Re: Multiport trouble

To: debian-firewall@lists.debian.org
Subject: Re: Multiport trouble
From: HdV@DTO.TUDelft.NL
Date: Tue, 24 Jun 2003 10:52:14 +0200 (MEST)
Message-id: <[🔎] Pine.GSO.4.44.0306241043410.10214-100000@sanders.rc.tudelft.nl>
In-reply-to: <[🔎] 1056360216.14652.23.camel@peppard.dark.lan>

On Mon, 23 Jun 2003, John Leach wrote:

> when using -m multiport it's: --destination-ports not
> --destination-port.

That's not what my experience has shown. I know for a fact that this
rule works just fine:

iptables -A OUTPUT -o $PUB_IFACE -p tcp \
         -m multiport --destination-port 80,8080,8888 \
         -s $PUB_IP -m state --state NEW -j ACCEPT

But this is what I wanted to use:

iptables -A OUTPUT -o $PUB_IFACE -p tcp \
         -m multiport --destination-port 80,8080,8888 \
         -s $PUB_IP --source-port $EPHEMERAL_PORTS
         -m state --state NEW -j ACCEPT

However if I do that I get this:

iptables v1.2.8: invalid port/service `1024:65535' specified
Try `iptables -h' or 'iptables --help' for more information.
/etc/iptables/iptables.rules: line 575: -m: command not found

I know that multiport is very sensitive about where you put what, maybe
the problem is to be found there? The multiport thing itself apparently
is working OK, it's just that I can't specify the source port without
breaking syntax (most likely due to a lack of knowlegde on my part).

Thanks for taking the time trying to help me out.

Grx HdV

Reply to:

Follow-Ups:
- Re: Multiport trouble
  - From: John Leach <john@johnleach.co.uk>

References:
- Re: Multiport trouble
  - From: John Leach <john@johnleach.co.uk>

Prev by Date: iptables, 3 ethernet cards
Next by Date: Re: Multiport trouble
Previous by thread: Re: Multiport trouble
Next by thread: Re: Multiport trouble
Index(es):
- Date
- Thread