Hi all,
I have shorewall (4.2.10 on Centos 4.5) configured with two external
networks (ppp0, ppp1) and an internal (eth2) and DMZ (eth3) networks.
Everything worked up to the point where I wanted to set up policy
routing (to force all http traffic over one interface) and added 'track'
as an option to both providers in /etc/shorewall/providers. Shorewall
failed to restart and reported the following :
Jun 30 18:29:43 fw shorewall: iptables: No chain/target/match by that name
Jun 30 18:29:43 fw shorewall: ERROR: Command "/sbin/iptables -t
mangle -A PREROUTING -m connmark ! --mark 0/0xFF -j CONNMARK
--restore-mark --mask 0xFF" Failed
As far as I know I have all necessary kernel modules loaded (list below,
along with content of providers and tcrules files). Does anyone have any
ideas what I need to do to fix this ?
Cheers,
P
/etc/interfaces
net ppp0 detect tcpflags,dhcp,nosmurfs,logmartians
net ppp1 detect tcpflags,dhcp,nosmurfs,logmartians
dmz eth2 detect
int eth3 detect tcpflags,nosmurfs
/etc/providers
SHDSL 1 1 main ppp0 - balance
ADSL 2 2 main ppp1 - balance
/etc/tcrules
1:P 10.0.0.0/8 0.0.0.0/0 tcp 80
[r...@fw shorewall]# lsmod | grep ipt | awk '{print $1}' | sort
ip_conntrack
iptable_filter
iptable_mangle
iptable_nat
iptable_raw
ip_tables
ipt_addrtype
ipt_ah
ipt_CLASSIFY
ipt_comment
ipt_conntrack
ipt_dscp
ipt_DSCP
ipt_ecn
ipt_ECN
ipt_esp
ipt_helper
ipt_iprange
ipt_length
ipt_limit
ipt_LOG
ipt_mac
ipt_mark
ipt_MARK
ipt_MASQUERADE
ipt_multiport
ipt_NETMAP
ipt_NOTRACK
ipt_owner
ipt_physdev
ipt_pkttype
ipt_realm
ipt_recent
ipt_REDIRECT
ipt_REJECT
ipt_SAME
ipt_sctp
ipt_state
ipt_tcpmss
ipt_TCPMSS
ipt_tos
ipt_TOS
ipt_ttl
ipt_ULOG
Cheers,
P
--
peter skipworth
argo open solutions
mob 0413 962 064
ph 03 9820 0536
fax 03 8610 0379
em [email protected]
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
