ebtables网络防火墙说明文档
一、所需软件列表及下载地址
序号 | 软件名称 | 下载地址 | 作用 |
1 | Redhat linux advance server 3.0 | ||
2 | 桥接内核补丁:ebtables-brnf-5_vs_2.4. | ebtables.sourceforge/download.html | bridge的作用就是让两块网卡变成一个桥设备,让两端的网络端口完全透明地转发packets,而让iptables起到blocking的作用。下载地址为 |
3 | bridge-utils-0.9. | bridge.sourceforge | 桥接管理工具与命令 |
4 | Squid | 代理服务器 | |
5 | Apache 2.0.48 | Web服务器 | |
6 | Php 4.3.4 | www.php | Php解释语言 |
7 | linux-2.4. | 李胜基资料最新内核 | |
二、安装redhat linux
格式均采用ext3格式
三、编译内核
1. 将内核解压缩
将linux-2.4.25 ,copy 到 /usr/src目录,执行
tar xzvf linux-2.4.25
2. ln –s linux2.4.25 linux
3..设置连接文件
cd /usr/include
rm -r asm linux scsi
ln -s /usr/src/linux/include/asm-i386 asm
ln -s /usr/src/linux/include/linux linux
ln -s /usr/src/linux/include/scsi scsi
4、给内核打补丁
将ebtables-brnf-5_vs_2.4. copy到/usr/src/linux目录,执行
cd /usr/src/linux
gzip –d ebtables-brnf-5_vs_2.4.
patch –p1 < ebtables-brnf-5_vs_2.4.25.diff
# Networking options
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_ECN=y
CONFIG_SYN_COOKIES=y
#
# IP: Netfilter Configuration
#
since的用法CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
马伊俐的老公CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_PHYSDEV is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
五险一金要交多少年才能用CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
身份证丢失如何挂失CONFIG_IP_NF_ARP_MANGLE=y
# Appletalk devices
#
# CONFIG_DEV_APPLETALK is not set
# CONFIG_DECNET is not set
CONFIG_BRIDGE=y
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_T_FILTER=m
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_LOG=m
CONFIG_BRIDGE_EBT_IPF=y
CONFIG_BRIDGE_EBT_ARPF=m
CONFIG_BRIDGE_EBT_AMONG=m
CONFIG_BRIDGE_EBT_LIMIT=m
CONFIG_BRIDGE_EBT_VLANF=m
CONFIG_BRIDGE_EBT_802_3=m
CONFIG_BRIDGE_EBT_PKTTYPE=m
CONFIG_BRIDGE_EBT_STP=m
CONFIG_BRIDGE_EBT_MARKF=m
CONFIG_BRIDGE_EBT_ARPREPLY=m高铁乘务员要求
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_REDIRECT=m
CONFIG_BRIDGE_EBT_MARK_T=m
主要是要注意选择block device的RAM disk 支持和network里的ipfilter支持,brige桥接支持,ebtable 的ip filter 相应的scsi卡驱动、网卡驱动、ext2 ext3 /proc /dev/pty等
6、编译内核
make dep
make clean
make bzImage
make modules
make modules_install
depmod -a
cp /usr/src/linux/System.map /boot/System.map-2.4.25
cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
7、编辑启动选项
cd /boot
rm –f /boot/System.map
ln –s System.map-2.4.25 System.map
编辑 /boot/grub/menu.lst,增加新的内核选项
default=2
timeout=10
splashimage=(hd0,0)/grub/
title Red Hat Enterprise Linux AS (2.4.21-4.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.4.21-4.ELsmp ro root=LABEL=/
initrd /initrd-2.4.21-4.ELsmp.img
title Red Hat Enterprise Linux AS-up (2.4.21-4.EL)
root (hd0,0)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/
发布评论