 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 6 Apr 2006 23:32:45 +0300 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
>> >> >> > How can I setup an SL 4.2 to write 1 to /proc/sys/net/ipv4/ip_forward instead of 0 at boot time?
>> >> >>
>> >> >> It turns out that I need to apply patch-o-matic to the kernel source and recompile.
>> >> >> Where can I find SL sources?
>> >> >>
>> >> >
>> >> > I do not think you need to do patch-o-matic to do ip_forward. If you need
>> >> > the kernel sources they are at
>> >> >
>> >> > ftp://ftp.scientificlinux.org/linux/scientific/4.x/SRPMS/vendor/errata/
>> >>
>> >> In fact, the URL is
>> >>
>> >> ftp://ftp.scientificlinux.org/linux/scientific/42/SRPMS/vendor/errata/
>> >>
>> >> I downloaded the kernel sources and I'm going to patch and recompile them to fix the bug with "iptables -t mangle -j TTL"
>> >> producing
>> >> "No chain/target/match by that name".
>> >
>> > What are you expecting to change?
>>
>> Well, this is what I get:
>>
>> [root@VM2 ~]# iptables -t mangle -A POSTROUTING -j TTL --ttl-set 1
>> iptables: No chain/target/match by that name
>> [root@VM2 ~]#
>>
>> Do you think this is what I should get?
>>
>
> Did you check to see if the ttl kernel module is loaded with lsmod?
> If it is not there then you need to load it. You can just test it with
>
> modprobe /lib/modules/2.6.9-34.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
>
> Substitute 2.6.9-34.EL with your kernel version.
>
> If that works then put it in
>
> /etc/sysconfig/iptables-config
First I did this:
[root@VM2 sysconfig]# modprobe /lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
FATAL: Module /lib/modules/2.6.9_22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko not found.
[root@VM2 sysconfig]#
Then I put "/lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko" in the iptables-config file:
[root@VM2 sysconfig]# cat iptables-config
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modules.conf.
IPTABLES_MODULES="/lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko"
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"
Then, I restarted iptables and got this:
[root@VM2 sysconfig]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: /lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
[FAILED]
[root@VM2 sysconfig]#
It seems that the ipt_ttl module does noe load, right?
|
|
|
