iptables needs to be compiled after the kernel is compiled to at least make dep

If you do this before cleaning the old kernel, it's back to "undesired" results..

should i redo the make and make install for iptables (with the *correc* kernel dir)before doing the kernel make etc.?

No. best stick to the correct order..

We don't know if the sources and the current kernel match, and it would be a disaster to disconnect yourself..

im @ make menuconfig ... anything i should look out for?

Start with saying Y to your IDE controller and DMA
Include IDE/ATA-2 DISK support =Y
Use multi-mode by default = Y
Generic PCI bus-master DMA support = Y
VIA82CXXX chipset support = Y
The other drivers in this sub section can be modules or N

For your network controller
VIA Rhine support = Y
and if there are any others you may likely use, make modules, otherwise N

For Netfilter Configuration
I make most things = Y
but for the moment, I suggest make modules.
I use = N for ARP tables, ipchains and ipfwadm

In Networking Options, I disable IPV6 and anything else I'm not going to use

For speed in compiling, and coz it's a server, it doesn't use USB, sound, or anything fancy for graphics.
Nothing like that works over ssh anyway..

In Cryptographic options, I say Y to MD5, AES, SHA1, DES/3DES
These are all commonly used with ssh, shadow passwords and SSL
You can make the rest modules..

The rest of the configuration is as you would normally do.
I don't make a bzImage coz there's no trouble with disk space, so I just
make && make modules && make install && make modules_install
then adjust /etc/lilo.conf

OK...
IDE
multi-mode by default is currently not selected - I add it...

others are already built-in (+AMD & Nvidia support, generic PCI bus-master DMA, PROMISE PDC202 support, PNP EIDE, PC IDE chipset, Sharing PCI IDE interrupts, Boot off-board chipsets 1st)

Networking
VIA Rhine is allready included
Netfilter is a Y but all the IPtables options (or a bunch of them anyhow) are modules...

...think i can safely turn off acorn econet networking (but i'll leave other selected stuff on)

all ok until cryptographic options - the only option within that is cryptographic api which is off; so i switch it on and lo! all the aforesaid options become available to me (I notice that on my other 2.4 kernel server, this option is off also, but ssh works OK hmmm)...

ok kernel saved...
should i do a
make dep
...before i then do
make
make modules
make install
make modules_install

? does the new kernel automatically get installed then and the 2.6.6 one that we were setting up before get uninstalled? or is there anything else i gotta do (sorry for being nervous). Before when i have done this i did:
make dep
make-kpkg clean
fakeroot make-kpkg --revision=custom.1.0 kernel_image
dpkg -i kernel-image-2.4.23_custom.1.0_i386.deb


(as per http://www.projektfarm.com/en/suppor...l_compile.html)

ps does this mean anything to you?

I just checked /boot/grub/menu.lst and it has this sort of stuff in it:

title Debian GNU/Linux, kernel kernel.2.6.10 Default
root (hd0,0)
kernel /vmlinuz root=/dev/hda2 ro
savedefault
boot

title Debian GNU/Linux, kernel kernel.2.6.10 Default (recovery mode)
root (hd0,0)
kernel /vmlinuz root=/dev/hda2 ro single
savedefault
boot

title Debian GNU/Linux, kernel installkernel2.6.10
root (hd0,0)
kernel /vmlinuz-installkernel2.6.10 root=/dev/hda2 ro
savedefault
boot


... and if i ls /vmlinuz i see
/vmlinuz -> boot/vmlinuz-2.6.8-2-686


whereas lilo.conf says:
default=Linux

image=/boot/vmlinuz
label=Linux
read-only

...and .../boot/vmlinuz -> vmlinuz-kernel.2.6.10

--- multi-mode by default is currently not selected - I add it... ---
Debian by default makes you use hdparm to setup disks.
I find this auto function much better if the IDE driver is compiled in..

--- others are already built-in (+AMD & Nvidia support, generic PCI bus-master DMA, PROMISE PDC202 support, PNP EIDE, PC IDE chipset, Sharing PCI IDE interrupts, Boot off-board chipsets 1st) ---
According to lspci, you have a VGA compatible controller: VIA Technologies, Inc. VT8378 [S3 UniChrome] Integrated Video (rev 01) not nvidia device.. So it can be removed. The standard vga driver works fine if no-one logs on via a keyboard and monitor..
The PROMISE PDC202 can also go, just have the via-rhine compiled in.
Boot off-board chipsets 1st is a dangerous option coz everything is on the motherboard, rather than on cards.. slows the boot down.

--- Netfilter is a Y but all the IPtables options (or a bunch of them anyhow) are modules. ---
Cool..

--- ok kernel saved...should i do a make dep ...before i then do make make modules make install make modules_install ---
The make dep is part of the first make now, for the 2.6 series..
So make also does the kernel and modules..
So you can do make && make install && make modules_install

Then setup iptables config before building it..

The lilo stuff comes last, once everything has been checked a couple of times..

