[NMLUG] firewall port redirect??

Ken Long nmlug@swcp.com
Sun, 11 Nov 2001 09:17:55 -0700


Hi Jason,

In my opinion, whether to use ipchains or iptables depends on if you have an 
existing ipchains firewall set up right now. If you're just getting started, 
I would highly recommend going with the newer one because it's the future. 
Support for ipchains will probably disappear slowly as the kernel team makes 
more advances. I haven't upgraded to iptables yet because 'chains is still 
working fine for me.

The biggest difference between the two is that iptables is "stateful." A 
stateful filter will make the admin's job a bit easier because you'll be able 
to open precision sized holes to let certain functions to traverse your 
firewall where ipchains will require a hole big enough to drive a semi 
through to allow the same function.

Some general learning material for firewalls is:

Firewalls and Internet Security: Repelling the Wily Hacker
William R. Cheswick and Steven M. Bellovin

Building Internet Firewalls
By D. Brent Chapman & Elizabeth D. Zwicky; ISBN 1-56592-124-0, 517 pages

My personal favorite for down-to-earth and practical hands on information for 
ipchains and setting up a secure machine from scratch is:

TrinityOS
David A. Ranch
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html

Ken


On 10 Nov 2001, at 23:36, Jason Davis wrote:

> On Saturday 10 November 2001 07:13 pm, you wrote:
> > 
> thanks..so im new to firewalls and ipchains...when you say "if your still 
> using ipchains..." should i be using iptables ? i looked at the man on 
> iptables and i cant figure out the diffrenice from ipchains...also all
> of the firewall how tos i have read only tell how to setup with ipchains..
> could you or someone please shed some light on ipchains/tables for me!
> lost,
> jd

------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------