Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IPChains rules -> IPTables rules

Posted on 2004-04-06
5
Medium Priority
?
472 Views
Last Modified: 2008-01-09
I have the following ipchains rules saved using ipchains-save, I need to make it so I can import them using iptables-import on another box. When I try to import using iptables-import ipchains.save, where the following data is in ipchains.save it says error on line 1.




:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y


-Brian
0
Comment
Question by:BrianGEFF719
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 19

Author Comment

by:BrianGEFF719
ID: 10771543
output on restore to diff computer:

iptables-restore: line 1 failed
0
 
LVL 7

Expert Comment

by:troopern
ID: 10772471
it probably finds errors with this: ":input ACCPET"

Try removing the first three lines. Since they seem to have nothing to do with your chains.
probably iptables-import freaks out on the starting ":" in these three lines.
either remove them or use "#" instead of ":" for commenting out lines.
0
 
LVL 19

Author Comment

by:BrianGEFF719
ID: 10772484
I tried that and It did not work.


-Brian
0
 
LVL 4

Expert Comment

by:oumer
ID: 10772607
what I will do is translate the ipchains commands into iptables, and then use ipsave

1.A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
becomes (as far as I know you can't use multiple target in one command)

iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j LOG

2.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
becomes

iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQUERADE

3. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ

iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQUERADE

4. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
5. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
6.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
7.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
8.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
9.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
(4-9 similar to 3 follow the same strategy)

10.-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 --syn -j LOG

then use iptables-save > iptables_save_file.txt to save the new rules.

I don't think it is that easy to write a script that does this automatically, but I think if you are going to convert a lot of such files, it might worth a try. Just try to look into the iptables and ipcahins man pages for comparision of the commands, tables and targets
0
 
LVL 1

Accepted Solution

by:
hhelmich earned 2000 total points
ID: 10790733
I agree with oumer, there is no easy translation between ipchains and iptables.  Also, you must turnoff ipchains before iptables will work.

service ipchains stop or /etc/init.d/ipchains stop
serivce iptables start or /etc/init.d/iptables start

or, distribution equivalent.

Also, you should update config using chkconfig.

chkconfig -level 345 ipchains off
chkconfig -level 345 iptables on

Hope that helps.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question