The make install will put the kernel into /boot and adjust the symlinks, and if /etc/lilo.conf is an original, will ask to run lilo to read the new kernel and System.map..
These need to be confirmed before rebooting tho'.. checking symlinks etc..

For iptables, if you have already done a make install, please do {b] ./configure --help[/b] to get the locations of the executables.
If you have removed ipv6 support from the kernel, you can also add an option to not build support into iptables..

Then do as you did earlier and make new libraries and executables.

Then check /etc/init.d/iptables and make sure the correct locations of the executables are listed
When iptables is updated by apt-get upgrade, it won't overwrite the custom version, but will ask about replacing the modified /etc/init.d/iptables startup script. If you uninstall the iptables package, copy the /etc/init.d script first..

Please send me your email address via the email button at the bottom of the posts.
I would like to see the finished .config file and the /etc/init.d/iptables files.
I am told they are quite different in sarge from woody..

couple of errors during the make:
drivers/pci/bus.c:98: error: redefinition of `pci_bus_add_device'
drivers/pci/bus.c:79: error: `pci_bus_add_device' previously defined here
make[2]: *** [drivers/pci/bus.o] Error 1
make[1]: *** [drivers/pci] Error 2
make: *** [drivers] Error 2


.. don't spose these matter , i'll continue...

make install
CHK include/linux/version.h
make[1]: `arch/i386/kernel/asm-offsets.s' is up to date.
CHK include/linux/compile.h
CHK usr/initramfs_list
CC drivers/pci/bus.o
drivers/pci/bus.c:98: error: redefinition of `pci_bus_add_device'
drivers/pci/bus.c:79: error: `pci_bus_add_device' previously defined here
make[2]: *** [drivers/pci/bus.o] Error 1
make[1]: *** [drivers/pci] Error 2
make: *** [drivers] Error 2

nothing went into /boot i don't think, boot looks like this:
lrwxrwxrwx 1 root root 17 Jan 17 10:10 System.map -> System.map.2.6.20
-rw-r--r-- 1 root root 559088 Jan 17 00:38 System.map-2.4.18-bf2.4
-rw-r--r-- 1 root root 842713 Jan 24 04:58 System.map-2.6.8-2-686
-rw-r--r-- 1 root root 837687 Jan 17 09:28 System.map-installkernel2.6.10
-rw-r--r-- 1 root root 837687 Jan 17 10:09 System.map.2.6.20
drwxr-xr-x 3 root root 1024 Feb 17 15:51 boot
-rw-r--r-- 1 root root 512 Jan 17 00:43 boot.0300
-rw-r--r-- 1 root root 512 Jan 17 06:11 boot.0340
lrwxrwxrwx 1 root root 11 Jan 17 00:41 boot.b -> boot-menu.b
-rw-r--r-- 1 root root 308326 Jan 17 06:50 coffee.bmp
lrwxrwxrwx 1 root root 26 Jan 17 09:28 config -> config-installkernel2.6.10
-rw-r--r-- 1 root root 16984 Jan 17 00:38 config-2.4.18-bf2.4
-rw-r--r-- 1 root root 55399 Jan 24 03:54 config-2.6.8-2-686
-rw-r--r-- 1 root root 28257 Jan 17 09:28 config-installkernel2.6.10
lrwxrwxrwx 1 root root 15 Jan 17 06:50 debian.bmp -> /boot/sarge.bmp
-rw-r--r-- 1 root root 153720 Jan 17 06:50 debianlilo.bmp
drwxr-xr-x 2 root root 1024 Feb 17 15:51 grub
-rw-r--r-- 1 root root 4808704 Feb 22 13:01 initrd.img-2.6.8-2-686
drwx------ 2 root root 1024 Jan 17 08:58 lost+found
-rw------- 1 root root 44544 Feb 22 13:58 map
-rw-r--r-- 1 root root 23662 Jan 17 06:50 sarge.bmp
-rw-r--r-- 1 root root 24116 Jan 17 06:50 sid.bmp
lrwxrwxrwx 1 root root 21 Jan 17 10:11 vmlinuz -> vmlinuz-kernel.2.6.10
-rw-r--r-- 1 root root 1263339 Jan 17 00:38 vmlinuz-2.4.18-bf2.4
-rw-r--r-- 1 root root 1170042 Jan 24 04:58 vmlinuz-2.6.8-2-686
-rw-r--r-- 1 root root 1657959 Jan 17 09:28 vmlinuz-installkernel2.6.10
-rw-r--r-- 1 root root 1657959 Jan 17 10:09 vmlinuz-kernel.2.6.10
lrwxrwxrwx 1 root root 20 Jan 17 09:56 vmlinuzold -> vmlinuz-2.4.18-bf2.4

The pci error will need to be seen to before continuing..

Let me know when you have the make working ok..

Right - I have started from scratch, got a new kernel, got it built OK (done make , make install everything fine),
......that was easy

What should i do now to make sure the iptables gets configured ok (and to make sure it reboots alright!)

?