ipfwadm problems

ipfwadm problems

[Kirk]

I'm trying to issue an "ipfwadm" to create ipchains and am getting:

> Generic IP Firewall Chains not in this kernel

Looking for help with re-compiling the 2.4.18-2 (latest from CD's 7.3
install).  Can someone point me in the right direction?

Thanks

Re: ipfwadm problems

[Kirk]

Does iptables have or allow IP Masqurading?  This is really what I'm trying
to do as I have a network behind my linux server (acting as a router) and
need to forward packets from 192.168.0.x to my WAN port on the same Linux
server.  I had this working with ipchains until the upgrade to 2.4.18.

Thanks,
Kirk


----- Original Message -----
From: "Ambrish Verma" <averma@marantinetworks.com>
To: <kirk@scriptdoggie.com>
Sent: Wednesday, May 22, 2002 12:15 PM
Subject: Re: ipfwadm problems


In the new kernels ipchains is not included by default (probably if you put
some effort you can include it.).
There is an alternate for ipchains is available called iptables, with which
you should be able to do most of the things you expect from ipchains.

--
Ambrish


"Kirk" <kirk@scriptdoggie.com> wrote in message
news:011101c201bd$91ccccc0$320e10ac@irvine.hnc.com...
> I'm trying to issue an "ipfwadm" to create ipchains and am getting:
>
> > Generic IP Firewall Chains not in this kernel
>
> Looking for help with re-compiling the 2.4.18-2 (latest from CD's 7.3
> install).  Can someone point me in the right direction?
>
> Thanks
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Re: ipfwadm problems

[Paul Clements]

There should still be ipchains support in 2.4.18, maybe not by default, but
I've got it in my 2.4.18 kernel. You may need to "insmod ipchains", which may
also require "rmmod iptables" first, depending upon how the kernel is being
setup at boot time. At any rate, iptables certainly has all the capabilities
of ipchains plus a lot more (that's why it's so complicated, and why I don't
use it... :). I don't know if "ipfwadm" will still work (that's old 2.0 kernel
stuff), but the ipchains command definitely works on 2.4.18:

titan:/usr/src/linux-2.4.18.PRISTINE# ls -l net/ipv4/netfilter/ipchains_core.c 
-rw-r--r--    1 root     root        50368 Apr 29 10:44 net/ipv4/netfilter/ipchains_core.c

titan:/usr/src/linux-2.4.18.PRISTINE# ipchains -L -n
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  172.17.4.1           0.0.0.0/0             53 ->   1025:65535
ACCEPT     udp  ------  172.17.4.7           0.0.0.0/0             53 ->   1025:65535
icmp       icmp ------  0.0.0.0/0            0.0.0.0/0             * ->   *
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Chain icmp (1 references):
target     prot opt     source                destination           ports
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a

titan:/usr/src/linux-2.4.18.PRISTINE# uname -r
2.4.18


Hope that helps.

-- 
Paul Clements
SteelEye Technology
Paul.Clements@SteelEye.com



On Wed, 22 May 2002, Kirk wrote:

> Does iptables have or allow IP Masqurading?  This is really what I'm trying
> to do as I have a network behind my linux server (acting as a router) and
> need to forward packets from 192.168.0.x to my WAN port on the same Linux
> server.  I had this working with ipchains until the upgrade to 2.4.18.
> 
> Thanks,
> Kirk
> 
> 
> ----- Original Message -----
> From: "Ambrish Verma" <averma@marantinetworks.com>
> To: <kirk@scriptdoggie.com>
> Sent: Wednesday, May 22, 2002 12:15 PM
> Subject: Re: ipfwadm problems
> 
> 
> In the new kernels ipchains is not included by default (probably if you put
> some effort you can include it.).
> There is an alternate for ipchains is available called iptables, with which
> you should be able to do most of the things you expect from ipchains.
> 
> --
> Ambrish
> 
> 
> "Kirk" <kirk@scriptdoggie.com> wrote in message
> news:011101c201bd$91ccccc0$320e10ac@irvine.hnc.com...
> > I'm trying to issue an "ipfwadm" to create ipchains and am getting:
> >
> > > Generic IP Firewall Chains not in this kernel
> >
> > Looking for help with re-compiling the 2.4.18-2 (latest from CD's 7.3
> > install).  Can someone point me in the right direction?
> >
> > Thanks
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at  http://www.tux.org/lkml/
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

Re: ipfwadm problems

[Frank Schaefer]

On Wed, 2002-05-22 at 21:51, Kirk wrote:
> Does iptables have or allow IP Masqurading?  This is really what I'm trying
> to do as I have a network behind my linux server (acting as a router) and
> need to forward packets from 192.168.0.x to my WAN port on the same Linux
> server.  I had this working with ipchains until the upgrade to 2.4.18.
> 

Yes, You have to use the SNAT/DNAT targets in the PREROUTING/POSTROUTING
chains of the NAT table. Recognize, that IP Masquerade is nothing else
than a subset of Network Adress Translation (NAT).

Regards
Frank

BTW: A collegue of mine has the problem, that a host has 4 NICs; 2 to
the LAN and 2 to the internet. Packets coming from LAN NIC 1 shall be
forwarded through WWW NIC 1 and Packets from LAN NIC 2 through WWW NIC
2. Is there any way to perform this on a 2.2.x kernel using ipchains?
And even whorse; They need destination NAT in the reverse manner of the
above.

Re: ipfwadm problems

[Petr Titera]

Frank Schaefer wrote:

> 
> BTW: A collegue of mine has the problem, that a host has 4 NICs; 2 to
> the LAN and 2 to the internet. Packets coming from LAN NIC 1 shall be
> forwarded through WWW NIC 1 and Packets from LAN NIC 2 through WWW NIC
> 2. Is there any way to perform this on a 2.2.x kernel using ipchains?

It can be done with advanced routing (look at www.lartc.org). You can 
specify different routing tables for each interface.

> And even whorse; They need destination NAT in the reverse manner of the
> above.
> 

With ipchains it can be tricky with iptables it is a piece of cake :)

Petr Titera
P.Titera@century.cz


> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>