Re: iptables bug or feature?
** Reply to message from Jack Bowling <[EMAIL PROTECTED]> on Sun, 08 Sep 2002 10:56:48 -0700 > ** Reply to message from daniel <[EMAIL PROTECTED]> on Sat, 07 Sep 2002 02:43:37 >-0700 > > > > in my rc.firewall script i have the following two lines: > > > > > > iptables -A OUTPUT -o $EXT_INTERFACE -p tcp \ -m multiport \ > > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > > --syn -j REJECT > > > > iptables -A INPUT -o $EXT_INTERFACE -p tcp -m multiport \ > > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > > --syn -j DROP > > > > > > but for some reason, they're not working. > > instead, i'm met with the error: > > > > iptables v1.2.7 invalid TCP port/service `2049:2000:1080:3128' specified > > Try `iptables -h' or 'iptables --help' for more information > > > > a googling for the problem came up with "it's a bug, or a feature, i don't > > know". so which is it? and what's the best way to get around it? do i > > have to make up a rule for each port? > > The -m multiport match is protocol-specific, working only with tcp or udp. So be >specific in your rules and add "-p tcp" to your rules. Also, it may just be an >artifact of your mailer, but you do not need the first "\" before -m in the above >rules. > > jb Sorry, no coffee yet this morning. I see now that the -p tcp is there so disregard everything I typed. Do you have the libipt_multiport.so module in your /lib/iptables? jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: iptables bug or feature?
** Reply to message from daniel <[EMAIL PROTECTED]> on Sat, 07 Sep 2002 02:43:37 -0700 > in my rc.firewall script i have the following two lines: > > > iptables -A OUTPUT -o $EXT_INTERFACE -p tcp \ -m multiport \ > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > --syn -j REJECT > > iptables -A INPUT -o $EXT_INTERFACE -p tcp -m multiport \ > --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ > --syn -j DROP > > > but for some reason, they're not working. > instead, i'm met with the error: > > iptables v1.2.7 invalid TCP port/service `2049:2000:1080:3128' specified > Try `iptables -h' or 'iptables --help' for more information > > a googling for the problem came up with "it's a bug, or a feature, i don't > know". so which is it? and what's the best way to get around it? do i > have to make up a rule for each port? The -m multiport match is protocol-specific, working only with tcp or udp. So be specific in your rules and add "-p tcp" to your rules. Also, it may just be an artifact of your mailer, but you do not need the first "\" before -m in the above rules. jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: iptables bug or feature?
On Sat, Sep 07, 2002 at 02:43:37AM -0700, daniel wrote: : iptables v1.2.7 invalid TCP port/service `2049:2000:1080:3128' specified : Try `iptables -h' or 'iptables --help' for more information Do you have the ipt_multiport.o module built? Check under your /lib/modules//kernel/net/ipv4/netfilter directory to be sure.. Perhaps also try modprobing ipt_multiport before trying again... -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. My account, My opinions. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
iptables bug or feature?
in my rc.firewall script i have the following two lines: iptables -A OUTPUT -o $EXT_INTERFACE -p tcp \ -m multiport \ --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ --syn -j REJECT iptables -A INPUT -o $EXT_INTERFACE -p tcp -m multiport \ --destination-port $NFS_PORT,$OPENWINDOWS_PORT,$SOCKS_PORT,$SQUID_PORT \ --syn -j DROP but for some reason, they're not working. instead, i'm met with the error: iptables v1.2.7 invalid TCP port/service `2049:2000:1080:3128' specified Try `iptables -h' or 'iptables --help' for more information a googling for the problem came up with "it's a bug, or a feature, i don't know". so which is it? and what's the best way to get around it? do i have to make up a rule for each port? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list