Change from ipchains to iptables

Group;

I have this old DEC server running my web site using Red Hat 7.3 with kernel
2.4.20-43.7.legacy

ipchains had been my original set up with pmfirewall. Now I want to set up
iptables. pmfirewall is no longer in use.

I installed iptables using rpm and now want to remove ipchains and use
iptables exclusively. Can I just rpm -e ipchains? How do I config iptables
to start automatically?

Thanks

Doug

On Tue, 08 Nov 2005 01:43:20 +0000, Doug Holtz NOSPAM in adress wrote:

> Group;
>
> I have this old DEC server running my web site using Red Hat 7.3 with kernel
> 2.4.20-43.7.legacy
>
> ipchains had been my original set up with pmfirewall. Now I want to set up
> iptables. pmfirewall is no longer in use.
>
> I installed iptables using rpm and now want to remove ipchains and use
> iptables exclusively. Can I just rpm -e ipchains? How do I config iptables
> to start automatically?
>
> Thanks
>
> Doug



Hey1

I have this running, ok! I did this carefully, and so should you. Don't
,be stupid , please. Thank you.

On Tue, 08 Nov 2005 00:49:20 -0500, Newsbox wrote:

> On Tue, 08 Nov 2005 01:43:20 +0000, Doug Holtz NOSPAM in adress wrote:
>
>> Group;
>>
>> I have this old DEC server running my web site using Red Hat 7.3 with kernel
>> 2.4.20-43.7.legacy
>>
>> ipchains had been my original set up with pmfirewall. Now I want to set up
>> iptables. pmfirewall is no longer in use.
>>
>> I installed iptables using rpm and now want to remove ipchains and use
>> iptables exclusively. Can I just rpm -e ipchains? How do I config iptables
>> to start automatically?
>>
>> Thanks
>>
>> Doug

Doug, sorry about the previous post. It did come from this machine, but I
have no idea why or what it is supposed to mean. Please disregard.

You can (probably should) remove ipchains, but it is not necessary to
remove it from disk to disable it. From a root prompt use chkconfig
command to configure what is running.

You can configure (almost?) anything to start itself with init.

"Newsbox" <nospam_for_me_please@thanks.invalid> wrote in message
news:I_idnczGZ-IqxuzeRVn-oQ@acadia.net...
> On Tue, 08 Nov 2005 00:49:20 -0500, Newsbox wrote:
>
>> On Tue, 08 Nov 2005 01:43:20 +0000, Doug Holtz NOSPAM in adress wrote:
>>
>>> Group;
>>>
>>> I have this old DEC server running my web site using Red Hat 7.3 with
>>> kernel
>>> 2.4.20-43.7.legacy
>>>
>>> ipchains had been my original set up with pmfirewall. Now I want to set
>>> up
>>> iptables. pmfirewall is no longer in use.
>>>
>>> I installed iptables using rpm and now want to remove ipchains and use
>>> iptables exclusively. Can I just rpm -e ipchains? How do I config
>>> iptables
>>> to start automatically?
>>>
>>> Thanks
>>>
>>> Doug
>
> Doug, sorry about the previous post. It did come from this machine, but I
> have no idea why or what it is supposed to mean. Please disregard.
>
> You can (probably should) remove ipchains, but it is not necessary to
> remove it from disk to disable it. From a root prompt use chkconfig
> command to configure what is running.
>
> You can configure (almost?) anything to start itself with init.

Thanks for the update. When I ran rpm -e ipchains I get a notice that it
depends on lokkit and can't continue.

I ran sysconfig --list and see ipchains and iptables.

Maybe I will learn something as I sift thru inittab, etc.

Doug

On Thu, 10 Nov 2005 14:33:23 +0000, Doug Holtz NOSPAM in adress wrote:

>
> Thanks for the update. When I ran rpm -e ipchains I get a notice that it
> depends on lokkit and can't continue.
>
> I ran sysconfig --list and see ipchains and iptables.
>
> Maybe I will learn something as I sift thru inittab, etc.
>
> Doug

Doug,

If your ipchains depends on lokit then you probably need to disable lokit
before you can disable ipchains (although I suppose it might be possible
to _disable_ ipchains without bothering with lokit, IDK). Not sure if
lokit will show up in chkconfig or not, as I never used it. You _do_ need
to disable ipchains before you can enable iptables. Those two things would
normally be best and most easily done with chkconfig. You really do not
_need_ _to_ erase anything from the disk so long as the scripts are
pointed at the right places.

Depending on your network connection and your firewall rules, you may need
to have your network (PPPoE and DHCP?) up before your NETFILTER iptables
script can run. Many scripts will need to know the IP address before they
will run. Going through the init stuff manually is a real pain and you're
better off to use the provided utilities if they will do what you need.
They (chkconfig especially) were written for good reasons.

