RE: IPChains or IPfwadm???

Wilson Fletcher Thu, 27 Jan 2000 21:10:53 -0800
I'm just converting to ipchains now because we are replacing a RH5.1 
gateway with a RH6.1.

When you get down to the nitty gritty ipchains seems very similar to 
ipfwadm you just have to rewrite all your rules. However it does seem more 
flexible in that you can use [!] to say not this if or not this network or 
not SYN flag set ....

One thing that was a nuiscance for me was that I used -V <ip number> to 
control traffic in ipfwadm and the only construct in ipchains (-i) is 
similar to the -W option in ipfwadm. One situation where this was useful 
was if my ppp0 & ppp1 links dropped out and then reconnected (ppp0 is a 
dial out while my ppp1 is a dial in from another permanently connected 
box). Sometimes the incoming line would connect first and thus grab ppp0 
which meant my outgoing line was ppp1, or the ppp0 would not yet be 
released by the time the modem reconnected and so the next one along would 
be allocated. The -W option in ipfwadm and the -i option in ipchains caused 
all sorts of grief when this happened whereas with -V it was always OK 
because the IP numbers were always the same. It was particularly 
troublesome because normally ppp0 was untrusted and ppp1 was trusted so if 
they swapped around ....

ie. whether a link is ppp0 or ppp1 seems related to when it is started 
whereas it's IP number is always the same.

Someone may like to comment on this ... and that would be great.

WIlson Fletcher

----------
From:   Rod Pike[SMTP:[EMAIL PROTECTED]]
Sent:   Friday, 28 January 2000 7:09
To:     Diald mailing list
Subject:        IPChains or IPfwadm???

Greetings,

It's been a while since I've monitored the list.  I'm currently running
diald on a RH5.1 box and it's been running pretty smoothly expept for
Netscape bringing up the link when it's initially launched.  I'm
thinking of setting up another linux server/gateway to move over to and
wondering if I should stick with RH5.x or move up to RH6.x or another
distribution with the latest kernel and deal with IPchains?

Any comment/opinions/experiences?

Cheers,
Rod


-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]


-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
RE: IPChains or IPfwadm???

Reply via email to
