On Sun, 28 Jan 2001, Dave Kleist wrote:

> I've got a box that I recompiled the 2.2.18pre21 kernel for firewall
> options.  

What distro are you using this from?  I have the Debian 2.2.17pre6
(potato) and it does not need to be recompiled -- you can just load the
modules.  The Debian package ipmasq takes care of it all for you, though
I'd be really careful about looking over the ipchains rules they give you
and probably just write your own.

> Now that I've done this, it can't find my network card
> anymore.  

I've been around the block about 600 times trying to get network cards to
work.  I've had it where it will show up under ifconfig, the routing table
will be correct, but ping just stares back at me.  That one turned out to
be needing to set an IO recovery delay in the BIOS -- since yours used to
work on that machine, I bet its not that hard.

I've found that just removing all the other modules lets the kernel open a
meaningful dialog with the net card<g>, and then you can reload.  Also,
make sure that your parameters are correct and not being stolen from some
crufty config file.

I do assume a known good modular kernel, and that you have a compatible
module.  You may not, since you said you compiled your own.

> So, my questions are:
>    Did I really need to recompile the kernel to get firewalling?

Under Debian (make-kpkg implies you're using it), I don't think so.

>    Anybody know where I can get good instructions on how to do this?

I'd try here and there, but include one of the Deb mail lists.

> Sorry if I seem a little edgy, I've been at this for about a week in
> my spare time, and my office wants the firewall installed this
> weekend.  

I feel your pain.  Relax -- Monday they'll probably just tell you that
they've decided to scrap it and buy leased lines anyway!<g>  But it sounds
like one of those problems for which you get to use both sides of your
brain  -- the front AND the back -- provided the wall proves sufficiently
hard.

> Thanks for any assistance.  Let me know if more info is needed.

I don't know if I helped any, but fingers crossed, eh?

Phil M

-- 
"To misattribute a quote is unforgivable." --Anonymous