ipchains question

Op Fri, 14 May 2004 14:30:13 GMT schreef Brad Olin:

> On Fri, 14 May 2004 14:24:59 +0200, PapaBear <Papabeer@No-SP_aM.nl>
> wrote:
>
>>And might I want to go to iptables, How do I "switch off" ipchains again?
>>Do I just disable the initialization script and reboot?
>
> The answers varies from distribution to distribution. The below is
> valid on a redhat box, I'm not sure what you have/need.
>
> As root: Use the `ntsysv` utility (from term shell or a remote ssh
> shell) to enable/disable all services installed on your box. You just
> cursor up/down to highlight the service and then hit space to turn it on
> or off. In this case, you should turn off ipchains and turn on
> iptables. You then hit the tab key to highlight "go" (save and exit) or
> tab a second time to highlight "cancel" (no-save and exit) then hit
> enter.

Wow, this 'ntsysv' is a handy little utility!
Thanks, I didn't know this one!

But alas, iptables is not mentioned here... :(
What now? (I'm working with an old text-mode server which had RedHat 7.0
installed with kernel 2.2.16-22, does this make the difference?)

[rest of usefull stuff printed and clipped]


--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------

Op Fri, 14 May 2004 17:14:38 GMT schreef Brad Olin:

> On Fri, 14 May 2004 16:45:13 +0200, PapaBear <Papabeer@No-SP_aM.nl>
> wrote:
>
>>Wow, this 'ntsysv' is a handy little utility!
>>Thanks, I didn't know this one!
>>
>>But alas, iptables is not mentioned here... :(
>>What now? (I'm working with an old text-mode server which had RedHat 7.0
>>installed with kernel 2.2.16-22, does this make the difference?)
>>
>
> `rpm -q iptables` will confirm this, but if it's not listed by ntsysv,
> then it's not installed on your box.
>
> For the record I will state the obvious in that ntsysv will only shows a
> partial list (in alpha order I think). The rest of the installed
> services can be viewed by cursor down past the last display item...
> Please don't take me wrong for stating this... I have had a very sharp
> IP guy miss this one the first time he used that util...
>

Sorry, but it seems to be installed:

[root@levi gerard]# rpm -q iptables
iptables-1.1.1-2
[root@levi gerard]#

AND: it's not in the list of ntsysv (even not when scrolled down :)...

> Anyway, There are a couple of choices on how to install it...
>
> 1) You could install from your original CDs, look on the CD for a
> sub-directory called RedHat/RPMS (think that's it). That directory will
> hold a bunch of rpm files. The iptables package could be on the first
> CD (most likely), or it could be on an additional CD (in a similarly
> named directory). I don't know what version of iptables you should
> have, note that this affects the file name slightly. Once found,
> install via...
> `rpm -ivh iptables-1.2.5-3.i386.rpm`
>
> 2) Or you could download it from rpmfind. Make sure you download the
> correct version for the redhat 7.0 version. Again, install with a
> command like...
> `rpm -ivh iptables-1.2.5-3.i386.rpm`
>
> It is possible, not likely in this case, that rpm will have some
> dependency issue. i.e. you have to have package bla-bla-bla installed
> first. If this pops up, just install the needed package first, then go
> back and repeat the original rpm command.
>
> Brad

OK, I de-installed what was there and installed it. Now it's appearing in
the ntsysv utility, I had to scroll down, mind you ;)

I'll try to find a decent HOW-TO to implement it...

Thanks Brad (saw ur homepage btw, nice!).

--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------

PapaBear, on Fri, 14 May 2004 09:45:13 -0500, in
<3djfzko6f929$.12s2qz9tcbmgp.dlg@40tude.net>, said this:

>
> Wow, this 'ntsysv' is a handy little utility!
> Thanks, I didn't know this one!
>
> But alas, iptables is not mentioned here... :(
> What now? (I'm working with an old text-mode server which had RedHat 7.0
> installed with kernel 2.2.16-22, does this make the difference?)
>

2.2.x does not support iptables. That is why ntsysv
doesn't show it. Iptables requires 2.4.x or above.

Although iptables is superior to ipchains, you probably
need to use the software that's compatible with your
linux distribution.

Op Fri, 14 May 2004 18:42:40 GMT schreef Brad Olin:

> On Fri, 14 May 2004 16:45:13 +0200, PapaBear <Papabeer@No-SP_aM.nl>
> wrote:
>
>>(I'm working with an old text-mode server which had RedHat 7.0
>>installed with kernel 2.2.16-22, does this make the difference?)
>>
> I going to say something that you probable don't want to hear, but I'd
> be remiss if I didn't say it...
>
> Redhat 7.0 is very old, has alot of major security issues, and it is not
> being maintained by anybody. The number and severity of the problems
> isn't worth the bandwidth it takes to list them.
>
> I do think you should bite the bullet and download the current version,
> of almost any distribution, and build a replacement box for that old
> one. If you don't have a second box, then install the new linux right
> on top of the old one.
>
> There are many good choices in the way of suggestions. I like whitebox
> myself (http://www.whiteboxlinux.org), but feel free to use any of the
> other good choices that you can find at http://linuxiso.org
>
> Brad

Oh, well, at least I tried...

I guess my old desire to build one from scratch is nearing now. (might as
well have some fun and learn while upgrading... ;)

Thanks guys, I'm goin' to have a long think, and who knows, after that...

Papabear
--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------

PapaBear wrote:
>
> Oh, well, at least I tried...
>
> I guess my old desire to build one from scratch is nearing now. (might as
> well have some fun and learn while upgrading... ;)
>
> Thanks guys, I'm goin' to have a long think, and who knows, after that...

If you're going to consider really building from scratch you
might want to take a look at the Linux From Scratch site
(www.linuxfromscratch.org - then pick a mirror site).

The LFS book covers what needs to be done to build your
base system from the source. The BLFS (Beyond LFS) covers
various addons like mail and web servers and user
applications. A last effort that is just getting started,
so I don't think they have any released books yet, is
the HLFS (Hardened LFS).

I've still not competed building a base system as yet--
but go side tracked a month or so ago and need to
get back to that--but the books do a good job of walking
you through the process step by step and the mailing
lists and NGs they have on their news server have
some very helpful and informed people.

jmh

Op Sat, 15 May 2004 16:13:37 -0400 schreef jmh:

> PapaBear wrote:
>>
>> Oh, well, at least I tried...
>>
>> I guess my old desire to build one from scratch is nearing now. (might as
>> well have some fun and learn while upgrading... ;)
>>
>> Thanks guys, I'm goin' to have a long think, and who knows, after that...
>
> If you're going to consider really building from scratch you
> might want to take a look at the Linux From Scratch site
> (www.linuxfromscratch.org - then pick a mirror site).
>
> The LFS book covers what needs to be done to build your
> base system from the source. The BLFS (Beyond LFS) covers
> various addons like mail and web servers and user
> applications. A last effort that is just getting started,
> so I don't think they have any released books yet, is
> the HLFS (Hardened LFS).
>
> I've still not competed building a base system as yet--
> but go side tracked a month or so ago and need to
> get back to that--but the books do a good job of walking
> you through the process step by step and the mailing
> lists and NGs they have on their news server have
> some very helpful and informed people.
>
> jmh

Thanx, jmh, That's the very website from which I got my itch to try it in
the first place. The fact that you recommend it supports me in my choice.

I'll be back...

--
-----=====##### PapaBear #####=====-----
Jesus is alive, I spoke with Him this morning!
----------------------------------------------