Hi, I am going to be using shorewall 2.0.1 on a gentoo box as a firewall/ids/nat/squid (caching only) gateway for my network. It is a dedicated box and I want to have the kernel configured correctly for this. I am using kernel source 2.6.7-r5 (gentoo-dev-sources) and was wondering if there is a guide to which kernel options I should install for shorewall. Could you point me to an info source for this? Also, is there a shorewall irc channel? Thank you, -- Justin Paulsen IT Coordinator Frederic School District (715) 327-4223 paulsenj@frederic.k12.wi.us "The world is open. Are you?"
Justin Paulsen wrote:> Hi, > > I am going to be using shorewall 2.0.1 on a gentoo box as a > firewall/ids/nat/squid (caching only) gateway for my network. It is a > dedicated box and I want to have the kernel configured correctly for > this. I am using kernel source 2.6.7-r5 (gentoo-dev-sources) and was > wondering if there is a guide to which kernel options I should install > for shorewall. > > Could you point me to an info source for this? >The latest information is at http://www.shorewall.net/kernel.htm -- it is relative to the 2.4 kernel but there aren''t many differences between 2.4 and 2.6 (other than the fact that networking now falls under the drivers top level menu).> Also, is there a shorewall irc channel?No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net>> > Also, is there a shorewall irc channel? > > No.Ahhhhh... Well, this is what I''m asking Santa for Christmas this year. ;) Joshua Banks
Alright I have followed that guide and just have a few more questions on individual options. The following were not found as options: # Net Options Socket Filtering IP: TCP Explicit Congestion Notification support # Netfilter config Unclean match support These options were not listed under the example kernel, do I need any of them? # Netfilter config IP range match support recent match support NETMAP target support same target support classify target support ARP payload mangling NOTRACK target support raw table support I am using kernel 2.6.7-r5 Thanks, -- Justin Paulsen IT Coordinator Frederic School District (715) 327-4223 paulsenj@frederic.k12.wi.us "The world is open. Are you?"
Justin Paulsen wrote:> Alright I have followed that guide and just have a few more questions on > individual options. > > The following were not found as options: > # Net Options > Socket Filtering > IP: TCP Explicit Congestion Notification supportThose are standard features in 2.6.> > # Netfilter config > Unclean match supportThat was a bad idea that was removed in 2.6.> > These options were not listed under the example kernel, do I need any of > them? > # Netfilter config > IP range match support > recent match support > NETMAP target supportYou need that one if you want to use Shorewall''s network mapping feature.> same target support > classify target support > ARP payload mangling > NOTRACK target support > raw table support-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net