Date: Wed, 25 Oct 2000 17:47:30 +0100 From: John Murphy <john253@crosswinds.net> To: john@off2on.com Cc: questions@freebsd.org Subject: Re: HELP PLEASE Message-ID: <8k0evskedrnst9ef87ergrf049a3lsko6u@4ax.com>
next in thread | raw e-mail | index | archive | help
John Hotine wrote: >I am trying to compile a custom kernel to setup ipfilter 3.4.11 and nat >to firewall the office where I work, my box is a pentium3 with two >linksys nics DC0 DC1.... I can compile a custom kernel and it runs fine >but when I add in one or all the lines for ipfilter and nat(options >IPFILTER, options IPFIREWALL, options IPDIVERT)and run make, I get ipv6 >errors(at least I think thats what they are ipv6 is listed numerous time >s in the errors)... > >Another problem is when I comment out any or all(I have no SCSI devices) >of the SCSI lines from the kernel I get some probe error when running >make? > >when I try to specify my processor type by commenting out the other 3 >except for I586_CPU I get a proccessor undefined and it locks up > >I have been trying hard to get this working I have mainly been reading >from the FreeBSD Diary and online Manual... >I would be happy to just get ipfilter and nat up and running... >Sorry is this message is too long, I would GREATLY appreciate any help >you can give me As you say you don't have SCSI devices and you get errors referenced to IPv6, I have marked lines with '*' that you can comment out. Also note that you should use a name other than GENERIC for your custom kernel. See section 7.3 of the FreeBSD handbook for more info. I'm not sure what class of processor is a PentiumIII but it certainly isn't a 386 or 486, so you can certainly remove support for those two. One of the first lines in dmesg should tell you which it is. # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ./LINT configuration file. If you = are # in doubt as to the purpose or necessity of a line, check first in LINT. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.8 2000/07/20 02:51:02 = msmith Exp $ machine i386 *cpu I386_CPU *cpu I486_CPU cpu I586_CPU cpu I686_CPU ident GENERIC # call it something else here and compile as the new = name maxusers 32 #makeoptions DEBUG=3D-g #Build kernel with gdb(1) debug symbols #options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking *options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options MFS #Memory Filesystem options MD_ROOT #MD is a potential root device options NFS #Network Filesystem options NFS_ROOT #NFS usable as root device, NFS required options MSDOSFS #MSDOS Filesystem #options CD9660 #ISO 9660 Filesystem #options CD9660_ROOT #CD-ROM usable as root, CD9660 required options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] *options SCSI_DELAY=3D15000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies options KBD_INSTALL_CDEV # install a CDEV entry in /dev # To make an SMP kernel, the next two are needed #options SMP # Symmetric MultiProcessor Kernel #options APIC_IO # Symmetric (APIC) I/O # Optionally these may need tweaked, (defaults shown): #options NCPU=3D2 # number of CPUs #options NBUS=3D4 # number of busses #options NAPIC=3D1 # number of IO APICs #options NINTR=3D24 # number of INTs device isa device eisa device pci # Floppy drives device fdc0 at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 device fd1 at fdc0 drive 1 # ATA and ATAPI devices device ata0 at isa? port IO_WD1 irq 14 device ata1 at isa? port IO_WD2 irq 15 device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives device atapifd # ATAPI floppy drives #device atapist # ATAPI tape drives options ATA_STATIC_ID #Static device numbering #options ATA_ENABLE_ATAPI_DMA #Enable DMA on ATAPI devices # SCSI Controllers *device ahb # EISA AHA1742 family *device ahc # AHA2940 and onboard AIC7xxx devices *device amd # AMD 53C974 (Teckram DC-390(T)) *device dpt # DPT Smartcache - See LINT for options! *device isp # Qlogic family *device ncr # NCR/Symbios Logic *device sym # NCR/Symbios Logic (newer chipsets) *options SYM_SETUP_LP_PROBE_MAP=3D0x40 # Allow ncr to attach legacy NCR devices when=20 # both sym and ncr are configured *device adv0 at isa? *device adw *device bt0 at isa? *device aha0 at isa? *device aic0 at isa? # SCSI peripherals *device scbus # SCSI bus (required) *device da # Direct Access (disks) *device sa # Sequential Access (tape etc) *device cd # CD *device pass # Passthrough device (direct SCSI access) # RAID controllers #device ida # Compaq Smart RAID #device amr # AMI MegaRAID #device mlx # Mylex DAC960 family #device twe # 3ware Escalade # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 device psm0 at atkbdc? irq 12 device vga0 at isa? # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 # Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver #device vt0 at isa? #options XSERVER # support for X server on a vt console #options FAT_CURSOR # start with block cursor # If you have a ThinkPAD, uncomment this along with the rest of the PCVT = lines #options PCVT_SCANSET=3D2 # IBM keyboards are non-std # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # Power management support (see LINT for more options) device apm0 at nexus? disable flags 0x20 # Advanced Power Management # PCCARD (PCMCIA) support #device card #device pcic0 at isa? irq 10 port 0x3e0 iomem 0xd0000 #device pcic1 at isa? irq 11 port 0x3e2 iomem 0xd4000 disable # Serial (COM) ports device sio0 at isa? port IO_COM1 flags 0x10 irq 4 device sio1 at isa? port IO_COM2 irq 3 device sio2 at isa? disable port IO_COM3 irq 5 device sio3 at isa? disable port IO_COM4 irq 9 #### NOTE. If you only have two serial ports you can comment out the = last #### two lines above, and save some IRQs. # Parallel port device ppc0 at isa? irq 7 device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device #device vpo # Requires scbus and da # PCI Ethernet NICs. #device de # DEC/Intel DC21x4x (``Tulip'') #device fxp # Intel EtherExpress PRO/100B (82557, 82558) #device tx # SMC 9432TX (83c170 ``EPIC'') #device vx # 3Com 3c590, 3c595 (``Vortex'') #device wx # Intel Gigabit Ethernet Card (``Wiseman'') # PCI Ethernet NICs that use the common MII bus controller code. device miibus # MII bus support device dc # DEC/Intel 21143 and various workalikes #device rl # RealTek 8129/8139 #device sf # Adaptec AIC-6915 (``Starfire'') #device sis # Silicon Integrated Systems SiS 900/SiS 7016 #device ste # Sundance ST201 (D-Link DFE-550TX) #device tl # Texas Instruments ThunderLAN #device vr # VIA Rhine, Rhine II #device wb # Winbond W89C840F #device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'') # ISA Ethernet NICs. #device ed0 at isa? port 0x280 irq 10 iomem 0xd8000 #device ex #device ep # WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really # exists only as a PCMCIA device, so there is no ISA attatement needed # and resources will always be dynamically assigned by the pccard code. #device wi # Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below = will # work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP # mode (the factory default). If you set the switches on your ISA # card for a manually chosen I/O address and IRQ, you must specify # those paremeters here. #device an # Xircom Ethernet #device xe # The probe order of these is presently determined by = i386/isa/isa_compat.c. *device ie0 at isa? port 0x300 irq 10 iomem 0xd0000 *device fe0 at isa? port 0x300 *device le0 at isa? port 0x300 irq 5 iomem 0xd0000 *device lnc0 at isa? port 0x280 irq 10 drq 0 *device cs0 at isa? port 0x300 *device sn0 at isa? port 0x300 irq 10 # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device sl 1 # Kernel SLIP pseudo-device ppp 1 # Kernel PPP pseudo-device tun # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" *pseudo-device gif 4 # IPv6 and IPv4 tunneling *pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf #Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device usb # USB Bus (required) device ugen # Generic #device uhid # "Human Interface Devices" #device ukbd # Keyboard #device ulpt # Printer #device umass # Disks/Mass storage - Requires scbus and da #device ums # Mouse # USB Ethernet, requires mii #device aue # ADMtek USB ethernet #device cue # CATC USB ethernet #device kue # Kawasaki LSI USB ethernet options IPFILTER options IPDIVERT options IPFIREWALL ------------------------------------------------------------------------- Note that IPFILTER and IPFIREWALL are two different firewalls. Please choose one or the other. Personally I've only used IPFIREWALL. Also note that unless you have firewall rules already in place, you will 'lock yourself out'. 'It is suggested that you set firewall_type=3Dopen in /etc/rc.conf when first enabling this feature' HTH John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8k0evskedrnst9ef87ergrf049a3lsko6u>