Re: Multiport trouble
On Tue, 24 Jun 2003, John Leach wrote:
> Hi Koba,
Hans in this case `;-)
> The message I get trying to add your rule is :
> iptables v1.2.8: multiport can only have one option
> Try `iptables -h' or 'iptables --help' for more information.
>
> As it says, multiport can't have both --source-port and
> --destination-port in the same rule.
I get a slightly different message when adding this:
iptables -A OUTPUT -o $PUB_IFACE -p tcp \
-m multiport --destination-port 80,8080,8888 \
-s $PUB_IP --source-port $EPHEMERAL_PORTS
-m state --state NEW -j ACCEPT
Where $EPHEMERAL_PORTS=1024:65535
iptables v1.2.8: invalid port/service `1024:65535' specified Try
`iptables -h' or 'iptables --help' for more information.
/etc/iptables/iptables.rules: line 575: -m: command not found
I didn't realize that you can't use multiport together with the
--source-port and --destination-port directives.
> I expect you'll need to drop multiport and just create 2 rules (as long
> as $EPHEMERAL_PORTS doesn't rely on the multiport functionality).
Am I mistaken here? I thought x:y was valid without having to use
multiport. Well, it looks like I will have to resort to having 2 rules
for this, as you suggest.
Thanks.
Grx HdV
Reply to: