BrianGEFF719
asked on
IPChains rules -> IPTables rules
I have the following ipchains rules saved using ipchains-save, I need to make it so I can import them using iptables-import on another box. When I try to import using iptables-import ipchains.save, where the following data is in ipchains.save it says error on line 1.
:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y
-Brian
:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.158.0/255.255.255.
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A output -s 192.168.1.16/255.255.255.0
-Brian
it probably finds errors with this: ":input ACCPET"
Try removing the first three lines. Since they seem to have nothing to do with your chains.
probably iptables-import freaks out on the starting ":" in these three lines.
either remove them or use "#" instead of ":" for commenting out lines.
Try removing the first three lines. Since they seem to have nothing to do with your chains.
probably iptables-import freaks out on the starting ":" in these three lines.
either remove them or use "#" instead of ":" for commenting out lines.
ASKER
I tried that and It did not work.
-Brian
-Brian
what I will do is translate the ipchains commands into iptables, and then use ipsave
1.A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
becomes (as far as I know you can't use multiple target in one command)
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j LOG
2.-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -j MASQ
becomes
iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -j MASQUERADE
3. -A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQUERADE
4. -A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
5. -A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -j MASQ
6.-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
7.-A forward -s 192.168.158.0/255.255.255. 0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
8.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
9.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
(4-9 similar to 3 follow the same strategy)
10.-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 --syn -j LOG
then use iptables-save > iptables_save_file.txt to save the new rules.
I don't think it is that easy to write a script that does this automatically, but I think if you are going to convert a lot of such files, it might worth a try. Just try to look into the iptables and ipcahins man pages for comparision of the commands, tables and targets
1.A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
becomes (as far as I know you can't use multiple target in one command)
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j LOG
2.-A forward -s 192.168.158.0/255.255.255.
becomes
iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.
3. -A forward -s 192.168.158.0/255.255.255.
iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.
4. -A forward -s 192.168.158.0/255.255.255.
5. -A forward -s 192.168.158.0/255.255.255.
6.-A forward -s 192.168.158.0/255.255.255.
7.-A forward -s 192.168.158.0/255.255.255.
8.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
9.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
(4-9 similar to 3 follow the same strategy)
10.-A output -s 192.168.1.16/255.255.255.0
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0
then use iptables-save > iptables_save_file.txt to save the new rules.
I don't think it is that easy to write a script that does this automatically, but I think if you are going to convert a lot of such files, it might worth a try. Just try to look into the iptables and ipcahins man pages for comparision of the commands, tables and targets
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
iptables-restore: line 1 failed