[TCLUG] Redhat 6.2 to 7.1 upgrade -- ipchains to iptables maybe?

Mon Jun 4 11:12:51 CDT 2001

Simeon Johnston <simeonuj at eetc.com> writes:

> Phil Mendelsohn wrote:
> 
> > On 4 Jun 2001, David Dyer-Bennet wrote:
> >
> > > But after the upgrade, I see I have an "ipchains" rpm installed, but
> > > no iptables.  And when I run /sbin/ipchains, it tells me it's not
> > > compatible with this kernel (7.1 is a 2.4 kernel, I was previously
> > > running a 2.2).  Now, I see the iptables rpm, and I could install
> > > that, but what the heck kind of an "upgrade" process is this anyway?
> >
> > 2.4 rewrote all that packet filtering stuff to the netfilter stuff, but
> > you knew that, right?  ipchains won't work, looks like iptables _is_ what
> > you need, and all I can tell you is that it's _not_ a Debian upgrade
> > process. ;)

Replying to two layers in one response, yes I know they changed the
firewalling stuff completely.  I'm generally unimpressed with package
upgrades using RPM because it almost always sets aside my
carefully-constructed config file and puts in a default one that's
useless.  And doesn't specifically warn me in the cases where the
format or required contents changed thoroughly so I have to recreate
my configuration from scratch. 

So, does Debian handle that better?

> I installed 7.1 and IPChains is there but only as a module.  They each
> (iptables/ipchains) have there own startup scripts too.
> You should be able to just insert the module and use ipchains without a
> problem.
> IIRC it was configurable in the installation.  Mine actually used ipchains
> by default.
> 2.4 did rewrite it all but ipchains is still available as a module.  I think
> the 2.0 kernel filter is also available as a module.  IPFilter?
> Or you could just upgrade to iptables and join the truly elite. ;-)

Well, if I could convert my existing ipchains firewall rules easily,
that'd make sense.  

What I actually got after my upgrade (upgrade, not new install,
remember) is that there's an ipchains startup script and an ipchains
rpm installed, and no iptables rpm installed and no iptables startup
script.  The ipchains rpm is the same version that's on the 7.1
install CD.  But when I actually run ipchains, it complains it's
incompatible with this kernel.

I do see some tables-related modules in the modules directory.

Well, I can manually switch over.  I wonder if I could have somehow
done this different during install to get it to come out better?

(Not looking forward to upgrading the main web and email server!)
-- 
David Dyer-Bennet      /      Welcome to the future!      /      dd-b at dd-b.net
SF: http://www.dd-b.net/dd-b/          Minicon: http://www.mnstf.org/minicon/
Photos: http://dd-b.lighthunters.net/