How to install patch-o-matic

How to install patch-o-matic

[Bassam A. Al-Khaffaf]

Hi All,
   I am new to Linux, I have been asked to enable multiple VPN clients
(PPTP) on the LAN side to pass through the Linux Red Hat 9.0 box and get
connected to the VPN server on the WAN side at the same time.

--------------	--------------				--------------
|VPN-Client-1|	|VPN-Client-2|	.............	|VPN-Client-n|
--------------	--------------				--------------
	|			|
|
	|			|
|
	-------------------------------------------------------
				|
				|
				| LAN Side
				|
				|
			-------------------
			|Red Hat 9.0 Box	|
			-------------------
				|
				|
				| WAN side
				|
				|
			------------
			|VPN Server|
			------------

During my research on the net, I found that I need to load two modules in
the kernel in order to enable this function; the modules (please correct me
if I am mistaken) are "ip_conntrack_pptp" & "ip_nat_pptp".

And I found that these two modules come with patch "patch-o-matic". I have
kernel version "2.4.20-8" and iptables version "v1.2.7a", and hence I
downloaded the "patch-o-matic-20030107.tar.bz2" in accordance.

I decompressed and untar that patch inside "/root" directory.
Then I get inside the directory "/root/patch-o-matic-20030107" and I found a
list of files and other directories.
In fact I don't know how to complete the installation process after that and
which file I should start with in order to have these two modules in hand;
it is not mentioned precisely in the README file.


It is required to recompile and build the Red Hat 9.0 kernel after
installation that patch, so can you refer me where can I find a detailed
instructions and steps on how to compile the kernel?

Please describe for me in details.

I highly appreciate your cooperation about this matter


Regards
Bassam

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.740 / Virus Database: 494 - Release Date: 8/16/2004
 

RE: How to install patch-o-matic

[Jason Opperisano]

> During my research on the net, I found that I need to load two modules in
> the kernel in order to enable this function; the modules (please correct me
> if I am mistaken) are "ip_conntrack_pptp" & "ip_nat_pptp".
>
> And I found that these two modules come with patch "patch-o-matic". I have
> kernel version "2.4.20-8" and iptables version "v1.2.7a", and hence I
> downloaded the "patch-o-matic-20030107.tar.bz2" in accordance.
>
> I decompressed and untar that patch inside "/root" directory.
> Then I get inside the directory "/root/patch-o-matic-20030107" and I found a
> list of files and other directories.
> In fact I don't know how to complete the installation process after that and
> which file I should start with in order to have these two modules in hand;
> it is not mentioned precisely in the README file.

you need to have the kernel source code available on your system, and run (for example):

KERNEL_DIR=/usr/src/linux-2.4.20-8  ./runme pending
KERNEL_DIR=/usr/src/linux-2.4.20-8  ./runme extra/pptp-conntrack-nat

(the KERNEL_DIR above is just an example)

> It is required to recompile and build the Red Hat 9.0 kernel after
> installation that patch, so can you refer me where can I find a detailed
> instructions and steps on how to compile the kernel?

yes--recompiling the kernel is required.  refer to the kernel how-to:

  http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html

it's usually a good idea to rebuild the userspace iptables after applying pom; though, i don't think it's necessarily "required" in your case.

-j

RE: How to install patch-o-matic

[Bassam A. Al-Khaffaf]

Thanks for the great information, 
	I have successfully upgraded and recompiled the kernel according to
the URL you gave to me.

You have mentioned to compile the user space, so what do u mean by user
space and how to compile it, do you mean I have to go inside the
/usr/src/iptables-1.2.11 and write the following instructions again:

make KERNEL_DIR=/usr/src/linux-2.4.27
make install KERNEL_DIR=/usr/src/linux-2.4.27

Do I need to compile this user space before I start the actual configuration
and compilation for the kernel as described in the URL
http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html?


How many user spaces available in Linux?



Regards
Bassam


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Jason Opperisano
Sent: Thursday, August 19, 2004 2:09 AM
To: netfilter@lists.netfilter.org
Subject: RE: How to install patch-o-matic

> During my research on the net, I found that I need to load two modules in
> the kernel in order to enable this function; the modules (please correct
me
> if I am mistaken) are "ip_conntrack_pptp" & "ip_nat_pptp".
>
> And I found that these two modules come with patch "patch-o-matic". I have
> kernel version "2.4.20-8" and iptables version "v1.2.7a", and hence I
> downloaded the "patch-o-matic-20030107.tar.bz2" in accordance.
>
> I decompressed and untar that patch inside "/root" directory.
> Then I get inside the directory "/root/patch-o-matic-20030107" and I found
a
> list of files and other directories.
> In fact I don't know how to complete the installation process after that
and
> which file I should start with in order to have these two modules in hand;
> it is not mentioned precisely in the README file.

you need to have the kernel source code available on your system, and run
(for example):

KERNEL_DIR=/usr/src/linux-2.4.20-8  ./runme pending
KERNEL_DIR=/usr/src/linux-2.4.20-8  ./runme extra/pptp-conntrack-nat

(the KERNEL_DIR above is just an example)

> It is required to recompile and build the Red Hat 9.0 kernel after
> installation that patch, so can you refer me where can I find a detailed
> instructions and steps on how to compile the kernel?

yes--recompiling the kernel is required.  refer to the kernel how-to:

  http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html

it's usually a good idea to rebuild the userspace iptables after applying
pom; though, i don't think it's necessarily "required" in your case.

