Re: Portforwarding with ipchains on 2.4 kernel

From: Mogens Valentin (mogens_at_mtek.dk)
Date: 06/27/03 

Date: Fri, 27 Jun 2003 16:35:47 +0200

Mogens Valentin wrote:
> I need to portforward from the internet to a host behind a Linux
> firewall using ipchains. Yes, iptables is preferred, but...
>
> Ascii art:
> internet---router------linuxfirewall------host
> 10.0.0.2 10.10.0.1 10.10.0.10
> On the linuxfirewall, I have a virtual if, eth0:1, with IP 10.0.0.9 .
> The router already does a 1:1 nat which works.
>
> Of cause, I'll need firewallrules allowing needed traffic from 10.0.0.9
> to 10.10.0.10 . Those are in place, AFAIC.
>
> Using ipchains, I guess I'll need ipmasqadm with something like:
> ipmasqadm portforward -a -p tcp -l 10.0.0.9 port -r 10.10.0.10 port
>
> Problem is, it seems I do not have ipmasqadm on the system. I may be
> missing something in the kernel setup, or need an external package.

Well, I tryed to use ipmasqadm.0.4.2-4.rpm, which I downloaded from
ftp.redhat.com/pub/contrib/i386 .
rpm -i --test didn't protest, so I installed it.

I got some errors when executing above ipmasqadm portfw jadijadi...
ipmasqadm portfw -l produced these errors:
   Could not open "/proc/net/ip_masq/portfw"
   Could not open "/proc/net/ip_portfw"

Needless to say that the ipmasqadm package has not been adapted for
use with the changed /proc structure in 2.4 kernels.

Guess I'll have to rebuild the kernel for pure iptables support, and
rewrite ipchains rules for iptables.

I'd still like comments, if anyone has managed to make ipmasqadm or
other 1:1 nat technique work with ipchains on a 2.4 kernel.

Have a nice weekend,
/m

Relevant Pages

  • Re: Prevent access to linux server when mac adress does not match ip adress
    ... Iptables has much more features than ipchain. ... Prior to the 2.2.x kernel, the firewall was controlled by "ipfwadm". ... introduced the IPCHAINS tool to control that. ... Often the upgrade is too big and bulky for the older ...
    (comp.os.linux.networking)
  • Re: [SLE] iptables
    ... as i have other things that need to run as they are so thats why i am ... > because not too many people use ipchains any more. ... > And ipmasqadm is not needed with iptables as far as I know... ...
    (SuSE)
  • [kde-linux] Re: Alternative to Guarddog
    ... guarddog used ipchains to run iptables or some such scheme. ... Are you sure it was with kernel 3.0? ... I run git kernels and followed the 3.x development process a bit ...
    (KDE)
  • Re: IPChains with RH 9? "Protocol not available"
    ... Yes, iptables is way more versatile than ipchains, and ipchains ... is no longer supported in the redhat kernel by default. ... is RH 9 stock kernel still support ipchains? ...
    (RedHat)
  • Re: Ipchains for Redhat 8.0 ?
    ... > existing script I found on the 'net which uses the "ipchains" command. ... It means the ipchains code is not available in the kerne. ... statically in the kernel, ... compiled both as modules and by default load iptables. ...
    (comp.os.linux.security)