In order to have moblock work on R5.5, it needs netfilter kernel support via a module or built-in. According to jre, the developer of moblock, the kernel that comes with R5.5 doesn't have this option. I'm no kernel person so I'm wondering how what one would need to get it working under R5.5. Does it require a brand-new kernel?

Here is the post by jre for more technical info.

Thanks!

_________________
Retired KM user (R4 - R6.04); friend to LH users.

Grab the source are recompile netfilter as a module.

Thanks cesman. I've googled around for the procedure to do so, but haven't found anything I can sink my teeth into. I'm assuming the source you're referring to is located on www.netfilter.org but the rest of the procedure is unclear to me. Can you point me in the right direction?

Thanks!

_________________
Retired KM user (R4 - R6.04); friend to LH users.

..anyone? I believe R5.5 comes with the source...

_________________
Retired KM user (R4 - R6.04); friend to LH users.

R5.5 doesn't come with the kernel source. It comes with the headers. You need the full kernelsource based on what I've seen. I'm fairly certain there are a few threads on here about recompiling...

Thanks for the tip, I found several threads and am trying it out. As always, I will write-up a HOWTO if I'm successful.

Naive question about kernel modules in general: if I do successfully build the needed modules for moblock, are they portable? In other words, can I simply copy them off the working system into a virgin R5.5 install and make them publicly available in a .tgz for folks to d/l or is it more complicated?

The result was a kernel panic

Details of what I did:



Enable the following as modules by hitting the 'M' key:

search for 'conntrack' and enable it - "Conntrack" connection tracking match support and Netfilter connection tracking support
search for 'state' and enable it - "state" match support
search for 'connmark' and enable it - "connmark" connnection mark match support and "connmark" target support
search for 'IPV4' and enable it - IPv4 connection tracking support (required for NAT)
search for 'netfilter' and enable it - "connlimit" match support"

saved it then:



Upon the reboot I hit a kernel panic. Can't post the output since I can't boot the testbox. Anyway, it was a failure

Any ideas what I did wrong?

References
This thread
This thread
This thread
This thread

_________________
Retired KM user (R4 - R6.04); friend to LH users.

...is there a way to read the /var/log/dmesg for the failed boot attempt after booting into a good kernel so I can attempt to debug this?

_________________
Retired KM user (R4 - R6.04); friend to LH users.

It seems like the kernel panic occur when I enable the "Netfilter connection tracking support" option either as included or as a module. Is there something else contained in the out-of-the-box R5.5 .config that would interact to cause a kernel panic with this? It seems the "Netfilter connection tracking support" and a few suboptions are required (taken from the moblock page on the Gentoo-wiki):



Is this a problem with this particular part of the 2.6.23-chw-4 kernel or something else that the default KMR5.5 kernel has compiled... or???

_________________
Retired KM user (R4 - R6.04); friend to LH users.

FINALLY got it. The missing step for me was running a #make modules_install.

Please see my HOWTO: Installing Moblock on R5.5 thread for a complete walk though of the steps.

_________________
Retired KM user (R4 - R6.04); friend to LH users.