Complete.Org: Mailing Lists: Archives: linux-help: September 2001:
[linux-help] Re: ipchains permanency
Home

[linux-help] Re: ipchains permanency

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: ipchains permanency
From: Jeff Vian <jvian10@xxxxxxxx>
Date: Sun, 23 Sep 2001 02:19:45 -0500
Reply-to: linux-help@xxxxxxxxx

If using redhat 7.1 (and I think 7.0) there are some things that you
need to know.
1. There is likely a script in the /etc/rc.d/init.d directory named
ipchains.
This script is used for starting and stopping ipchains during run level
changes.
2. the default location for the rules file to save and restore prior
ipchains rules is /etc/sysconfig/ipchains.  

If you have ipchains set to start  up at boot time for your runlevel,
there should be an entry such as (if you are using run level 3 - the
default text run level) 
A file such as /etc/rc.d/rc3.d/S45ipchains will exist.  That tels init
to start ipchains during the process of starting that run level, and it
executes the script named in # 1 above with the start argument.
The same script can be used to stop/start/restart/save the ipchains
rules and configurations.

The command you quoted from the HOWTO works for creating a file that
lists the current rules, but does not provide the file needed for the
default configuration of the ipchains rules at boot time (unless the
file you send the output to is the default configuration file).

3. ipmasq does not run at the same time as ipchains.  In fact, one of
the rules for ipchains provides the same function as ipmasq used to do. 
ipmasq was used prior to the 2.0 kernels by RH (I used it extensively in
RH 6.0).

For more info, use "man ipchains" to get some idea of what the details
for ipchains are and what the rules lines should look like.
You can also look at the structure of each line in the file
/etc/sysconfig/ipchains or in the file you created with the
ipchains-save command to see what the default policies and existing
rules are.

I do not guarantee the details of using ipchains and ipmasq on debian
since I use RedHat, but it is my understanding that it works similarly
on all the distributions.

Jeff

Nathan wrote:
> 
> I'm trying to understand and use ipchains to filter
> packets on my masquerading, dual NIC Potato. :)
> 
> The IPCHAINS-HOWTO (in the Making Rules Permanent
> section) saus to use this command to see what rules
> are currently in place:
> 
> ipchains-save > /etc/ipchains.rules
> 
> It then tells me to create a script that runs every
> time I boot....putting the ipchians rules in place
> just before the NICs becomes active.
> 
> But when I ran the command above, there were already a
> bunch of rules in place.  WHERE'D THEY COME
> FROM?  I've been grepping to try and find out, but
> have learned nothing.  Did ipmasq put them
> there?  Will I screw up ipmasq if I start creating my
> own chains?  I still don't understand the ipmasq
> rules....just a bunch of files in a directory.  I can
> tell the masq rules are working, but I don't know
> about the deny rules.  Anyone have a good place for me
> to read about Debian ipmasq rules?
> 
> I'm following the directions in the IPCHAINS-HOWTO
> (somewhat blindly).  I just don't want to mess
> something up with my Potato because I was following
> directions for a Red Hat or something.
> 
> Thanks,
> Nathan
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]