RE: [suse-security] Bridging Firewall with traffic-shaping
-----Original Message----- From: Backhausen, Sven [mailto:sbackhausen@ntcg.de] Sent: 05 April 2004 09:30 To: suse-security@suse.com Subject: Re: [suse-security] Bridging Firewall with traffic-shaping <snip> Patching/recompiling SuSEs kernels is a mess, I gave up after a few hours and took debian stable. The box is rock solid and a fine firewalling, shaping and accounting bridge.
Thought I was just slow..nice to know some other people find patching/recompiling SuSE kernels as problematic as I have. Usually anything that requires this means I download a stock kernel from kernel.org and patch rather than attempt the SuSE kernels. Noah.
Patching/recompiling SuSEs kernels is a mess, I gave up after a few hours and took debian stable. The box is rock solid and a fine firewalling, shaping and accounting bridge.
Thought I was just slow..nice to know some other people find patching/recompiling SuSE kernels as problematic as I have. Usually anything that requires this means I download a stock kernel from kernel.org and patch rather than attempt the SuSE kernels. There are several patches already done, but it's still a 2.4.x kernel (type "uname -a <Enter>" in the console to get the version). SuSE 9.0: kernel 2.4.21 1) Download SuSE kernel from ftp.suse.com or a mirror 2) make cloneconfig 3) make dep Now you have preconfigured kernelsources. 4) download bridge-utils: http://bridge.sourceforge.net/bridge-utils/bridge-utils-0.9.6.tar.gz 5) download latest iptables from http://www.netfilter.org/files/iptables-1.2.9.tar.bz2 + patch-o-matic patches & apply them (patch -p0 < PATCH-FILE) 6) download the ebtables-patch for bridge-firewalling, for SuSE 9.0 it's: http://prdownloads.sourceforge.net/ebtables/ebtables-brnf-3_vs_2.4.21.diff.g... 7) unpack everything (gunzip/bunzip/tar) 8) copy the patches one directory below the sources and patch iptables, patch the kernel: patch -p0 < PATCH-FILE 9) ./configure && make && make install 10) test your software with insmod <kernelmodule> and then after full you know it is working start it via init.rd (edit /etc/sysconfig/kernel and insert into that line your module + parameters: INITRD_MODULES="aic7xxx jbd ext3") or modules.conf.
Patching/recompiling SuSEs kernels is a mess, I gave up after a few hours and took debian stable.
If you use debian, you know what to do :-) The most common problem is, that SuSE uses lkm kernel with it's own config and some patches already applied. You can only use the sources after a "make cloneconfig && make dep" in /usr/src/linux or use your own kernel and use the SuSE-Makefile instead (make a backup of the original one). Then "make cloneconfig", fill out missing fields (it's always the best choice to choose the missing stuff as loadable module), then copy the original Makefile back again (now apply your desired patches ...) and then make dep bzImage lilo ... or whatever you need. After that you need newer modutils [...]. Otherwise your SuSE box will not work anymore. Yes it's hard, but it will work, because linux is linux is linux (not depending, on what stands on the cd's), because all that code has been builded from scratch. Philippe
participants (2)
-
Philippe Vogel
-
sematin@mtn.co.ug