LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-23-2004, 08:26 PM   #1
slinkyredfoot
LQ Newbie
 
Registered: Aug 2003
Location: Canada
Distribution: Debian, Libranet
Posts: 19

Rep: Reputation: 0
IPCHAINS to IPTABLES


I am reinstalling my router box and will upgrade from kernel 2.2 to 2.4
My existing ruleset for masquerading uses IPCHAINS. If I provide it here, could some great soul intruct me on making the proper edits to make it work with IPTABLES?
Also, if I'm using IPTABLES, what net modules should I be installing to allow the masquerading, and eventually in the future to allow firewalling and maybe port forwarding as I may want to do some type of hosting on my internal LAN.

Thanks,
James

-------------------------------------------------------------------------------------------------------------------

-- the external NIC retrieves IP through DHCP from ISP
-- the internal NIC is assigned static IP info through use of: /etc/network/interfaces
-- the box is running Debian stable BTW

#!/bin/sh
INTLAN="192.168.0.0/24"
INTIF="eth0"
EXTIF="eth1"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
EXTIP="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward REJECT
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ
 
Old 05-24-2004, 05:14 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Almost the same except

/sbin/iptables -A INPUT (INPUT, OUTPUT, FORWARD etc should be in CAPS)

and

/sbin/iptables -A FORWARD -i $EXTIF -s $INTLAN -j MASQUERADE
 
Old 05-24-2004, 05:33 AM   #3
mritch
Member
 
Registered: Nov 2003
Location: austria
Distribution: debian
Posts: 667

Rep: Reputation: 30
have a look at rusty's nat-howto-2.4 www.netfilter.org www.iptables.org for further infos. it has really gotten a more powerful tool.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using ipchains and iptables macburton Linux - Security 8 10-18-2004 02:05 PM
ipchains and iptables both? puzz_1 Linux - General 7 05-29-2003 04:07 PM
ipchains ---> iptables jetfreggel Linux - Networking 2 11-10-2002 03:05 PM
IPCHAINS vs. IPTABLES sancho5 Linux - Networking 5 08-26-2001 08:01 PM
Ipchains vs iptables Vetle Linux - Security 1 08-22-2001 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration