Re: ipchains/ip_conntrack/kernel 2.4

To: debian-firewall@lists.debian.org
Subject: Re: ipchains/ip_conntrack/kernel 2.4
From: Tarragon Allen <melange@n12turbo.com>
Date: Thu, 24 Jul 2003 20:01:06 +1000
Message-id: <[🔎] 200307242001.06408.melange@n12turbo.com>
In-reply-to: <[🔎] HIFV2M$F784CC37F19B404A5A38573FE366D536@terra.com.br>
References: <[🔎] HIFV2M$F784CC37F19B404A5A38573FE366D536@terra.com.br>

On Wed, 23 Jul 2003 04:23 am, djfogbr wrote:
> Hi all,
>
> Our firewall runs Debian 3.0, kernel 2.2.19 with ipchains 1.3.10-15,
> masquerading our internal network. Now we are trying to update its kernel
> to 2.4.18-1, packaged by Debian, but we are facing a problem.
>
> When we boot with this new kernel, we can't use the module
> 'ip_conntrack_ftp', so our ftp connections to the outside world fail. When
> we try to load the module, we get 'unresolved symbol' messages. After some
> research, it seemed to me the this module conflits with 'ipchains' module
> itself, because it loads without problem if 'ipchains' is not loaded. And I
> really can't move to iptables, bacause we have huge firewall scripts
> written in ipchains.
>
> Any help?
>
> Thanks in advance.

Not much to be done. Connection tracking is part of netfilter, netfilter 
requires iptables to be used. ipchains is actually a compatibility option of 
netfilter, but you miss out on lots of goodies.

Converting to iptables shouldn't be terribly difficult, the majority of the 
syntax is the same, plus you get the advantage of stateful firewalling.

t
-- 
GPG : http://n12turbo.com/tarragon/public.key

Reply to:

References:
- ipchains/ip_conntrack/kernel 2.4
  - From: "djfogbr" <djfogbr@terra.com.br>

Prev by Date: ipchains/ip_conntrack/kernel 2.4
Next by Date: Running IPTables as non-root user?
Previous by thread: ipchains/ip_conntrack/kernel 2.4
Next by thread: Running IPTables as non-root user?
Index(es):
- Date
- Thread