how to use ipchains (was: Re: File Descriptor patch for Linux 2.0.34)

From: lincoln dale <>
Date: Sat, 10 Oct 1998 22:42:22 -0700

At 12:50 PM 10/11/98 +0800, Walter Klomp wrote:
>However after I upgraded my RH5.1 to 2.1.125 now my transparent proxy
>doesn't work anymore. No matter what I try to enable in the kernel, ipfwadm
>doesn't work anymore. Says this:

with linux kernels > 2.1.101, you'll have to use "ipchains" instead of
"ipfwadm" (ipfwadm having been deprecated).

follow the documentation at for packages to
get/install, then use layer-4 redirection rules as follows:

        # flush rules
        /sbin/ipchains -F

        # set default policies on input/output/forward
        /sbin/ipchains -P input ACCEPT
        /sbin/ipchains -P output ACCEPT
        /sbin/ipchains -P forward DENY

        # accept all traffic on loopback interface
        /sbin/ipchains -A input -i lo

        # accept my own IP addr to prevent loops
        # (repeat for each i/face)
        /sbin/ipchains -A input -p tcp -d YOURIP 3128 -j ACCEPT

        # transparent redirection
        # forward any traffic destined for port 80 to squid on port 3128
        /sbin/ipchains -A input -p tcp -d 80 -j REDIRECT 3128



  lincoln dale     e: (wk)  (hm)
  "After Layer 3, it's only really a matter of how deep into a packet you
   look, and how the information is used.  Soon we may be hearing of new
   devices that take advantage of the two new OSI layers: 8 (politics)
   and 9 (religion)" -- Metz @ Strategic Net Consulting
Received on Sat Oct 10 1998 - 22:45:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:24 MST