Re: mport trouble

[Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>]

On 2005-08-04 curby.public@gmail.com wrote:
> On 8/4/05, Bastian Blank <waldi@debian.org> wrote:
>> On Wed, Aug 03, 2005 at 06:16:24PM -0600, curby . wrote:
>>> $ iptables -A FORWARD -p tcp -m mport --dports 22 -j  ACCEPT
>>> iptables: No chain/target/match by that name
>>> $
>> 
>> Where did you found the information that mport supports --dports? The
>> iptables manpage specifies --destination-ports since many years.
> 
> The manpage only talks about multiport, not mport.

The manpage talks about both multiport and mport, and according to the
manpage they support the same flags (and --dports is an alias to
--destination-ports in both cases). However ...

> I got the information from the following:
> 
> $ iptables -m mport --help
> iptables v1.2.11
> [snip]
> mport v1.2.11 options:
>  --source-ports port[,port:port,port...]
>  --sports ...
>                                 match source port(s)
>  --destination-ports port[,port:port,port...]
>  --dports ...
>                                 match destination port(s)
>  --ports port[,port:port,port]
>                                 match both source and destination port(s)
> $

... the iptables help *does* state that port ranges are supported with
module "mport", but not with module "multiport". The manpage may be a
little outdated here.

> Also, by the way:
> 
> $ iptables -A FORWARD -p tcp -m mport --destination-ports 22 -j  ACCEPT
> iptables: No chain/target/match by that name
> $

Do you have multiple port match compiled into your kernel? Try this:

  grep CONFIG_IP_NF_MATCH_MULTIPORT /boot/config-`uname -r`

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668