Cconvert ipchains to iptables. Need help

Cconvert ipchains to iptables. Need help

Post by hejir » Sun, 02 Sep 2001 19:49:02



Hi,

I need someone who can convert these ipchain-rules to iptables-rules
And what modules do I have to load?
Is it for playing Age of Empires over the MSZone.

IPADD=my dhcp ip-adress (local = 192.168.0.3)
EXT=extern interface (eth0) on linuxbox (eth1 is my intern
interface)
192.168.0.1 is my windoze

# voor AOE2 (portfw works with reverse-masq)
#outbound
$IC -I output -s $IPADD 28800 -i $EXT -p tcp -j ACCEPT
#inbound
$IC -I input -d $IPADD 28800 -i $EXT -p tcp -j ACCEPT ! -y
#outbound
$IC -I output -s $IPADD 28800 -i $EXT -p udp -j ACCEPT
#inbound
$IC -I input -d $IPADD 28800 -i $EXT -p udp -j ACCEPT

#outbound
$IC -I output -s $IPADD 2300:2400 -i $EXT -p tcp -j ACCEPT
$IC -I output -s $IPADD 2300:2400 -i $EXT -p udp -j ACCEPT
#inbound
$IC -I input -d $IPADD 2300:2400 -p tcp -i $EXT -j ACCEPT
$IC -I input -d $IPADD 2300:2400 -p udp -i $EXT -j ACCEPT
#outbound 47624
$IC -I output -s $IPADD 47624 -i $EXT -p tcp -j ACCEPT
$IC -I output -s $IPADD 47624 -i $EXT -p udp -j ACCEPT
#inbound 47624
$IC -I input -d $IPADD 47624 -p tcp -i $EXT -j ACCEPT ! -y
$IC -I input -d $IPADD 47624 -p udp -i $EXT -j ACCEPT

# voor AOE2
#ipmasqadm portfw -a -P tcp -L $IPADD 2300:2400 -R 192.168.0.1
2300:2400
#ipmasqadm portfw -a -P udp -L $IPADD 2300:2400 -R 192.168.0.1
2300:2400
#ipmasqadm portfw -a -P tcp -L $IPADD 28800 -R 192.168.0.1 28800
#ipmasqadm portfw -a -P udp -L $IPADD 47000:48000 -R 192.168.0.1
47000:48000
#ipmasqadm portfw -a -P tcp -L $IPADD 47000:48000 -R 192.168.0.1
47000:48000
# setup port forwarders for Zone
/usr/sbin/ipmasqadm autofw -A -r udp 2300 2400 -h 192.168.0.1 -v -u
/usr/sbin/ipmasqadm autofw -A -r tcp 2300 2400 -h 192.168.0.1 -v -u
/usr/sbin/ipmasqadm autofw -A -r udp 28800 28800 -h 192.168.0.1 -v -u
/usr/sbin/ipmasqadm autofw -A -r udp 47624 47624 -h 192.168.0.1 -v -u

tia

 
 
 

1. Moving to iptables from ipchains - need advice

For some time I was running ipchains on a RedHat box (7.2, now 7.3) but it
always had problems.  Although I seemed to have configured ipchains
correctly to act as a NAT, client PC's would stop downloading web pages
before they were complete.  I goggle'd for the problem, and eventually found
a forum post stating that this was a bug in ipchains, and was never going to
be fixed.  So I installed the Dante socks daemon and forgot about ipchains'
web problems.

Unfortunately, a problem with RealPlayer sparked my decision to finally fix
it, by switching to iptables.  After figuring out how to stop ipchains from
starting, so that iptables would start instead, I got a quick 'n' unsafe
iptables config running thanks to the iptables howto.  Wheee, thought I, it
works.  Web pages loaded perfectly sans Dante.

I eventually came up with the following script, based on my knowledge of
ipchains.  However, reading through a few of the iptables howto's it looks
like this may be inadequate.  I'd be grateful if somebody could let me know
what I've missed.

Thanks,
Mark Lord.

#!/bin/sh
IPTABLES="/sbin/iptables"

# Reset default policies...
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT

# Flush all chains
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F

# Remove all custom chains
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

# Enable masquerade
$IPTABLES -t nat -A POSTROUTING -j MASQUERADE

# Ensure ACCEPT policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

# eth0 is trusted (internal network)
$IPTABLES -A INPUT -i eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT

# Give lo free reign
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A FORWARD -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Explicitly allow icmp through eth1 (cable modem)
$IPTABLES -A INPUT -p icmp -i eth1 -j ACCEPT

# Drop any input to port <= 1024
$IPTABLES -A INPUT -i eth1 -p tcp --dport 0:1024 -j DROP

# Allow any output through eth1 (cable modem)
$IPTABLES -A OUTPUT -o eth1 -j ACCEPT

# Accept forwarding to/from 192.168.0.0/16
$IPTABLES -A FORWARD -s 192.168.0.0/16 -j ACCEPT
$IPTABLES -A FORWARD -d 192.168.0.0/16 -j ACCEPT

# Drop any other forward requests
$IPTABLES -A FORWARD -j DROP

2. How do I use USB LAN adapter ?

3. ipchains vs iptables, help

4. print selective pages in a postscript file.

5. help 2.4.5 ipchains to iptables changeover

6. Problem Shutting down Linux

7. iptables --> ipchains help

8. crontab question

9. IPChains to IPTables Conversion HELP!

10. Some IPChains to IPTables conversion help..

11. help with ipchains/iptables please

12. IPchains/Iptable help!

13. help... (iptables, ipchains )