J M wrote: > I have just started setting up a new computer with shorewall. I am > setting up the firewall for 2 ISPs and I am running into an error as > soon as I create a /etc/shorewall/providers file. > > I have had this same error with 2 Shorewall versions and two kernel > versions. The shorewall version is currently 3.4.6
Be sure you install the multi-ISP fix -- see the Shorewall home page. > and the kernel is > 2.6.22-11 generic shipped with ubuntu gutsy. I also had this same error > under Ubuntu Feisty server (2.6.20). > > My providers file gets 'compiled' fine, but later, just after the > providers are added, I get the following error: > > Adding Providers... > Provider ESCH1 (1) Added > Provider ESCH2 (2) Added > Default route 'nexthop via a.b.c.d dev eth1 weight 1 nexthop via w.x.y.z > dev eth2 weight 1' Added > iptables: No chain/target/match by that name > ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark ! > --mark 0/0xFF -j CONNMARK --restore-mark --mask 0xFF" Failed > > Is this error due to a missing module? Or am I missing something else? You are missing CONNMARK support. > > If I remove the providers file, everything starts properly. Ubuntu takes their cue from Debian and doesn't include CONNMARK support in their kernels. Yet they include connmark match support! Go figure... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
