编译内核需要的条件和环境
[root@server~]# yum install gcc*
[root@server ~]# yum list all |grep gcc*
This system is not registered with RHN.
RHN support will be disabled.
compat-libgcc-296.i386 2.96-138 installed
dejavu-lgc-fonts.noarch 2.10-1 installed
gcalctool.i386 5.8.25-1.el5 installed
gcc.i386 4.1.2-44.el5 installed
gcc-c++.i386 4.1.2-44.el5 installed
gcc-gfortran.i386 4.1.2-44.el5 installed
gcc-gnat.i386 4.1.2-44.el5 installed
gcc-java.i386 4.1.2-44.el5 installed
gcc-objc.i386 4.1.2-44.el5 installed
gcc-objc++.i386 4.1.2-44.el5 installed
gcc43.i386 4.3.2-7.el5 installed
gcc43-c++.i386 4.3.2-7.el5 installed
gcc43-gfortran.i386 4.3.2-7.el5 installed
gnome-python2-gconf.i386 2.16.0-1.fc6 installed
java-1.4.2-gcj-compat.i386 1.4.2.0-40jpp.115 installed
libgcc.i386 4.1.2-44.el5 installed
libgcj.i386 4.1.2-44.el5 installed
libgcj-devel.i386 4.1.2-44.el5 installed
libgcrypt.i386 1.2.4-1.el5 installed
libgcrypt-devel.i386 1.2.4-1.el5 installed
pkgconfig.i386 1:0.21-2.el5 installed
[root@server ~]# uname -r
2.6.18-128.el5
--需要的内核包和补丁
[root@server ~]# ll
-rw-r--r-- 1 root root 435891Apr 25 2010 iptables-1.4.2.tar.bz2
-rw-r--r-- 1 root root 128196Oct 4 2008 l7-protocols-2008-10-04.tar.gz
-rw-r--r-- 1 root root 48622017 Oct 23 2008 linux-2.6.25.19.tar.bz2
-rw-r--r-- 1 root root 174790Aug 23 2008netfilter-layer7-v2.20.tar.gz
[root@server ~]#
1.从新编译内核
[root@server ~]# tar jxvf linux-2.6.25.19.tar.bz2-C /usr/src/
[root@server ~]# tar zxvfnetfilter-layer7-v2.20.tar.gz -C /usr/src/
[root@server ~]#
MA
[root@server linux-2.6.25.19]#patch-p1 </usr/src/netfilter-layer7-v2.20/kernel-2.6.25-layer7-2.20.patch
[root@server linux-2.6.25.19]#pwd
/usr/src/linux-2.6.25.19
[root@server linux-2.6.25.19]#cp /boot/config-2.6.18-128.el5 .config
配置新的内核:
[root@server linux-2.6.25.19]#make menuconfig
在“Networking---> Networking Options ---> Network Packet filtering framework(Netfilter) ”
1)---> Code Netfilter Configuration
//将“Netfilter connection tracking suport (NEW)”选择编译为模块(M),需选取此项才能看到layer7支持的配置。
//将layer7、string、state、time、IPsec、iprange、connlimit……等编译成模块,根据需要添加模块。
43-1
2)---> IP: Netfilter Configuration
//将“IPv4 connection tracking support (require for NAT)”编译成模块。
//将“FullNAT”下的“MASQUERADE target support”和“REDIRECT target support”编译成模块。
43-2
编译,安装模块,新内核
[root@server linux-2.6.25.19]#make &&make modules_install &&make install
更改启动项,使用新内核启动
[root@server ~]# vim /etc/grub.conf
default=0
[root@server ~]#init 6
2.从新编译iptables
2.1卸载老的iptable
可以先保存旧的的配置信息,新的可以引用
#mv /etc/init.d/iptables /etc/init.d/iptables.old
[root@server~]# rpm -e iptables --nodeps
warning:/etc/sysconfig/iptables-config saved as /etc/sysconfig/iptables-config.rpmsave
[root@server~]# rpm -qa |grep iptables
[root@server~]#
--也可以用yum卸载
[root@serveriptables-1.4.1.1-for-kernel-2.6.20forward]# yumremove iptables
2.2安装iptables+layer7补丁
[root@server~]# tar jxvf iptables-1.4.2.tar.bz2-C /usr/src
[root@ser~]# cd /usr/src/netfilter-layer7-v2.20/iptables-1.4.1.1-for-kernel-2.6.20forward/
[root@server iptables-1.4.1.1-for-kernel-2.6.20forward]#cp libxt_layer7.c libxt_layer7.man /usr/src/iptables-1.4.2/extensions/
[root@server iptables-1.4.1.1-for-kernel-2.6.20forward]#
2.3编译安装
[root@server iptables-1.4.2]#cd /usr/src/iptables-1.4.2/
[root@server iptables-1.4.2]#./configure --prefix=/ --with-ksource=/usr/src/linux-2.6.25.19/
--执行 prefix安装目录 --with-ksource 指明调用源代码的文件
[root@server iptables-1.4.2]#
[root@server iptables-1.4.2]#
[root@server iptables-1.4.2]#make &&make install
查看加载的模块
2.4安装l7-protocols模式包
[root@server ~]# tar zxvf l7-protocols-2008-10-04.tar.gz -C/etc/
[root@server ~]# mv /etc/l7-protocols-2008-10-04/etc/l7-protocols
2.5 改写iptables的配置脚本
[root@server ~]# cp /etc/init.d/iptables.old/etc/init.d/iptables
[root@server ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat [ OK ]
Unloading iptables modules: [ OK ]
[root@server ~]#
转载于:https://blog.51cto.com/sweetsingle/742212
扫一扫
296
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