"Newsbox" <nospam_for_me_please@thanks.invalid> wrote in message
news:maydnSwRHsPrEe7enZ2dnUVZ_tydnZ2d@acadia.net.. .
> On Thu, 10 Nov 2005 14:33:23 +0000, Doug Holtz NOSPAM in adress wrote:
>
>>
>> Thanks for the update. When I ran rpm -e ipchains I get a notice that it
>> depends on lokkit and can't continue.
>>
>> I ran sysconfig --list and see ipchains and iptables.
>>
>> Maybe I will learn something as I sift thru inittab, etc.
>>
>> Doug
>
> Doug,
>
> If your ipchains depends on lokit then you probably need to disable lokit
> before you can disable ipchains (although I suppose it might be possible
> to _disable_ ipchains without bothering with lokit, IDK). Not sure if
> lokit will show up in chkconfig or not, as I never used it. You _do_ need
> to disable ipchains before you can enable iptables. Those two things would
> normally be best and most easily done with chkconfig. You really do not
> _need_ _to_ erase anything from the disk so long as the scripts are
> pointed at the right places.
>
> Depending on your network connection and your firewall rules, you may need
> to have your network (PPPoE and DHCP?) up before your NETFILTER iptables
> script can run. Many scripts will need to know the IP address before they
> will run. Going through the init stuff manually is a real pain and you're
> better off to use the provided utilities if they will do what you need.
> They (chkconfig especially) were written for good reasons.

Newsbox;

I run chkconfig | more to see what is there. I see ipchains and iptables
but no lokkit. There is a list of 6 on/off switches associated with each
program that runs.

How do I deal with that? Ran man sysconfig for some explanation but I don't
get it.

TNX

Doug

"Newsbox" <nospam_for_me_please@thanks.invalid> wrote in message
news:maydnSwRHsPrEe7enZ2dnUVZ_tydnZ2d@acadia.net.. .
> On Thu, 10 Nov 2005 14:33:23 +0000, Doug Holtz NOSPAM in adress wrote:
>
>>
>> Thanks for the update. When I ran rpm -e ipchains I get a notice that it
>> depends on lokkit and can't continue.
>>
>> I ran sysconfig --list and see ipchains and iptables.
>>
>> Maybe I will learn something as I sift thru inittab, etc.
>>
>> Doug
>
> Doug,
>
> If your ipchains depends on lokit then you probably need to disable lokit
> before you can disable ipchains (although I suppose it might be possible
> to _disable_ ipchains without bothering with lokit, IDK). Not sure if
> lokit will show up in chkconfig or not, as I never used it. You _do_ need
> to disable ipchains before you can enable iptables. Those two things would
> normally be best and most easily done with chkconfig. You really do not
> _need_ _to_ erase anything from the disk so long as the scripts are
> pointed at the right places.
>
> Depending on your network connection and your firewall rules, you may need
> to have your network (PPPoE and DHCP?) up before your NETFILTER iptables
> script can run. Many scripts will need to know the IP address before they
> will run. Going through the init stuff manually is a real pain and you're
> better off to use the provided utilities if they will do what you need.
> They (chkconfig especially) were written for good reasons.

I unloaded the ipchains program successfully with the nodep switch. Now I
have just iptables, but I can't get it to start. It is stopped. I need to
block 2 IP addresses that keep coming to my machine and either try to log on
or try and trick my web server to overflow and let them take control. In
the meantime I stopped SSH.

If I don't get an answer here on the board, I will bring up my HP server,
which is a clone to the DEC, and see how iptables is configured; I did
install in on the HP.

Doug

On Fri, 18 Nov 2005 15:51:23 +0000, Doug Holtz NOSPAM in adress wrote:

> I unloaded the ipchains program successfully with the nodep switch. Now I
> have just iptables, but I can't get it to start. It is stopped. I need to
> block 2 IP addresses that keep coming to my machine and either try to log on
> or try and trick my web server to overflow and let them take control. In
> the meantime I stopped SSH.


As root do the following;

chkconfig --level 345 iptables on

This will start iptables when boot into runlevels 3 4 and 5.

service iptables start

Will start iptables.

Make sure you have a rule set setup for this. Check /etc/sysconfig for
iptables.

If you need help setting up a rule set let me know and I will help you.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

On Wed, 16 Nov 2005 02:36:18 +0000, Doug Holtz NOSPAM in adress wrote:

>
> "Newsbox" <nospam_for_me_please@thanks.invalid> wrote:
>> On Thu, 10 Nov 2005 14:33:23 +0000, Doug Holtz NOSPAM in adress wrote:
>>

[...]

> TNX
>
> Doug

Doug, sorry to not answer, - I was away and offline for the past 3 days
<<<gasp!!!>>.

Robert has already given you the right answer to your newer message, and
offered additional help as needed. I feel quite sure he knows what is
needed to get you running. Best wishes.

On Wed, 16 Nov 2005 02:36:18 +0000, Doug Holtz NOSPAM in adress wrote:

[...]

> TNX
>
> Doug

Doug,

Just to be clear, if (as root):

chkconfig --list ipchains

-or-

chkconfig --list | grep ipchains

....shows anything other than blank or not known, ...

then you will need to correct that with chkconfig.

iptables will not run in any level if ipchains is on or enabled, and
chkconfig is the right tool to use for this.

Best wishes.