Re: ipchains & iptables together???

From: Rodrigo Barbosa (rodrigob@bh.conectiva.com.br)
Date: 01/04/02


Date: Fri, 4 Jan 2002 11:32:01 -0200
From: Rodrigo Barbosa <rodrigob@bh.conectiva.com.br>
To: security-basics@securityfocus.com

On Wed, Jan 02, 2002 at 10:11:28AM -0800, Octavio / Super wrote:
> Almost everybody answered "no" already. :)
>
> As a firewall, you should definitely go with iptables. As a NAT, it depends on your needs, because there are still a lot of modules for ipchains, and (AFAIK) only the FTP is ported to iptables.

That is not quite right.
IPTABLES use a module called conntrack, which by itself should solve most
of your NAT needed without special tweakies, like ipchains needed.

[]s

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br
 TIS 				   - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodiet?" - http://www.tisbrasil.com.br/



Relevant Pages

  • Re: Problem with network printing on RH 8.0
    ... Jason Dixon wrote: ... >>Does the iptables duplicate the function of the NAT in my hardware ... I assume that this stops RH's firewall. ... > NAT support, but it doesn't sound like you need it. ...
    (RedHat)
  • Re: Squid as default gateway in proxy mode.
    ... the console and ping. ... NAT only ICMP Echo Rep and Req so that i can at least ping outside ... control over traffic with IPtables firewall. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: setting up nat
    ... graphical firewall config tools on FC don't do NAT. ... You should realise that netfilter rules applied using the 'iptables' ...
    (Fedora)
  • Re: [9fans] Do we have a catalog of 9P servers?
    ... iptables on Linux needs to keep in order to provide NAT capabilities it ... You seem to be extremely out of the field with respect to what iptables does and how normal NAT is implemented on a *BSD system. ... do any of you 9fans have an internal network behind a gateway that runs Plan 9? ...
    (comp.os.plan9)
  • Re: Linux for an older PC
    ... But that doesn't mean that "there is no firewall". ... up your firewall, just use iptables. ... If you're using NAT for IPv4 and no IPv6 at all, ... The problem with the world is stupidity. ...
    (alt.os.linux)