Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > by-pkgid > 965e33040dd61030a94f0eb89877aee8 > files > 3229

howto-html-en-20080722-2mdv2010.1.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Preparation</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux IPv6 HOWTO (en)"
HREF="index.html"><LINK
REL="UP"
TITLE="Firewalling"
HREF="chapter-firewalling-security.html"><LINK
REL="PREVIOUS"
TITLE="Firewalling using netfilter6 "
HREF="firewalling-netfilter6..html"><LINK
REL="NEXT"
TITLE="Usage"
HREF="x2181.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux IPv6 HOWTO (en)</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="firewalling-netfilter6..html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 17. Firewalling</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x2181.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN2103"
></A
>17.2. Preparation</H1
><P
>This step is only needed if distributed kernel and netfilter doesn't fit your requirements and new features are available but still not built-in.</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2106"
></A
>17.2.1. Get sources</H2
><P
>Get the latest kernel source: <A
HREF="http://www.kernel.org/"
TARGET="_top"
>http://www.kernel.org/</A
></P
><P
>Get the latest iptables package: </P
><P
></P
><UL
><LI
><P
>Source tarball (for kernel patches): <A
HREF="http://www.netfilter.org/"
TARGET="_top"
>http://www.netfilter.org/</A
></P
></LI
></UL
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2115"
></A
>17.2.2. Extract sources</H2
><P
>Change to source directory: </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># cd /path/to/src </PRE
></FONT
></TD
></TR
></TABLE
><P
>Unpack and rename kernel sources </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># tar z|jxf kernel-version.tar.gz|bz2 
# mv linux linux-version-iptables-version+IPv6 </PRE
></FONT
></TD
></TR
></TABLE
><P
>Unpack iptables sources </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># tar z|jxf iptables-version.tar.gz|bz2 </PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2123"
></A
>17.2.3. Apply latest iptables/IPv6-related patches to kernel source</H2
><P
>Change to iptables directory </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># cd iptables-version </PRE
></FONT
></TD
></TR
></TABLE
><P
>Apply pending patches </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-version/ </PRE
></FONT
></TD
></TR
></TABLE
><P
>Apply additional IPv6 related patches (still not in the vanilla kernel included) </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-version/ </PRE
></FONT
></TD
></TR
></TABLE
><P
>Say yes at following options (iptables-1.2.2) </P
><P
></P
><UL
><LI
><P
>ah-esp.patch </P
></LI
><LI
><P
>masq-dynaddr.patch (only needed for systems with dynamic IP assigned WAN connections like PPP or PPPoE) </P
></LI
><LI
><P
>ipv6-agr.patch.ipv6 </P
></LI
><LI
><P
>ipv6-ports.patch.ipv6 </P
></LI
><LI
><P
>LOG.patch.ipv6 </P
></LI
><LI
><P
>REJECT.patch.ipv6 </P
></LI
></UL
><P
>Check IPv6 extensions </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># make print-extensions 
Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2147"
></A
>17.2.4. Configure, build and install new kernel</H2
><P
>Change to kernel sources </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># cd /path/to/src/linux-version-iptables-version/ </PRE
></FONT
></TD
></TR
></TABLE
><P
>Edit Makefile </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>- EXTRAVERSION = 
+ EXTRAVERSION = -iptables-version+IPv6-try </PRE
></FONT
></TD
></TR
></TABLE
><P
>Run configure, enable IPv6 related </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>            Code maturity level options 
                  Prompt for development and/or incomplete code/drivers : yes 
            Networking options 
                  Network packet filtering: yes 
                  The IPv6 protocol: module 
                       IPv6: Netfilter Configuration 
                             IP6 tables support: module 
                             All new options like following: 
                                   limit match support: module 
                                   MAC address match support: module 
                                   Multiple port match support: module 
                                   Owner match support: module 
                                   netfilter MARK match support: module 
                                   Aggregated address check: module 
                                   Packet filtering: module 
                                        REJECT target support: module 
                                        LOG target support: module 
                                   Packet mangling: module 
                                   MARK target support: module </PRE
></FONT
></TD
></TR
></TABLE
><P
>Configure other related to your system, too </P
><P
>Compilation and installing: see the kernel section here and other HOWTOs </P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN2157"
></A
>17.2.5. Rebuild and install binaries of iptables</H2
><P
>Make sure, that upper kernel source tree is also available at /usr/src/linux/ </P
><P
>Rename older directory </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># mv /usr/src/linux /usr/src/linux.old </PRE
></FONT
></TD
></TR
></TABLE
><P
>Create a new softlink </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># ln -s /path/to/src/linux-version-iptables-version /usr/src/linux </PRE
></FONT
></TD
></TR
></TABLE
><P
>Rebuild SRPMS </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm </PRE
></FONT
></TD
></TR
></TABLE
><P
>Install new iptables packages (iptables + iptables-ipv6) </P
><P
></P
><UL
><LI
><P
>On RH 7.1 systems, normally, already an older version is installed, therefore use "freshen" </P
></LI
></UL
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm </PRE
></FONT
></TD
></TR
></TABLE
><P
></P
><UL
><LI
><P
>If not already installed, use "install" </P
></LI
></UL
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm </PRE
></FONT
></TD
></TR
></TABLE
><P
></P
><UL
><LI
><P
>On RH 6.2 systems, normally, no kernel 2.4.x is installed, therefore the requirements don't fit. Use "--nodeps" to install it </P
></LI
></UL
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># rpm -ihv --nodeps /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm </PRE
></FONT
></TD
></TR
></TABLE
><P
>Perhaps it's necessary to create a softlink for iptables libraries where iptables looks for them </P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
># ln -s /lib/iptables/ /usr/lib/iptables </PRE
></FONT
></TD
></TR
></TABLE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="firewalling-netfilter6..html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x2181.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Firewalling using netfilter6</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="chapter-firewalling-security.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Usage</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional