Forum Replies Created

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • in reply to: Should "iptables -L" work with your kernel config? #743
    brianb
    Participant

    I put together a simple website with details about how I built the kernel with iptables/netfilter support. I have also included directions for getting the lan interfaces setup with static IP addresses.

    The kernel Image is not yet available for download, but I hope to have it up soon.

    http://espressobin.exertussoftware.com/index.html

    in reply to: IPTables and "state match support" #742
    brianb
    Participant

    I put together a simple website with details about how I built the kernel with iptables/netfilter support. I have also included directions for getting the lan interfaces setup with static IP addresses.

    Please note that the instructions for building the kernel vary slightly from what I mentioned previously, but it seems to be working. The kernel Image is not yet available for download, but I hope to have it up soon.

    Please let me know if you run into any problems.

    http://espressobin.exertussoftware.com/index.html

    in reply to: IPTables and "state match support" #651
    brianb
    Participant

    @dpreviti

    I’m glad it worked. Assuming I can get the DNS issues sorted out, I hope to have a web page available next week with more details about exactly what I did. I’ll post the URL here when I can.

    in reply to: IPTables and "state match support" #649
    brianb
    Participant

    @dpreviti
    Here are links to the Image and armada-3720-community.dtb files that I built. Hopefully they work for you. I tried putting together a quick web page with details about the build process that I went through, but I’m having DNS issues right now. If I can get them resolved, I’ll post the link here.

    Brian

    armada-3720-community.dtb: https://1drv.ms/u/s!Ai_VNtzdCxZDkzzUub8GssjpULDL
    Image: https://1drv.ms/u/s!Ai_VNtzdCxZDkz38en5TSZsKh913

    in reply to: IPTables and "state match support" #634
    brianb
    Participant

    @dpreviti, any luck getting things to work? If not, I can see about getting you a copy of the compiled kernel that I am using.

    in reply to: IPTables and "state match support" #629
    brianb
    Participant

    Please note that after building the kernel as described above, I was able to install shorewall, configure it, and run “service shorewall start”. I have not, however, had an opportunity to test it thoroughly.

    in reply to: IPTables and "state match support" #628
    brianb
    Participant

    Ok. I finally managed to get shorewall to start. Here are the details of what I did to build the kernel:

    Much of this information was taken from the espressobin wiki
    http://wiki.espressobin.net/tiki-index.php?page=Build+From+Source+-+Kernel
    http://wiki.espressobin.net/tiki-index.php?page=Ubuntu+-+initial+network+configuration

    1. Make a directory for the source code
    sudo mkdir -p kernel/4.4.8
    2. Go to the directory
    cd kernel/4.4.8
    3. Use git to download the source code
    sudo git clone https://github.com/MarvellEmbeddedProcessors/linux-marvell .
    sudo git checkout linux-4.4.8-armada-17.02-espressobin
    4. Downoad the configuration file with “NETFILTER/IPTABLES/NAT features enabled”
    sudo wget -O nat_config http://wiki.espressobin.net/tiki-download_file.php?fileId=86
    5. Set up the necessary environment variables
    export PATH=$PATH:/mnt/usb/toolchain/gcc-linaro-5.2-2015.11-2-x86_64_aarch64-linux-gnu/bin
    export ARCH=arm64
    export CROSS_COMPILE=aarch64-linux-gnu-
    6. Generate the default configuration file
    make mvebu_v8_lsp_defconfig
    7. Backup the configuration file
    mv .config .config.bak
    8. Copy the configuration file downloaded above
    cp nat_config .config
    7. Edit the configuration file, including IP_NF_FILTER
    vim .config

    CONFIG_IP_NF_FILTER=y
    8. Specify additional options using menuconfig. NOTE: all options were compiled in the kernel (*), and modules (M) were not used
    make menuconfig
    > Networking Support
    > Networking Options
    > Network Packet Filtering Framework (Netfilter)
    * Network packet filtering debugging
    * Advanced netfilter configuration
    * Bridged IP/ARP packets filtering
    * IP set support
    * IP virtual server support
    * Ethernet Bridge tables (ebtables) support
    > Core Netfilter Configuration
    Include All Items
    > IP: Netfilter Configuration
    Include All Items
    9. Backup the configuration file
    cp .config nf_config
    10. Build the kernel
    make -j4

    in reply to: IPTables and "state match support" #617
    brianb
    Participant

    Feel free to pass this information along to anyone that might be interested. FYI, I have not had the time or energy to try and identify the minimum set of options that are required. Also, while “shorewall check” works with the options above, shorewall itself will not start. Running “shorewall debug start” seems to point to some missing logging capabilities. If I have the time this weekend, I will see if I can track down the cause of the problem and post an update here.

    in reply to: IPTables and "state match support" #613
    brianb
    Participant

    I am after better luck after doing the following:
    1. Downloading the kernel .config file mentioned on the Ubuntu “initial network configuration page”
    2. Running make menuconfig
    3. Making sure the following items were selected
    > Networking Support
    > Networking Options
    > Network Packet Filtering Framework (Netfilter)
    > Core Netfilter Configuration
    * FTP protocol support
    * PPtP protocol support
    * “TCPMSS” target support
    * “conntrack” connection tracking match support
    * “hashlimit” match support
    * “helper” match support
    * “iprange” address range match support
    * “limit” match support
    * “multiport” Multiple port match support
    * IPsec “policy” match support
    * “pkttype” packet type match support
    * “state” match support
    > IP: Netfilter Configuration
    * REJECT target support NEW
    * NETMAP target support
    * REDIRECT target support
    * Packet mangling
    * raw table support (required for NOTRACK/TRACE)
    4. Running “make -j4” to build the kernel

    in reply to: Should "iptables -L" work with your kernel config? #572
    brianb
    Participant

    I used the instructions on the wiki to build the kernel, but despite using the recommended configuration, the iptables modules do not seem to have been included: http://espressobin.net/forums/topic/iptables-and-state-match-support/

    in reply to: IPTables and "state match support" #528
    brianb
    Participant

    That is consistent with what I am seeing as well. lsmod returns nothing and /proc/modules is empty.

Viewing 11 posts - 1 through 11 (of 11 total)
Signup to our newsletter

Technical specification tables can not be displayed on mobile. Please view on desktop