Debian: kernel recompile

[smp]

Is debian different? I mean, than other distro's when it comes to kernel recompiles.
I've tried it once before following the howto I believe and i broke my machine :\
Anyways, anyone ever done this with debian? Care to give some instruction? I've done google./linux et al and anything I find debian-wise is too complicated.

This is the doc that I was following to start off with, but right away
"ls -l /usr/src" .. there is nothing there, so I don't know what link to replace
I'm not even sure if this method will work on Debian, if anyone can help me it'd be much appreciated.
Thanks

FAQ .... this should work no?

 

[n0cmonkey]

I use the README/INSTALL that comes with the kernel.

 

[smp]

Originally posted by: n0cmonkey
I use the README/INSTALL that comes with the kernel.

Obviously, I am too lame for that.
Like, hello!.. I can't even stomach a NHF!!! :Q

 

[n0cmonkey]

Originally posted by: smp

Originally posted by: n0cmonkey
I use the README/INSTALL that comes with the kernel.

Obviously, I am too lame for that.
Like, hello!.. I can't even stomach a NHF!!! :Q

I think they are about as step by step as you can get...

 

[Nothinman]

There should be nothing in /usr/src unless you installed the Debian kernel source packages.

Basically you:

1) untar the source archive
2) run make menuconfig (or xconfig if you want to use that instead)
3) make dep
4) make bzImage
5) make modules
6) copy bzImage to /boot with an appropriate name (I use vmlinuz-version)
7) update your bootloader
8) reboot

By default Debian uses the symlink /vmlinuz to boot, I usualy remove this and use the 'real' kernel names in /boot in my grub config file.

 

[smp]

thanks

I wish I knew what all this stuff was (config stuff) .. the howto doesn't get all that deep.

 

[Nothinman]

What do you mean? What aren't you sure of?

 

[smp]

Lots of stuff.
Nevermind that, that part is finished. Don't I have to do something with the map or the system map or something?
Or don't touch that stuff?


Okay, so after compiling everything. I moved bzImage into /boot
Then I symlinked that ln -s vmlinuz-2.4.19 /boot/vmlinuz-2.4.19 (after renaming bzImage to vmlinuz-2.4.19 of course)
Then I symlinked the old kernel too and I just linked to the symlinks in lilo
This _should_ work no?
I have just had a bad experience before, but I remember donig something with the system map that time. So far the docs I've read don't really mention it.
I don't have a floppy on this box either :\
So making a backup floppy is tough.

edit:
Okay, well I rebooted, and it booted up okay. How do I know I'm booted into the right kernel?
I basically had to do this to get iptables and ipforwarding to work :\
We'll see about that.

 

[cleverhandle]

You can copy /usr/src/linux/System.map into /boot as well, though it doesn't usually make any difference if you forget. I don't recall what System.map does exactly...

Also, after "make modules", you need "make modules_install" if you're using modules.

 

[smp]

Also, after "make modules", you need "make modules_install" if you're using modules.

Okay, I didn't do that.
Start over?

Okay, I figured it's okay to just make_modules at this point, so I did. I also remembered that I didn't run lilo last time I updated it. I just did that too. I am now booted into my new kernel.... I think.
There were a bunch of modules that weren't found at startup.
I can't even tell which ones they are though, cause when I look at them in /var/log/messages .. my terminal doesn't show me that far :\
How do I get a longer row in my terminal?
I can do it with secure CRT, but I just plugged this hard drive into another BX board like the one that it's going to be on, only this one is _up here_ and faster for the recompile, better than having to go downstairs and take down my router and everything.

 

[cleverhandle]

No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

 

[smp]

Originally posted by: cleverhandle
No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

Ah, thank you... now, would you happen to have a very simple iptables firewall script? One that does NAT and very basic routing?
I searched around and even the firewalls labelled "simple" were too complex for me. I'de like to just start out with internet access and then work my way up as I learn.

 

[Nothinman]

Don't I have to do something with the map or the system map or something?

I typed that in a hurry, I did forget about System.map and module_install, shoot me =)

System.map isn't necessary, it's used by some things to convert kernel addresses to meaningful names. Mostly things like top and ps use it to display something that you will understand, if it doesn't exist it won't break anything. Although if you get a kernel oops and you want to decode where the oops happened you'll need the System.map file.

 

[n0cmonkey]

Originally posted by: smp

Originally posted by: cleverhandle
No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

Ah, thank you... now, would you happen to have a very simple iptables firewall script? One that does NAT and very basic routing?
I searched around and even the firewalls labelled "simple" were too complex for me. I'de like to just start out with internet access and then work my way up as I learn.

Check the linux FAQ thread and this forum. Some very basic rules were posted not too long ago. IPTables confuses the heck out of me, so I cant really help you

 

[smp]

Originally posted by: n0cmonkey

Originally posted by: smp

Originally posted by: cleverhandle No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

Ah, thank you... now, would you happen to have a very simple iptables firewall script? One that does NAT and very basic routing? I searched around and even the firewalls labelled "simple" were too complex for me. I'de like to just start out with internet access and then work my way up as I learn.

