Need help finding a good ipchains script

[Zach]

I'm playing with my beefy P166 before I try to sell it, and I want to relearn how to make a router. I did it a few years ago with Redhat 6.0, this is redhat 7.1. I just want a good script to play with, one that works out of the box. I found a few and tried sticking them in /etc/sysconfig/ipchains without luck. Reported inproper ipchains input, did a version change alter the required syntax?

Also, what's the difference between iptables and ipchains? The help files didn't do much for me. One for packet inspection, the other for traffic control? Or is iptables a replacement?

Anyway, good scripts? I don't want a single floppy soplution, this thing has dual 6.4GB drives and 128MB of RAM, it's an old school server basically.

 

[Artnoc]

ipchains is the packet filtering that was used with the 2.2.x series kernel. iptables is used with the newer 2.4.x kernel. You may also see ipfwdm mentioned, which was used in the 2.0.x series. I haven't had a chance to use iptables so I don't know much abouut it. But from what I've read it looks pretty impressive.

Personally I don't like Red Hat at all. It covers too many things up with 'pretty windows' not as much as other distributions, ie Mandrake, but still too much to really learn what's going on.

If I were you I'd check out Slackware Linux. www.slackware.com. The Slackware forum is a great resource for learning stuff. I setup my firewall/IP Masq box using this distro more than 2 years ago. It was easy to setup and because I had to do a lot of things manually, ie, edit the config files with pico, I learned exactly how things work and what's running on my box.

Oh yeah! A P166 with two 6.4 GB drives and 128mb of ram is MORE than enough for a firewall box and running a modest webserver, ftp, email, etc, etc, etc. Linux isn't a resource hog like M$ products. My box is a P200, 64 MB RAM, 4GB main drive, 1GB user file backup.

 

[Zach]

I remember ipfwdm, I was surprised to see it in my searches. And, thanks for but no thanks, I'm happy with Redhat. You should be lecturing me when you use pico! vi baby.

No scripts for me?

Also: a 166 is kinda small I think. It had a bit of trouble keeping up with Samba, Apache, and Big Brother when it was my LAN server (I use a small router though, that's why I'm just now getting around to playing with that).

 

[rawko]

read the howto... it has good examples

 

[n0cmonkey]

<< I'm playing with my beefy P166 before I try to sell it, and I want to relearn how to make a router. I did it a few years ago with Redhat 6.0, this is redhat 7.1. I just want a good script to play with, one that works out of the box. I found a few and tried sticking them in /etc/sysconfig/ipchains without luck. Reported inproper ipchains input, did a version change alter the required syntax?

Also, what's the difference between iptables and ipchains? The help files didn't do much for me. One for packet inspection, the other for traffic control? Or is iptables a replacement?

Anyway, good scripts? I don't want a single floppy soplution, this thing has dual 6.4GB drives and 128MB of RAM, it's an old school server basically. >>



IPChains is out. Don't bother with it. IPTables boasts stateful packet inspection. This is one of the features IPChains lacked which is why linux did not make sense as a firewall. IPtables is the way to go.

 

[Zach]

<< read the howto... it has good examples >>



Gee, thanks.

 

[Zach]

Okay then... any iptables scripts? Where the hell should I look?

 

[n0cmonkey]

<< Okay then... any iptables scripts? Where the hell should I look? >>



At the how-to. I am sure it tells you how to write them.

 

[Zach]

You guys think I have time to write one? Jeeze. THis isn't for my business, it's learning experiance, but writing the crap isn't what I'm looking for.

 

[n0cmonkey]

<< You guys think I have time to write one? Jeeze. THis isn't for my business, it's learning experiance, but writing the crap isn't what I'm looking for. >>



Alright, Ill read it and write one myself. Of course you will learn NOTHING from it, negating your little point there.

 

[n0cmonkey]

<< You guys think I have time to write one? Jeeze. THis isn't for my business, it's learning experiance, but writing the crap isn't what I'm looking for. >>



For lazy bastards.

I did myself one better. Found an IPChains script for you I believe. Find out for yourself what to do with IPTables.

 

[n0cmonkey]

## Insert connection-tracking modules (not needed if built into kernel).
# insmod ip_conntrack
# insmod ip_conntrack_ftp

## Create chain which blocks new connections, except if coming from inside.
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP

## Jump to that chain from INPUT and FORWARD chains.
# iptables -A INPUT -j block
# iptables -A FORWARD -j block

If you decide to learn to use linux

 

[Zach]

Thanks for being an ass to me. Treat me like I don't know Linux because I don't want to spend my free time learning to write an IPChains or IPTables script? &quot;Lazy bastard&quot;? I used to think of you as being helpful, but you have been nothing more than a nuisance and just plain rude.

