Re: ipchains, iptables, and 2.4.18
On Wed, 2002-06-12 at 22:37, Chris Gushue wrote: Ron Johnson wrote: On Wed, 2002-06-12 at 21:25, Chris Gushue wrote: [snip] [snip] Linux box for sharing my DSL connection. For a few years it used to be just a 486, but I recently upgraded it to a K6-2/500 :) Woo Hoo!! Go, Speed Racer, go! (Did the 486 die?) You don't even need a 500mb drive, I've squeezed a fully function Debian system into less than 70mb in the past (this was including a mail server and some other things). Darned impressive... is a really good idea. You can just set it up and leave it running, knowing it will just work. I've had to use my main computer as the If a stupid thunderstorm hadn't have knocked the power out longer than my cheap-o UPS lasted (but it was also powering my beefy Athlon at the time), my box would be a triple-digits by now... router before, and my roommate always used to get annoyed when I had to reboot to play a game, or just fooling around with a new kernel, or something like that. And my wife sure would get torqued! -- +-+ | Ron Johnson, Jr.Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | | I have created a government of whirled peas...| | Maharishi Mahesh Yogi, 12-May-2002, | ! CNN, Larry King Live | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
On Wed, 12 Jun 2002 19:48:14 -0700 (PDT) Alvin Oga [EMAIL PROTECTED] wrote: trivial to run ipchains under 2.4.18... This all depends on what features of ipchains you are using. The compatibility layer provided for ipchains in the 2.4.x series does not provide 100% of the 2.2.x ipchains features. -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
Ron Johnson wrote: [snip] Linux box for sharing my DSL connection. For a few years it used to be just a 486, but I recently upgraded it to a K6-2/500 :) Woo Hoo!! Go, Speed Racer, go! (Did the 486 die?) One of them died, but the last one I was using just got replaced. You don't even need a 500mb drive, I've squeezed a fully function Debian system into less than 70mb in the past (this was including a mail server and some other things). Darned impressive... It took a lot of creative deleting :) is a really good idea. You can just set it up and leave it running, knowing it will just work. I've had to use my main computer as the If a stupid thunderstorm hadn't have knocked the power out longer than my cheap-o UPS lasted (but it was also powering my beefy Athlon at the time), my box would be a triple-digits by now... The power company and thunderstorms are what dictate my Linux box uptimes. In fact, there was a thunderstorm a week or so ago that knocked out the power for a few seconds. I don't have a UPS yet... -- Chris Gushue [EMAIL PROTECTED] http://www.blackplasma.net http://bplog.blackplasma.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
Andrew Perrin wrote: I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too excited about moving from ipchains to iptables. (This machine acts as a router from the home network [on eth0] and our DSL service [eth1].) So, a few questions: - How easy or hard is it to migrate an ipchains ruleset to iptables? - Is it possible/adviseable to use ipchains under 2.4.18? - What documentation should I read? Personally, I just use ipchains in the 2.4 box that I admin. There's nothing in iptables that I need to switch over for, plus I have a number of existing scripts using ipchains already. On my home router, I'm still using a 2.2 kernel. I tried 2.4 at one point, but found the ipmasq modules lacking (unless I missed something, which is likely). Overall, it shouldn't hurt to stick with ipchains unless there is something in iptables you need that ipchains doesn't do. A lot easier than migrating your existing scripts/rules, too. -- Chris Gushue [EMAIL PROTECTED] http://www.blackplasma.net http://bplog.blackplasma.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
