Hello,
Torsten Luettgert a écrit :
What you're probably missing is conntrack, which moved to
Networking ->
Networking options ->
Network packet filtering framework (Netfilter) ->
Core Netfilter Configuration
There, enable "Netfilter connection tracking support"
(CONFIG_NF_CONNTRACK_ENABLED) and "Netfilter Xtables support"
(CONFIG_NETFILTER_XTABLES).
Then, one menu up and into "IP: Netfilter Configuration",
enable
IPv4 connection tracking support (CONFIG_NF_CONNTRACK_IPV4)
IP tables support (CONFIG_IP_NF_IPTABLES)
Full NAT (CONFIG_NF_NAT)
Note that although it is now the default since 2.6.20, you can still
disable the new layer 3-independent connection tracking in the "Core
Netfilter Configuration" menu and enable the old IPv4-only connection
tracking (CONFIG_IP_NF_CONNTRACK) and NAT (CONFIG_IP_NF_NAT) in the "IP:
Netfilter Configuration" menu. But you lose the IPv6 connection tracking.
I understand those config options were moved because they are
actually not IPv4 specific ("iptables") but more general,
IPv4 / IPv6 / ARP ("xtables").
Yes, but AFAIK xtables has little to do (if anything) with the layer
3-independant connection tracking.
The binary for setting the rules is still called "iptables", though.
Because that's the dedicated userspace tool to manage the IPv4 rules.
There are similar dedicated tools to manage IPv6 and ARP rules,
respectively ip6tables and arptables.
