Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ipchains desighned to work with 2.2.x kernels, and iptables with 2.4.x
The major difference is a little bit different syntax, and iptables support forward rule natively - this is espacially handy if you use routers to connect your LAN's
I've been using ipchains for a few years now. A big reason I'm not upgrading to 2.4.* is because I like the syntax and usage of ipchains. I know iptables isn't *that* much different, but until I have some huge need to upgrade, I'm going to stay with 2.2.x.
The only thing that would be nice about iptables is it's native forwarding support, but I've allready installed portfw/masq so ipchains can forward packets anyway.
Originally posted by crealkillerI75 where can i get portfw/masq and how to i install it?
You should probably have it allready with ipchains. See if you have ipmasqadm installed. You also have to compile in the portFW feature into the kernel (or a module, but I always compile in). Then it's just a matter of calling ipmasqadm and setting up the port forwarding.
You should take a look at the HOW-TOs to get a feel on how to use this command, but what I do for Jedi Outcast is this:
/usr/sbin/ipmasqadm portfw -a -P udp -L $MYIP 28060 -R 10.0.0.5 28060
i use ipchains. masqueradin can proabably be started on your computer by doing
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ipchains -P forward DENY
# ipchains -A forward -i eth0 -s 192.168.0.0/24 -d 0.0.0.0 -j MASQ
the first line starts ip forwarding, and the third masqs anything from the 192.168.0.0/255.255.255.0 network (replace with your own LAN settings) though eth0 (internet NIC) .
I am just goin by memory so correct me if i am wrong.
Originally posted by Druaga
# ipchains -A forward -i eth0 -s 192.168.0.0/24 -d 0.0.0.0 -j MASQ
Yeah, you're right. Masquerading going from an inside (private) computer to the outside is easy, I was simply commenting on the ability to re-route packets coming from the outside and going to a private IP address. That line right there is fine for forwarding packets from the private to public internet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.