Home arrow newnat
newnat PDF Print E-mail
Written by as   
Thursday, 06 March 2008
Available patches
- for kernel 2.4.14-2.4.16 (~25kb)
- for kernel 2.4.17 (~25kb)
- for kernel 2.4.18 (~58kb)
- for kernel 2.4.19 (~38kb) (new version from 26.08.2002) Use with iptables-1.2.7a!
- for kernel 2.4.20 (~44kb)
(included in 2.4.20-patch: Amanda,h323,mms,pptp,quake3,talk,tftp (conntrack+nat helpers); further patches: Quota, UDP helper, unclean patch). Seems to work stable, but use with care (will report on stability in ~ 1week). Newnat16 itself made it into the kernel already.
Make sure to recompile your iptables1.2.7a - I forgot it and wondered why routing didn't work...
- for kernel 2.4.21 (~74kb)
(included in 2.4.21-patch: Amanda,h323,mms,pptp,quake3,talk,tftp (conntrack+nat helpers); further patches: Quota, UDP helper, unclean patch and more.) I use them with iptables 1.2.8 from the netfilter homepage.

About
The patches for kernel 2.4.14-2.4.17 are based on the newnat5 framework from Jozsef Kadlecsik, who became a member of the netfilter core developers after that.

Those patches were ported from kernel 2.4.13, because Jozsefs patches didn't apply to newer kernels anymore. The 2.4.18-patch is just a cumulative patch generated from the netfilter CVS because I got many requests to make a simple, easy to use patch again.
For the 2.4.18/19-patch you need the sources of iptables >1.2.6 and need to recompile and install it after you patched the kernel (and did a "make config").

This is a general hint: these patches just apply to vanilla (means: clean, unpatched,..) kernels like you find them on every kernel.org-mirror. Don't even try to compile it the "debian way".

Some browsers unpack *.gz files during the download, you will get an error message like "file is not in gzip format" if this happens. change the "gzip -cd" command into "cat" then and the patching process will succeed.

How to apply the patches
Unpack your downloaded kernel.
Copy the patch into the kernel-directory.
"cd" into the kernel directory.
Now type "gzip -cd newnat*.gz | patch -p1 -E" and watch the procedure.
After that, type "make menuconfig" and configure your kernel as you like (and turn on .h323,.. etc. features as you like). After that, recompile iptables and install it. Then compile and install your kernel as usual - reboot.
If you built the new helpers as modules, you have to insert them in your firewallscript.

Well, that's all, now you should be able to make IP telephony from inside your LAN to the outside!
Last Updated ( Thursday, 06 March 2008 )
 
[ Back ]