2005/5/25, jan ardosa <lance_devera@yahoo.com>:>
> Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 so I could
explore the multiple ISP/dual default route setup feature of version 2.3, I also
upgraded iptables from 1.2 to 1.3 (rpm-based install) but when I tried to start
shorewall it terminates and I noticed it''s giving me this error
>
> iptables: No chain/target/match by that name
> ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark !
--mark 0 -j CONNMARK --restore-mark" Failed
First.. get version 2.4 RCx
2.3 is devel-deprecated and unsupported.
> It seems that the CONNMARK feature of iptables is needed for the multiple
ISP... feature to work, I verfied it using shorewall show capabilities and it
says it''s not available. Question, What''s the procedure for me
to add this feature in iptables and into my kernel? Do I need the kernel and
iptables sources as well as the patch-o-matic tool? Has anyone have done this
before? I need the easiest way to make it work.
>
> BTW. Thanks to Mr Alex Wilms for the tip :)
recompile your kernel:
read:
http://www.shorewall.net/kernel.htm
if you insist in using 2.3 ,you need to patch your kernel and iptables
with extended mark support(2.4 don''t require this step)