RE: [leaf-user] Iptables -m length --length 1400:1500
Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) Kim -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: woensdag 12 juni 2002 17:16 To: Kim Oppalfens; [EMAIL PROTECTED] Subject: Re: [leaf-user] Iptables -m length --length 1400:1500 I am trying to play around with qos but I am running into troubles with Marking packets from a specific size. The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. A quick glance at man iptables indicates you can only play with mark values in the mangle table: TARGET EXTENSIONS iptables can use extended target modules: the following are included in the standard distribution. snip MARK This is used to set the netfilter mark value associated with the packet. It is only valid in the mangle table. --set-mark mark Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) OK, how about going back to the basics...do you have the proper modules loaded? I don't play much with iptables, but I think you probably need ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Iptables -m length --length 1400:1500
The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. Kim -Original Message- From: Charles Steinkuehler To: Kim Oppalfens; [EMAIL PROTECTED] Sent: 12/06/2002 18:00 Subject: Re: [leaf-user] Iptables -m length --length 1400:1500 Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) OK, how about going back to the basics...do you have the proper modules loaded? I don't play much with iptables, but I think you probably need ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
At 20:45 12/06/2002, Charles Steinkuehler wrote: I think that is indeed correct I think there are seperate kernal modules for that. but I think they are included in bering. the directory /lib/iptables contains a file libipt_length.so So I expect the module patch library whatever it is to be there. Kim The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500 solved!
I know your not supposed to answer your own mails but hey call schizophrenic ok :-) Charles nailed it again the libipt is some sort of library but still needs the module to work, once I copied the module onto my system everything worked out fine. Thanks again (it is starting to get boring :-)) Kim I think that is indeed correct I think there are seperate kernal modules for that. but I think they are included in bering. the directory /lib/iptables contains a file libipt_length.so So I expect the module patch library whatever it is to be there. Kim The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
