FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-06-2007, 02:02 AM
Neal Becker
 
Default layer7 (l7-filter) compatible with f8 kernel?

Anyone know if the f8 kernel (kernel-2.6.23.8-63) is compatible with
l7-filter-userspace? Doesn't seem to work:

sudo /sbin/modprobe -v ip_conntrack_netlink
insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/ipv4/netfilter/nf_nat.ko
insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/netfilter/nf_conntrack_netlink.ko
[nbecker@nbecker1 l7-filter-userspace-v0.4]$ /usr/bin/l7-filter --help

***WARNING***
The ip_conntrack_netlink module does not appear to be loaded.
Unless you have it compiled into your kernel, please load it
and run l7-filter again.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-06-2007, 06:39 AM
"Tod Merley"
 
Default layer7 (l7-filter) compatible with f8 kernel?

On Dec 5, 2007 7:02 PM, Neal Becker <ndbecker2@gmail.com> wrote:
> Anyone know if the f8 kernel (kernel-2.6.23.8-63) is compatible with
> l7-filter-userspace? Doesn't seem to work:
>
> sudo /sbin/modprobe -v ip_conntrack_netlink
> insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/ipv4/netfilter/nf_nat.ko
> insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/netfilter/nf_conntrack_netlink.ko
> [nbecker@nbecker1 l7-filter-userspace-v0.4]$ /usr/bin/l7-filter --help
>
> ***WARNING***
> The ip_conntrack_netlink module does not appear to be loaded.
> Unless you have it compiled into your kernel, please load it
> and run l7-filter again.
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

Hi Neal Becker!

Thanks for widening my education. I am no expert but love looking at
this new network stuff!

From: http://l7-filter.sourceforge.net/HOWTO-userspace

I see (note the part about "Linux 2.6.20 and newer"):
------------------------------------------------------
Kernel

For Linux 2.6.19.7 and older, you simply need to have connection
tracking and the connection tracking netlink interface enabled. I
think that this is the default in most cases. (XXX what is the oldest
version of Linux that has these capabilities? 2.6.14, I think. Needs
testing.)

For Linux 2.6.20 and newer, Netfilter has new "Layer 3 Independent
Connection tracking" which l7-filter is not yet compatible with
(mostly due to lack of library support from libnetfilter_conntrack).
While the old layer 3 dependent connection tracking is still
available, it is not selected by default, so you will probably need to
recompile your kernel with it. In the Linux kernel config, go to
Networking → Networking options → Network packet filtering framework
(Netfilter) → Core Netfilter Configuration. Under "Netfilter
connection tracking support", select "Layer 3 Dependent Connection
tracking (OBSOLETE)". Then go to Networking → Networking options →
Network packet filtering framework → IP: Netfilter Configuration" and
enable "Connection tracking netlink interface" (and probably most of
the rest of the stuff on that page). This is a pain in the ass, sorry!

Either way, you need the module ip_conntrack_netlink or the same code
compiled into your kernel.
----------------------------------------------
Which seems pertinent.

Have Fun!

Tod

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 04:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org