogel (filiaap
freenet.de)
Date: Mon Apr 05 2004 - 03:23:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Patching/recompiling SuSEs kernels is a mess, I gave up after a few
> hours and took debian stable. The box is rock solid and a fine
> firewalling, shaping and accounting bridge.
Thought I was just slow..nice to know some other people find
patching/recompiling SuSE kernels as problematic as I have. Usually anything
that requires this means I download a stock kernel from kernel.org and patch
rather than attempt the SuSE kernels.
There are several patches already done, but it's still a 2.4.x kernel (type
"uname -a <Enter>" in the console to get the version).
SuSE 9.0: kernel 2.4.21
1) Download SuSE kernel from ftp.suse.com or a mirror
2) make cloneconfig
3) make dep
Now you have preconfigured kernelsources.
4) download bridge-utils:
http://bridge.sourceforge.net/bridge-utils/bridge-utils-0.9.6.tar.gz
5) download latest iptables from
http://www.netfilter.org/files/iptables-1.2.9.tar.bz2 + patch-o-matic
patches & apply them (patch -p0 < PATCH-FILE)
6) download the ebtables-patch for bridge-firewalling, for SuSE 9.0 it's:
http://prdownloads.sourceforge.net/ebtables/ebtables-brnf-3_vs_2.4.21.diff.gz?download
7) unpack everything (gunzip/bunzip/tar)
8) copy the patches one directory below the sources and patch iptables,
patch the kernel:
patch -p0 < PATCH-FILE
9) ./configure && make && make install
10) test your software with insmod <kernelmodule> and then after full you
know it is working start it via init.rd (edit /etc/sysconfig/kernel and
insert into that line your module + parameters: INITRD_MODULES="aic7xxx jbd
ext3") or modules.conf.
> Patching/recompiling SuSEs kernels is a mess, I gave up after a few
> hours and took debian stable.
If you use debian, you know what to do :-)
The most common problem is, that SuSE uses lkm kernel with it's own config
and some patches already applied.
You can only use the sources after a "make cloneconfig && make dep" in
/usr/src/linux or use your own kernel and use the SuSE-Makefile instead
(make a backup of the original one).
Then "make cloneconfig", fill out missing fields (it's always the best
choice to choose the missing stuff as loadable module), then copy the
original Makefile back again (now apply your desired patches ...) and then
make dep bzImage lilo ... or whatever you need. After that you need newer
modutils [...].
Otherwise your SuSE box will not work anymore.
Yes it's hard, but it will work, because linux is linux is linux (not
depending, on what stands on the cd's), because all that code has been
builded from scratch.
Philippe
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]