iptables being denied because ipchains is being used?

Jeremy Fowler jfowler at westrope.com
Mon Nov 12 15:34:41 CST 2001 

Well, technically it's still using the 2.4 kernel's netfilter code. For backward
compatibility Redhat decided to stay with ipchains instead of iptables. It's
really iptables with the ipchains compatible modules loaded. You can only run
one or the other. First thing you have to do is stop ipchains from loading when
Linux starts. Use ntsysv or chkconfig to do this. Then you must stop ipchains
from running. Usually with "#/etc/rc.d/init.d/ipchains stop". Then check to see
if any netfilter (ip_chains) modules are still loaded with "#lsmod" if so unload
them with "#rmmod <module>". However, you should have your iptables script ready
by now because when you unload these modules you are leaving your system
unprotected. When everything is unloaded run your firewall script that should
contain all your iptables commands. Iptables should load any modules it needs on
it's own. If not, load them with "#modprobe <module>", do this with all the
modules that you need that don't load on their own. Some modules I know I have
to load manually is ip_nat_ftp and ip_conntrack_ftp. You can then either use
iptables-save to save your script to /etc/sysconfig/iptables or edit
/etc/rc.d/init.d/iptables to run your firewall script at boot. I did the later
because my firewall script is pretty complex and does things like setting kernel
parameters. I highly recommend people switching over to iptables, the statefull
packet filtering feature alone make it worthwhile, not to mention easier command
syntax and greater flexibility. I'd be happy to share my script with the group
for comments if anyone wants to take a look.

-Jeremy

-----Original Message-----
From: Kent Miller [mailto:cupajavaman at earthlink.net]
Sent: Sunday, November 11, 2001 11:12 PM
To: kclug
Subject: iptables being denied because ipchains is being used?

I have loaded RedHat 7.2 onto my computer for the 2.4 kernel capabilities.
Especially the ipchains capabilities. When I went to run any iptables commands I
came to find out that that the iptables command was not available. But that the
ipchains command is? In fact it looks like the default RedHat install used
ipchains instead of iptables? I have the 2.4.7-10 kernel. Anybody know what the
H$!! is up with that, and how I can use iptables. My understanding is that
iptables is much better than ipchains.

THX in advance,

Kent Miller

More information about the Kclug mailing list