To quote the iptables homepage
iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators.
In order to run iptables on the WARP, there are two things required. It must be enabled in the kernel and you need the user space libraries from www.netfilter.org. Both of these things must be completed to get it to run.
iptables – kernel portion
IP Tables is available in our kernel. You can enable it through the ‘Target Architecture Configuration (Custom Kernel Options)’ option in the main page of menuconfig. To invoke the ‘custom kernel’ selection menu when you run ‘make’ here is a little trick.
1) go to the
2) do a ‘ls- al’ —> you should see a ‘.configured’ file – please remove this file
3) run ‘make menuconfig’ from your main PADS checkout directory > select the second item ‘Target Arch Configuration (Custom Kernel Options)’ from the menu. Select ‘Custom Kernel Options’ from the next menu. Save this configuration.
4) Upon your next ‘make’ you should be presented with a new menu (’custom kernel’) where you can select which kernel modules you would like to add.
Of interest to you will be:
> Linux Kernel Configuration
-> Networking
–> Networking Options
—> Network packet filtering framework (Netfilter)
—-> IP: Netfilter Configuration
You will also see there is many other available kernel options available however I would recommend being selective as each of this options has the potential to have undesirable consequences.
iptables – user mode
The package for the user mode libraries is available from the PIKA extra_packages SVN repository here. In order to compile this, just check it out into your packages directory in PADS and do a make iptables in the root of your PADS directory. There are sometimes issues with this cross compiled version not accepting all commands. If you run into this issue, you can try the precompiled version below.
iptables – binary – user mode
The package for the pre-compiled version of the user mode libraries is available from the PIKA extra_packages SVN repository here. In order to install this, just check it out into your packages directory in PADS and do a make iptables-binary in the root of your PADS directory.
If you need assistance with configuring iptables, I suggest you read the man pages that come with it.
——
Here is the kernel configuration suggested to me by a colleague of mine as a starting point (thanks Sean). It provides routing and firewall capabilities. Instead of selecting options through ‘menuconfig > Linux Kernel Configuration’ you can also simply modify the ‘/package/linux/linux-config’ file in PADS and rebuild.
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m