Ipchains ??

jabble · 10-19-2001, 06:56 AM

i'm facing some problems while workin' with ipcahins.
is it a good firewall for network?

when i implemented some policies with one system,it works fine.
but for network . . . . .

i want to block all outgoin' traffic from port 80.so i implemented the policy on the gateway (giving network mask).
the policy works absolutely fine on a single sys.
but doesn't work on the whole network.

our administrator says that ipchains isn't a very flexible n efficient firewall and rather we shd choose some other one.
what do u people say?

thanks in advance.
jabble.

Aussie · 10-19-2001, 08:08 AM

What kernel are you using?

Griffon26 · 10-19-2001, 01:31 PM

I never really got into ipchains much, but now I use iptables (kernel 2.4.x) and the rules are very intuitive (or at least, they can be if you setup your script the right way).

Don't think there is much you can't do with it.

If your administrator claims it's not very flexible, then maybe he can give some examples of things that are hard to do with ipchains. Then you can both see if he's right and also if other solutions are more flexible.

Cpare · 10-19-2001, 04:08 PM

I run a RH7.1 router using only IPCHAINS and I am very happy with the protection/access it gives my home network of 6 machines, it even allows me to VPN into the company I work for from my NT4 box(I Know, I Know).

jabble · 10-20-2001, 03:37 AM

we're using redhat kernel 2.4.x here.
maybe then we aren't implementing it properly if it works properly.

we were just trying to block the outgoing traffic frm some ports from all machines except one on network.
the netwk admin says that either we can block the whole traffic or not block at all or specify each system sigularly.

guess i shd study this properly.

DavidPhillips · 10-22-2001, 01:02 AM

you build your chains with an interface or an ip or group of ips.

so if everybody is on one interface you have to use ips to set different rules for users.

To designate a network put -s 192.168.0.0/24 or whatever your network is.

This is very possible and I am using ipchains and iptables now, I have a machine on the internet with iptables and one inside the lan with ipchains.

ipmasqadm is good with ipchains if you want to do port forwarding.

it's not needed with iptables

I am going to be setting up VPN soon.

I will probably set up a vpn connection to my house, but will also need one at work.

I have seen that iptables will not work..

I am hoping this is a myth.

Anybody know for sure.