Find the answer to your Linux question:
Results 1 to 5 of 5
i have a iptable firewall installed on red hat 9.0.I wanted to allow a range of ports say 5000 to 5050 .I tied using 5000:5050 ,but it doesnt seem to ...
  1. 08-01-2006 #1
    s_hcl
    s_hcl is offline
    Just Joined!
    Join Date
    Mar 2006
    Posts
    30

    assigining multiple ports -iptables

    i have a iptable firewall installed on red hat 9.0.I wanted to allow a range of ports say 5000 to 5050 .I tied using 5000:5050 ,but it doesnt seem to work.Can any one help me out with the correct syntax.

    iptables version is iptables v1.2.7a:

    The command was

    iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports 7000:7100 -j ACCEPT
    Reply With Quote Reply With Quote
  2. 08-01-2006 #2
    KenJackson
    KenJackson is offline
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    506
    I never got ' --state NEW ' to work. I'm not sure why it's useful anyway. But I use the semicolon similar to the way you used it, and it works.

    BTW, I don't think you need to use the ' -m ' switch since you are using the ' -p ' switch.

    Maybe this would work:

    iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dports 7000:7100 -j ACCEPT
    Reply With Quote Reply With Quote
  3. 08-02-2006 #3
    s_hcl
    s_hcl is offline
    Just Joined!
    Join Date
    Mar 2006
    Posts
    30
    thks or the reply.

    i tried ur code ,but it gave me an error as

    --dports Unknown argument
    Reply With Quote Reply With Quote
  4. 08-02-2006 #4
    s_hcl
    s_hcl is offline
    Just Joined!
    Join Date
    Mar 2006
    Posts
    30
    i checked with iptables help and it suggests that it allows only 15 ports at a time and the port range doesnt work.
    hence i manually gave the ports by defining variables upto 10 ports at a time and its working fine now

    PORTS="7000,7001,7002,7003,7004,7005,7006,7007,700 8,7009,7010"
    iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports $PORTS -j ACCEPT
    Reply With Quote Reply With Quote
  5. 08-02-2006 #5
    KenJackson
    KenJackson is offline
    Linux Enthusiast KenJackson's Avatar
    Join Date
    Jun 2006
    Location
    Maryland, USA
    Posts
    506
    Quote Originally Posted by s_hcl
    --dports Unknown argument
    Interesting. This is one of the lines that I use, which works just fine. Of course, I'm spelling my options out.
    Code:
    iptables --append INPUT --jump DROP --protocol tcp --destination-port 65:80
    But now I see an interesting difference. I am using "--destination-port" which can be abbreviated "--dport", which is in the "sctp" module.

    OTOH, you are using the abbreviation "--dports" which is short for "--destination-ports" (notice the extra "s"), which is recognized by both modules "mport" and "multiport".

    They all seem to do the same thing. Maybe they were independently thought up by different authors. But I'm guessing that since the version I use is unique--it's included in only one module--I get no error when I skip the "-m" switch.

    I remember setting this all up. I'd try this and take a look and try that and see if it took. Kind of a hassle. Although now that is setup, I haven't touched it in 3 years.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...