'Re: Re[4]: access to server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Re[4]: access to server
From:       Alistair Tonner <Alistair () nerdnet ! ca>
Date:       2003-04-30 14:59:48
[Download RAW message or body]

On April 30, 2003 09:32 am, netfilter_user wrote:
> Hello Arnt,
>
> Wednesday, April 30, 2003, 4:47:45 AM, you wrote:
>
> AK> On Wed, 30 Apr 2003 03:38:12 +0200,
> AK> netfilter_user <netfilter_user@o2.pl> wrote in message
>
> AK> <1246491441.20030430033812@o2.pl>:
> >> Hello Arnt,
> >>
> >> Wednesday, April 30, 2003, 3:10:30 AM, you wrote:
> >>
> >> AK> On Wed, 30 Apr 2003 00:49:31 +0200,
> >> AK> netfilter_user <netfilter_user@o2.pl> wrote in message
> >>
> >> AK> <5436369716.20030430004931@o2.pl>:
> >> >> Rule: "iptables -A FORWARD -i eth1 -p udp -m --multioport --dport
> >>
> >> AK>                                                      /\
> >> AK> ..is " -m --multioport " a valid match in iptables, or a correct
> >> AK> quote of your attempt to write  ' -m --multiport ' ?
> >>
> >> damn my wrong...it should looks like this:
> >> iptables -A FORWARD -i eth1 -p udp -m --multioport --dport 23073,23083
> >> -j ACCEPT                                   /\
>
> AK>                                               ||
> AK> ..lets try again: I don't find "-m --multioport" _anywhere_
> AK> in the docs, so, if you _actually_ try '-m --multioport' in
> AK> your rule set, it _should_ fail, then you'll wanna try
> AK> '-m --multiport', without your extra "o".  ;-)
>
> Oh yes, now i got, i was too sleepy yestorday to understand. Actualy
> this rule looks like this:
>
> iptables -A FORWARD -i eth1 -p udp -m --multiport --dport 23073,23083 -j
> ACCEPT
>
> and after run, shows no error msg. Thats mean it works but it wont
> helps me to achive this what i want.
>
> I repeat my msg here again:
>
> In my network, Linux machine connect Local net (eth1) with internet
> (ppp0). As a default all INCOMING traffic is deny. I made some rules
> to access SMTP, HTTP etc. but its not important now.
> It is necessery for nodes from local net to access server that is in
> Internet. The address of this server is 62.233.202.165 and listen on port
> 23073 and 23083.
>
> Rule: "iptables -A FORWARD -i eth1 -p udp -m --multiport --dport
> 23073,23083 -j ACCEPT"
> wont helps and i have received msg in log like this:
>
> Apr 30 02:28:41 slack kernel: IPT:UnhandledForward:IN=eth1 OUT=ppp0
> SRC=192.168.1.2 DST=62.233.202.165 LEN=36 TOS=0x00 PREC=0x00 TTL=127
> ID=23780 PROTO=UDP SPT=1552 DPT=13073 LEN=16
>

	From that packet it seems that you want to have --dport accept on port 13073
	NOT 23073 ... or perhaps as well as!

-- 

	Alistair Tonner
	nerdnet.ca
	Senior Systems Analyst - RSS
	
     Any sufficiently advanced technology will have the appearance of magic.
	Lets get magical!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic