LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-30-2013, 11:29 AM   #1
Sorbitol
LQ Newbie
 
Registered: Apr 2013
Posts: 5

Rep: Reputation: Disabled
Iptables problem - unknown option "--dports"


Hello!

I am running an OpenVPN client on my Raspberry Pi, which is running Xbian, a variant of Debian. Currently all traffic goes through the VPN, but I'd like to set certain applications to use the regular network interface. After some googling it seemed the best solution was to use iptables.

I've been trying to set port 7000,6697 and 9999 to only use eth0 but iptables isn't cooperating. When I do:
Code:
sudo iptables -A PREROUTING -i eth0 -t mangle -p tcp --dports 7000,6697,9999 -j MARK --set-mark 1
All I get is
Code:
iptables v1.4.18: unknown option "--dports"
I've tried recompiling from the latest tarballs but there was no difference. Any ideas what I could do?
 
Old 04-30-2013, 12:05 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Load with "-m multiport" before using --dports"?
 
Old 04-30-2013, 12:33 PM   #3
Sorbitol
LQ Newbie
 
Registered: Apr 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thank you, that worked! The next step from the stackoverflow answer I'm following is:
Code:
echo "201 eth1.out" >> /etc/iproute2/rt_tables
but when I do that bash says permission denied even if I run it as root. Can I just edit rt_tables manually with nano instead or is there another command?
 
Old 04-30-2013, 12:56 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Quote:
Originally Posted by Sorbitol View Post
(..) when I do that bash says permission denied even if I run it as root. Can I just edit rt_tables manually with nano instead or is there another command?
Different questions different threads as far as I'm concerned. For me the command worked so the question isn't (or shouldn't be) what's the workaround but why it doesn't work. Does the file, or the directory it resides in, exist?
Is the file, or the directory it resides in, made immutable ('man lsattr')?
Else run
Code:
strace -v /bin/echo 201 eth1.out >> /etc/iproute2/rt_tables
as root.
 
Old 04-30-2013, 01:48 PM   #5
Sorbitol
LQ Newbie
 
Registered: Apr 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
When I run lsattr rt_tables I get:
Code:
-------------e-- rt_tables
sudo strace -v /bin/echo 201 eth1.out >> /etc/iproute2/rt_tables gives me:
Code:
-bash: /etc/iproute2/rt_tables: Permission denied
Edit: I can edit it just fine with nano. Strange.
Edit2: I can run the command if I use sudo su to change to the root account. Just plain sudo doesn't work.

Last edited by Sorbitol; 04-30-2013 at 02:05 PM.
 
Old 04-30-2013, 02:57 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Indeed odd. No idea why though as you didn't run the strace command as root.
 
Old 04-30-2013, 03:42 PM   #7
Sorbitol
LQ Newbie
 
Registered: Apr 2013
Posts: 5

Original Poster
Rep: Reputation: Disabled
I ran strace as root, the output is here if you'd like to take a look at it.

Meanwhile, I've done as instructed on stackoverflow and still cannot get specific ports to not go through the VPN. Iptables and iproute2 are quite difficult to understand for me. But I suppose that is for another thread, my original question has been answered.
 
Old 04-30-2013, 05:35 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Thanks for the strace, didn't help though, no errors I can find. Quite stumped as it ain't about extended attributes either...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] iptables question: --dports option and context johnnygear Linux - Networking 4 04-21-2012 11:18 PM
BIND server not starting, "unknown option 'zone'" StevenW Linux - Networking 6 09-19-2011 07:27 PM
"ftp: u: unknown option" when script runs through VNC viewer Fillys6 Linux - Networking 7 12-22-2005 08:11 PM
rpm -bp command not working says "-bp: unknown option" Niceman2005 Linux - Software 2 11-08-2004 02:36 AM
dns named.conf: "view" unknown option rioguia Linux - Networking 16 11-02-2004 12:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration