Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] IPChains -> IPTables
- Date: Fri, 7 Jun 2002 17:10:14 +0900
- From: "lists" <lists@example.com>
- Subject: [tlug] IPChains -> IPTables
- References: <F38J3sl3xbYiMCIqtQv0000eca0@example.com> <004101c20dd7$2067abb0$5f00a8c0@example.com> <20020607125424.C271@example.com> <20020607134130.A1591@example.com> <001501c20dec$e9bb14b0$5f00a8c0@example.com>
Thanks for the pointers for far with getting me started on this.
I'm still getting a few errors, but almost there.
This was my old ipchains ruleset:
# cat current.ipchains
/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ
I looked around for the equivalent flags for iptables, and google led me to
this conversion tool:
http://lists.samba.org/pipermail/netfilter/1999-September/002499.html
# cat current.ipchains | /home/admin/ipchains2iptables >new.iptables
# cat new.iptables
/sbin/iptables -F FORWARD
/sbin/iptables -F FORWARD
/sbin/iptables -F FORWARD
# /sbin/iptables ### Remove -M. Remove -S 7200 10 160.
/sbin/iptables -A FORWARD -j ACCEPT -i eth0 -s 0/0 -p udp --sport 68 -d
0/0 --dport 67 ### Suggestion: "-o IF-of-0/0".
/sbin/iptables -P FORWARD DENY
/sbin/iptables -A POSTROUTING -t nat -A FORWARD -o eth0 -s 192.168.1.0/24 -j
MASQUERADE ### Suggestion: "-i IF-of-192.168.1.0/24".
#The following modules may be needed - insert by hand if not autoloaded:
#ipt_udp
#iptables
-----
I added these into /etc/rc.d/rc.local, and when I ran it I got
SIOCADDRT: <mojibake>
iptables: Bad built-in chain name
iptables v1.2.3: Can't use -A with -A
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/rc.local: /proc/sys/net/ipv4/ip_always_defrag: <mojibake>
-----
Not sure where the SIOADDRT is coming from. (Does anyone know of an ssh
client that will allow me to view Japanese from the remote machine?)
Bad built in chain name... Not sure about this either
Can't use -A with -A : I assume this is talking about the line with
POSTROUTING in it... any other way I can handle this?
The last line refers to what I had at the end of my original rc.local
script:
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
echo "1" > /proc/sys/net/ipv4/ip_forward
Do I need these with 7.2/iptables? I'll try without and see what happens...
Shawn
- Follow-Ups:
- [tlug] Sendmail Not Working?
- From: lists
- [tlug] Sendmail Not Working?
- References:
- [tlug] Secret Cabal TLUG ML?
- From: Jean-Christian Imbeault
- [tlug] RH 6.2 -> 7.2 : Masq and PHP/MySQL problems
- From: lists
- Re: [tlug] RH 6.2 -> 7.2 : Masq and PHP/MySQL problems
- From: Matt Doughty
- Re: [tlug] RH 6.2 -> 7.2 : Masq and PHP/MySQL problems
- From: Jim Tittsler
- Re: [tlug] RH 6.2 -> 7.2 : Masq and PHP/MySQL problems
- From: lists
- [tlug] Secret Cabal TLUG ML?
- Prev by Date: [tlug] Which is faster fgrep or cat | grep
- Next by Date: Re: [tlug] viewing full hostname ins 'last'
- Previous by thread: Re: [tlug] RH 6.2 -> 7.2 : Masq and PHP/MySQL problems
- Next by thread: [tlug] Sendmail Not Working?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |