Nasser Heidari

2009-09-16

Slackware 13 -> Kernel 2.6.31, iptables-1.4.5 + l7-filter + TARPIT + ipp2p

Filed under: Linux — Nasser Heidari @ 15:19

————— Download and Extracting Packages:

# cd /usr/src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.bz2
# wget http://iptables.org/projects/iptables/files/iptables-1.4.5.tar.bz2
# wget http://enterprise.bih.harvard.edu/pub/tarpit-updates/iptables-1.4.2-tarpit.diff
# wget http://ufpr.dl.sourceforge.net/sourceforge/xtables-addons/xtables-addons-1.18.tar.bz2
# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.22.tar.gz
# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz

# for archive in *.bz2; do tar -jxf $archive;done
# for archive in *.gz; do tar -zxf $archive;done

————— Creating symbolic links:

# ln -s linux-2.6.31 linux
# ln -s iptables-1.4.5 iptables
# ln -s xtables-addons-1.18 xtables-addons

————— Patching Kernel and Kernel Compile :

# cd /usr/src/linux
# patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch 
# make menuconfig
		Networking options  --->
		...
		...
		[*] Network packet filtering framework (Netfilter)  --->
	           Core Netfilter Configuration  --->
			 Netfilter connection tracking support
			...
			...
			 "layer7" match support

# make all && make modules_install
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.31-l7
# cp System.map /boot/System.map-2.6.31-l7
# cp .config /boot/config-2.6.31-l7
# vi /etc/lilo.conf
      
default = Sl-2.6.31

image = /boot/vmlinuz-2.6.31-l7
  root = /dev/sda2
  label = Sl-2.6.31
  read-only
# lilo
# Reboot

————— Patching and installing iptables 1.4.5:

# cd /usr/src/iptables/extensions 
# cp ../../netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.* .
# sed -i 's/exit_error(/xtables_error(/' libxt_layer7.c 
# cd ..
# patch -p1 -NE < ../iptables-1.4.2-tarpit.diff 
# cp /usr/src/linux/include/asm-generic/bitsperlong.h /usr/src/linux/include/asm/
# ./configure --with-ksource=/usr/src/linux \
--prefix=/usr --with-xtlibdir=/lib/xtables --libdir=/lib --enable-libipq --enable-devel 
# make && make install
# cd /usr/src/l7-protocols-2009-05-28/
# make install

————— Xtables-addons compile:

# cd /usr/src/xtables-addons 
# ./configure  --with-xtables=/lib  --prefix=/usr \
--mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/lib  \
--with-ksource=/usr/src/linux --includedir=/usr/include/ 
# make && make install

————— Testing the Installation:

# iptables -j TARPIT -h
# iptables -m ipp2p  -h
# iptables -m layer7 -h

Thanks to:
http://www.ecualug.org
http://www.altctrldel.com

Advertisements

22 Comments »

  1. Hello and thanks for this guide. Every time there are updates to one of those components there is always some enthropy in getting everything back up. Just a thanks and a note that your “patch -p1” command is not complete, probably some http munching. You’re missing the patches that are applied (the l7 patch)

    Joao

    Comment by Joao Correia — 2009-09-26 @ 14:09

  2. patch -p1 < ../*.diff

    Comment by Dr.ViCi — 2009-10-09 @ 11:58

  3. Thanks for your help .

    Comment by Nasser Heidari — 2009-10-09 @ 18:43

  4. hello,
    thanks for this tuto but a line is missing

    A second patch need to applied :
    cd /usr/src/linux
    patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch

    Without it no "layer7" match support in your kernel :)

    Etienne

    Comment by etienne — 2009-10-16 @ 08:06

  5. Thanks for your Consideration !

    Comment by Nasser Heidari — 2009-10-16 @ 08:59

  6. Thanks for you consideration .

    Comment by Nasser Heidari — 2009-10-16 @ 09:03

  7. Hi,

    Thanks for this nice HowTO

    One question is what about the tarpit-2.6.29.patch kernel patch
    Why you don’t apply it to the kernel before compiling?

    The file can be download from http://enterprise.bih.harvard.edu/pub/tarpit-updates/
    I see u apply the patch to the iptables but what about the kernel itself?
    Can u explain?

    10x

    Comment by Sassy Natan — 2009-12-03 @ 23:47

  8. Excellent mini howto I am desperate to find how to install the ipp2p and l7Filter in slackware 13, found here on your web site.
    my question
    where are the installation steps of ipp2p

    please write the steps of ipp2p.

    greetings
    and congratulations

    Comment by ematrix — 2010-01-28 @ 05:31

  9. Both Tarpit target and ipp2p are part of xtables-addons. If you install just like the author said, it -will- work.

    Comment by Joao Correia — 2010-01-28 @ 11:05

  10. ok.
    undertaken, this process of installation and it publishes its work in
    http://www.ecualug.org
    with the consent of Nasser Heidari
    greetings

    Comment by ematrix — 2010-01-28 @ 19:03

  11. please help

    came out this error when compiling the kernel slackware 13

    “No filesystem could mount root, tried:
    Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block (3,0)”

    I solved with these steps is that possible.?

