Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

IPChains rules -> IPTables rules

I have the following ipchains rules saved using ipchains-save, I need to make it so I can import them using iptables-import on another box. When I try to import using iptables-import ipchains.save, where the following data is in ipchains.save it says error on line 1.




:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y


-Brian
0
BrianGEFF719
Asked:
BrianGEFF719
1 Solution
 
BrianGEFF719Author Commented:
output on restore to diff computer:

iptables-restore: line 1 failed
0
 
troopernCommented:
it probably finds errors with this: ":input ACCPET"

Try removing the first three lines. Since they seem to have nothing to do with your chains.
probably iptables-import freaks out on the starting ":" in these three lines.
either remove them or use "#" instead of ":" for commenting out lines.
0
 
BrianGEFF719Author Commented:
I tried that and It did not work.


-Brian
0
 
oumerCommented:
what I will do is translate the ipchains commands into iptables, and then use ipsave

1.A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -l -y
becomes (as far as I know you can't use multiple target in one command)

iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -p 6 --syn -j LOG

2.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
becomes

iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQUERADE

3. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ

iptables -t nat -A POSTROUTING -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQUERADE

4. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
5. -A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
6.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ
7.-A forward -s 192.168.158.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -p 17 -j MASQ
8.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
9.-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
(4-9 similar to 3 follow the same strategy)

10.-A output -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -l -y
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.16/255.255.255.0 -d 0.0.0.0/0.0.0.0 --syn -j LOG

then use iptables-save > iptables_save_file.txt to save the new rules.

I don't think it is that easy to write a script that does this automatically, but I think if you are going to convert a lot of such files, it might worth a try. Just try to look into the iptables and ipcahins man pages for comparision of the commands, tables and targets
0
 
hhelmichCommented:
I agree with oumer, there is no easy translation between ipchains and iptables.  Also, you must turnoff ipchains before iptables will work.

service ipchains stop or /etc/init.d/ipchains stop
serivce iptables start or /etc/init.d/iptables start

or, distribution equivalent.

Also, you should update config using chkconfig.

chkconfig -level 345 ipchains off
chkconfig -level 345 iptables on

Hope that helps.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now