编译内核需要的条件和环境

 [root@server ~]# yum install gcc*

[root@server ~]# yum list all |grep gcc*

This system is not registered with RHN.

RHN support will be disabled.

compat-libgcc-296.i386                 2.96-138              installed         

dejavu-lgc-fonts.noarch                2.10-1                installed         

gcalctool.i386                         5.8.25-1.el5          installed         

gcc.i386                               4.1.2-44.el5          installed         

gcc-c++.i386                           4.1.2-44.el5          installed         

gcc-gfortran.i386                      4.1.2-44.el5          installed         

gcc-gnat.i386                          4.1.2-44.el5          installed         

gcc-java.i386                          4.1.2-44.el5          installed         

gcc-objc.i386                          4.1.2-44.el5          installed         

gcc-objc++.i386                        4.1.2-44.el5          installed         

gcc43.i386                             4.3.2-7.el5           installed         

gcc43-c++.i386                         4.3.2-7.el5           installed         

gcc43-gfortran.i386                    4.3.2-7.el5           installed         

gnome-python2-gconf.i386               2.16.0-1.fc6          installed         

java-1.4.2-gcj-compat.i386             1.4.2.0-40jpp.115     installed         

libgcc.i386                            4.1.2-44.el5          installed         

libgcj.i386                            4.1.2-44.el5          installed         

libgcj-devel.i386                      4.1.2-44.el5          installed         

libgcrypt.i386                         1.2.4-1.el5           installed         

libgcrypt-devel.i386                   1.2.4-1.el5           installed         

pkgconfig.i386                         1:0.21-2.el5          installed   

 

[root@server ~]# uname -r

2.6.18-128.el5

--需要的内核包和补丁

[root@server ~]# ll

-rw-r--r-- 1 root root   435891 Apr 25  2010 iptables-1.4.2.tar.bz2

-rw-r--r-- 1 root root   128196 Oct  4  2008 l7-protocols-2008-10-04.tar.gz

-rw-r--r-- 1 root root 48622017 Oct 23  2008 linux-2.6.25.19.tar.bz2

-rw-r--r-- 1 root root   174790 Aug 23  2008 netfilter-layer7-v2.20.tar.gz

[root@server ~]#

1.从新编译内核

[root@server ~]# tar jxvf linux-2.6.25.19.tar.bz2 -C /usr/src/

[root@server ~]# tar zxvf netfilter-layer7-v2.20.tar.gz -C /usr/src/

[root@server ~]#

MA

[root@server linux-2.6.25.19]#patch -p1 </usr/src/netfilter-layer7-v2.20/kernel-2.6.25-layer7-2.20.patch

[root@server linux-2.6.25.19]# pwd

/usr/src/linux-2.6.25.19

 

[root@server linux-2.6.25.19]# cp /boot/config-2.6.18-128.el5 .config

配置新的内核:

[root@server linux-2.6.25.19]# make menuconfig

“Networking ---> Networking Options ---> Network Packet filtering framework (Netfilter) ”

1---> Code Netfilter Configuration

//“Netfilter connection tracking suport (NEW)”选择编译为模块(M),需选取此项才能看到layer7支持的配置。
        //layer7stringstatetimeIPseciprangeconnlimit……等编译成模块,根据需要添加模块。


内核编译加载layer7补丁和模块-043_firewall

43-1

2)---> IP: Netfilter Configuration
        //“IPv4 connection tracking support (require for NAT)”编译成模块。
        //“Full NAT”下的“MASQUERADE target support”“REDIRECT target support”编译成模块。

 

 


内核编译加载layer7补丁和模块-043_firewall_02

43-2

编译,安装模块,新内核

[root@server linux-2.6.25.19]# make &&make modules_install &&make install

更改启动项,使用新内核启动

[root@server ~]# vim /etc/grub.conf

default=0

[root@server ~]#init 6

 

2.从新编译iptables

 

2.1卸载老的iptable

#mv /etc/init.d/iptables /etc/init.d/iptables.old

[root@server ~]# rpm -e iptables --nodeps

warning: /etc/sysconfig/iptables-config saved as /etc/sysconfig/iptables-config.rpmsave

[root@server ~]# rpm -qa |grep iptables

[root@server ~]#

--也可以用yum卸载

[root@server iptables-1.4.1.1-for-kernel-2.6.20forward]# yum remove iptables

 

2.2安装iptableslayer7补丁

[root@server~]# tar jxvf iptables-1.4.2.tar.bz2 -C /usr/src

[root@ser~]# cd /usr/src/netfilter-layer7-v2.20/iptables-1.4.1.1-for-kernel-2.6.20forward/

[root@server iptables-1.4.1.1-for-kernel-2.6.20forward]# cp libxt_layer7.c libxt_layer7.man /usr/src/iptables-1.4.2/extensions/

[root@server iptables-1.4.1.1-for-kernel-2.6.20forward]#

2.3编译安装

 

[root@server iptables-1.4.2]# cd /usr/src/iptables-1.4.2/

[root@server iptables-1.4.2]# ./configure --prefix=/ --with-ksource=/usr/src/linux-2.6.25.19/

--执行 prefix安装目录   --with-ksource 指明调用源代码的文件

[root@server iptables-1.4.2]#

[root@server iptables-1.4.2]#

[root@server iptables-1.4.2]# make &&make install

 

2.4安装l7-protocols模式包

 

[root@server ~]# tar zxvf l7-protocols-2008-10-04.tar.gz -C /etc/
[root@server ~]# mv /etc/l7-protocols-2008-10-04 /etc/l7-protocols

2.5 改写iptables的配置脚本

[root@server ~]# cp /etc/init.d/iptables.old /etc/init.d/iptables    

[root@server ~]# service iptables start

Flushing firewall rules:                                   [  OK  ]

Setting chains to policy ACCEPT: nat                       [  OK  ]

Unloading iptables modules:                                [  OK  ]

[root@server ~]#