    1) make (compile the kernel)
    2) make romfs (create the ROM filesystem into romfs / folder)
    3) make (I think it merge the kernel with the romfs)
    4) make all
    5) make modules_install

    Thanks

    Comment by ematrix — 2010-01-29 @ 06:17

  12. is installed as well as ipp2p does me no choice – ipp2p
    Everybody else though – edk – ares – bit – gnu, etc …

    Thanks

    Comment by ematrix — 2010-02-02 @ 01:52

  13. The –ipp2p option was removed a while back on the xtables-addons development tree. Apparently it was making something go wrong, either performance-wise or matching wrong things. You have to specify the protocols you want. Selecting all options edk ares bit etc has exactly the same effect, and allows you to specify each on a single line to get statistics per protocol. Other than a longer command line, there is no functional difference on using -ipp2p or all the other options explicitly.

    Comment by Joao Correia — 2010-02-02 @ 09:12

  14. Thanks
    I’m going for the tests and verify if the steps in a production server
    greetings

    Comment by ematrix — 2010-02-02 @ 23:04

  15. Thanks you Friends all,
    I’m so sorry for this delay , but unfortunately I’m a little busy this days at work and haven’t enough time for testing.

    Comment by Nasser Heidari — 2010-02-02 @ 23:09

  16. Hi,

    I tried this in my newly installed Slackware 13 box but i don’t see the “layer7 match support” option in “make menuconfig”. The only patch i’ve applied is:

    patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch

    What specific patch am i missing?

    Thanks,

    George

    Comment by George — 2010-05-20 @ 19:06

  17. Where exactly you’re looking for Layer 7 match Support in “make menucnfig” ? are you sure you are at right path ?

    Comment by Nasser Heidari — 2010-05-20 @ 23:10

  18. having problem posting any message here

    Comment by George — 2010-05-26 @ 07:16

  19. Hi i don’t know what is wrong, i can’t post my response or maybe its to long. Every time i submit my response it doesn’t show anything and my message is not posted. I’m still having problem with my make menuconfig layer7 is not available. Has anybody encountered this problem and find a way to fix it (make layer 7 available in make menuconfig).

    Comment by George — 2010-05-26 @ 07:24

  20. You haven’t answer me yet, Where exactly you’re looking for Layer 7 match Support in “make menucnfig” ? are you sure you are at right path ?

    Comment by Nasser Heidari — 2010-05-26 @ 08:33

  21. I’m looking at this path
    Networking Support -> Networking Options -> Network packet filtering framework (Netfilter) -> Core Netfilter Configuration

    Comment by George — 2010-05-26 @ 19:04

  22. I’m trying this tuto in Debian Lenny 5.0.6, but I have a problem in Xtables-addons compile.
    Error msg, on make && make install

    make all-recursive
    make[1]: Entrando no diretório `/usr/src/xtables-addons-1.18′
    Making all in extensions
    make[2]: Entrando no diretório `/usr/src/xtables-addons-1.18/extensions’
    GEN modules
    make[3]: Entrando no diretório `/usr/src/linux-2.6.31.14′
    Building modules, stage 2.
    MODPOST 35 modules
    make[3]: Saindo do diretório `/usr/src/linux-2.6.31.14′
    make[3]: Entrando no diretório `/usr/src/xtables-addons-1.18/extensions/ipset’
    make[3]: Nada a ser feito para `all’.
    make[3]: Saindo do diretório `/usr/src/xtables-addons-1.18/extensions/ipset’
    CC libxt_ACCOUNT.oo
    libxt_ACCOUNT.c: In function âaccount_tg_parseâ:
    libxt_ACCOUNT.c:59: error: too few arguments to function âxtables_check_inverseâ
    libxt_ACCOUNT.c:79: error: too few arguments to function âxtables_check_inverseâ
    make[2]: ** [libxt_ACCOUNT.oo] Erro 1
    make[2]: Saindo do diretório `/usr/src/xtables-addons-1.18/extensions’
    make[1]: ** [all-recursive] Erro 1
    make[1]: Saindo do diretório `/usr/src/xtables-addons-1.18′
    make: ** [all] Erro 2

    I’m “begginer” user

    Comment by Rafael — 2010-09-29 @ 23:21


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: