ipchains and iptables?! waa?

crealkillerI75 · 07-29-2002, 02:07 PM

1)wat the diff between ipchains and iptables ?

2)if there is no diff? with one is better?

reson i ask it cous acording to there discription there the same thing?

danrees · 07-29-2002, 02:13 PM

Iptables is designed to run with kernel 2.4, ipchains is for kernel 2.2.

If you're using a recent kernel/Linux distribution, you will want to use iptables.

Other than that, I'm not sure what the differences are - perhaps Google might shed some light.

crealkillerI75 · 07-29-2002, 02:22 PM

im runing on them on slackware 8.0 2.2.19 ?!

ps: do i realy need both of them???

5amYan · 07-29-2002, 02:50 PM

Note the 2.2.x and 2.4.x comment in danreas post.

They are both packet filters.
IPTables is stateful.
IPChains is not.

crealkillerI75 · 07-29-2002, 03:40 PM

so i should get rid of ipchains then right

5amYan · 07-29-2002, 04:03 PM

if you're running 2.2.x it is your only option (of the two)

neo77777 · 07-29-2002, 06:08 PM

ipchains desighned to work with 2.2.x kernels, and iptables with 2.4.x
The major difference is a little bit different syntax, and iptables support forward rule natively - this is espacially handy if you use routers to connect your LAN's

5amYan · 07-29-2002, 07:18 PM

Quote:

im runing on them on slackware 8.0 2.2.19 ?!

I am assumig 2.2.19 is your kernel. IPCains is your only option til you upgrade your kernel

Ionized · 07-30-2002, 01:11 PM

I've been using ipchains for a few years now. A big reason I'm not upgrading to 2.4.* is because I like the syntax and usage of ipchains. I know iptables isn't *that* much different, but until I have some huge need to upgrade, I'm going to stay with 2.2.x.

The only thing that would be nice about iptables is it's native forwarding support, but I've allready installed portfw/masq so ipchains can forward packets anyway.

5amYan · 07-30-2002, 01:54 PM

Are you the same as crealkillerI75?

Ionized · 07-30-2002, 02:02 PM

Quote:

Originally posted by 5amYan
Are you the same as crealkillerI75?

heh, no. I was commenting on his post

crealkillerI75 · 07-30-2002, 02:54 PM

where can i get portfw/masq and how to i install it?

Ionized · 07-30-2002, 03:56 PM

Quote:

Originally posted by crealkillerI75
where can i get portfw/masq and how to i install it?

You should probably have it allready with ipchains. See if you have ipmasqadm installed. You also have to compile in the portFW feature into the kernel (or a module, but I always compile in). Then it's just a matter of calling ipmasqadm and setting up the port forwarding.

You should take a look at the HOW-TOs to get a feel on how to use this command, but what I do for Jedi Outcast is this:
/usr/sbin/ipmasqadm portfw -a -P udp -L $MYIP 28060 -R 10.0.0.5 28060

Druaga · 08-01-2002, 08:17 AM

i use ipchains. masqueradin can proabably be started on your computer by doing
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ipchains -P forward DENY
# ipchains -A forward -i eth0 -s 192.168.0.0/24 -d 0.0.0.0 -j MASQ

the first line starts ip forwarding, and the third masqs anything from the 192.168.0.0/255.255.255.0 network (replace with your own LAN settings) though eth0 (internet NIC) .
I am just goin by memory so correct me if i am wrong.

Ionized · 08-01-2002, 10:39 AM

Quote:

Originally posted by Druaga

# ipchains -A forward -i eth0 -s 192.168.0.0/24 -d 0.0.0.0 -j MASQ

Yeah, you're right. Masquerading going from an inside (private) computer to the outside is easy, I was simply commenting on the ability to re-route packets coming from the outside and going to a private IP address. That line right there is fine for forwarding packets from the private to public internet.