From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-71607-garchives=archives.gentoo.org@gentoo.org>)
	id 1Irpnl-0004X4-Rs
	for garchives@archives.gentoo.org; Tue, 13 Nov 2007 07:03:14 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.2/8.14.0) with SMTP id lAD71ufD013143;
	Tue, 13 Nov 2007 07:01:56 GMT
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.231])
	by robin.gentoo.org (8.14.2/8.14.0) with ESMTP id lAD6ts9Q003891
	for <gentoo-user@lists.gentoo.org>; Tue, 13 Nov 2007 06:55:55 GMT
Received: by wr-out-0506.google.com with SMTP id 36so874116wra
        for <gentoo-user@lists.gentoo.org>; Mon, 12 Nov 2007 22:55:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        bh=VW6kw+7W4BIrqUVd7r85+EKyqy6+ZAr4iRExpw+7kVA=;
        b=Nuplsf6E0ILtUoXVUPRbnw7M/FVTdHK2w3+7uLgGEqaZPKj3Z5qDelX3qz7Sr+LR1qlr7wfRCQs7P3s0shysBG4SQ2+h6dIm7YiQx0PTE2vxu16Hvesj33eY7YSKgHZ5c+DdBUNdpOKuWVTr7xgOI5x+xVC0Dl8+3M1LWrY58Dc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=Go/fuKBcjczd0NxTfd8iQISEJXCjnXlmoba9Zz1ftTd316PcSFmikFiQA7qRjFq7NNnpI+KHn11VcZgK990pQIidasfttmcszIyTD8cFK/510+YjR89MuMBJlT8HdIu5ctdLgkjKqymDMo6Z6QINss34DP3BmGTobQYIZBn5dfQ=
Received: by 10.150.148.7 with SMTP id v7mr1062175ybd.1194936954288;
        Mon, 12 Nov 2007 22:55:54 -0800 (PST)
Received: by 10.150.124.9 with HTTP; Mon, 12 Nov 2007 22:55:54 -0800 (PST)
Message-ID: <5cd1cd690711122255l2efb6726o620d9b90e461c4e3@mail.gmail.com>
Date: Mon, 12 Nov 2007 22:55:54 -0800
From: "Bryan Whitehead" <driver@megahappy.net>
Sender: sdrivers@gmail.com
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OT - Need help enabling iptables support in kernel
In-Reply-To: <20071113043558.GB25413@waltdnes.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1194699222.17198.8.camel@camille.espersunited.com>
	 <4735b4d5.12975e0a.1b41.ffff858b@mx.google.com>
	 <1194713632.17198.10.camel@camille.espersunited.com>
	 <20071113043558.GB25413@waltdnes.org>
X-Google-Sender-Auth: 5ae5dd4780cb5be8
X-Archives-Salt: 2a9d99d8-c1b2-4399-be25-0c7c289548f1
X-Archives-Hash: 5ae1a5891bef17d5cdcad454f2a1384a

I don't see what the big deal is - you are choosing to do everything
manually by running gentoo and compiling your own kernel. If you don't
like having to learn things like this why not use Ubuntu or Fedora?

On Nov 12, 2007 8:35 PM, Walter Dnes <waltdnes@waltdnes.org> wrote:
> On Sat, Nov 10, 2007 at 10:53:52AM -0600, Michael Sullivan wrote
> > On Sat, 2007-11-10 at 15:40 +0200, Daniel Iliev wrote:
> > >
> > > I believe your problem comes from:
> > >
> > >  # CONFIG_IP_NF_CONNTRACK_SUPPORT is not set
> > >
> > > Build this module and try again.
> > >
> > This option isn't even available in my config.  Should I add it?  Will
> > it work with the kernel I'm running (2.6.22-hardened-r8)
>
>   I'm beginning to long for the good ole days of ipchains.  Is it still
> maintained?  iptables has been scattered all over hell's-half-acre, and
> you need to run around enabling things all over the place to make it
> work.  Here are some things enabled in my setup via "make menuconfig".
> Note that this is just for filtering out the bad guys.  I do not do any
> masq/nat/mangling/etc with iptables.  *IMPORTANT NOTE* you *MUST* enable
> the item...  "IPv4 connection tracking support (required for NAT)" in
> order for state matching to work.  I found this out "the hard way".
>
> Networking  --->
> [*] Networking support
>       Networking options  --->
>       [*] Network packet filtering framework (Netfilter)  --->
>             Core Netfilter Configuration  --->
>             <*> Netfilter connection tracking support
>             --- Netfilter Xtables support (required for ip_tables)
>                 <*>   "CLASSIFY" target support
>                 <*>   "MARK" target support
>                 <*>   "NFQUEUE" target Support
>                 < >   "NFLOG" target support
>                 < >   "TCPMSS" target support
>                 <*>   "comment" match support
>                 < >   "connbytes" per-connection counter match support
>                 < >   "connmark" connection mark match support
>                 < >   "conntrack" connection tracking match support
>                 <*>   "DCCP" protocol match support
>                 < >   "DSCP" match support
>                 < >   "ESP" match support
>                 < >   "helper" match support
>                 <*>   "length" match support
>                 <*>   "limit" match support
>                 <*>   "mac" address match support
>                 <*>   "mark" match support
>                 <*>   Multiple port match support
>                 <*>   "pkttype" packet type match support
>                 < >   "quota" match support
>                 <*>   "realm" match support
>                 <*>   "sctp" protocol match support (EXPERIMENTAL)
>                 <*>   "state" match support
>                 < >   "statistic" match support
>                 <*>   "string" match support
>
>             IP: Netfilter Configuration  --->
>                 <*> IPv4 connection tracking support (required for NAT)
>                 [*]   proc/sysctl compatibility with old connection tracking
>                 < > IP Userspace queueing via NETLINK (OBSOLETE)
>                 <*> IP tables support (required for filtering/masq/NAT)
>                 <*>   IP range match support
>                 <*>   TOS match support
>                 <*>   recent match support
>                 < >   ECN match support
>                 < >   AH match support
>                 <*>   TTL match support
>                 <*>   Owner match support
>                 <*>   address type match support
>                 <*>   Packet filtering
>                 <*>     REJECT target support
>                 <*>   LOG target support
>                 < >   ULOG target support
>                 < >   Full NAT
>                 < >   Packet mangling
>                 < >   raw table support (required for NOTRACK/TRACE)
>                 < > ARP tables support
>
>
>
> --
> Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
> Q. Mr. Ghandi, what do you think of Microsoft security?
> A. I think it would be a good idea.
>
> --
> gentoo-user@gentoo.org mailing list
>
>
-- 
gentoo-user@gentoo.org mailing list