From a5af71296069ded90819b9ad2e37b51a0c42e116 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Mon, 16 Apr 2007 23:05:09 +0000 Subject: - Merge conntrack and conntrackd changelogs, even if it will be dropped from SVN soon. - Update INSTALL documentation --- INSTALL | 105 ++++++++++++++++++++++++++++++---------------------------------- 1 file changed, 49 insertions(+), 56 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 0de8dc0..1a80dd0 100644 --- a/INSTALL +++ b/INSTALL @@ -1,26 +1,22 @@ -Copyright (C) 2006-2007 Pablo Neira Ayuso +Copyright (C) 2005-2007 Pablo Neira Ayuso -1.Basic Installation -==================== - - To compile and install 'conntrackd' just follow the classical steps: +0.Introduction +============== - $ ./configure - $ make - # make install - # mkdir /etc/conntrackd/ + The conntrack-tools package contains two programs: -2.1. Synchronization Mode -========================= + - conntrack: the command line interface to interact with the connection + tracking system. - Conntrackd can replicate the status of the connections that are currently - being processed by your stateful firewall based on Linux. This section - describes how to setup the daemon in synchronization mode: + - conntrackd: the connection tracking userspace daemon that can be used to + deploy highly available GNU/Linux firewalls and collect + statistics of the firewall use. -2.1.1. Requirements +1. Requirements +=============== - You have to install the following software in order to get conntrackd working, - make sure that you have installed them correctly before going forward: + You have to install the following software in order to get the conntrack-tools + working, make sure that you have installed them correctly before going forward: o linux kernel version >= 2.6.18 (http://www.kernel.org) with support for: - connection tracking system (quite obvious ;) @@ -28,26 +24,45 @@ Copyright (C) 2006-2007 Pablo Neira Ayuso - ctnetlink (ip_conntrack_netlink) - connection tracking event notification API - o libnfnetlink: the netfilter netlink library + o libnfnetlink: the netfilter netlink library available at: + + + + o libnetfilter_conntrack: the netfilter conntrack library available at: + + + +2.Basic Installation +==================== + + To compile and install conntrack-tools just follow the classical steps: + + $ ./configure + $ make + # make install + + Up to this point, the command line interface `conntrack' is ready for use. + However, the userspace daemon so-called `conntrackd' requires some magic + speells to get it working. - Since conntrackd version 0.9.2 you can used the official release availble at - http://www.netfilter.org/projects/libnfnetlink/files/ +3.Setting up conntrackd +======================= - Up to conntrackd version 0.9.1 use the unofficial release available at the - download section + conntrackd currently have two working modes: statistics and synchronization + modes, both details here below. - o libnetfilter_conntrack: the netfilter conntrack library +3.1. Synchronization Mode +========================= - Since conntrackd version 0.9.2 you can used the official release availble at - http://www.netfilter.org/projects/libnetfilter_conntrack/files/ + Conntrackd can replicate the status of the connections that are currently + being processed by your stateful firewall based on Linux. This section + describes how to setup the daemon in synchronization mode: - Up to conntrackd version 0.9.1 use the unnoficial release available at the - download section o Keepalived version 1.x (http://www.keepalived.org) check if your distribution comes with a recent version -2.1.2. Configuration +3.1.2. Configuration 1) Setting up keepalived @@ -142,7 +157,7 @@ Copyright (C) 2006-2007 Pablo Neira Ayuso # echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal -2.2. Statistics mode +3.2. Statistics mode ==================== Conntrackd can also run as statistics daemon, if you are not interested in @@ -150,41 +165,19 @@ Copyright (C) 2006-2007 Pablo Neira Ayuso synchronization mode working. This section details how to setup the daemon in statistics mode: -2.2.1. Requirements - - You have to install the following software in order to get conntrackd working, - make sure that you have them installed correctly before going forward: - - o linux kernel version >= 2.6.18 (http://www.kernel.org) with support for: - - connection tracking system - - nfnetlink - - ctnetlink (ip_conntrack_netlink) - - connection tracking event notification API - - o libnfnetlink: the netfilter netlink library - - Since conntrackd version 0.9.2 you can used the official release availble at - http://www.netfilter.org/projects/libnfnetlink/files/ - - Up to conntrackd version 0.9.1 use the unofficial release available at the - download section - - o libnetfilter_conntrack: the netfilter conntrack library - - Since conntrackd version 0.9.2 you can used the official release availble at - http://www.netfilter.org/projects/libnetfilter_conntrack/files/ +3.2.1. Requirements - Up to conntrackd version 0.9.1 use the unnoficial release available at the - download section + No extra requirements to set up the statistics mode apart from those detailed + in section 1. -2.2.2. Configuration +3.2.2. Configuration Setting up conntrackd in statistics mode is rather easy. Just copy the configuration file # cp examples/stats/conntrackd.conf /etc/conntrackd.conf -2.2.3. Running conntrackd in statistics mode +3.2.3. Running conntrackd in statistics mode To run conntrackd in statistics mode: -- cgit v1.2.3