[TriLUG] iptables/ipchains (WAS: Security woes)

Vestal, Roy L. rvestal at rti.org
Fri Jan 18 09:05:15 EST 2002


Thanks for the heads up. I sent a message a few minutes ago about not having
the telnet ftp and ssh servers running.

I did try these commands. I get "IPCHAINS: Incompatible with this kernel"
when I run ipchains -L -n

I do get ACCEPTs when I run iptables -L -n.

I know I've got to get the servers setup first. I'm not sure how to since
I'm used to inetd and rhl 7.2 uses xinetd.

-----Original Message-----
From: That One Guy [mailto:trilug at ichi.net]
Sent: Thursday, January 17, 2002 5:21 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] iptables/ipchains (WAS: Security woes)


All this is assuming you still can't get into your box from the network.   
Also, I apologize if I'm being repetative.  Ignore this if you can get into 
the box on the local segment of the box, but not from outside your firewall.


Ok.  Maybe we should back up a step and see if ipchains or iptables is even 
running.

Try both of these to list active rules:  "ipchains -L -n"   and   
                                                    "iptables -L -n".  

If all you see are ACCEPTs then it's not a firewall problem keeping you from

getting into the box.  

If you have firewall rules then you can clear all rules like so:  
   "iptables -F ; iptables -X"  <-- yes that's a semi-colon
   OR  "ipchains -F"

Now, try to list your rulesets again to make sure there aren't any using the

commands above (-L -n).

If you have all ACCEPT statements and you still can't connect to that box 
over the network then you don't have a firewall problem.

Hope this helps,
Wyman


On Thursday 17 January 2002 04:52 pm, Vestal, Roy L. wrote:
> Argh!! I don't have ipchains or iptables setup. I don't mind learning
> either, but I don't know where to start and what to look for on this
> problem.
>
> Again, I just want to allow telnet, ftp, and vnc into the box from behind
> our firewall, not from "the outside world". I didn't install this machine
> with a firewall (RHL7.2 with "no firewall" option during setup.)
>
> -----Original Message-----
> From: Tanner Lovelace [mailto:lovelace at wayfarer.org]
> Sent: Thursday, January 17, 2002 4:46 PM
> To: trilug at trilug.org
> Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
>
> On Thu, 2002-01-17 at 16:37, Vestal, Roy L. wrote:
> > Okey. I started poking around and found this:
> > >service ipchains status
> >
> > ipchains: Incompatible with this kernel
> >
> > I'm assuming the above is my problem.  Now, what do I look for in my
>
> kernel
>
> > config to make sure I have everything setup correctly?  This is a custom
> > 2.4.16 kernel with Win4Lin support and ext3 patch.
>
> IPChains was for the 2.2 kernel.  For the 2.4 kernel you really
> should consider using iptables.  It will do everything ipchains
> will, and it's easier to understand.  If you already have
> a good ipchains setup, however, you can load the 'ipchains' module
> which will allow you to use ipchains with the 2.4 kernel.
>
> Tanner
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug



More information about the TriLUG mailing list