Check the linux FAQ thread and this forum. Some very basic rules were posted not too long ago. IPTables confuses the heck out of me, so I cant really help you

Well, if it confuses you too then I don't feel that lame anymore
Thanks.

 

[n0cmonkey]

Originally posted by: smp

Originally posted by: n0cmonkey

Originally posted by: smp

Originally posted by: cleverhandle No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

Ah, thank you... now, would you happen to have a very simple iptables firewall script? One that does NAT and very basic routing? I searched around and even the firewalls labelled "simple" were too complex for me. I'de like to just start out with internet access and then work my way up as I learn.

Check the linux FAQ thread and this forum. Some very basic rules were posted not too long ago. IPTables confuses the heck out of me, so I cant really help you

Well, if it confuses you too then I don't feel that lame anymore
Thanks.

If I took the time to RTFM and play with it a bit, I would have no trouble learning it. You wouldnt either.

 

[smp]

Originally posted by: n0cmonkey

Originally posted by: smp

Originally posted by: n0cmonkey

Originally posted by: smp

Originally posted by: cleverhandle No, no... just do it now. Skipping it just means that you're leaving the old modules on the system and not installing the new ones. A lot of times, this doesn't really matter - only a big deal when you switch from having an option built-in to modular, and find that the module you were expecting is missing. Usually, you don't notice, because old modules from the same kernel version are not removed when the new ones are installed.

Ah, thank you... now, would you happen to have a very simple iptables firewall script? One that does NAT and very basic routing? I searched around and even the firewalls labelled "simple" were too complex for me. I'de like to just start out with internet access and then work my way up as I learn.

Check the linux FAQ thread and this forum. Some very basic rules were posted not too long ago. IPTables confuses the heck out of me, so I cant really help you

Well, if it confuses you too then I don't feel that lame anymore Thanks.

If I took the time to RTFM and play with it a bit, I would have no trouble learning it. You wouldnt either.

I'm working on it. All day today I've been reading the iptables howto, it's confusing. Yes, my job is lame I do nothing all day but post on BBS's and read howto's.

 

[Barnaby W. Füi]

i am by far no iptables guru, i've been using it for a while, and i've read quite a few tutorials/howtos/etc on it, and i understand some of the fundamentals but others just escape me. IMO the syntax is crap, but then again like anything else, its not bad if you get to know it. i need to look at ipf and ipfw sometime.

anyways here is my iptables script:

#!/bin/sh

#if needed change eth0 to your actual internet interface
INET_IP=`ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/addr://'`

#same deal but lan interface
LAN_IP=`ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/addr://'`

IPT="/sbin/iptables"

/sbin/depmod -a

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

echo 0 > /proc/sys/net/ipv4/ip_forward

$IPT -A INPUT -t filter -i lo -j ACCEPT
$IPT -A INPUT -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -t filter -i eth0 -m state --state NEW,INVALID -j DROP

#from lan
$IPT -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPT -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -t filter -i eth0 -m state --state NEW,INVALID -j DROP

#nat
$IPT -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

##open ports
#ssh
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 22 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 22 -j ACCEPT
#mail
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 25 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 25 -j ACCEPT
#dns
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 53 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 53 -j ACCEPT
#http
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 80 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 80 -j ACCEPT
#others
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 300 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 300 -j ACCEPT
$IPT -A FORWARD -t filter -p tcp -i eth0 --dport 6667 -j ACCEPT
$IPT -A INPUT -t filter -p tcp -i eth0 --dport 6667 -j ACCEPT

#this is for bind, you dont need it, in fact i myself need to look up whether bind 9 still needs this..
$IPT -A INPUT -p UDP -s 0/0 --source-port 1024:65535 -j ACCEPT

$IPT -A INPUT -t filter -i eth0 -m state --state NEW,INVALID -j DROP
$IPT -A FORWARD -t filter -i eth0 -m state --state NEW,INVALID -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward

 

[n0cmonkey]

Originally posted by: BingBongWongFooey
i am by far no iptables guru, i've been using it for a while, and i've read quite a few tutorials/howtos/etc on it, and i understand some of the fundamentals but others just escape me. IMO the syntax is crap, but then again like anything else, its not bad if you get to know it. i need to look at ipf and ipfw sometime.

I think Ive posted a PF/IPF conf file in here before. If you want one to look at, Ill clean mine up a bit and post it.

 

[Barnaby W. Füi]

Originally posted by: n0cmonkey

Originally posted by: BingBongWongFooey
i am by far no iptables guru, i've been using it for a while, and i've read quite a few tutorials/howtos/etc on it, and i understand some of the fundamentals but others just escape me. IMO the syntax is crap, but then again like anything else, its not bad if you get to know it. i need to look at ipf and ipfw sometime.

I think Ive posted a PF/IPF conf file in here before. If you want one to look at, Ill clean mine up a bit and post it.

please do

edit: oh yeah, its pf. pf and ipf...there's an ipfw somewhere isnt there?

 

[Sunner]

PF rocks!

