Results 1 to 7 of 7

Thread: specifying port ranges-iptables

  1. 08-01-2006, 11:36 AM #1
    s_hcl
    s_hcl is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    57

    specifying port ranges-iptables

    i have a iptable firewall installed on red hat 9.0.I wanted to allow a range of ports say 5000 to 5050 .I tied using 5000:5050 ,but it doesnt seem to work.Can any one help me out with the correct syntax.

    iptables version is iptables v1.2.7a:

    The command was

    iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports 7000:7100 -j ACCEPT
    Reply With Quote Reply With Quote
  2. 08-01-2006, 02:43 PM #2
    redhead
    redhead is offline
    Moderator
    Advisor     redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811
    man iptables will show you, that --dports or --destination-ports takes a comma seperated argument mentioning every ports in question, not a port range, so it will be:
    Code:
    #!/bin/sh

PORTS="5000,5001,5002,5003,5004,5005,5006,5007,5008,5009,5010,\
       5011,5012,5013,5014,5015,5016,5017,5018,5019,5020,\
       5021,5022,5023,5024,5025,5026,5027,5028,5029,5030,\
       5031,5032,5033,5034,5035,5036,5037,5038,5039,5040,\
       5041,5042,5043,5044,5045,5046,5047,5048,5049,5050"
iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports $PORTS -j ACCEPT
    Don't worry Ma'am. We're university students, - We know what We're doing.
    'Ruiat coelum, fiat voluntas tua.'
    Datalogi - en livsstil; Intet liv, ingen stil.
    Reply With Quote Reply With Quote
  3. 08-02-2006, 05:30 AM #3
    s_hcl
    s_hcl is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    57
    thks for the reply

    i tried adding ports from 7000 to 7100 ,but i got an error as

    invalid port/service ' ' specified.
    Reply With Quote Reply With Quote
  4. 08-02-2006, 07:27 AM #4
    s_hcl
    s_hcl is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    57
    i checked out in help ,it aloows only 15 ports at a time ,hence i assignes 10 ports at a time

    PORTS="7000,7001,7002,7003,7004,7005,7006,7007,700 8,7009,7010"
    iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports $PORTS -j ACCEPT

    and its wrkg fine now


    thks for ur valuable input ,it helped solve the problem ,whcih i was facing for a long time.
    Reply With Quote Reply With Quote
  5. 08-02-2006, 06:14 PM #5
    redhead
    redhead is offline
    Moderator
    Advisor     redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811
    You could shorten that to:
    Code:
    PORTS="7000,7001,7002,7003,7004,7005,7006,7007,7008,7009,7010 \
       7011,7012,7013,7014,7015,7016,7017,7018,7019,7020 \
       .... \
       7091,7092,7093,7094,7095,7096,7097,7098,7099,7100"
for RANGE in $PORTS; do
    iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports $RANGE -j ACCEPT
done
    Notice the " "(space) befor every newline in the definition of PORTS.
    That way you can have all your ports gathered in one variable and run through them in a single line...
    Don't worry Ma'am. We're university students, - We know what We're doing.
    'Ruiat coelum, fiat voluntas tua.'
    Datalogi - en livsstil; Intet liv, ingen stil.
    Reply With Quote Reply With Quote
  6. 08-03-2006, 04:31 AM #6
    s_hcl
    s_hcl is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    57
    thks .when i try the command of giving it in a single line ,it gives me an error as

    invalid port/service ' ' specified
    Reply With Quote Reply With Quote
  7. 08-03-2006, 04:32 AM #7
    s_hcl
    s_hcl is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    57
    ooops sorry ,i didnt check the for command ,thought it was the same earlier command.I will try and let u know.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. LAN clients get connection denied by Apache
    By rhonneil in forum Linux - Hardware, Networking & Security
    Replies: 14
    Last Post: 11-12-2003, 10:28 AM
  2. Router not routing/masquerading. Why?
    By Anubis in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 03-21-2003, 11:05 PM
  3. Port Forwarding IPTABLES Script
    By Coral_Sea in forum Programming
    Replies: 0
    Last Post: 10-08-2002, 10:56 PM
  4. Will masq work?
    By airhead in forum Linux - Hardware, Networking & Security
    Replies: 8
    Last Post: 09-17-2002, 08:50 PM
  5. iptables script...
    By Mor_gath in forum Programming
    Replies: 5
    Last Post: 12-24-2001, 03:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules