[plug] masq kernel

Sun Dec 14 13:59:31 WST 2003

On Sun, Dec 14, 2003 at 11:42:06AM +0800, smclevie wrote:

| but nothing like ..
| 
| 	ip_masquerade

That's normal.   It hasn't officially been called IP masquerading since
the 2.0.x kernel, I believe.

| SO! I have not selected some important items in the latest kernel-build 
| attempt... (I assume)

Posting the relevant snippet of your kernel config would perhaps be more
useful.  It can often be found in a file in /boot, e.g. on my gateway at
home, /boot/config-2.4.21-cjp-euclid-2.  If you want to have firewalling
and/or masquerading, the important option is:

CONFIG_NETFILTER=y

and then a whole bunch of CONFIG_IP_NF_* options which may or may not be
needed, depending on your configuration.  In my case, I compiled the
whole lot as modules "just in case"; the ones which are actually loaded
are:

ipt_limit                856  13  (autoclean)
ipt_state                568   3  (autoclean)
iptable_filter          1644   1  (autoclean)
ip_nat_irc              2288   0  (unused)
ip_conntrack_irc        2928   1 
ip_nat_ftp              2928   0  (unused)
ip_conntrack_ftp        3856   1 
ipt_LOG                 3320  13 
ipt_MASQUERADE          1368   1 
iptable_nat            15758   3  [ip_nat_irc ip_nat_ftp ipt_MASQUERADE]
ip_conntrack           17476   4  [ipt_state ip_nat_irc ip_conntrack_irc ip_nat_ftp ip_conntrack_ftp ipt_MASQUERADE iptable_nat]
ipt_REJECT              3192   1
ip_tables              11552   9  [ipt_limit ipt_state iptable_filter ipt_LOG ipt_MASQUERADE iptable_nat ipt_REJECT]

Hopefully it should be possible to match those against kernel build
options fairly simply (e.g. ipt_MASQUERADE => CONFIG_IP_NF_TARGET_MASQUERADE).

Cheers,

Cameron.