* Prompt for development and/or incomplete code/drivers
(CONFIG_EXPERIMENTAL) [Y/n/?]
- YES: though not required for IP MASQ, this option allows
the kernel to create the MASQ modules and enable the option
for port forwarding
-- Non-MASQ options skipped --
* Enable loadable module support (CONFIG_MODULES) [Y/n/?]
- YES: allows you to load kernel IP MASQ modules
-- Non-MASQ options skipped --
* Networking support (CONFIG_NET) [Y/n/?]
- YES: Enables the network subsystem
-- Non-MASQ options skipped --
* Sysctl support (CONFIG_SYSCTL) [Y/n/?]
- YES: Enables the ability to enable disable options such as forwarding,
dynamic IPs, LooseUDP, etc.
-- Non-MASQ options skipped --
* Packet socket (CONFIG_PACKET) [Y/m/n/?]
- YES: Though this is OPTIONAL, this recommended feature will allow you
to use TCPDUMP to debug any problems with IP MASQ
* Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?]
- YES: Though this is OPTIONAL, this feature will allow the logging of
advanced firewall issues such as routing messages, etc
* Routing messages (CONFIG_RTNETLINK) [Y/n/?]
- NO: This option does not have anything to do with packet firewall logging
-- Non-MASQ options skipped --
* Network firewalls (CONFIG_FIREWALL) [Y/n/?]
- YES: Enables the kernel to be comfigured by the IPCHAINS firewall tool
* Socket Filtering (CONFIG_FILTER) [Y/n/?]
- OPTIONAL: Though this doesn't have anything do with IPMASQ, if you plan
on implimenting a DHCP server on the internal network, you WILL need this
option.
* Unix domain sockets (CONFIG_UNIX) [Y/m/n/?]
- YES: This enables the UNIX TCP/IP sockets mechanisms
* TCP/IP networking (CONFIG_INET) [Y/n/?]
- YES: Enables the TCP/IP protocol
-- Non-MASQ options skipped --
* IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]
- YES: This will allow you to configure advanced MASQ options farther down
* IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [N/y/?]
- NO: Not needed by MASQ though users who need advanced features
such as TCP/IP source address-based or TOS-enabled routing will
need to enable this option.
* IP: equal cost multipath (CONFIG_IP_ROUTE_MULTIPATH) [N/y/?]
- NO: Not needed for normal MASQ functionality
* IP: use TOS value as routing key (CONFIG_IP_ROUTE_TOS) [N/y/?]
- NO: Not needed for normal MASQ functionality
* IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [Y/n/?]
- YES: This is useful if you use the routing code to drop IP
spoofed packets (highly recommended) and you want to log them.
* IP: large routing tables (CONFIG_IP_ROUTE_LARGE_TABLES) [N/y/?]
- NO: Not needed for normal MASQ functionality
* IP: kernel level autoconfiguration (CONFIG_IP_PNP) [N/y/?] ?
- NO: Not needed for normal MASQ functionality
* IP: firewalling (CONFIG_IP_FIREWALL) [Y/n/?]
- YES: Enable the firewalling feature
* IP: firewall packet netlink device
(CONFIG_IP_FIREWALL_NETLINK) [Y/n/?]
- OPTIONAL: Though this is OPTIONAL, this feature will allow
IPCHAINS to copy some packets to UserSpace tools for additional
checks
* IP: transparent proxy support (CONFIG_IP_TRANSPARENT_PROXY) [N/y/?]
- NO: Not needed for normal MASQ functionality
* IP: masquerading (CONFIG_IP_MASQUERADE) [Y/n/?]
- YES: Enable IP Masquerade to re-address specific internal to
external TCP/IP packets
* IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP) [Y/n/?]
- YES: Enable support for masquerading ICMP ping packets
(ICMP error codes will be MASQed regardless). This is an
important feature for troubleshooting connections.
* IP: masquerading special modules support
(CONFIG_IP_MASQUERADE_MOD) [Y/n/?]
- YES: Though OPTIONAL, this enables the OPTION to later enable
the TCP/IP Port forwarding system to allow external computers to
directly connect to specified internal MASQed machines.
* IP: ipautofw masq support (EXPERIMENTAL)
(CONFIG_IP_MASQUERADE_IPAUTOFW) [N/y/m/?]
- NO: IPautofw is a legacy method of port forwarding. It is
mainly old code and has been found to have some issues. NOT
recommended.
* IP: ipportfw masq support (EXPERIMENTAL)
(CONFIG_IP_MASQUERADE_IPPORTFW) [Y/m/n/?]
- YES: Enables IPPORTFW which allows external computers on
the Internet to directly communicate to specified internal
MASQed machines. This feature is typically used to access
internal SMTP, TELNET, and WWW servers. FTP port forwarding
will need an additional patch as described in the FAQ section of
the MASQ HOWTO. Additional information on port forwarding is
available in the Forwards section of this HOWTO.
* IP: ip fwmark masq-forwarding support (EXPERIMENTAL)
(CONFIG_IP_MASQUERADE_MFW) [Y/m/n/?]
- OPTIONAL: This is a new method of doing PORTFW. With this option,
IPCHAINS can mark packets that should have additional work on.
Using a UserSpace tool, much like IPMASQADM or IPPORFW, IPCHAINS
would then automaticaly re-address the packets. Currently, this
code is less tested than PORTFW but it looks promising. For now,
the recommended method is to use IPMASQADM and IPPORTFW. If you
have thoughts on MFW, please email me.
* IP: optimize as router not host (CONFIG_IP_ROUTER) [Y/n/?]
- YES: This optimizes the kernel for the network subsystem though
it isn't known if it makes a siginificant performance difference.
* IP: tunneling (CONFIG_NET_IPIP) [N/y/m/?]
- NO: This OPTIONAL section is for IPIP tunnels through IP Masq.
If you need tunneling/VPN functionality, it is recommended to
use either GRE or IPSEC tunnels.
* IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]
- NO: This OPTIONAL selection is to enable PPTP and
GRE tunnels through the IP MASQ box
-- Non-MASQ options skipped --
* IP: TCP syncookie support (not enabled per default)
(CONFIG_SYN_COOKIES) [Y/n/?]
- YES: HIGHLY recommended for basic TCP/IP network security
-- Non-MASQ options skipped --
* IP: Allow large windows (not recommended if <16Mb of memory) *
(CONFIG_SKB_LARGE) [Y/n/?]
- YES: This is recommended to optimize Linux's TCP window
-- Non-MASQ options skipped --
* Network device support (CONFIG_NETDEVICES) [Y/n/?]
- YES: Enables the Linux Network device sublayer
-- Non-MASQ options skipped --
* Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]
- YES: Though OPTIONAL, this option can help when debugging problems
== Don't forget to compile in support for your network card !! ==
-- Non-MASQ options skipped --
== Don't forget to compile in support for PPP/SLIP if you use a modem or
use a PPPoE DSL modem ==
-- Non-MASQ options skipped --
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]
- YES: Required to enable the Linux network forwarding system
|