 

[n0cmonkey]

<< Thanks for being an ass to me. Treat me like I don't know Linux because I don't want to spend my free time learning to write an IPChains or IPTables script? &quot;Lazy bastard&quot;? I used to think of you as being helpful, but you have been nothing more than a nuisance and just plain rude. >>



Maybe, but is learning how to setup a firewalling system a waste of time? No. It is very useful and if you are good enough you can get some decent money for it. I do think you are a lazy bastard because you will not spend your own time learning something you would rather have someone else do your work for you. You are not a good example of the linux community. I think you are a newbie because you dont know how to do something this necessary. If you had said &quot;I read this documentation but I do not understand. Please help with xxx&quot; I would have felt good because you actually want to learn. And being rude is not always a bad thing.

 

[Zach]

Yes, I see you know all and are in a position to lecture? Very nice. Just don't stereotype me, don't talk down to me, and if you don't like it don't help me! You're not helping me by antagonizing me. It's like parents that call thier kids stupid to encourage them to get smarter. Is there a point in that? Maybe there is to people with minds like yours. I would not have someone learn for me or do my qwork for me, I'd like 36 hour days so I could do everything, but sometimes for side projects you need a foundation! I don't think I should be critisized and judged because I'd rather have something to work from then trying to start from scratch.

 

[n0cmonkey]

<< Yes, I see you know all and are in a position to lecture? Very nice. Just don't stereotype me, don't talk down to me, and if you don't like it don't help me! You're not helping me by antagonizing me. It's like parents that call thier kids stupid to encourage them to get smarter. Is there a point in that? Maybe there is to people with minds like yours. I would not have someone learn for me or do my qwork for me, I'd like 36 hour days so I could do everything, but sometimes for side projects you need a foundation! I don't think I should be critisized and judged because I'd rather have something to work from then trying to start from scratch. >>



And of course you are the only busy one here. We dont have jobs and lives, only you. And I never called you stupid, ignorant maybe, stupid no.

 

[Zach]

I'm ignorent because I have priorities? Ignorent in ipchains or iptables maybe, but if you're trying to make a blanket statement than I'm sure its the oppossite.

 

[n0cmonkey]

<< I'm ignorent because I have priorities? Ignorent in ipchains or iptables maybe, but if you're trying to make a blanket statement than I'm sure its the oppossite. >>



I meant you are ignorant in ipchains/iptables. And you do not seem to want to overcome that ignorance. The script I found (And several howtos that I found took no longer than it is taking me to write this reply. linucdoc.org freshmeat.net were 2 places I did quick searches and found the information YOU needed. If you have come in saying that you did not understand some documentation or that the searches you did came up with no information that helped YOU I would not have been in flaming mode. Without an understanding of how these things work you will not be able to work with them on your own. Of course your life is more important than ours so you get us to do the work for you. If you want, gimme your ip and your root passwd and Ill hook you up. I personally have a fulltime job (fulltime meaning over 40hrs per week), friends that I would love to see, computers of my own that I would love to be able to play with, and a couple bucks Id like to go get a beer with. Instead I choose to sit here for a while each day and help people with the computer problems they have. I like helping people. However, I hate babysitting. Children suck. When I am asked to do someone's work for them because they are too LAZY or ignorant (without wanting to change that status) I get into flaming mode.

Please stop making the Open Source/Free Software/Linux community look bad.

 

[Zach]

You get into flaming mode because you make false assumptions, and think you know what you don't.

 

[n0cmonkey]

<< You get into flaming mode because you make false assumptions, and think you know what you don't. >>



I know I dont know what I dont know. Thats pretty easy. I also know you are being lazy and ignorant by not looking up the information for yourself. Prove me wrong.

 

[Zach]

No. This is going nowhere, it's like arguing with my Mom. Let's agree to disagree, thank you for the links. They will help me, one or two are new to me. And in the future, when I ask for community help and advise, I'll make sure not to ask you directly. This thread is useless now, I'm unsubscribing.

 

[n0cmonkey]

<< No. This is going nowhere, it's like arguing with my Mom. Let's agree to disagree, thank you for the links. They will help me, one or two are new to me. And in the future, when I ask for community help and advise, I'll make sure not to ask you directly. This thread is useless now, I'm unsubscribing. >>



And if you show no attempts to try something on your own I will continue to answer in my assholish way.

 

[Quad]

stfu

 

[n0cmonkey]

<< stfu >>



w0w, that was impressive.

 

[Damaged]

Zach: this link might be of help to you: Shoreline Firewall