Re: Multiport trouble

To: debian-firewall@lists.debian.org
Subject: Re: Multiport trouble
From: HdV@DTO.TUDelft.NL
Date: Tue, 24 Jun 2003 11:47:42 +0200 (MEST)
Message-id: <[🔎] Pine.GSO.4.44.0306241137150.10214-100000@sanders.rc.tudelft.nl>
In-reply-to: <[🔎] 1056445826.17741.20.camel@peppard.dark.lan>

On Tue, 24 Jun 2003, John Leach wrote:

> Hi Koba,

Hans in this case `;-)

> The message I get trying to add your rule is :
> iptables v1.2.8: multiport can only have one option
> Try `iptables -h' or 'iptables --help' for more information.
>
> As it says, multiport can't have both --source-port and
> --destination-port in the same rule.

I get a slightly different message when adding this:

iptables -A OUTPUT -o $PUB_IFACE -p tcp \
         -m multiport --destination-port 80,8080,8888 \
         -s $PUB_IP --source-port $EPHEMERAL_PORTS
         -m state --state NEW -j ACCEPT

Where $EPHEMERAL_PORTS=1024:65535

iptables v1.2.8: invalid port/service `1024:65535' specified Try
`iptables -h' or 'iptables --help' for more information.
/etc/iptables/iptables.rules: line 575: -m: command not found

I didn't realize that you can't use multiport together with the
--source-port and --destination-port directives.

> I expect you'll need to drop multiport and just create 2 rules (as long
> as $EPHEMERAL_PORTS doesn't rely on the multiport functionality).

Am I mistaken here? I thought x:y was valid without having to use
multiport. Well, it looks like I will have to resort to having 2 rules
for this, as you suggest.

Thanks.

Grx HdV

Reply to:

References:
- Re: Multiport trouble
  - From: John Leach <john@johnleach.co.uk>

Prev by Date: Re: Multiport trouble
Next by Date: Re: Multiport trouble
Previous by thread: Re: Multiport trouble
Next by thread: Re: Multiport trouble
Index(es):
- Date
- Thread