請先在 x86 機器安裝好 STLinux 的交叉編譯環境。
在 x86 機器上)
移植 iptables 套件
安裝套件 stlinux23-sh4-iptables.sh4
sudo ./stmyum install stlinux23-sh4-iptables.sh4
顯示這個套件的檔案列表
sudo rpm -ql stlinux23-sh4-iptables.sh4
從列表內將主要的指令檔、函式庫檔案,按照原目錄架構複製到一個目錄
cd /home/alang/STLinux_Cross-Compile/build_opt/ mkdir iptables // 建立檔案列表清單 sudo rpm -ql stlinux23-sh4-iptables.sh4 > iptables.list 註:清單內有關 man 與 include 目錄可以將它刪除 // 刪除每一行的 /opt/STM/STLinux-2.3/devkit/sh4/target/ sed -i 's/\/opt\/STM\/STLinux-2.3\/devkit\/sh4\/target\///g' iptables.list // 複製清單的檔案到指定目錄 cd /opt/STM/STLinux-2.3/devkit/sh4/target for d in $(cat /home/alang/STLinux_Cross-Compile/build_opt/iptables.list);do \ echo "sudo cp -a --parents $d /home/alang/STLinux_Cross-Compile/build_opt/iptables/"; \ sudo cp -a --parents $d /home/alang/STLinux_Cross-Compile/build_opt/iptables/; \ done
編譯 SH Linux Kernel 支援 iptables
為了要使 iptables 可以執行,除了套件以外,Linux Kernel 還必須有支援,而預設的官方 linux kernel 並不支援此項,所以必須重編譯 linux kernel,並取代原有的 Linux kernel 檔 /vmlinux.ub。
編輯 .config ,在加上這兩項
... CONFIG_NF_CONNTRACK_ENABLED=y CONFIG_IP_NF_IPTABLES=y # # General setup #
TIPs:
- 必須加在 General setup 之前。
- 不可使用 make menuconfig 產生 .config,必須手動編輯 .config
開始編譯核心 vmlinux
make ARCH=sh CROSS_COMPILE=sh4-linux- vmlinux
接著會提示要編譯哪些 iptables 的相關模組
- 需要編譯的模組,必須輸入 m 編譯成模組,而非輸入 y
- 未列出的模組項目,請輸入 N
*
* Core Netfilter Configuration
*
Netfilter connection tracking support (NF_CONNTRACK_ENABLED) [Y/n/m/?] y
FTP protocol support (NF_CONNTRACK_FTP) [N/m/y/?] (NEW) m
SIP protocol support (EXPERIMENTAL) (NF_CONNTRACK_SIP) [N/m/y/?] (NEW) mNetfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES) [Y/?] y
"NFLOG" target support (NETFILTER_XT_TARGET_NFLOG) [N/m/y/?] (NEW) m
"conntrack" connection tracking match support (NETFILTER_XT_MATCH_CONNTRACK) [N/m/y/?] (NEW) m
Multiple port match support (NETFILTER_XT_MATCH_MULTIPORT) [N/m/y/?] (NEW) m
"state" match support (NETFILTER_XT_MATCH_STATE) [N/m/y/?] (NEW) m *必要*
"statistic" match support (NETFILTER_XT_MATCH_STATISTIC) [N/m/y/?] (NEW) m
"string" match support (NETFILTER_XT_MATCH_STRING) [N/m/y/?] (NEW) m
以下項目全部輸入 m
*
* IP: Netfilter Configuration
*
IPv4 connection tracking support (required for NAT) (NF_CONNTRACK_IPV4) [N/m/y/?] (NEW) m
proc/sysctl compatibility with old connection tracking (NF_CONNTRACK_PROC_COMPAT) [Y/n/?] (NEW) n
IP Userspace queueing via NETLINK (OBSOLETE) (IP_NF_QUEUE) [N/m/y/?] n
IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES) [Y/n/m/?] y
IP range match support (IP_NF_MATCH_IPRANGE) [N/m/y/?] (NEW) m
TOS match support (IP_NF_MATCH_TOS) [N/m/y/?] (NEW) m
recent match support (IP_NF_MATCH_RECENT) [N/m/y/?] (NEW) m
ECN match support (IP_NF_MATCH_ECN) [N/m/y/?] (NEW) m
AH match support (IP_NF_MATCH_AH) [N/m/y/?] (NEW) m
TTL match support (IP_NF_MATCH_TTL) [N/m/y/?] (NEW) m
Owner match support (IP_NF_MATCH_OWNER) [N/m/y/?] (NEW) m
address type match support (IP_NF_MATCH_ADDRTYPE) [N/m/y/?] (NEW) m
Packet filtering (IP_NF_FILTER) [N/m/y/?] (NEW) m
REJECT target support (IP_NF_TARGET_REJECT) [N/m/?] (NEW) m
LOG target support (IP_NF_TARGET_LOG) [N/m/y/?] (NEW) m
ULOG target support (IP_NF_TARGET_ULOG) [N/m/y/?] (NEW) m
Full NAT (NF_NAT) [N/m/?] (NEW) m
MASQUERADE target support (IP_NF_TARGET_MASQUERADE) [N/m/?] (NEW) m
REDIRECT target support (IP_NF_TARGET_REDIRECT) [N/m/?] (NEW) m
NETMAP target support (IP_NF_TARGET_NETMAP) [N/m/?] (NEW) m
SAME target support (OBSOLETE) (IP_NF_TARGET_SAME) [N/m/?] (NEW) m
Basic SNMP-ALG support (EXPERIMENTAL) (NF_NAT_SNMP_BASIC) [N/m/?] (NEW) m
Packet mangling (IP_NF_MANGLE) [N/m/y/?] (NEW) m
TOS target support (IP_NF_TARGET_TOS) [N/m/?] (NEW) m
ECN target support (IP_NF_TARGET_ECN) [N/m/?] (NEW) m
TTL target support (IP_NF_TARGET_TTL) [N/m/?] (NEW) m
CLUSTERIP target support (EXPERIMENTAL) (IP_NF_TARGET_CLUSTERIP) [N/m/?] (NEW) m
開始編譯模組
make ARCH=sh CROSS_COMPILE=sh4-linux- modules make ARCH=sh CROSS_COMPILE=sh4-linux- modules_install INSTALL_MOD_PATH=./modules_install
在網樂通機上盒)
複製編譯好的模組檔至網樂通裡
FAQ
Q: 執行 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 出現錯誤
iptables: No chain/target/match by that name.
Ans: 必須載入 iptables 模組 xt_state
Q: 執行 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 出現錯誤
iptables: Invalid argument
Ans: 必須載入 iptables 模組 nf_conntrack_ipv4
- Was this page helpful?
- 標籤 (Edit tags)
- 什麼連接到這裡
| Images 0 | ||
|---|---|---|
| No images to display in the gallery. |