On 5/11/06, Bob Ramstad <[EMAIL PROTECTED]> wrote: > On 5/11/06, Tom Eastep <[EMAIL PROTECTED]> wrote: > > Bob Ramstad wrote: > > > Amplifying on my last post, the most recent documentation suggests the > > > following example (slightly modified for my situation), but will not > > > load: > > > > > > # version from http://www.shorewall.net/IPP2P.html (does not load) > > > #RESTORE:F - - tcp > > > #CONTINUE:F - - tcp - - - > > > !0 > > > #1:F - - ipp2p ipp2p > > > #SAVE:F - - tcp - - - 1 > > > #1:50 - eth0 - - - - 1 > > > #1:50 - eth1 - - - - 1 > > > > > > I get the following error: > > > > > > iptables: Unknown error -1 > > > ERROR: Command "/sbin/iptables -t mangle -A tcpost -m mark --mark > > > 1/255 -o eth0 -j CLASSIFY --set-class 1:50" Failed > > > > > > > Now load the ipt_CLASSIFY module.... > > > > -Tom > > Bering doesn't seem to have an ipt_CLASSIFY module. > > With the cdrom mounted as /mnt > > fw11xxx.accessgroupinc.com# find / -name 'ipt_*' -print > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_ah.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_conntrack.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_connmark.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_CONNMARK.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_esp.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_helper.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_ipp2p.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_MIRROR.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_owner.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_physdev.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_quota.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_recent.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_REDIRECT.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_state.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_stealth.o > /mnt/lib/modules/2.4.32/kernel/net/ipv4/netfilter/ipt_ttl.o > /lib/modules/ipt_ipp2p.o > /lib/modules/ipt_state.o > /lib/modules/ipt_helper.o > /lib/modules/ipt_conntrack.o > /lib/modules/ipt_REDIRECT.o > /lib/modules/ipt_MASQUERADE.o > > -- Bob >
I'm also wondering if we're not barking up the wrong tree. I don't have a class 1:50, my class for p2p traffic is 50. The documentation for Shorewall seems to imply that 1:50 means that it should take things that are marked 1 currently and remark them 50, but the iptables command that's failing above looks like it's trying to set the class to 1:50. I'll be the first to admit that I know just enough about iptables to be dangerous... BTW the current Bering distribution is Shorewall 3.0.6 -- Bob ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/