Re: ipfwadm on Version 2.1.102

Paul (
Sat, 16 May 1998 21:54:42 +0000

Anthony DeStefano wrote:
> Anyone want to give a little run down on converting ipfwadm rules to
> ipchains? I have masquerading setup and I've read through the IP Chains
> HOWTO 4 times now and still don't understand exactly what they are or how
> to convert my ipfwadm lines into ipchain lines to make masquerading work.
> Thanks
> -= Anthony DeStefano =-
> <>

Here is how I switched mine over. There may be better / other ways of of
doing this. Works for me, and as always, your mileage may vary.

# rc.local
#ipfwadm -F -f # flush forwarding rules
ipchains -F forward
#ipfwadm -F -p deny # default to deny
ipchains -P forward DENY
# Next, masq all packets from lan to internet
#ipfwadm -F -a m -S -D 0/0
ipchains -A forward -s -d 0/0 -j MASQ

#ipfwadm -I -f # flush input rules
ipchains -F input
#ipfwadm -I -p accept
ipchains -P input ACCEPT
# prevent the internet from messn wid my SMB port
#ipfwadm -I -a deny -W ppp0 -P tcp -D 0/0 139
ipchains -A input -s 0/0 -d 0/0 139:139 -i ppp0 -p tcp -j DENY

#ipfwadm -O -f # fluch ouput rules
ipchains -F output
#ipfwadm -O -p deny
ipchains -P output DENY
#ipfwadm -O -a accept -W eth0 -S 0/0 -D
ipchains -A output -s 0/0 -d -i eth0 -j ACCEPT

Hope that helped. It took me a little under an hour to get the
translation right, but it works. If you use the "ipchains-save" and
"ipchains-restore" commands, you can replace all the ipchains calls in
the startup script with one simple "ipchains-restore

~Paul Laufer

One OS to rule them all,          |"Wasting somebodies time strikes
    One OS to find them,          | me as the height of rudeness" -B.G.
One OS to bring them all,         | I'll remember that whenever I see
    And in the darkness bind them.| someone rebooting windows . . .

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to