Ted Kaczmarek wrote: > On Tue, 2004-10-05 at 18:17 +0530, bruce wrote: >> Hi all, >> >> I am working with linux firewall implementation >> >> >> I am using iptables version v1.2.11 and linux kernal 2.4.27. >> If multiport option comes with iptables(iptable rules are below), the >> services are not working. But individual services are working >> properly. >> The following filtering rules are not giving any syntatical errors. >> I checked logs no info.. >> >> #/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp -s 192.168.2.0/24 >> -m multiport --dport 24,80 -m multiport --sport 0:65535 -d >> 192.168.1.2 -j ACCEPT >> >> #/sbin/iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 192.168.1.2 -m >> multiport --sport 24,80 -d 192.168.2.0/24 -m multiport --dport >> 0:65535 -j ACCEPT >> >> Please give any solution or hints for the below problem. >> Thanks >> Bruce >> > I kind of remember multiport support coming via a patch. > Also your 0:65535 is not multiport. Well, 0:65535 is a valid range, but it'll always return true, so leaving it out amounts to the same thing. Your real problem is that you call multiport twice and the fact that you use dport instead of dports and sport instead of sports which the multiport patch requires. If in doubt of the command syntax, type iptables -m <module> --help or iptables -j <target> --help from the command line.
