Re: Multiport trouble
Hi,
Hey this worked for me too. I didn't know the order of the extensions
had any effect.
Interestingly, I *HAD* to use --dports in this rule. If I used --dport
without the s, it failed (invalid TCP port/service). I guess the tcp
extension already hooked into the --dport key by that point or something
(although -p tcp should load the tcp extension, strange).
Thanks Jean Christophe.
John.
On Tue, 2003-06-24 at 11:27, Jean Christophe ANDRÉ wrote:
> Hi *,
>
> John Leach écrivait :
> > yeh I just checked that and I was wrong, whoops. Thanks.
> > The message I get trying to add your rule is :
> > iptables v1.2.8: multiport can only have one option
> > Try `iptables -h' or 'iptables --help' for more information.
> > As it says, multiport can't have both --source-port and
> > --destination-port in the same rule.
> > I expect you'll need to drop multiport and just create 2 rules (as long
> > as $EPHEMERAL_PORTS doesn't rely on the multiport functionality).
>
> Why not use something like this?
>
> iptables -A OUTPUT \
> -s "$PUB_IP" -o "$PUB_IFACE" -p tcp \
> -m tcp --sport 1024:65535 -m multiport --dports 443,4030 \
> -m state --state NEW -j ACCEPT
>
> It works for me...
>
> J.C.
--
GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047
HTTP: http://www.johnleach.co.uk
Reply to: