Re: [Shorewall-users] CONNMARK target and connmark match support inUbuntu kernel

Mon, 01 Jun 2009 04:25:04 -0700 

Hi there

I have problems too with a MultiISP configuration + Ubuntu. Well, maybe
CONNMARK is not compiled with the kernel but is loaded like a module, I
checked that...

My output of "shorewall show capabilities | grep -i CONNMARK" is:

    CONNMARK Target: Available
    Extended CONNMARK Target: Available
    Connmark Match: Available
    Extended Connmark Match: Available

So, it's correct, but my problems are going on... I have problems only with
openvpn traffic (udp) and I created a tcrules file with the next to try to
redirect this traffic to one of my ISP's but it isn't work properly...

2       $FW             0.0.0.0/0       udp     -       1194

Some idea? Should I recompile kernel to solve it?

Thank you

Laura


-----Mensaje original-----
De: Brian J. Murrell [mailto:[email protected]] 
Enviado el: viernes, 29 de mayo de 2009 15:35
Para: Shorewall Users
Asunto: Re: [Shorewall-users] CONNMARK target and connmark match support
inUbuntu kernel

On Fri, 2009-05-29 at 06:27 -0700, Tom Eastep wrote:
> 
> Assuming that Shorewall is started on the system, as root do the
following:
> 
> r...@ursa:~# shorewall show capabilities | grep -i CONNMARK
>    CONNMARK Target: Available
>    Extended CONNMARK Target: Available
>    Connmark Match: Available
>    Extended Connmark Match: Available
> r...@ursa:~#
> 
> If the first and third links of output other than the above, then your
> kernel and/or iptables are missing the required support.

And may just need (a) module(s) to be loaded.  I think they are
nf_conntrack_ipv4 and nf_conntrack on Ubuntu Intrepid.

b.



------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to