Re: IP Chains question

To: "Eric G. Miller" <egm2@jps.net>
Cc: debian-user@lists.debian.org
Subject: Re: IP Chains question
From: Rick Macdonald <rickmacd@home.com>
Date: Thu, 31 Jan 2002 10:32:00 -0700 (MST)
Message-id: <[🔎] Pine.LNX.4.10.10201311029010.11261-100000@timshel>
In-reply-to: <[🔎] 20020131081052.771fa973.egm2@jps.net>

On Thu, 31 Jan 2002, Eric G. Miller wrote:

> On Thu, 31 Jan 2002 09:08:45 -0500 (EST), Matt Kopishke <kopishke@BlueNoteTechnology.com> wrote:
> 
> > I have set up a firewall using ipchains and the bridge patch
> > (bridgein) under potato (2.2.19).  The one snag I had was although the
> > firewall works well only letting the world see certain ports (80 & 443),
> > it doesn't let the servers behind the firewall get out.  I set up a rule
> > that allows all traffic that originated behind the firewall out, but
> > because we only have a couple of ports open, and we have no clue what port
> > the reply packets are going to come on, the reply packets get denied.
> > 
> > I was wondering if there is any way to mark out going packets so we can
> > let them through on their way back?
> 
> Yea, it's called iptables/netfilter (kernel 2.4.x).

I've just switched to 2.4.x on my laptop, and it was painless. I'm about
to do the same on a desktop that runs a firewall using my old original
ipfwadm rules, which are magically translated by debian (potato/2.2.x)  
into (i think) ipchains.

Is there someplace I can find instructions to convert to iptables? Is
there a similar on-the-fly conversion script?

...RickM...

Reply to:

Follow-Ups:
- Re: IP Chains question
  - From: David Gardi <debian@gardisoft.org>

References:
- Re: IP Chains question
  - From: Eric G.Miller <egm2@jps.net>

Prev by Date: Installing Debian
Next by Date: gnome, mozilla question (potato)
Previous by thread: Re: IP Chains question
Next by thread: Re: IP Chains question
Index(es):
- Date
- Thread