Tom,
Thanks for the quick reply. I have applied the multiISP patch, now do I need
to download the kernel source and configure it for CONNMARK support?
Regards,
John
----- Original Message ----
From: Tom Eastep <[EMAIL PROTECTED]>
To: Shorewall Users <[email protected]>
Sent: Wednesday, September 19, 2007 1:29:18 PM
Subject: Re: [Shorewall-users] chain/rule problem with Shorewall
J M wrote:
> I have just started setting up a new computer with shorewall. I am
> setting up the firewall for 2 ISPs and I am running into an error as
> soon as I create a /etc/shorewall/providers file.
>
> I have had this same error with 2 Shorewall versions and two kernel
> versions. The shorewall version is currently 3.4.6
Be sure you install the multi-ISP fix -- see the Shorewall home page.
> and the kernel is
> 2.6.22-11 generic shipped with ubuntu gutsy. I also had this same error
> under Ubuntu Feisty server (2.6.20).
>
> My providers file gets 'compiled' fine, but later, just after the
> providers are added, I get the following error:
>
> Adding Providers...
> Provider ESCH1 (1) Added
> Provider ESCH2 (2) Added
> Default route 'nexthop via a.b.c.d dev eth1 weight 1 nexthop via w.x.y.z
> dev eth2 weight 1' Added
> iptables: No chain/target/match by that name
> ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark !
> --mark 0/0xFF -j CONNMARK --restore-mark --mask 0xFF" Failed
>
> Is this error due to a missing module? Or am I missing something else?
You are missing CONNMARK support.
>
> If I remove the providers file, everything starts properly.
Ubuntu takes their cue from Debian and doesn't include CONNMARK support in
their kernels. Yet they include connmark match support! Go figure...
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
