Complete.Org: Mailing Lists: Archives: linux-help: September 2001:
[linux-help] Re: ipchains permanency

[linux-help] Re: ipchains permanency

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	<linux-help@xxxxxxxxx>
Subject:	[linux-help] Re: ipchains permanency
From:	"Dale W Hodge" <dwh@xxxxxxxxxxxxxxxx>
Date:	Sun, 23 Sep 2001 21:01:29 -0500
Reply-to:	linux-help@xxxxxxxxx

> -----Original Message-----
> From: linux-help-bounce@xxxxxxxxx [mailto:linux-help-bounce@xxxxxxxxx]On
> Behalf Of Nathan
> Sent: Saturday, September 22, 2001 4:25 PM
> To: linux-help@xxxxxxxxx
> Subject: [linux-help] ipchains permanency
>
>
>
> I'm trying to understand and use ipchains to filter
> packets on my masquerading, dual NIC Potato. :)
>
> The IPCHAINS-HOWTO (in the Making Rules Permanent
> section) saus to use this command to see what rules
> are currently in place:
>
> ipchains-save > /etc/ipchains.rules
>
> It then tells me to create a script that runs every
> time I boot....putting the ipchians rules in place
> just before the NICs becomes active.

This is not needed if you are running Debian's ipmasq tool.

> But when I ran the command above, there were already a
> bunch of rules in place.  WHERE'D THEY COME
> FROM?  I've been grepping to try and find out, but
> have learned nothing.  Did ipmasq put them
> there?  Will I screw up ipmasq if I start creating my
> own chains?  I still don't understand the ipmasq
> rules....just a bunch of files in a directory.  I can
> tell the masq rules are working, but I don't know
> about the deny rules.  Anyone have a good place for me
> to read about Debian ipmasq rules?

zless /usr/doc/ipmasq/ipmasq.txt.gz  You can also fire up netscape and look at
/usr/doc/ipmasq/ipmasq.html/index.html  It's an elegantly simple system that
works quite well. If you want to know what rules are doing run
/usr/sbin/impasq -d to display the rules that will be implemented.  You can see
the actual rules that are in effect by running /sbin/ipchains -L

>
> I'm following the directions in the IPCHAINS-HOWTO
> (somewhat blindly).  I just don't want to mess
> something up with my Potato because I was following
> directions for a Red Hat or something.

The IPCHAINS-HOWTO was written so you could manually set up your firewall.
Debian has done all the work for you with the ipmasq tool.

--dwh

---
Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
Secretary & Website Maintainer - info@xxxxxxxxx
Air Capital Linux User's Group  (ACLUG)
---


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[linux-help] ipchains permanency, Nathan, 2001/09/22
- [linux-help] Re: ipchains permanency, Jeff Vian, 2001/09/23
- [linux-help] Re: ipchains permanency, Dale W Hodge <=

Prev by Date: [linux-help] Re: ipchains permanency
Next by Date: [linux-help] printing help
Previous by thread: [linux-help] Re: ipchains permanency
Next by thread: [linux-help] printing help
Index(es):
- Date
- Thread