Mailing List Archive

my similar line that works is:
iptables -A NetDiagTools -p udp --dport 33434:33523 -j ACCEPT

so yours should be:
iptables -A INPUT -p tcp --dport 6000:6039 -j ACCEPT

Danny

-----Original Message-----
From: Wolfgang Pichler [mailto:wpichler@dialog-gruppe.at]
Sent: Thursday, July 26, 2001 10:20 AM
To: iptables maillinglist
Subject: command for opening port 6000-6039 to the local network


how can i open port 6000-6039 for the inner network ?
iptables -A INPUT -p tcp --dport 6000-6039 usw. doesn't work -> i've also
triied 6000:6039 or 6000--6039.

Pichler Wolfgang

Dialog Austria
Software & Telekommunikation Ges.m.b.H.
Goethestrasse 93
A-4020 Linz

Tel +43 (0) 70 662774 37
Fax +43 (0) 70 662774 22
Mail mailto:wpichler@dialog-gruppe.at
Web www.dialog-gruppe.at

+++

Hallo, Wolfgang ,

Der Syntax lautet korrekt :

iptables -A INPUT -m tcp -p tcp -s SOURCE -d DEST --dport fromport:toport -J
POLICY

Es ist wichtig, daß Du das Layer 4 Protokoll bestimmst (mit -p bzw. mit -m),
da Netfilter ja auch Port ungebundene Protokolle (ICMP) Filtern kann.
Sonst gibts eine Fehlermeldung (unkonown Option --dport)

English Version :

The correct Syntax is

iptables -A INPUT -m tcp -p tcp -s SOURCE -d DEST --dport fromport:toport -J
POLICY

It´s important, that you specify the correct Layer 4 Protocol (with -m and
-p).
If you do not do that, you´ll get an error message (unknown option --dport).

greetings

Harald Scharf
Intel Certified Integration Specialist Networking
Softpoint electronic
Netzwerksysteme / Firewalls
Bricks Core Development
mailto:h.scharf@softpoint.at
www.bricks.at
www.softpoint.at


-----Ursprüngliche Nachricht-----
Von: Wolfgang Pichler [mailto:wpichler@dialog-gruppe.at]
Gesendet: Donnerstag, 26. Juli 2001 16:20
An: iptables maillinglist
Betreff: command for opening port 6000-6039 to the local network


how can i open port 6000-6039 for the inner network ?
iptables -A INPUT -p tcp --dport 6000-6039 usw. doesn't work -> i've also
triied 6000:6039 or 6000--6039.

Pichler Wolfgang

Dialog Austria
Software & Telekommunikation Ges.m.b.H.
Goethestrasse 93
A-4020 Linz

Tel +43 (0) 70 662774 37
Fax +43 (0) 70 662774 22
Mail mailto:wpichler@dialog-gruppe.at
Web www.dialog-gruppe.at

+++

> so yours should be:
> iptables -A INPUT -p tcp --dport 6000:6039 -j ACCEPT

should this be on the input or forward table of your firewall?


----- Original Message -----
From: "Danny Rappleyea" <danny.rappleyea@etrials.com>
To: "'Wolfgang Pichler'" <wpichler@dialog-gruppe.at>; "iptables
maillinglist" <netfilter@lists.samba.org>
Sent: Thursday, July 26, 2001 11:06 AM
Subject: RE: command for opening port 6000-6039 to the local network


> my similar line that works is:
> iptables -A NetDiagTools -p udp --dport 33434:33523 -j ACCEPT
>
> so yours should be:
> iptables -A INPUT -p tcp --dport 6000:6039 -j ACCEPT
>
> Danny
>
> -----Original Message-----
> From: Wolfgang Pichler [mailto:wpichler@dialog-gruppe.at]
> Sent: Thursday, July 26, 2001 10:20 AM
> To: iptables maillinglist
> Subject: command for opening port 6000-6039 to the local network
>
>
> how can i open port 6000-6039 for the inner network ?
> iptables -A INPUT -p tcp --dport 6000-6039 usw. doesn't work -> i've also
> triied 6000:6039 or 6000--6039.
>
> Pichler Wolfgang
>
> Dialog Austria
> Software & Telekommunikation Ges.m.b.H.
> Goethestrasse 93
> A-4020 Linz
>
> Tel +43 (0) 70 662774 37
> Fax +43 (0) 70 662774 22
> Mail mailto:wpichler@dialog-gruppe.at
> Web www.dialog-gruppe.at
>
> +++
>
>
>
>

A bit off topic but does this syntax also work for forwarding a range of
ports. For example if I wanted to port forward 6000 through 6039 could I
use:

iptables -A PREROUTING -t nat -p tcp -d 10.3.3.3 --dport 6000:6039 -j DNAT
--to 192.168.1.200:6000:6039



On 7/26/01 8:25 AM, "Jason Pappas" <jpappas@sharemedia.com> wrote:

>> so yours should be:
>> iptables -A INPUT -p tcp --dport 6000:6039 -j ACCEPT
>
> should this be on the input or forward table of your firewall?
>
>
> ----- Original Message -----
> From: "Danny Rappleyea" <danny.rappleyea@etrials.com>
> To: "'Wolfgang Pichler'" <wpichler@dialog-gruppe.at>; "iptables
> maillinglist" <netfilter@lists.samba.org>
> Sent: Thursday, July 26, 2001 11:06 AM
> Subject: RE: command for opening port 6000-6039 to the local network
>
>
>> my similar line that works is:
>> iptables -A NetDiagTools -p udp --dport 33434:33523 -j ACCEPT
>>
>> so yours should be:
>> iptables -A INPUT -p tcp --dport 6000:6039 -j ACCEPT
>>
>> Danny
>>
>> -----Original Message-----
>> From: Wolfgang Pichler [mailto:wpichler@dialog-gruppe.at]
>> Sent: Thursday, July 26, 2001 10:20 AM
>> To: iptables maillinglist
>> Subject: command for opening port 6000-6039 to the local network
>>
>>
>> how can i open port 6000-6039 for the inner network ?
>> iptables -A INPUT -p tcp --dport 6000-6039 usw. doesn't work -> i've also
>> triied 6000:6039 or 6000--6039.
>>
>> Pichler Wolfgang
>>
>> Dialog Austria
>> Software & Telekommunikation Ges.m.b.H.
>> Goethestrasse 93
>> A-4020 Linz
>>
>> Tel +43 (0) 70 662774 37
>> Fax +43 (0) 70 662774 22
>> Mail mailto:wpichler@dialog-gruppe.at
>> Web www.dialog-gruppe.at
>>
>> +++
>>
>>
>>
>>
>
>

nme

----------------------------------------------
Noah Eiger
nme@earthlink.net
----------------------------------------------