ipchains and iptables

ipchains and iptables

Post by user » Mon, 23 Jun 2003 00:23:48



I'm running three floavors of Linux (7.1, 7.2, and 9.0).  The 7.1 and 7.2
machines are using ipchains and the 9.0 machine uses iptables.  Is there
any major difference between them to be concerned about?

--
user

 
 
 

ipchains and iptables

Post by David Mean » Mon, 23 Jun 2003 01:32:05



> I'm running three floavors of Linux (7.1, 7.2, and 9.0).  The 7.1 and
> 7.2 machines are using ipchains and the 9.0 machine uses iptables.  Is
> there any major difference between them to be concerned about?

That depends upon what you want to be concerned about.  There are plenty
of "major" differences between iptables and ipchains.  For example, rule
construction is not portable between the two.

--
David Means

May the bluebird of happiness twiddle your bits.

 
 
 

ipchains and iptables

Post by user » Mon, 23 Jun 2003 06:06:32




>> I'm running three floavors of Linux (7.1, 7.2, and 9.0).  The 7.1 and
>> 7.2 machines are using ipchains and the 9.0 machine uses iptables.  Is
>> there any major difference between them to be concerned about?

> That depends upon what you want to be concerned about.  There are plenty
> of "major" differences between iptables and ipchains.  For example, rule
> construction is not portable between the two.

Is it better to use one over the other?  The 7.X machine started the
ipchains services by default whereas on the 9.X machine iptables was
started.  I guess RH made some business decision to to do this because I
don't remember being asked whether to install one over the other during the
9.X installation process.  When lokkit was presented I select "medium"
security and select different services to run through the firewall.  Other
than that nothing else was done to alter the firewall (iptables)
configuration.  The same follows for the 7.X machines.

--
user

 
 
 

ipchains and iptables

Post by dnoy » Mon, 23 Jun 2003 06:43:33


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|
|

|>
|>
|>>I'm running three floavors of Linux (7.1, 7.2, and 9.0).  The 7.1 and
|>>7.2 machines are using ipchains and the 9.0 machine uses iptables.  Is
|>>there any major difference between them to be concerned about?
|>
|>
|>That depends upon what you want to be concerned about.  There are plenty
|>of "major" differences between iptables and ipchains.  For example, rule
|>construction is not portable between the two.
|>
|>
|
|
| Is it better to use one over the other?  The 7.X machine started the
| ipchains services by default whereas on the 9.X machine iptables was
| started.  I guess RH made some business decision to to do this because I
| don't remember being asked whether to install one over the other
during the
| 9.X installation process.  When lokkit was presented I select "medium"
| security and select different services to run through the firewall.  Other
| than that nothing else was done to alter the firewall (iptables)
| configuration.  The same follows for the 7.X machines.
|

i think much of that is detailed in the iptables man pages.  iptables is
appearantly better.

- --
L8r,

C.L. Gilbert
For a free Java interface to Freechess.org see
http://www.rigidsoftware.com/Chess/chess.html

"Verily, verily, I say unto you, He that entereth not by the door() into
the sheepfold{}, but climbeth up some other *way, the same is a thief
and a robber."  John 10:1

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+9NGFVbJM14DSCi0RAlw1AJ9mUDpDTNgOk9F1Yh5mZddF4kf+4QCfXJSa
5jGOw2pQVLcHHm9JII0p8rA=
=tY3E
-----END PGP SIGNATURE-----

 
 
 

ipchains and iptables

Post by user » Mon, 23 Jun 2003 07:35:57


[snip]

Quote:> |
> | Is it better to use one over the other?  The 7.X machine started the
> | ipchains services by default whereas on the 9.X machine iptables was
> | started.  I guess RH made some business decision to to do this because I
> | don't remember being asked whether to install one over the other
> during the
> | 9.X installation process.  When lokkit was presented I select "medium"
> | security and select different services to run through the firewall.
> | Other than that nothing else was done to alter the firewall (iptables)
> | configuration.  The same follows for the 7.X machines.
> |

> i think much of that is detailed in the iptables man pages.  iptables is
> appearantly better.

[snip]

Man! Better, but not functioning on my 7.1 machine.  The installed the
iptables rpm for RH7.1 but the service won't start.  Nothing being reported
in /var/log/messages either.  I can't tell whats going on other than it
doesn't work.

--
user

 
 
 

ipchains and iptables

Post by Tim » Mon, 23 Jun 2003 23:29:49


unattributed sources said:

Quote:>> i think much of that is detailed in the iptables man pages.  iptables is
>> apparently better.

On Sat, 21 Jun 2003 18:35:57 -0400,


> Man! Better, but not functioning on my 7.1 machine.  The installed the
> iptables rpm for RH7.1 but the service won't start.  Nothing being reported
> in /var/log/messages either.  I can't tell whats going on other than it
> doesn't work.

I don't recall how far back iptables was available (my first working
Linux box, on a network, was Red Hat 7.2), but you can only run iptables
OR ipchains.  You must stop whichever one you don't want to use, before
starting the other one.

e.g. service ipchains stop
     service iptables start

Bear in mind that utilities that set firewalls up for you will probably
only work with one or the other (not determine which you're using, and
set rules for it).

--
My "from" address is totally fake.  The reply-to address is real, but
may be only temporary.  Reply to usenet postings in the same place as
you read the message you're replying to.

 
 
 

ipchains and iptables

Post by user » Tue, 24 Jun 2003 04:13:52



> unattributed sources said:

>>> i think much of that is detailed in the iptables man pages.  iptables is
>>> apparently better.

> On Sat, 21 Jun 2003 18:35:57 -0400,

>> Man! Better, but not functioning on my 7.1 machine.  The installed the
>> iptables rpm for RH7.1 but the service won't start.  Nothing being
>> reported
>> in /var/log/messages either.  I can't tell whats going on other than it
>> doesn't work.
> access_log
> I don't recall how far back iptables was available (my first working
> Linux box, on a network, was Red Hat 7.2), but you can only run iptables
> OR ipchains.  You must stop whichever one you don't want to use, before
> starting the other one.

> e.g. service ipchains stop
>      service iptables start

> Bear in mind that utilities that set firewalls up for you will probably
> only work with one or the other (not determine which you're using, and
> set rules for it).

These are the steps I performed.
1. stopped ipchains service
2. rpm -e ipchains rpm package
3. rpm -ivh iptables rpm package
4. /etc/init.d/iptables start  (nothing happened)
5. rebooted machine
6. /etc/init.d/iptables status (nothing running)

Did I miss something?  I looked through the RH documentation for 7.1 and
found no more than whay I did above.  Google searches produced nothing
different than what I attempted.  I'm at my wits end here.

--
user

 
 
 

ipchains and iptables

Post by user » Tue, 24 Jun 2003 05:44:34


[snip]

Quote:>> Bear in mind that utilities that set firewalls up for you will probably
>> only work with one or the other (not determine which you're using, and
>> set rules for it).

> These are the steps I performed.
> 1. stopped ipchains service
> 2. rpm -e ipchains rpm package
> 3. rpm -ivh iptables rpm package
> 4. /etc/init.d/iptables start  (nothing happened)
> 5. rebooted machine
> 6. /etc/init.d/iptables status (nothing running)

> Did I miss something?  I looked through the RH documentation for 7.1 and
> found no more than whay I did above.  Google searches produced nothing
> different than what I attempted.  I'm at my wits end here.

Is a posssible the default RH7.1 kernel doesn't have the iptables modules
compiled into or with the kernel?  I ran make menuconfig and looked at the
network compile option and all the iptables/netfiltering options are
displayed as modules.  But maybe RH disabled all these options with the
default kernel build.  Maybe this is why nothing happens when I start the
service.  All guess work here.

--
user

 
 
 

ipchains and iptables

Post by Tim » Wed, 25 Jun 2003 00:27:49


On Sat, 21 Jun 2003 18:35:57 -0400,


>>> Man! Better, but not functioning on my 7.1 machine.  The installed the
>>> iptables rpm for RH7.1 but the service won't start.  Nothing being
>>> reported in /var/log/messages either.  I can't tell whats going on
>>> other than it doesn't work.

>> I don't recall how far back iptables was available (my first working
>> Linux box, on a network, was Red Hat 7.2), but you can only run iptables
>> OR ipchains.  You must stop whichever one you don't want to use, before
>> starting the other one.

On Sun, 22 Jun 2003 15:13:52 -0400,


> These are the steps I performed.
> 1. stopped ipchains service
> 2. rpm -e ipchains rpm package
> 3. rpm -ivh iptables rpm package
> 4. /etc/init.d/iptables start  (nothing happened)
> 5. rebooted machine
> 6. /etc/init.d/iptables status (nothing running)

> Did I miss something?  I looked through the RH documentation for 7.1 and
> found no more than what I did above.

I'd have thought you'd have got some sort of warning if you did (e.g.
errors during the RPM installation).

Is your system customised, or as /they/ set it up?  I found 7.1 to be so
much of a dead loss, that I updated within a few days.  Is that an
option for you?  7.3 isn't too bad (less of a behemoth than 8.0).

Something else that occurs to me:  Are you using Linuxconf?  That's got
a reputation for stuffing things up all over the place.

--
My "from" address is totally fake.  The reply-to address is real, but
may be only temporary.  Reply to usenet postings in the same place as
you read the message you're replying to.

 
 
 

ipchains and iptables

Post by news » Wed, 25 Jun 2003 11:29:09



> On Sat, 21 Jun 2003 18:35:57 -0400,

> >>> Man! Better, but not functioning on my 7.1 machine.  The installed the
> >>> iptables rpm for RH7.1 but the service won't start.  Nothing being
> >>> reported in /var/log/messages either.  I can't tell whats going on
> >>> other than it doesn't work.


> >> I don't recall how far back iptables was available (my first working
> >> Linux box, on a network, was Red Hat 7.2), but you can only run
iptables
> >> OR ipchains.  You must stop whichever one you don't want to use, before
> >> starting the other one.

> On Sun, 22 Jun 2003 15:13:52 -0400,

> > These are the steps I performed.
> > 1. stopped ipchains service
> > 2. rpm -e ipchains rpm package
> > 3. rpm -ivh iptables rpm package
> > 4. /etc/init.d/iptables start  (nothing happened)
> > 5. rebooted machine
> > 6. /etc/init.d/iptables status (nothing running)

> > Did I miss something?  I looked through the RH documentation for 7.1 and
> > found no more than what I did above.

> I'd have thought you'd have got some sort of warning if you did (e.g.
> errors during the RPM installation).

> Is your system customised, or as /they/ set it up?  I found 7.1 to be so
> much of a dead loss, that I updated within a few days.  Is that an
> option for you?  7.3 isn't too bad (less of a behemoth than 8.0).

> Something else that occurs to me:  Are you using Linuxconf?  That's got
> a reputation for stuffing things up all over the place.

I'm only running 7.1 because the other RH versions (7.2 thru 8.0) wouldn't
recognize my CDROM for some strange reason and 7.1 did and the CDROM/DVD is
brand new.  Its probably some issue with the motherboard but I just needed
to move forward.  The system just has the default workstation installation.
Nothing special added.  I'm not running linuxconf nor did I install it.  Oh
well.  Maybe this is a reason to move to 9.0.
 
 
 

ipchains and iptables

Post by David Mean » Wed, 25 Jun 2003 12:09:14


{ snip }

Quote:> Is it better to use one over the other?  The 7.X machine started the
> ipchains services by default whereas on the 9.X machine iptables was
> started.  I guess RH made some business decision to to do this because I
> don't remember being asked whether to install one over the other during
> the 9.X installation process.  When lokkit was presented I select
> "medium" security and select different services to run through the
> firewall.  Other than that nothing else was done to alter the firewall
> (iptables) configuration.  The same follows for the 7.X machines.

It's my impression that iptables is better.  However, I'm using ipchains
and I like it just fine.

--
David Means

Real programs don't eat cache.

 
 
 

ipchains and iptables

Post by Nico Kaltei » Tue, 01 Jul 2003 06:30:34


One particular difference between the two is that IPTables supports state
inspection of packets.  IPChains doesn't.

Cheers,

Nico


Quote:> I'm running three floavors of Linux (7.1, 7.2, and 9.0).  The 7.1 and 7.2
> machines are using ipchains and the 9.0 machine uses iptables.  Is there
> any major difference between them to be concerned about?

> --
> user