Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't know exactly what you mean when you say that the second rule doesn't work (I see that the IPs are different, but I'm guessing you understand that), but the difference is that with with iprange you can give it an arbitrary ip range, regardless of subnetting. So you don't need to specify a network mask, like you do with -d. (with -d not specifying a network mask means only the ip itself, of course).
hi
i wonna set a vpn, as you see. but i'd like to put only the server range:
example:
####server UK
-A OUTPUT -p udp -m udp -m iprange --dst-range 103.107.197.35-103.107.197.127 --dport 1194 -j ACCEPT
i can't get connection with this rule.
only this i can get connection:
##server UK
-A OUTPUT -p udp -m udp -d 103.107.197.0/24 --dport 1194 -j ACCEPT
So you're setting up these rules on the client side, if I understand correctly?
If yes, then the iprange rule is correct in and of itself. But that's not a perfect overlap. /24 means .1-.254, whereas your iprange rule is restricted to .35-.127. So if your vpn server does not belong to that range, of course it won't work.
Other than that there's no difference between -d and iprange.
So you're setting up these rules on the client side, if I understand correctly?
If yes, then the iprange rule is correct in and of itself. But that's not a perfect overlap. /24 means .1-.254, whereas your iprange rule is restricted to .35-.127. So if your vpn server does not belong to that range, of course it won't work.
Other than that there's no difference between -d and iprange.
hi
yes, it's a client and yes: the range belongs to the server. i wish to narrow it down.
I need to study more
thanks
And then have a look at /var/log/syslog if you use debian/ubuntu.
If you use centos/alma/rocky/rhel, then add the uncommented line in /etc/rsyslog.conf and check /var/log/kern.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.