Peter Skipworth wrote: > Hi all, > > I have shorewall (4.2.10 on Centos 4.5) configured with two external > networks (ppp0, ppp1) and an internal (eth2) and DMZ (eth3) networks. > > Everything worked up to the point where I wanted to set up policy > routing (to force all http traffic over one interface) and added 'track' > as an option to both providers in /etc/shorewall/providers. Shorewall > failed to restart and reported the following : > > Jun 30 18:29:43 fw shorewall: iptables: No chain/target/match by that name > Jun 30 18:29:43 fw shorewall: ERROR: Command "/sbin/iptables -t > mangle -A PREROUTING -m connmark ! --mark 0/0xFF -j CONNMARK > --restore-mark --mask 0xFF" Failed > > As far as I know I have all necessary kernel modules loaded (list below, > along with content of providers and tcrules files). Does anyone have any > ideas what I need to do to fix this ?
Look at the output of "shorewall show capabilities". You neet both CONNMARK Target support and connmark match support for that rule to be usable. From the module list you posted, you are missing both. With ancient distributions such as you are running, it is likely that the kernel was built without the capability (even modularized). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
