Firstly: iptables is the firewalling system built into the 2.4 kernel. ipchains is the system from 2.2 (and an unsupported legacy option in 2.4). iptables is better in nearly every way, so use it if you can. On Mon, Oct 28, 2002 at 07:18:39PM +0000, Alan Chandler wrote: > On Monday 28 October 2002 12:01 pm, linux4bene@pandora.be wrote: > > Hi, > > > > i successfuly installed my new debian server instead of the suse 7.2 that > > was on it. It was a lot easier to install and i knew what i was doing or at > > least i thought i was :-) > > I have installed the ipmasq package to share my internet connection. > > All works ok. However, how does one customize the settings? For instance > > if you want to allow an ssh connection in? > > There are two packages one is ipmasq and the other is iptables. The iptables package provides the userland tool (iptables(8)) to configure the kernel's firewalling system. ipmasq is a set of shell scripts that set up a basic firewalling using either iptables or ipchains (depending on which is installed). > They conflict with each other. No, they don't. ipmasq _Depends_ on iptables to handle setting up the firewall (if you have a 2.4 kernel with ipchains, at least). > I think you need a linux 2.4 kernel to use iptables, ipmasq can be > used on 2.2 (and 2.4?). Too many damn things with the same name, true, but they do have well-defined meanings. s/ipmasq/ipchains/ is mostly right here. > They are very similar to each other See above. > a) It brings more options with it to check things like open sessions or > requests to start a session ipchains did not support this, but iptables does, and so does ipmasq when your machine is running a 2.4 kernel (with iptables enabled). > b) The input and forward tables are completely separate (in ipmasq forwarded > stuff also traversed the input table making it very difficult to have one set > of rules for filtering into the gateway box and another for forwarding). > > I have a custom iptables script to set up my firewall rules - I believe the > standard debian package does something itself, but I have not really looked > at that part. The iptables package itself does not setup any sort of firewalling at all, since this is local administrative decision that has no reasonable default. It does include `iptables-save' and `iptables-restore' scripts that can save and restore locally defined setups. > My suggestion would be to remove ipmasq and install iptables (I use dselect to > do this sort of thing) and then both man iptables and look at As I've said above, ipmasq _uses_ iptables. If you have a 2.4 kernel, and you want to use any sort of firewalling (custom bash script, shorewall, ipmasq, hand entered commands) you _have to_ have the iptables package installed. There's no other way to talk to the kernel about firewalling. -rob
Attachment:
pgpVarWuJ4er7.pgp
Description: PGP signature