CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_PHYSDEV is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# Appletalk devices
#
# CONFIG_DEV_APPLETALK is not set
# CONFIG_DECNET is not set
CONFIG_BRIDGE=y
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_T_FILTER=m
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_LOG=m
CONFIG_BRIDGE_EBT_IPF=y
CONFIG_BRIDGE_EBT_ARPF=m
CONFIG_BRIDGE_EBT_AMONG=m
CONFIG_BRIDGE_EBT_LIMIT=m
CONFIG_BRIDGE_EBT_VLANF=m
CONFIG_BRIDGE_EBT_802_3=m
CONFIG_BRIDGE_EBT_PKTTYPE=m
CONFIG_BRIDGE_EBT_STP=m
CONFIG_BRIDGE_EBT_MARKF=m
CONFIG_BRIDGE_EBT_ARPREPLY=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_REDIRECT=m
CONFIG_BRIDGE_EBT_MARK_T=m
主要是要注意选择block device的RAM disk 支持和network里的ipfilter支持,brige桥接支持,ebtable 的ip filter 相应的scsi卡驱动、网卡驱动、ext2 ext3 /proc /dev/pty等
6、编译内核
make dep
make clean
make bzImage
make modules
make modules_install
depmod -a
cp /usr/src/linux/System.map /boot/System.map-2.4.25
cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz-2.4.25
7、编辑启动选项
cd /boot
rm –f /boot/System.map
ln –s System.map-2.4.25 System.map
编辑 /boot/grub/menu.lst,增加新的内核选项
default=2
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Enterprise Linux AS (2.4.21-4.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.4.21-4.ELsmp ro root=LABEL=/
initrd /initrd-2.4.21-4.ELsmp.img
title Red Hat Enterprise Linux AS-up (2.4.21-4.EL)
root (hd0,0)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/
initrd /initrd-2.4.21-4.EL.img
title Red Hat Enterprise Linux firewall (2.4.25)
root (hd0,0)
kernel /vmlinuz-2.4.25 ro root=/dev/sda7
initrd /initrd-2.4.21-4.EL.img
8. ok,reboot
9. 安装桥接命令管理工具
tar xzvf bridge-utils-0.9.6.tar.gz
cd bridge-utils-0.9.6
./configure
make
make install
10. 使用/etc/br0 脚本启动透明包转发
cd /etc/firewall
./br0 start
停止透明包转发
./br0 stop
br0 脚本:
#!/bin/bash
brctl() {
/usr/local/sbin/brctl "$@";
}
start() {
echo "Starting service bridge br0"
brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig eth0 down
ifconfig eth1 down
ifconfig eth0 0.0.0.0 promisc
ifconfig eth1 0.0.0.0 promisc
ifconfig eth0 up
ifconfig eth1 up
brctl sethello br0 1
brctl setmaxage br0 4
brctl setfd br0 4
ifconfig br0 10.140.202.106 broadcast 10.140.202.255 promisc up
route add default gw 10.140.202.2 netmask 0.0.0.0 metric 1
echo "the firewall started"
}
stop() {
echo "Shutting down service bridge br0"
brctl delif br0 eth0
brctl delif br0 eth1
ifconfig br0 down
brctl delbr br0
echo "the firewall stopped"
}
status(){
ifconfig br0
brctl show br0
}
restart(){
$0 stop && $0 start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status br0
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
RETVAL=1
esac
exit
用户登录 
新用户注册 
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)