hi ya andrew On Wed, 12 Jun 2002, Andrew Perrin wrote: I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too excited about moving from ipchains to iptables. (This machine acts as a router from the home network [on eth0] and our DSL service [eth1].) So, a few questions: - How easy or hard is it to migrate an ipchains ruleset to iptables? trivial to run ipchains under 2.4.18... - just enable the ipchains compatability - boot 2.4.18 in single user.. - insmod ipchains ( see if it works )... else make/compile a kernel that supports ipchains CONFIG_IP_NF_COMPAT_IPCHAINS=y - Is it possible/adviseable to use ipchains under 2.4.18? depends... what is ipchains doing... - What documentation should I read? ( different docs for different answers/problems ?? ) ipchains and other related HOWTOs for starters?? have fun alvin http://www.Linux-Sec.net/Firewall/ .. firewall fun ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
On Wed, Jun 12, 2002 at 10:16:09PM -0400, Andrew Perrin wrote: | I'd like to upgrade my home machine's kernel to 2.4.18, but I'm not too | excited about moving from ipchains to iptables. (This machine acts as a | router from the home network [on eth0] and our DSL service [eth1].) So, a | few questions: | | - How easy or hard is it to migrate an ipchains ruleset to iptables? It wasn't hard for me. | - Is it possible/adviseable to use ipchains under 2.4.18? It is possible. I moved to iptables anyways. There's a module (ipchains.o?) for ipchains compatibility. You can't mix-n-match, though. | - What documentation should I read? The netfilter HOWTO (http://netfilter.samba.org) -D -- The Consultant's Curse: When the customer has beaten upon you long enough, give him what he asks for, instead of what he needs. This is very strong medicine, and is normally only required once. http://dman.ddts.net/~dman/ pgpVljNE5JFki.pgp Description: PGP signature
Re: ipchains, iptables, and 2.4.18
On Wed, 2002-06-12 at 21:25, Chris Gushue wrote: Andrew Perrin wrote: [snip] On my home router, I'm still using a 2.2 kernel. I tried 2.4 at one point, but found the ipmasq modules lacking (unless I missed something, which is likely). Overall, it shouldn't hurt to stick with ipchains unless there is something in iptables you need that ipchains doesn't do. A lot easier than migrating your existing scripts/rules, too. Can you scrounge an old PC? You only need 16MB RAM and a 500MB HDD for a great masquerading firewall. (A great reason to take it off of your box: if you shut your box down (for what *ever* reason), others can still access the web.) If you can find 2 ISA NICs, then a 486 is all you need, or if a Pentium/K6/Cyrix, then you can use the eth1 from your current box. (A pentium-class box is more likely to be bootable off CD, and that's a big plus.) -- +-+ | Ron Johnson, Jr.Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | | I have created a government of whirled peas...| | Maharishi Mahesh Yogi, 12-May-2002, | ! CNN, Larry King Live | +-+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ipchains, iptables, and 2.4.18
Ron Johnson wrote: On Wed, 2002-06-12 at 21:25, Chris Gushue wrote: [snip] On my home router, I'm still using a 2.2 kernel. I tried 2.4 at one point, but found the ipmasq modules lacking (unless I missed something, which is likely). Overall, it shouldn't hurt to stick with ipchains unless there is something in iptables you need that ipchains doesn't do. A lot easier than migrating your existing scripts/rules, too. Can you scrounge an old PC? You only need 16MB RAM and a 500MB HDD for a great masquerading firewall. (A great reason to take it off of your box: if you shut your box down (for what *ever* reason), others can still access the web.) Oh, my main system is running Windows 2000, usually. I have a dedicated Linux box for sharing my DSL connection. For a few years it used to be just a 486, but I recently upgraded it to a K6-2/500 :) You don't even need a 500mb drive, I've squeezed a fully function Debian system into less than 70mb in the past (this was including a mail server and some other things). I apologize if this was meant to be directed at Andrew ;) But I agree, having a seperate dedicated box for sharing the connection is a really good idea. You can just set it up and leave it running, knowing it will just work. I've had to use my main computer as the router before, and my roommate always used to get annoyed when I had to reboot to play a game, or just fooling around with a new kernel, or something like that. -- Chris Gushue [EMAIL PROTECTED] http://www.blackplasma.net http://bplog.blackplasma.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
