Shorewall users - May 2005 - Shorewall 2.3 problem

Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 after fixin some
minor config problems, I also upgraded iptables from 1.2 to 1.3 (rpm-based
install) but when I tried to start shorewall it terminates and I noticed
it''s giving me this error
 
iptables: No chain/target/match by that name
   ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark !
--mark 0 -j CONNMARK --restore-mark" Failed

Is there an easier way to fix this? 
 
TIA
 
Jan


---------------------------------
  Yahoo! Messenger - Communicate instantly..."Ping" your friends
today! Download Messenger Now

On Wednesday 25 May 2005 13:19, jan ardosa wrote:
> Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 after fixin
Hi Jan,

2.3 is the now obsolete devel-tree. It''s not supported anymore as
stated in
the Readme. Please use 2.4.RC-Series if you really want to use the 
devel-tree. 
> some minor config problems, I also upgraded iptables from 1.2 to 1.3
> (rpm-based install) but when I tried to start shorewall it terminates and I
> noticed it''s giving me this error
>
> iptables: No chain/target/match by that name
>    ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark
!
> --mark 0 -j CONNMARK --restore-mark" Failed
>
Seems that you have no CONNMARK target support in your iptables/kernel.

Please check the output of "shorewall show capabilities" (see FAQ 42)

The output should show something like this:
Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Connection Tracking Match: Available
   Packet Type Match: Not available
   Policy Match: Available
   Physdev Match: Available
   IP range Match: Available
   CONNMARK Target: Available
   Connmark Match: Available
   

Guess you are trying to use connmark in your tcrules file.
> Is there an easier way to fix this?
Easier than patching kernel/iptables? Not if you wanna use that feature.

HTH,
Alex