| View previous topic :: View next topic |
| Author |
Message |
mastergara
n00b
Joined: 07 Apr 2003
Posts: 27
|
 Posted: Sun Apr 01, 2007 10:35 pm Post subject: Things I have learned from upgrading my gateway |
 |
|
Things I have learned:
*Upgrading to allow for wireless can be a real pain in the arse. Make sure you know all the netfilter/iptables settings you need. That being said, here is what I found worked for me:
| Code: | #
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NETFILTER_XTABLES=y
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATE=y
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CONNTRACK_NETLINK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=y
# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
# CONFIG_IP_NF_TARGET_TOS is not set
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
|
*when using a serial console to manage a device, make sure the proper kernel settings are in place
*in /etc/conf.d/net, ifconfig_$if is depricated. use config_$if. For that matter, why does it not tell you what option is depricated? That is like having a single error light that could indicate a number of things...
*some functionality must be built into the kernel, even if it says you can load it as a module. (802.1d bridging, for instance)
*backing up the contents of /etc is a _VERY_ good idea right before you make a change. Even if it is seemingly small, it can torch your work. I was glad I did so right before I compiled bridging support into the kernel. After a reboot, when I attempted to bring up net.ath0, the kernel would panic, and my serial console connection would flip out.
There will be inevitably more things I need to change as I go. Figured it would be useful to have some memory of what I battled with to get this upgraded. To think this all started from me wanting to change this to a Wireless Access Point to remove the bloody WGR614.
Good luck to all!  |
|
| Back to top |
|
 |
widan
Veteran
Joined: 07 Jun 2005
Posts: 1512
Location: Paris, France
|
| Posted: Sun Apr 01, 2007 11:37 pm Post subject: Re: Things I have learned from upgrading my gateway |
|
|
| mastergara wrote: | | *some functionality must be built into the kernel, even if it says you can load it as a module. (802.1d bridging, for instance) |
Actually it can be loaded as a module, but it needs hooks in the network stack. If you have a kernel built without it enabled, and then build only the module later (without rebuilding the kernel itself) the network stack in the kernel won't have the hooks (as those are conditionnaly enabled) and it will have missing symbols usually. You need to also build and install the kernel (but you can still select the option as a module) so the hooks are present. Then module loading will work.
Other modules that work that way are the netfilter core, IPv6 or IPSec support, ... Basically anything that needs to change the behavior of the network stack. |
|
| Back to top |
|
|
mastergara
n00b
Joined: 07 Apr 2003
Posts: 27
|
| Posted: Tue Apr 03, 2007 7:47 pm Post subject: |
|
|
Hmmn.... I guess I have had a misunderstanding of how the modules work all these years then. 
Is this specific to the networking stack of it all, or are there other cases where when you suddenly need the functionality, you can just compile the module(s)?
Danke for the info! |
|
| Back to top |
|
|
widan
Veteran
Joined: 07 Jun 2005
Posts: 1512
Location: Paris, France
|
| Posted: Tue Apr 03, 2007 8:49 pm Post subject: |
|
|
| mastergara wrote: | | Is this specific to the networking stack of it all, or are there other cases where when you suddenly need the functionality, you can just compile the module(s)? |
I think most of the weird cases are related to networking features (maybe others exist, but I don't know them). Most modules can be built separately, there are only a few exceptions (wireless extensions is one I forgot in my list, it needs additional ioctls that must be handled by networking core). |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
