Mildly, OT, in so much as it''s netfilter related, but of course that impacts Shorewall. :-) I can''t seem to figure out what I am missing here. I have an openwrt machine with kernel 2.6.25.20 and while extended marking seems to work for ipv4, it doesn''t for ipv6. Witness: # iptables -t mangle -N foobar # iptables -t mangle -A foobar -j MARK --and-mark 0xFF # ip6tables -t mangle -N foobar # ip6tables -t mangle -A foobar -j MARK --and-mark 0xFF ip6tables v1.4.0: MARK target: kernel too old for --and-mark Try `ip6tables -h'' or ''ip6tables --help'' for more information. AFAIK (and that leaves a lot of room for a fubar here) the same kernel modules that support MARK for ipv4 also support ipv6, so if one works, so should other, no? Is my kernel just broken or did I miss a module load? Or is there something in my kernel build that I missed? b. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Brian J. Murrell wrote:> > # iptables -t mangle -N foobar > # iptables -t mangle -A foobar -j MARK --and-mark 0xFF > # ip6tables -t mangle -N foobar > # ip6tables -t mangle -A foobar -j MARK --and-mark 0xFF > ip6tables v1.4.0: MARK target: kernel too old for --and-mark > Try `ip6tables -h'' or ''ip6tables --help'' for more information. >I get identical results on OpenSuSE 11.0 which has kit similar to yours. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
On Fri, 2009-05-15 at 12:43 -0700, Tom Eastep wrote:> Brian J. Murrell wrote: > > > > > # iptables -t mangle -N foobar > > # iptables -t mangle -A foobar -j MARK --and-mark 0xFF > > # ip6tables -t mangle -N foobar > > # ip6tables -t mangle -A foobar -j MARK --and-mark 0xFF > > ip6tables v1.4.0: MARK target: kernel too old for --and-mark > > Try `ip6tables -h'' or ''ip6tables --help'' for more information. > > > > I get identical results on OpenSuSE 11.0 which has kit similar to yours.Interesting. Ubuntu''s 2.6.27-12-generic kernel doesn''t exhibit this problem. OpenSuSE 11.0 is a 2.6.27 kernel isn''t it? I wonder what''s going on here. b. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
Brian J. Murrell wrote:> On Fri, 2009-05-15 at 12:43 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >>> # iptables -t mangle -N foobar >>> # iptables -t mangle -A foobar -j MARK --and-mark 0xFF >>> # ip6tables -t mangle -N foobar >>> # ip6tables -t mangle -A foobar -j MARK --and-mark 0xFF >>> ip6tables v1.4.0: MARK target: kernel too old for --and-mark >>> Try `ip6tables -h'' or ''ip6tables --help'' for more information. >>> >> I get identical results on OpenSuSE 11.0 which has kit similar to yours. > > Interesting. Ubuntu''s 2.6.27-12-generic kernel doesn''t exhibit this > problem. OpenSuSE 11.0 is a 2.6.27 kernel isn''t it? > > I wonder what''s going on here.Installing iptables 1.4.3 solved the issue here. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
On Fri, 2009-05-15 at 13:02 -0700, Tom Eastep wrote:> > Installing iptables 1.4.3 solved the issue here.OK. I''ll give that a try here. Thanx! b. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
On Fri, 2009-05-15 at 16:03 -0400, Brian J. Murrell wrote:> On Fri, 2009-05-15 at 13:02 -0700, Tom Eastep wrote: > > > > Installing iptables 1.4.3 solved the issue here. > > OK. I''ll give that a try here.Yep, iptables 1.4.3[.2] fixed that here too. Thanx! b. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects