Hello, I am building a firewall to use 3 ADSL uplinks to balance outboud traffic for a small ISP. Debian Sarge. kernel 2.6.16-2-686. iptables v1.3.6. shorewall version 3.2.3. the plan is to use the providers file for the 3 dsl links using track and balance. I was previously using the vanilla debian kernel but found ipt_connmark not available, so I used a newer kernel which now has it. now when shorewall starts i get this : ipt_policy: matchsize 116 != 308. can someone tell me what this means ? Regards, Richard Hatherly Ritech Computing Services 0411 459 507 Richard Hatherly Ritech Computing Services 0411 459 507 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hello, I am building a firewall to use 3 ADSL uplinks to balance outboud traffic for a small ISP. Debian Sarge. kernel 2.6.16-2-686. iptables v1.3.6. shorewall version 3.2.3. the plan is to use the providers file for the 3 dsl links using track and balance. I was previously using the vanilla debian kernel but found ipt_connmark not available, so I used a newer kernel which now has it. now when shorewall starts i get this : ipt_policy: matchsize 116 != 308. can someone tell me what this means ? Regards, Richard Hatherly Ritech Computing Services ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hello, I am building a firewall to use 3 ADSL uplinks to balance outboud traffic for a small ISP. Debian Sarge. kernel 2.6.16-2-686. iptables v1.3.6. shorewall version 3.2.3. the plan is to balance the traffic through the providers file for the 3 dsl links using track and balance. I was previously using the vanilla debian kernel but found ipt_connmark not available, so I used a newer kernel which now has it. now when shorewall starts i get this : ipt_policy: matchsize 116 != 308. can someone tell me what this means ? My next question is what to do about the masq file. currently it is as follows (when we using 2 dsl lines) ppp0 165.228.217.144 165.228.88.111 ppp1 165.228.88.111 165.228.217.144 i am guessing with 3 dsl lines I need to make a matrix which will have (?) entries in this file ? Regards, Richard Hatherly Ritech Computing Services ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Richard wrote:> > I was previously using the vanilla debian kernel but found ipt_connmark not > available, so I used a newer kernel which now has it. > > now when shorewall starts i get this : > > ipt_policy: matchsize 116 != 308. > > can someone tell me what this means ?Since this issue is currently a common one, I''ve added Shorewall FAQ 61 that discusses the cause and solutions. http://www.shorewall.net/FAQ.htm#faq61 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV