Menu

#6 iptables: invalid TCP port/service?

open
nobody
None
5
2003-05-12
2003-05-12
bambi2000
No

After creating a NAT for use with eDonkey/eMule I keep
getting messages like these when applying the settings:

NAT virtual( internet ) --> real( bambi ) on service(
edonkey )
iptables v1.2.5: invalid TCP port/service `-o' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.5: invalid TCP port/service `-m' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.5: invalid UDP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.

(“bambi” is my workstation belonging to the zone “lan”
(eth1) and “internet” is the zone assigned to eth0)

Something similar happens if I create a NAT for h323-
service (I thought the definition look a bit similar to that
of edonkey so I gave it a try), whereas a NAT like:

NAT virtual( internet ) --> real( bambi ) on service( aim-
icq )

doesn’t give any problems at all.

I have used Turtle Firewall (currently v. 1.25) for
maintaining my firewall for about a year and haven’t
seen this behaviour until today – and I don’t recall
updating any packages or reconfiguring my server
except for adding rules to the firewall.

Also, I have tried removing the Turtle Firewall module
and reinstall it, creating all the settings from scratch. I
don’t know much about iptables, and I’m not sure where
to look to diagnose the problem, so any help will be
greatly appreciated.

Discussion

  • bambi2000

    bambi2000 - 2003-05-13

    Logged In: YES
    user_id=776942

    I have been investigating this problem a bit further. Here is
    the code generated for my eDonkey/eMule NAT entry:

    #NAT virtual( internet ) -to-> real( bambi ) on service( edonkey
    () )
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4661 -j
    DNAT --to-destination 192.168.172.10
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p tcp --
    sport 4661 -o eth0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p tcp --
    sport -o eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport -m
    state --state ESTABLISHED,RELATED -j DNAT --to-
    destination 192.168.172.10
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4662 -j
    DNAT --to-destination 192.168.172.10
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p tcp --
    sport 4662 -o eth0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p tcp --
    sport -o eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport -m
    state --state ESTABLISHED,RELATED -j DNAT --to-
    destination 192.168.172.10
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport 4665 -j
    DNAT --to-destination 192.168.172.10
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p udp --
    sport 4665 -o eth0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -s 192.168.172.10 -p udp --
    sport -o eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -i eth0 -p udp --dport -j
    DNAT --to-destination 192.168.172.10

    As indicated by iptables the source or destination ports are
    in fact missing in some of the above rules. But why are they
    missing? I havent been messing with the fwservices.xml and
    the contents of the file looks fine to me. And Im positive I
    had the eDonkey rule working for more than a day before this
    error started occurring.

     

  • Nobody/Anonymous

    Nobody/Anonymous - 2003-05-14

    Logged In: NO

    version 1.26 is coming soon!

     

Log in to post a comment.