Here we go loop de loo here we go loop de lai...

This text assumes that you have:

IMQ was the solution:

First, get the 2.4.20 linux kernel (assuming Debian here folks! May need the unstable apt-site in your /etc/apt/sources.list):

  1. # apt-get update

  2. # apt-get install gcc libcurses5 libcurses5-dev kernel-package kernel-headers-2.4.20 kernel-source-2.4.20

  3. # cd /usr/src

  4. # bunzip2 kernel-source-2.4.20.tar.bz2

  5. # tar xvvf kernel-source-2.4.20.tar

To install the IMQ Patch (from the FAQ):

Get the combo patch attachment:imq-2.4.18-combo-patch.txt and the precompiled shared libs attachment:libipt_IMQ-1.2.6a.tar.gz matching your iptables version (iptables -V - was 1.2.6a for me).

Put the patch file in /usr/src

  1. # cd /usr/src/linux

  2. # patch -p1 <../imq-2.4.18.diff-combo-6

    • (make sure it's the right name you saved from above)
    • find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common)
  3. # tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables

Then you need to make and install your kernel. Here's my .config attachment:config-2.4.20-imq file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch.

  1. # cd /usr/src/linux

  2. # make menuconfig

You will have three new options:

Networking options

IP: Netfilter Configuration --->IMQ target support

Networking options

IPv6: Netfilter Configuration --->IMQ target support

Network device support
IMQ (intermediate queueing device) support

Choose at least one of the targets and the device itself. Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.

  1. # make dep modules bzImage modules_install

or, for DebianLinux, I use [ Thing's Kernel Recompile Page]:

  1. # make dep

  2. # make-kpkg clean

  3. # make-kpkg --revision=thing.2.0 kernel_image

  4. # type dpkg -i name_of_the_kernel.deb

May give you a warning to move your libraries if you're on the same kernel level. If so do this and then retry installing the kernel package.

Next, replace the attachment:throttle.fw attachment:initialize.fw and attachment:access.fw scripts, typically located in /usr/local/nocat/bin

There's a lot of stuff in the scripts that I need to take OUT, but it's working right now, and I'll deal with that Jingo problem later. Next, is to make a nice PHP frontend to the user admin page.

-- DanRichardson

Great stuff Dan, thanks! I'm really curious about the "fairness" of it. When you have a chance could you setup two clients and ping flood from one (to something on the local network but on the other side of the nocat gateway) and then try and authenticate from the other client)?-- AdamShand