Updating Debian Etch Kernel to support Layer7

Submitted by Richard on Wed, 12/31/2008 - 04:44

Edit your /etc/apt/source.list file

nano /etc/apt/source.list

Then add the following Debian software repository

deb http://ftp.de.debian.org/debian etch main contrib non-free
deb-src http://ftp.de.debian.org/debian etch main contrib non-free
deb http://www.backports.org/debian etch-backports main contrib non-free

and update it using this command:

apt-get update && apt-get install debian-backports-keyring && apt-get update

Update your server

apt-get install dist-upgrade

Download some packages needed for compiling the kernel in Debian Etch.

apt-get install build-essential kernel-package libncurses5-dev bzip2

Download the Kernel version 2.6.25 from www.kernel.org

cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.tar.bz2

Download the iptables version 1.4.0

wget http://netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2

Download the layer7 version 2.20 and the layer7 protocols

wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.20.tar.gz
wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz

Download the IPP2P package

wget http://www.ipp2p.org/downloads/ipp2p-0.8.2.tar.gz

Untar all the packages and create a symlink of newly downloaded kernel and iptables to your /usr/src directory.

ln -sf /usr/src/linux-2.6.25 /usr/src/linux
ln -sf /usr/src/iptables-1.4.0 /usr/src/iptables

Go to your newly downloaded kernel directory which is /usr/src/linux and patch it with Layer7 patch to support Layer7 packet filtering.

cd linux
patch -p1 < ../netfilter-layer7-v2.20/kernel-2.6.25-layer7-2.20.patch

Copy your previous kernel configuration

cp /boot/config-2.6.18-6-686 ./.config

Start compiling the new Kernel using this command.

make menuconfig

An ncurses-based configuration menu will appear on the screen.

Compiling Linux Kernel, Select load an alternate configuration file

Select Load an alternate configuration file

Compiling Linux Kernel, Select .config

and select .config

Compiling Linux Kernel, Got to Networking –> Networking options –> Network packet filtering framework (Netfilter) –> Core netfilter configuration

Got to Networking –> Networking options –> Network packet filtering framework (Netfilter) –> Core netfilter configuration

Compiling Linux Kernel

then select

<M> Netfilter connection tracking support

And enable Layer7 support

<M> “layer7″ match support
[*] Layer 7 debugging output
Compiling Linux Kernel, Select load an alternate configuration file

select exit and go to IP: Netfilter Configuration

Compiling Linux Kernel

Enable NAT

<M> IPv4 connection tracking support (required for NAT)
<M> Full NAT
Compiling Linux Kernel

Save your new Kernel configuration and type this commands:

make-kpkg clean
make-kpkg --initrd --append-to-version=-l7filter kernel_image kernel_headers

Compiling your new Kernel will take time depending on your processor speed. After the compilation, you can install now your new Kernel.

dpkg -i linux-image-2.6.25-l7filter_2.6.25-l7filter-10.00.Custom_i386.deb
dpkg -i linux-headers-2.6.25-l7filter_2.6.25-l7filter-10.00.Custom_i386.deb

Restart your system.