Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

installation of IPCHAINS in newer kernel

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
alred
Posts: 3
Joined: 2005-05-05 07:41
Location: singapore

installation of IPCHAINS in newer kernel

#1 Post by alred »

hi ,
i have problem installing ipchains in newer kernel where they only use iptables
in redhat 9 , i am able to stop iptables and replace it with ipchains , infact i am able to load ipchains.o into the kernel when redhat boot up.
But i can't do it in ubuntu which is a debian dirivative , i try to download ipchain deb , install it but still can't get it to work . the deb does not comes with ipchain.ko(?) or some other(?) to load into the kernel with ..........
are there any pointer to other resources where i can further working on this problem ?
or where can i get older debian deb , something like 1 or 2 years ago ?
or better still does anybody down here has successfully replaced iptables with ipchains in debian?

thanks in advance

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#2 Post by lacek »

Ipchains is obsolete, you should not try to use it. Newer kernels doesn't have a support for ipchains at all, to my knowledge.
What's wrong with iptables, anyway?

Guest

#3 Post by Guest »

great !! thanks for the fast reply
i do appreciate the merits of iptables but my ipchains setup comes with a few files/scripts ,
i really don't feel like convert my ipchains to iptables
one thing good about linux is that if it works it stays ....
do you have any pointers to older ipchains debs or maybe ipchains.ko(?) or any suggestion to compile ipchains source into ipchains.ko(?) ?
i need ipchains lib to load into the kernel during bootup

alred
Posts: 3
Joined: 2005-05-05 07:41
Location: singapore

#4 Post by alred »

oops .... forget to login before i post the above message ......

thanks in advance

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#5 Post by lacek »

Files with 'ko' extension are kernel objects. They replace the old '.o' files for newer (>2.5, I think) kernels. This means, that you won't be able to find any such file if the kernel doesn't have a support for ipchains.
Installing older deb packages won't help you, since the kernel module still needed for ipchains to function.
Unless you find a patch for newer kernels, you won't be able to get ipchains ready. But maybe I'm wrong and newer kernels do has support for ipchains, just check it.

Anyway, you really should pal up with iptables... It is not so complicated, and you can use some simple firewall front-ends, like shorewall (my favorite).

alred
Posts: 3
Joined: 2005-05-05 07:41
Location: singapore

#6 Post by alred »

hmm .... since i am going to use linux for at least the next 5 years and more
i think better look into iptables and your link also ....

at the meantime if you happen to come across any successful ipchains in newer debian kernel somewhere else please post to this same thread again

again thanks for your help and your link

drdebian
Posts: 80
Joined: 2004-10-09 16:17
Location: austria
Contact:

#7 Post by drdebian »

alred wrote:hmm .... since i am going to use linux for at least the next 5 years and more
i think better look into iptables and your link also ....

at the meantime if you happen to come across any successful ipchains in newer debian kernel somewhere else please post to this same thread again

again thanks for your help and your link
Well, simply make sure you have a recent 2.4 or 2.6 series kernel installed, which both feature netfilter (or iptables) infrastructure. If you intend to set up some sort of router or firewall, do a

Code: Select all

apt-get install webmin-shorewall
including all dependencies and go to https://youripaddress:10000/ to set things up.

Post Reply