/usr/ucb/cc.There is a bug in Solaris. Basically you have to add a rule allowing the TCP Reset to leave. So let's say that you want to return-rst on ident, port 113, so that sending mail doesn't give long delays, and IRC work:
#return-rst for identThe first rule just blocks with return-rst, the second rule allows packets out from port 113 with the RESET flag.
block return-rst in quick on ppp0 proto tcp from any to any port = 113
pass out quick on ppp0 proto tcp from any port = 113 to any flags R/RSFUP
/usr/ucb/cc.Sun has a compiler usually installed in /usr/ucb/cc. Unfortunately, it's a really expensive compiler that doesn't ship with Solaris by default. Fortunately, since Solaris 8, they've included gcc for you on the Solaris Companion CD, it's a package calledSFWgcc.
If you're using and older version of Solaris you can get gcc from SunFreeware.com.
You must use the cc with SUNWspro - gcc will not work. SUNWspro is available from Sun, you get a demo license.
Type isainfo -vk. Note that Solaris x86 only runs in 32-bit mode.
No. Some experimental versions of gcc 3.x are reported to build 64-bit binaries. Use these at your own risk
Sun's Forte Compiler can make 64 bit modules. This compiler is not standard with the OS, you have to buy it separately. However, there is a "try-and-buy" version which you can install, and use for a limited time. You can get this time limited version on cdrom or you can download it from Sun.com. Note that the download is very large.
Some generous individuals have made available precompiled IPF binaries for 64-bit machines. Try http://www.maraudingpirates.org/ipfilter/.
First select "ipfx", and install that subpackage. When pkgadd completes, rerun pkgadd and then install the "ipf" sub-package.
No. IPF on Solaris only operates as a Layer 3 device (router). This means you need distinct subnets for each host interface.
Solaris's/etc/systemis consulted when booting, so you can modify IPF kernel parameters there, for example:
* * ipf: adjust the default tcp timeouts downward so that * idle (dead) and half closed states get killed off quicker. set ipf:fr_tcpidletimeout = 172800 set ipf:fr_tcphalfclosed = 7200 * * ipf: adjust the state table sizes so we have enough buckets. * IPSTATE_MAX (=fr_statemax) should be ~70% of IPSTATE_SIZE * IPSTATE_SIZE (=fr_statesize) has to be a prime number set ipf:fr_statemax = 7000 set ipf:fr_statesize = 10009 * * ipf: adjust the NAT table sizes so we have enough buckets. * generally you have fewer than 127 rules in ipnat.conf * so no need to waste memory for more. set ipf:ipf_nattable_sz = 10009 set ipf:ipf_natrules_sz = 127 set ipf:ipf_rdrrules_sz = 127
Solaris8 on Sparc is straightforward, however, doing this on Intel requires a tweak. Here's instructions for both platforms:
That should be it.
- Get Squid-2.4STABLE1
- Get and apply the 6 patches at http://www.squid-cache.org/Versions/v2/2.4/bugs/
save these as the-patch-filename.patch
$ for file in `ls *.patch`
> do
> echo "applying patch $file..."
> patch -p0 < $file
> done
- Edit out the ipv6 struct as described in http://marc.theaimsgroup.com/?l=ipfilter&m=99557783205895&w=2
Now for Solaris 8 on Sparc you are ready to go:
# ./configure --enable-ipf-transparent ; make
But for Solaris 8 on x86 you need two more steps...
- First solve the va_args issue with gcc 2.95.2 on x86
# diff -c src/client_side.c.orig src/client_side.c
*** src/client_side.c.orig Thu Jul 19 17:41:12 2001#
--- src/client_side.c Thu Jul 19 17:41:45 2001
***************
*** 37,42 ****
--- 37,45 ----
#if IPF_TRANSPARENT #if HAVE_SYS_IOCTL_H + #if defined(va_start) /* dirty hack. sol7/8 x86 + gcc 2.95.2 */ + #define _SYS_VARARGS_H + #endif #include#endif #include
- Next solve the #define free issue (WTF?)
# diff -c src/squid.h.orig src/squid.h
*** src/squid.h.orig Thu Jul 19 17:38:57 2001 --- src/squid.h Thu Jul 19 17:40:26 2001 *************** *** 403,411 **** #ifndef malloc #define malloc + #endif ! #ifndef free ! #define free + ! #endif #ifndef calloc #define calloc + #endif --- 403,411 ---- #ifndef malloc #define malloc + #endif ! //#ifndef free ! //#define free + ! //#endif #ifndef calloc #define calloc + #endif#
- Now finally for Solaris8 x86 you can
# ./configure --enable-ipf-transparent ; make