[TriLUG] iptables vs. ipchains

Jason Tower jason at cerient.net
Sun Sep 8 18:05:42 EDT 2002 

tom, i've been playing around with your iptables script over the weekend
(and made a few adjustments for my particular needs, masquerading and port
forwarding in particular), a couple of questions:

1. i've noticed that if i run the script, verify that it works ok, do a
'service iptables save' and then reboot, some things don't work.  as far
as i can tell the ip_forward setting in /proc/sys/net is set to 0 after
rebooting since the script isn't turning it on any more, what is the best
way to set this up to always be on (just add a line in the
rc.local/iptables script)?

2. does running 'service iptables save' and 'restart' yield the same
results as simply runing the script by itself?  i've noticed some erratic
behavior on reboots that are solved by re-running the script manually and
i'm not sure why, or if it's just my imagination.

(FWIW, i'm running this on the null beta).  thanks - jason

> On Wed, 2002-09-04 at 14:48, Greg Brown wrote:
>> Sorry if this has been covered recently, I'm still going through all
>> my old  digests.
>>
>> I have two questions:
>>
>> 1.  I am curently using ipchains, is there a good reason to make the
>> switch  to iptables?
>
> Many many reasons. Stateful filtering and connection tracking stand out.
>
>> 2. Does either ipchains or iptables have the ability to filter traffic
>> on an  interface based on MAC address?
>
> iptables does.
>
>> I guess I have three questions.
>>
>> 3.  Is there a good iptables tutorial on-line for people who currently
>> use  ipchains?
>
> Well, I just gave a talk last night at the NCSU LUG on how to build an
> iptables firewall. I'd like to think its a good tutorial. ;)
>
> http://www.linux.ncsu.edu/lug/lectures/firewall/
>
> ~spot
> ---
> Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer Sair
> Linux and GNU Certified Administrator (LCA)
> Red Hat Certified Engineer (RHCE)
> GPG: D786 8B22 D9DB 1F8B 4AB7  448E 3C5E 99AD 9305 4260
>
> The words and opinions reflected in this message do not necessarily
> reflect those of my employer, Red Hat, and belong solely to me.
>
> "Immature poets borrow, mature poets steal." --- T. S. Eliot
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html


-----------------------
Jason Tower
Cerient Technologies
jason at cerient.net

More information about the TriLUG mailing list