-j

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.740 / Virus Database: 494 - Release Date: 8/16/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 8/24/2004
 

Re: How to install patch-o-matic

[Alistair Tonner]

On August 27, 2004 04:50 am, Bassam A. Al-Khaffaf wrote:
> Thanks for the great information,
> 	I have successfully upgraded and recompiled the kernel according to
> the URL you gave to me.
>
> You have mentioned to compile the user space, so what do u mean by user
> space and how to compile it, do you mean I have to go inside the
> /usr/src/iptables-1.2.11 and write the following instructions again:
>
> make KERNEL_DIR=/usr/src/linux-2.4.27
> make install KERNEL_DIR=/usr/src/linux-2.4.27
>
> Do I need to compile this user space before I start the actual
> configuration and compilation for the kernel as described in the URL
> http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html?

>
> Regards
> Bassam
>

	Short answer is yes.

	iptables userspace refers to the iptables code itself that is NOT part of the 
kernel (kernelspace)
	Thus the iptables package itself.

	Alistair

RE: How to install patch-o-matic

[Jason Opperisano]

> On August 27, 2004 04:50 am, Bassam A. Al-Khaffaf wrote:
> > Thanks for the great information,
> >     I have successfully upgraded and recompiled the kernel according to
> > the URL you gave to me.
> >
> > You have mentioned to compile the user space, so what do u mean by user
> > space and how to compile it, do you mean I have to go inside the
> > /usr/src/iptables-1.2.11 and write the following instructions again:
> >
> > make KERNEL_DIR=/usr/src/linux-2.4.27
> > make install KERNEL_DIR=/usr/src/linux-2.4.27
> >
> > Do I need to compile this user space before I start the actual
> > configuration and compilation for the kernel as described in the URL
> > http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html?
>
> >
> > Regards
> > Bassam
> >
>
>       Short answer is yes.
>
>       iptables userspace refers to the iptables code itself that is NOT part of the
> kernel (kernelspace)
>       Thus the iptables package itself.

and regarding the order:  patch & recompile kernel, then recompile userspace.  the userspace tools are compiled against the kernel sources, and detect the patches you have applied.

-j

RE: How to install patch-o-matic

[Jose Maria Lopez]

El sáb, 28 de 08 de 2004 a las 16:42, Jason Opperisano escribió:

> >       Short answer is yes.
> >
> >       iptables userspace refers to the iptables code itself that is NOT part of the
> > kernel (kernelspace)
> >       Thus the iptables package itself.
> 
> and regarding the order:  patch & recompile kernel, then recompile userspace.  the userspace tools are compiled against the kernel sources, and detect the patches you have applied.
> 
> -j

What really happens it's that the userspace tools (iptables) are patched
too, they are not compiled against the kernel, both are patched at the
same time but in a separate way.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

RE: How to install patch-o-matic

[Bassam Abdul Munim]

Hi Again,
   I started patching the patch-o-matic-ng-20040302 against my red hat 9 
with kernel 2.4.20-8 and iptables-1.2.11 by doing certain steps as 
follows, but I am still not prompted to install the "pptp-conntrck-nat". 
I started by installing the pending patches and hence I wrote the 
following instruction (please correct for if I am mistaken)

#KERNEL_DIR=/usr/src/linux-2.4.20-8 ./runme pending

I have prompted to enter the iptables user space path and again I have 
prompted to install three patches but only one of them "nf-log" can be 
installed and the other 2 patches cannot because of missing files. A 
summary report as follows:

The "init_conntrack-optimize" patch ---> cannot apply (1 missing files)
The "linuxdoc" patch         ---> cannot apply (6 missing files)
The "nf-log" patch         ---> can apply

so that I installed the "nf-log" patch only. Now do I need to forcely 
install the other two patches "init_conntrack-optimize" and "linuxdoc" 
here?

After that I started installing the patches in extra repository by 
writing the following instruction

#KERNEL_DIR=/usr/src/linux-2.4.20-8 ./runme extra

here again I prompted to enter the iptables user space path, and again I 
prompted to install again the three patches in pending 
repository "init_conntrack-optimize", "linuxdoc" and "nf-log".

so here I don't know what to do. Do I need to skip by pressing N key, or 
walk forward to the next patch by pressing W key???

after that I proceeded by pressing the W key, but unfortunately I have 
never prompted to install the "pptp-conntrack-nat" patch, but I prompted 
for most of the patches inside the directory /usr/src/patch-o-matic-ng-
20040302 


So any one can help and direct me on how to install the "pptp-conntrack-
nat"

Your help is highly appreciated

Warm Regard
Bassam






-----Original Message-----
From: Jose Maria Lopez <jkerouac@eresmas.com>
To: "netfilter@lists.netfilter.org" <netfilter@lists.netfilter.org>
Date: 28 Aug 2004 18:59:06 +0200
Subject: RE: How to install patch-o-matic

> El sáb, 28 de 08 de 2004 a las 16:42, Jason Opperisano escribió:
> 
> > >       Short answer is yes.
> > >
> > >       iptables userspace refers to the iptables code itself that is
> NOT part of the
> > > kernel (kernelspace)
> > >       Thus the iptables package itself.
> > 
> > and regarding the order:  patch & recompile kernel, then recompile
> userspace.  the userspace tools are compiled against the kernel
> sources, and detect the patches you have applied.
> > 
> > -j
> 
> What really happens it's that the userspace tools (iptables) are
> patched
> too, they are not compiled against the kernel, both are patched at the
> same time but in a separate way.
> 
> -- 
> Jose Maria Lopez Hernandez
> Director Tecnico de bgSEC
> jkerouac@bgsec.com
> bgSEC Seguridad y Consultoria de Sistemas Informaticos
> http://www.bgsec.com
> ESPAÑA
> 
> The only people for me are the mad ones -- the ones who are mad to
> live,
> mad to talk, mad to be saved, desirous of everything at the same time,
> the ones who never yawn or say a commonplace thing, but burn, burn,
> burn
> like fabulous yellow Roman candles.
>                 -- Jack Kerouac, "On the Road"