Linuxdoc Linux Questions
Click here to ask our community of linux experts!
Custom Search

7.40. ( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can do on 2.4.x kernels

Some people would like to continue using their legacy IPCHAINS rulesets on 2.4.x-based kernelw. Unfortunately, unless you are only doing packet firewalling and not trying to do any NATing (MASQ), PORTFW, or other advanced features, you're in trouble.

So why can't you run IPCHAINS MASQ/PORTFW functionality with a 2.4.x kernel? Once the IPCHAINS module is loaded, you CANNOT use any IPTABLES commands or modules since the code conflicts. In addition to this, you cannot use any legacy 2.2.x IPCHAINS masq modules on a 2.4.x kernel as the kernels are so radically different. Plus, this really shouldn't be an issue as all of this functionality is available via native IPTABLES modules now. Finally, you cannot use the IPMASQADM tool with a 2.4.x kernel as the program both won't compile and ultimately the PORTFW kernel handlers aren't present anymore (it's now done natively by the IPTABLES code). So, considering all of these facts:

Basically, the ipchains kernel module included with the 2.4.x kernels is intended for basic packet firewall compatibility and NOT any NAT(MASQ) functionality.