 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 6 Apr 2006 15:51:31 -0500 |
| Content-Type: | TEXT/PLAIN |
| Parts/Attachments: |
|
|
On Thu, 6 Apr 2006, Angel Tsankov wrote:
> >> >> >> > How can I setup an SL 4.2 to write 1 to /proc/sys/net/ipv4/ip_forward instead of 0 at boot time?
> >> >> >>
> >> >> >> It turns out that I need to apply patch-o-matic to the kernel source and recompile.
> >> >> >> Where can I find SL sources?
> >> >> >>
> >> >> >
> >> >> > I do not think you need to do patch-o-matic to do ip_forward. If you need
> >> >> > the kernel sources they are at
> >> >> >
> >> >> > ftp://ftp.scientificlinux.org/linux/scientific/4.x/SRPMS/vendor/errata/
> >> >>
> >> >> In fact, the URL is
> >> >>
> >> >> ftp://ftp.scientificlinux.org/linux/scientific/42/SRPMS/vendor/errata/
> >> >>
> >> >> I downloaded the kernel sources and I'm going to patch and recompile them to fix the bug with "iptables -t mangle -j TTL"
> >> >> producing
> >> >> "No chain/target/match by that name".
> >> >
> >> > What are you expecting to change?
> >>
> >> Well, this is what I get:
> >>
> >> [root@VM2 ~]# iptables -t mangle -A POSTROUTING -j TTL --ttl-set 1
> >> iptables: No chain/target/match by that name
> >> [root@VM2 ~]#
> >>
> >> Do you think this is what I should get?
> >>
> >
> > Did you check to see if the ttl kernel module is loaded with lsmod?
> > If it is not there then you need to load it. You can just test it with
> >
> > modprobe /lib/modules/2.6.9-34.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
> >
> > Substitute 2.6.9-34.EL with your kernel version.
> >
> > If that works then put it in
> >
> > /etc/sysconfig/iptables-config
>
> First I did this:
>
> [root@VM2 sysconfig]# modprobe /lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
> FATAL: Module /lib/modules/2.6.9_22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko not found.
This implied that the file did not exist.
Try modprobe ipt_ttl
-Connie
> [root@VM2 sysconfig]#
>
> Then I put "/lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko" in the iptables-config file:
>
> [root@VM2 sysconfig]# cat iptables-config
> # Load additional iptables modules (nat helpers)
> # Default: -none-
> # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
> # are loaded after the firewall rules are applied. Options for the helpers are
> # stored in /etc/modules.conf.
> IPTABLES_MODULES="/lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko"
>
> # Unload modules on restart and stop
> # Value: yes|no, default: yes
> # This option has to be 'yes' to get to a sane state for a firewall
> # restart or stop. Only set to 'no' if there are problems unloading netfilter
> # modules.
> IPTABLES_MODULES_UNLOAD="yes"
>
> # Save current firewall rules on stop.
> # Value: yes|no, default: no
> # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
> # (e.g. on system shutdown).
> IPTABLES_SAVE_ON_STOP="no"
>
> # Save current firewall rules on restart.
> # Value: yes|no, default: no
> # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
> # restarted.
> IPTABLES_SAVE_ON_RESTART="no"
>
> # Save (and restore) rule and chain counter.
> # Value: yes|no, default: no
> # Save counters for rules and chains to /etc/sysconfig/iptables if
> # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
> # SAVE_ON_RESTART is enabled.
> IPTABLES_SAVE_COUNTER="no"
>
> # Numeric status output
> # Value: yes|no, default: yes
> # Print IP addresses and port numbers in numeric format in the status output.
> IPTABLES_STATUS_NUMERIC="yes"
>
> Then, I restarted iptables and got this:
>
> [root@VM2 sysconfig]# service iptables restart
> Flushing firewall rules: [ OK ]
> Setting chains to policy ACCEPT: filter nat [ OK ]
> Unloading iptables modules: [ OK ]
> Applying iptables firewall rules: [ OK ]
> Loading additional iptables modules: /lib/modules/2.6.9-22.0.1.EL/kernel/net/ipv4/netfilter/ipt_ttl.ko
> [FAILED]
> [root@VM2 sysconfig]#
>
> It seems that the ipt_ttl module does noe load, right?
>
>
|
|
|
