iptables vs ipchains - Masquerade help!

From: Lloyd Sumpter (lsumpter_at_dccnet.com)
Date: 10/31/03 

Date: Fri, 31 Oct 2003 08:41:42 -0800

Hi,
   I've been running an earlier version of Mandrake on my cable-ISP
firewall/router, and have just upgraded to Mandrake 9.0. I was using
ipchains to set up masquerading, but apparently the "new" secure kernel
doesn't support it any more, and I have to use iptables instead.

   I've R'ed the FM and learned about tables, SNATs, DNATs, KNATs (they
flew out of my computer when I opened it...), but can't figure out how to
set up a simple masquerade like I had before. Here are my old ipchain
commands (there might be some redundancies, but it worked)

/sbin/ipchains -P forward MASQ
/sbin/ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ
/sbin/ipchains -A forward -s 0.0.0.0/0 -d 192.168.1.0/24 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
insmod /lib/modules/2.2.17-21mdksecure/ipv4/ip_masq_ftp.o
dhcpcd eth1

Can someone please tell me the equivalent iptables commands?

Lloyd Sumpter

ps:
<RANT MODE ON>
   Why does it seem that in order to make it harder for hackers to get IN,
they have to make it harder for sysadmins to set up the firewall?? I
started with ipfwadm, which had it's own set of obscure commands. Then I
was told that was no longer secure (or something) and I had to use
ipchains. New program, new set of even more complex and obscure commands.
Now, ipchains is out, iptables is in, and guess what? New commands, even
more obscure and complex.

   Why isn't it EASY to set up a simple masquerading firewall??
<RANT MODE OFF>
Lloyd

Relevant Pages

  • Ipchains masquerading and NETBIOS
    ... I need to filter packets directed to a Windows NT server, ... as a masquerading firewall with two network interface cards to ... In the firewall logs there is no trace of the denied netbios packets, ... I have always controlled with "ipchains -L" the ...
    (comp.security.firewalls)
  • Ipchains masquerading and NETBIOS
    ... I need to filter packets directed to a Windows NT server, ... as a masquerading firewall with two network interface cards to ... In the firewall logs there is no trace of the denied netbios packets, ... I have always controlled with "ipchains -L" the ...
    (comp.security.firewalls)
  • Re: IPChains
    ... Dans sa prose, Dan Evans nous ecrivait: ... > An unusual problem with IPChains. ... > goes through the firewall OK, with it turned off, all traffic is ...
    (comp.os.linux.networking)
  • Re: iptables firewall script for linux
    ... "ipchains: Incompatible with this kernel". ... port is shown as LISTENING. ... What's wrong with reading the HOWTOs? ... included for their basic firewall concepts. ...
    (comp.security.firewalls)
  • Re: lighting---hacked!
    ... no firewall will protect a web server if the web server ... OP's "focus on ipchains is mis-directed" - I was disagreeing with you ... > One should not rely upon IPCHAINS to protect an insecure sshd daemon. ... > firewall a server is to create a protected DMZ BEHIND a pure ...
    (comp.os.linux.security)