udplite and ports

Linux Netfilter discussions
 help / color / mirror / Atom feed

* udplite and ports
@ 2010-03-13  9:10 Mart Frauenlob
  2010-03-14  5:43 ` ratheesh k
  2010-03-16  7:34 ` Mart Frauenlob
  0 siblings, 2 replies; 6+ messages in thread
From: Mart Frauenlob @ 2010-03-13  9:10 UTC (permalink / raw)
  To: netfilter

Hello,

what am I missing, why is that command not working:

iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
iptables v1.4.7: unknown option `--destination-port'
Try `iptables -h' or 'iptables --help' for more information.


uname -a
Linux eris 2.6.33-eris-2010-03-06 #1 Sat Mar 6 01:36:52 CET 2010 i686
GNU/Linux

-p udplite -m multiport --ports 123,124 ... works.


Thanks for your help!


Best regards

Mart

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: udplite and ports
  2010-03-13  9:10 udplite and ports Mart Frauenlob
@ 2010-03-14  5:43 ` ratheesh k
  2010-03-16  7:28   ` Mart Frauenlob
  2010-03-16  7:34 ` Mart Frauenlob
  1 sibling, 1 reply; 6+ messages in thread
From: ratheesh k @ 2010-03-14  5:43 UTC (permalink / raw)
  To: netfilter

On Sat, Mar 13, 2010 at 2:40 PM, Mart Frauenlob
<mart.frauenlob@chello.at> wrote:
> Hello,
>
> what am I missing, why is that command not working:
>
> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
> iptables v1.4.7: unknown option `--destination-port'
> Try `iptables -h' or 'iptables --help' for more information.
>
>
> uname -a
> Linux eris 2.6.33-eris-2010-03-06 #1 Sat Mar 6 01:36:52 CET 2010 i686
> GNU/Linux
>
> -p udplite -m multiport --ports 123,124 ... works.
>
>
> Thanks for your help!
>
>
> Best regards
>
> Mart
>
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Could you try option --dport instead of  --destination-port  ?

 These options depends on the iptables librararied . You can do a "nm"
command on  all the dynamic libraried to see whether it is supported .
It could be a problem with configuration or  right library might not
be copied .


Thanks,
Ratheesh

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: udplite and ports
  2010-03-14  5:43 ` ratheesh k
@ 2010-03-16  7:28   ` Mart Frauenlob
  0 siblings, 0 replies; 6+ messages in thread
From: Mart Frauenlob @ 2010-03-16  7:28 UTC (permalink / raw)
  To: netfilter

On 14.03.2010 06:43, netfilter-owner@vger.kernel.org wrote:
> On Sat, Mar 13, 2010 at 2:40 PM, Mart Frauenlob
> <mart.frauenlob@chello.at> wrote:
>> Hello,
>>
>> what am I missing, why is that command not working:
>>
>> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
>> iptables v1.4.7: unknown option `--destination-port'
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>>
>> uname -a
>> Linux eris 2.6.33-eris-2010-03-06 #1 Sat Mar 6 01:36:52 CET 2010 i686
>> GNU/Linux
>>
>> -p udplite -m multiport --ports 123,124 ... works.
>>
>>
>> Thanks for your help!
>>

> 
> Could you try option --dport instead of  --destination-port  ?
> 
>  These options depends on the iptables librararied . You can do a "nm"
> command on  all the dynamic libraried to see whether it is supported .
> It could be a problem with configuration or  right library might not
> be copied .

of course I tried --dport. Wonder why that should be different in
regards of libraries.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: udplite and ports
  2010-03-13  9:10 udplite and ports Mart Frauenlob
  2010-03-14  5:43 ` ratheesh k
@ 2010-03-16  7:34 ` Mart Frauenlob
  2010-03-16 11:28   ` Pascal Hambourg
  1 sibling, 1 reply; 6+ messages in thread
From: Mart Frauenlob @ 2010-03-16  7:34 UTC (permalink / raw)
  To: netfilter

On 13.03.2010 10:12, netfilter-owner@vger.kernel.org wrote:
> Hello,
> 
> what am I missing, why is that command not working:
> 
> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
> iptables v1.4.7: unknown option `--destination-port'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> 
> uname -a
> Linux eris 2.6.33-eris-2010-03-06 #1 Sat Mar 6 01:36:52 CET 2010 i686
> GNU/Linux
> 
> -p udplite -m multiport --ports 123,124 ... works.
> 
> 
> Thanks for your help!
> 

No more than guessing from ratheesh?
I would have expect it to work like -p udp. Am I wrong?
But there's no libxt_udplite.so. Is a kernel config option missing?
Could not find any (all netfilter related is enabled).

What is wrong???


Thanks

Mart

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: udplite and ports
  2010-03-16  7:34 ` Mart Frauenlob
@ 2010-03-16 11:28   ` Pascal Hambourg
  2010-03-16 12:09     ` Mart Frauenlob
  0 siblings, 1 reply; 6+ messages in thread
From: Pascal Hambourg @ 2010-03-16 11:28 UTC (permalink / raw)
  To: netfilter

Hello,

Mart Frauenlob a écrit :
>>
>> what am I missing, why is that command not working:
>>
>> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
>> iptables v1.4.7: unknown option `--destination-port'
>> Try `iptables -h' or 'iptables --help' for more information.
[...]
>> -p udplite -m multiport --ports 123,124 ... works.

According to changelogs, support for UDPLITE in multiport was added in
iptables 1.3.8 (the man page does not seem to have been updated though).

> I would have expect it to work like -p udp. Am I wrong?
> But there's no libxt_udplite.so.

--dport is an option of some "-m <protocol>" matches (implicit with "-p
<protocol>") such as tcp, udp, sctp, dccp handled by libxt_<protocol>.so
libraries. As you pointed out, there is no libxt_udplite.so, so no "-m
udplite" match nor --dport option for UDPLITE.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: udplite and ports
  2010-03-16 11:28   ` Pascal Hambourg
@ 2010-03-16 12:09     ` Mart Frauenlob
  0 siblings, 0 replies; 6+ messages in thread
From: Mart Frauenlob @ 2010-03-16 12:09 UTC (permalink / raw)
  To: netfilter

On 16.03.2010 12:28, Pascal Hambourg wrote:
> Mart Frauenlob a écrit :
>>>
>>> what am I missing, why is that command not working:
>>>
>>> iptables -A INPUT -i eth2 -p udplite --destination-port 123 -j ACCEPT
>>> iptables v1.4.7: unknown option `--destination-port'
>>> Try `iptables -h' or 'iptables --help' for more information.
> [...]
>>> -p udplite -m multiport --ports 123,124 ... works.
> 
> According to changelogs, support for UDPLITE in multiport was added in
> iptables 1.3.8 (the man page does not seem to have been updated though).
> 
>> I would have expect it to work like -p udp. Am I wrong?
>> But there's no libxt_udplite.so.
> 
> --dport is an option of some "-m <protocol>" matches (implicit with "-p
> <protocol>") such as tcp, udp, sctp, dccp handled by libxt_<protocol>.so
> libraries. As you pointed out, there is no libxt_udplite.so, so no "-m
> udplite" match nor --dport option for UDPLITE.

Thank you Pascal,

ok, it's simply not implemented...
It seemed somehow improbable to me, that support for udplite within
conntrack, nat and multiport was added, but no protocol match.
Relying on something not being in the man page *sigh* isn't assured to
be correct.

Best regards

Mart




^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2010-03-16 12:09 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-13  9:10 udplite and ports Mart Frauenlob
2010-03-14  5:43 ` ratheesh k
2010-03-16  7:28   ` Mart Frauenlob
2010-03-16  7:34 ` Mart Frauenlob
2010-03-16 11:28   ` Pascal Hambourg
2010-03-16 12:09     ` Mart Frauenlob

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox