LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-04-2002, 04:02 PM   #1
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
ipchains?? iptables? whats goin on?


I upgraded my RH7 to RH7.2.

When i tried to initiate my ipchains script it said ipchains is not support in this kernel. (2.4.7-10) So i tried to see if RH at least put iptables on the disk. nope. well finally i became crafty for once today and said modprobe ipchains. Well it worked and the script went through, but my question is how do I get iptables (i hear its better). Also is there a script I could have to use iptables so I won't have to learn iptables right now. ( I plan on learning them, but now until the inet connection is back up.)

Thanks in advance.
 
Old 03-04-2002, 06:33 PM   #2
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
I have a script that one of the security moderators uploaded. I don't know where it is located anymore but if you e-mail me I can send it to you. Iptables is installed on RH7.2 by default at least it was when I did the install. You need to run setup to disable ipchains in order to run iptables. You can also completely remove ipchains, to do this you must do the following.

rpm -e lokkit (default firewall)
rpm -e ipchains

I really like iptables but then again I never played with ipchains. If you need any instructions on setting it up or want any special things let me know and I will try and help.
 
Old 03-05-2002, 10:25 AM   #3
jimval7
Member
 
Registered: Jan 2002
Location: Dallas, TX
Distribution: RedHat 7.0 - Kernel 2.4.17
Posts: 95

Rep: Reputation: 16
iptables

Below is a the link to get the latest iptables and a small script to get things going, remember its a small script just to get you going:

http://netfilter.samba.org/

#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.4.x kernels using IPTABLES.
echo -e "\n\nLoading simple rc.firewall \n"
# The location of the 'iptables' program
IPTABLES=/usr/local/sbin/iptables
echo -en " loading modules: "
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
#
# CRITICAL: Enable IP forwarding since it is disabled by default since
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=TRUE
echo " enabling forwarding.."
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
#
# Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP
#
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
#$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
#$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
$IPTABLES -P FORWARD ACCEPT
#$IPTABLES -t nat -F

echo " Enabling SNAT (MASQUERADE) functionality on eth0"
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to x.x.x.x <- put your public ip address here
$IPTABLES -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t nat -L -n
echo -e "\nrc.firewall-2.4 done.\n"
 
Old 03-05-2002, 01:27 PM   #4
lhoff
Member
 
Registered: Jun 2001
Location: Chicago
Distribution: Mandrake 10.0 Official
Posts: 181

Rep: Reputation: 30
Pardon me for chiming in, but I have a newbie question to ask:

If I were to run your firewall script, how would I (a) run it at this moment and (b) set it up to be run at boot time? (I'm not yet versed in writing and running UNIX-style scripts...)

Thanks!
 
Old 03-05-2002, 01:38 PM   #5
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
first you would copy the entire script into a file using a text editor such as pico. Then you would use chmod to add the appropriate executable flags (ie chmod -x name_of_file). Once you have done this the next thing you do is type in
./location/of/file/name_of_file

that will start the file.
To make it run at startup you will need to edit oen of your startup scripts and append it in there. I am running Redhat and this is how I did it.

Assume the following:
firewall script is named firewall.txt
located in /root

I edited the file /etc/init.d/network

it should look something like this:
#askdjf
#
#

start)
asdf
sdaf
v
v
v
. /root/firewall.txt
;;
stop)
more stuff continues


I personally like to stat mine from this location b/c it is then imediately started after my NIC cards are loaded.
 
Old 03-05-2002, 02:12 PM   #6
lhoff
Member
 
Registered: Jun 2001
Location: Chicago
Distribution: Mandrake 10.0 Official
Posts: 181

Rep: Reputation: 30
Pardon me for chiming in, but I have a newbie question to ask:

If I were to run your firewall script, how would I (a) run it at this moment and (b) set it up to be run at boot time? (I'm not yet versed in writing and running UNIX-style scripts...)

Thanks!
 
Old 03-06-2002, 07:35 PM   #7
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Original Poster
Rep: Reputation: 30
i installed iptables-1.2.4-2.i386.rpm and I found the binary 'iptables' in /sbin. When i tried to run a IPtables script it failed. An gave me an error message. Here is a chunk of it:

dule: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

The last line scares me the most because I would think RH7.2 would have an appropriate kernel. The kernel version is 2.4.7-10.

Thanks in advance.
 
Old 03-08-2002, 11:31 AM   #8
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
Quote:
i installed iptables-1.2.4-2.i386.rpm and I found the binary 'iptables' in /sbin. When i tried to run a IPtables script it failed. An gave me an error message. Here is a chunk of it:
the way i think it has to be done is you either need to run setup and turn iptables on and make sure ipchains is off. If ipchains is on iptables won't work. If you don't have iptables started on setup then you need to do a insmod or modprobe at least on iptables to make it work.

an easy way to check if iptables is working is:
iptables -L
this will list what is currently in the main set of tables.
 
Old 03-08-2002, 05:45 PM   #9
Sylhouette
Member
 
Registered: Oct 2001
Location: Beverwijk (Holland
Distribution: Red Hat 7.1
Posts: 132

Rep: Reputation: 15
With the command ntsysv you can select or deselect al the things you want to run at startup (if they are installed)

To start the firewall you can also put a line in /etc/rc.d/rc.local
like /root/firewall (if your firewall is called firewall and is located in /root

The way bbenz3 does it works also and is maybe more secure!!

The second way to start it is to get it going only when a adsl or cable connection is enabled
then you can put a file called ip-up.local in /etc/ppp

In the file ip-up.local add the line
/root/firewall (for example)
do a chmod 755 ip-up.local

Now when a connection is made the firewall starts up.
 
Old 03-08-2002, 05:45 PM   #10
Sylhouette
Member
 
Registered: Oct 2001
Location: Beverwijk (Holland
Distribution: Red Hat 7.1
Posts: 132

Rep: Reputation: 15
With the command ntsyv you can select or deselect al the things you want to run at startup (if they are installed)

To start the firewall you can also put a line in /etc/rc.d/rc.local
like /root/firewall (if your firewall is called firewall and is located in /root

The way bbenz3 does it works also and is maybe more secure!!

The second way to start it is to get it going only when a adsl or cable connection is enabled
then you can put a file called ip-up.local in /etc/ppp

In the file ip-up.local add the line
/root/firewall (for example)
do a chmod 755 ip-up.local

Now when a connection is made the firewall starts up.
 
Old 03-10-2002, 01:36 PM   #11
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Original Poster
Rep: Reputation: 30
I changed the config with ntsysv. I deselected ipchains. ipchains and iptables were both selected i restarted. I ran my script again and i got the same errors about a busy resource.

Any ideas? I'm stumped.
 
Old 03-10-2002, 05:02 PM   #12
Sylhouette
Member
 
Registered: Oct 2001
Location: Beverwijk (Holland
Distribution: Red Hat 7.1
Posts: 132

Rep: Reputation: 15
You could try to compile your kernel again with all the netfilter options on

I do not know why the modules are not found

But you could try to install the kernel-source rpm its takes about 105 Mb on your disk but there are the modules.

And also upgrade the 7.2 OS run rhn_register and up2date


Succes
 
Old 03-10-2002, 05:32 PM   #13
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
try this:
insmod iptables
iptables -L
and see what you get.
if that works then try running your script and then do the "iptabels -L" again.
 
Old 03-11-2002, 11:41 AM   #14
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Original Poster
Rep: Reputation: 30
ok, i used up2date yesterday March 10th. There were not any updates expect for OpenSSH. I did an insmod on ip_tables thats the module in see in /usr/src/linux/.../netfilter/ip_tables.o
I get those error message when i do the iptables -L and also the insmod ip_tables. I will try the kernel source RPM's if it won't hurt my system. If it won't damage my box where can i get the RPM?

Anyway I though that ipchains would not work in kenerl 2.4.x I'm using it right now to MASQ internal traffic?!

Thanks in advance.
 
Old 03-11-2002, 12:33 PM   #15
bbenz3
Member
 
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284

Rep: Reputation: 30
you can't use both ipchains and iptables. in order for iptables to work ipchains must be turned off in setup and then do a restart. I found this out the hardway. Try doing that and see if that could be the problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipchains and iptables RH 7.3 nepcw Linux - Security 5 04-15-2004 07:07 PM
ipchains vs iptables bulliver Linux - Security 4 12-10-2002 03:43 PM
Ipchains And Iptables d-rez Linux - Newbie 3 05-29-2002 12:55 PM
ipchains or iptables munisp Linux - Networking 6 12-15-2001 11:45 AM
iptables vs ipchains jabble Linux - General 2 12-09-2001 02:34 AM


All times are GMT -5. The time now is 11:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration