|
|
VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.
Vupros |
Ot: Mitko |
Data: 08/07/2002 |
Privet!
Iskam da kompiliram netfiltur modulite kato "tvurdi
programi" i da ne se zarezhdat vseki put pri startirane.
CHetoh, che stava po sledniia nachin:
make NO_SHARED_LIBS=1 LIBDIR=/lib/modules
A ako iskam primerno da si obnovia modulite bi triabvalo da
stane:
make most-of-pom KERNEL_DIR=/usr/src/linux
LIBDIR=/lib/modules NO_SHARED_LIBS=1
Molia za suvet.
Blagodaria predvaritelno.
|
Otgovor #1 |
Ot: zh |
Data: 08/07/2002 |
Netfilter modules sa KERNEL modules i niamat nisto obsto s
shared libs.
Za da sa chast ot kernel, a ne modules pri config na
kernel za suotvetnite opcii triabva da e:
...=y, a ne ...=m (modules)
|
Otgovor #2 |
Ot: Mitko |
Data: 08/08/2002 |
Po vuprosa za modulite sum naiasno, g-n ZHekov.
Probval sum da kompiliram netfiltur koda v iadroto po
standartniia nachin sus slednite nastroiki:
#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_NETLINK_DEV=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_SYN_COOKIES=y
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y<< tuk veroiatno e klyuchut ot zadachata
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_QUOTA=y
CONFIG_IP_NF_POOL=y
CONFIG_IP_POOL_STATISTICS=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_MPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RANDOM=y
CONFIG_IP_NF_MATCH_PSD=y
CONFIG_IP_NF_MATCH_NTH=y
CONFIG_IP_NF_MATCH_IPV4OPTIONS=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_IPLIMIT=m
CONFIG_IP_NF_MATCH_CONNTRACKy
CONFIG_IP_NF_MATCH_UNCLEAN=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_NETLINK=y
CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=y
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
Loshoto e, che posle insmod se oplakva, che ne mozhe da
initsializira iptables.o.
T.e triabva da se "izluzhe", che iptables.o e modul, a v
sushtnost da ne e.
Dokolkoto znam ot dokumentatsiiata tova stava s make
NO_SHARED_LIBS=1 i iavno, triabva da probvam s drugite optsii.
Blagodaria.
|
Otgovor #3 |
Ot: Sudo |
Data: 08/08/2002 |
Kum Otgovor#2: Ami izkomentirai go tova modprobe(insmod)
iptables. Sled kato ti e v kernela, kak ochakvash i da e na
modul ???
Aide sus zdrave
|
Otgovor #4 |
Ot: zh |
Data: 08/09/2002 |
Moze bi vmesto komentirane e po-dobre insmod da se
zameni s modprobe.
|
Otgovor #5 |
Ot: Mitko |
Data: 08/09/2002 |
Az ochakvax netfiltur da si prochete pravilata pri startirane
/etc/sysconfig/iptables, ala ot startovite suoshteniia
nablyudavam, che iadroto otkazva da prilozhi pravilata bez
iptables da e modul.
Kato davax /sbin/iptables -L :
cannot initialize table filter. Do you need to insmod?
Perhaps your iptables or your kernel needs to be upgraded.
Sega karam Mandreik modulno, ala se izkushavam da opitam
vurhu edin Slak 8.1 zaedno s krupkite ot grsecurity i dav
vidia kakvo shte stane.
Blagodaria za vnimanieto
|
Otgovor #6 |
Ot: zh |
Data: 08/10/2002 |
Ne zham dali si opitval da tursis sys soubstenieto za
greshka w google. Az opitah i namerih dosta links
(daze kum LUG-BG arhives). V obsti linii kazvat che
imash startiran ipchains i zatova ne mozesh da startirash
iptables. Eto tuka edin citat:
>> On 2001.09.22 20:28 Warren Togami wrote:
>>> Your ipchains kernel module is probably still loaded.
ipchains and
>>> iptables
>>> cannot co-exist.
>>>
>>> Try this
>>> rmmod
>>> modprobe ip_tables
>>> Then run the rc.firewall-xxxxxx script.
>>>
>>> Make sure you disable automatic start of the "ipchains"
>> service. Go into
>>> "setup" and uncheck ipchains and firewall. Check
activate "iptables"
>>> even
>>> though Red Hat's rules are empty, because that should
automatically
> load
>>> the
>>> ip_tables kernel module at boot-time before it runs
your
>> rc.firewall-xxxx
>>> script at the bottom of your rc.local script.
>>>
|
Otgovor #7 |
Ot: Mitko |
Data: 08/11/2002 |
Znachi go karam iztsyalo na iptables bez nikakvi ipchains
moduli.
Shte ostavya izsledaneto za po natatak, poneze sega ucha za
darzaven izpit.
Blagodaya mnogo za otdelenoto vreme.
|
Otgovor #8 |
Ot: z\z |
Data: 11/21/2005 |
a be hora normalni li ste da kompilirate wsichko static
moduli rullz :")
|
<< MB ECS K7S5A (0
) | Nemoga da si mount-na NTFS partition (4
) >>
|
|
|
|
|