Here we go loop de loo here we go loop de lai...
This text assumes that you have:
A working NoCatAuth gateway
A working NoCatAuth AuthServer
A DebianLinux box running the NoCat Gateway
- Enough patience to slog through this
IMQ was the solution: http://luxik.cdi.cz/~patrick/imq/index.html
First, get the 2.4.20 linux kernel (assuming Debian here folks! May need the unstable apt-site in your /etc/apt/sources.list):
# apt-get update
# apt-get install gcc libcurses5 libcurses5-dev kernel-package kernel-headers-2.4.20 kernel-source-2.4.20
# cd /usr/src
# bunzip2 kernel-source-2.4.20.tar.bz2
# tar xvvf kernel-source-2.4.20.tar
To install the IMQ Patch (from the FAQ):
Get the combo patch attachment:imq-2.4.18-combo-patch.txt and the precompiled shared libs attachment:libipt_IMQ-1.2.6a.tar.gz matching your iptables version (iptables -V - was 1.2.6a for me).
Put the patch file in /usr/src
# cd /usr/src/linux
# patch -p1 <../imq-2.4.18.diff-combo-6
- (make sure it's the right name you saved from above)
- find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common)
# tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables
Then you need to make and install your kernel. Here's my .config attachment:config-2.4.20-imq file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch.
# cd /usr/src/linux
# make menuconfig
You will have three new options:
- Networking options
IP: Netfilter Configuration --->IMQ target support
- Networking options
IPv6: Netfilter Configuration --->IMQ target support
- Network device support
- IMQ (intermediate queueing device) support
Choose at least one of the targets and the device itself. Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.
# make dep modules bzImage modules_install
or, for DebianLinux, I use [http://www.thing.dyndns.org/debian/kerneldeb.htm Thing's Kernel Recompile Page]:
# make dep
# make-kpkg clean
# make-kpkg --revision=thing.2.0 kernel_image
# type dpkg -i name_of_the_kernel.deb
May give you a warning to move your libraries if you're on the same kernel level. If so do this and then retry installing the kernel package.
# mv /lib/modules/2.4.20 /lib/modules/2.4.20-old
Next, replace the attachment:throttle.fw attachment:initialize.fw and attachment:access.fw scripts, typically located in /usr/local/nocat/bin
There's a lot of stuff in the scripts that I need to take OUT, but it's working right now, and I'll deal with that Jingo problem later. Next, is to make a nice PHP frontend to the user admin page.
Great stuff Dan, thanks! I'm really curious about the "fairness" of it. When you have a chance could you setup two clients and ping flood from one (to something on the local network but on the other side of the nocat gateway) and then try and authenticate from the other client)?-- AdamShand