I used IPchains for a while, but thanks to n0c I started looking at OpenBSD, which lead me to IPF, which was really good, and OpenBSD in turn lead me to PF which was even better.

Oh and smp, to make sure I don't stray too far off topic, have you looked here?
Contains lots and lots of good info.

 

[n0cmonkey]

Originally posted by: BingBongWongFooey

Originally posted by: n0cmonkey

Originally posted by: BingBongWongFooey
i am by far no iptables guru, i've been using it for a while, and i've read quite a few tutorials/howtos/etc on it, and i understand some of the fundamentals but others just escape me. IMO the syntax is crap, but then again like anything else, its not bad if you get to know it. i need to look at ipf and ipfw sometime.

I think Ive posted a PF/IPF conf file in here before. If you want one to look at, Ill clean mine up a bit and post it.

please do

edit: oh yeah, its pf. pf and ipf...there's an ipfw somewhere isnt there?

ipfw is the firewall included with FreeBSD and Mac OS X. Its available in ports for NetBSD and OpenBSD. Ill work on the firewall ruleset.

 

[n0cmonkey]

Here are my sloppy pf rules. I havent gotten around to fixing them up yet.

DNS = "{4.2.2.1, 4.2.2.2, 4.2.2.3}"
EXT_IF = "dc0"
MAC = "10.10.10.10" #iBook through wireless
SHELL = "192.168.1.101" #Shell server/webserver
WIRELESS = "10.10.10.1" #Wireless ip on firewall
INT_NET = "192.168.1.0/24" #Internal wired ip range
INT_GW = "192.168.1.100" #internal interface on firewall

nat on dc0 from 192.168.130.0/24 to any -> "dc0"
nat on dc0 from 10.132.0.0/24 to any -> "dc0"

rdr on dc0 proto tcp from any to "dc0" port 80 -> $SHELL port 80
rdr on dc0 proto tcp from any to "dc0" port 22 -> $SHELL port 22
rdr on dc0 proto tcp from any to "dc0" port 443 -> $SHELL port 443



block in all

pass in quick on lo0 from 127.0.0.1 to 127.0.0.1
block in quick on dc0 from any to any flags FUP/FUP

block in quick on dc0 from 10.0.0.0/8 to any
block in quick on dc0 from 172.16.0.0/12 to any
block in quick on dc0 from 192.168.0.0/24 to any
pass in quick on dc0 proto tcp from any to any port 22 flags S/SA keep state
pass in quick on dc0 proto tcp from any to any port 80 flags S/SA keep state
pass in quick on dc0 proto tcp from any to any port 443 flags S/SA keep state
pass in log quick on dc0 proto tcp from $DNS to any port 53 keep state
pass out log quick on dc0 proto udp from any to $DNS port 53 keep state


pass out quick on dc0 proto tcp from any to any flags S/SA keep state
pass out quick on dc0 proto udp from any to any keep state
pass out quick on dc0 proto icmp from any to any
block in on dc0 from any to any

pass in quick on wi0 from $MAC to any flags S/SA keep state
pass in quick on wi0 from $WIRELESS to any flags S/SA keep state
pass in quick on wi0 from any to any flags S/SA keep state
pass in quick on wi0 from $MAC to $WIRELESS keep state
pass out quick on wi0 from $WIRELESS to any keep state

pass in quick on ep1 from $INT_NET to any keep state
pass out quick on ep1 from $INT_GW to $INT_NET keep state

 

[slackware1995]

I realize that my post is late, but to help others later.

1. untar kernal
2. make mrproper
3. make menuconfig (or xconfig)
4. make dep
5. make bzImage
6. make modules
7. make modules_install
8. make install
9. reboot

make install convieneintly copies all files and runs lilo for you.

After reboot type "uname -a" to see what you are running.

My output:

R [8] wall /usr/src/linux -> uname -a
Linux wall 2.2.16 #5 Sun Mar 3 17:09:57 EST 2002 i586 unknown

(Dont laugh to much, it is an ancient Pentium 200mmx running as a router )

 

[smp]

It's nights like these that make me think I have some sort of learning disability or something :\

I have recompiled the kernel okay, I did this on a secondary machine up here that is a bit faster than the one downstairs and to avoid any downtime. My current router is that machine downstairs so I just pulled this hard drive and left the old one in there and the router running. I now have this newly installed debian on this hard drive up here on another BX board and I have recompiled the kernel with it. I then take the drive downstairs and it doesn't load any of the modules that I've compiled into the kernel...
Okay now, I'm still a noob and modules and kernel recompiles are new to me, but I thought that you compile modules into the kernel and that's it .. why can't it find them on startup? This really sucks because for some reason with this new kernel my eth's aren't coming up, my usb core is not found (USB keyboard down there) and that leaves me with a crippled box that I can't do anything with, not even a three finger salute, I have to just switch it off.
What have I done wrong?


edit: I can't even plug a PS2 keyboard in there because the PS2 ports are toast :\
Only option is moving the drive back up here to this other machine, it boots fine, but of course, there is no nic no nothing. Am I supposed to insmod or something? What gives?