On Wednesday 25 May 2005 13:19, jan ardosa wrote:> Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 after fixin
Hi Jan,
2.3 is the now obsolete devel-tree. It''s not supported anymore as
stated in
the Readme. Please use 2.4.RC-Series if you really want to use the
devel-tree.
> some minor config problems, I also upgraded iptables from 1.2 to 1.3
> (rpm-based install) but when I tried to start shorewall it terminates and I
> noticed it''s giving me this error
>
> iptables: No chain/target/match by that name
> ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark
!
> --mark 0 -j CONNMARK --restore-mark" Failed
>
Seems that you have no CONNMARK target support in your iptables/kernel.
Please check the output of "shorewall show capabilities" (see FAQ 42)
The output should show something like this:
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Not available
Policy Match: Available
Physdev Match: Available
IP range Match: Available
CONNMARK Target: Available
Connmark Match: Available
Guess you are trying to use connmark in your tcrules file.
> Is there an easier way to fix this?
Easier than patching kernel/iptables? Not if you wanna use that feature.
HTH,
Alex