224 lines
4.6 KiB
HTML
224 lines
4.6 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can
|
||
|
do on 2.4.x kernels</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Linux IP Masquerade HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="UP"
|
||
|
TITLE="Frequently Asked Questions"
|
||
|
HREF="faq.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="( Source Routing ) - I need different internal MASQed networks to exit
|
||
|
on different external IP addresses"
|
||
|
HREF="iproute2.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x,
|
||
|
and 2.0.x kernels use different firewall systems?"
|
||
|
HREF="iptables-vs-ipchains-vs-ipfwadm.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="SECT1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Linux IP Masquerade HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="iproute2.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
>Chapter 7. Frequently Asked Questions</TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="iptables-vs-ipchains-vs-ipfwadm.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="IPCHAINS-ON-2.4.X"
|
||
|
></A
|
||
|
>7.40. ( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can
|
||
|
do on 2.4.x kernels</H1
|
||
|
><P
|
||
|
>Some people would like to continue using their legacy IPCHAINS rulesets on
|
||
|
2.4.x-based kernelw. Unfortunately, unless you are
|
||
|
<STRONG
|
||
|
>only doing packet firewalling </STRONG
|
||
|
>and not trying
|
||
|
to do any NATing (MASQ), PORTFW, or other advanced features, you're in
|
||
|
trouble.</P
|
||
|
><P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> If you ARE only doing IPCHAINS filtering, all you need to do is unload all
|
||
|
IPTABLES modules shown from the "<TT
|
||
|
CLASS="LITERAL"
|
||
|
>/sbin/lsmod</TT
|
||
|
>" command.
|
||
|
After that, load the IPCHAINS module by running
|
||
|
"<TT
|
||
|
CLASS="LITERAL"
|
||
|
>/sbin/modprobe ipchains</TT
|
||
|
>". After that, load your
|
||
|
IPCHAINS ruleset as normal.
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Please note that if you compiled IPTABLES support statically into the
|
||
|
kernel, you CANNOT load the "ipchains" module (it shouldn't be even
|
||
|
present) as it will conflict with the IPTABLES kernel code. Your ONLY
|
||
|
option in this case is to recompile your kernel but make the IPTABLES and
|
||
|
IPCHAINS options as modules.
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
>
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></P
|
||
|
><P
|
||
|
>So why can't you run IPCHAINS MASQ/PORTFW functionality with a 2.4.x kernel?
|
||
|
Once the IPCHAINS module is loaded, you CANNOT use any IPTABLES commands or
|
||
|
modules since the code conflicts. In addition to this, you cannot use any
|
||
|
legacy 2.2.x IPCHAINS masq modules on a 2.4.x kernel as the kernels are so
|
||
|
radically different. Plus, this really shouldn't be an issue as all of this
|
||
|
functionality is available via native IPTABLES modules now. Finally, you
|
||
|
cannot use the IPMASQADM tool with a 2.4.x kernel as the program both won't
|
||
|
compile and ultimately the PORTFW kernel handlers aren't present anymore (it's
|
||
|
now done natively by the IPTABLES code). So, considering all of these facts:</P
|
||
|
><P
|
||
|
> <P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> You cannot run any form of PORTFW on this 2.4.x machine
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Protocols that require special handling like FTP, IRC, CuSeeme, RealAudio,
|
||
|
etc. will no longer work
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></P
|
||
|
><P
|
||
|
>Basically, the ipchains kernel module included with the 2.4.x kernels is
|
||
|
intended for basic packet firewall compatibility and NOT any NAT(MASQ)
|
||
|
functionality.</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="iproute2.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="iptables-vs-ipchains-vs-ipfwadm.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>( Source Routing ) - I need different internal MASQed networks to exit
|
||
|
on different external IP addresses</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="faq.html"
|
||
|
ACCESSKEY="U"
|
||
|
>Up</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x,
|
||
|
and 2.0.x kernels use different firewall systems?</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|