similar to: Errors while starting shorewall

Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 so I could explore the multiple ISP/dual default route setup feature of version 2.3, I also upgraded iptables from 1.2 to 1.3 (rpm-based install) but when I tried to start shorewall it terminates and I noticed it''s giving me this error iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -t mangle -A

Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 after fixin some minor config problems, I also upgraded iptables from 1.2 to 1.3 (rpm-based install) but when I tried to start shorewall it terminates and I noticed it''s giving me this error iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -t mangle -A PREROUTING -m connmark ! --mark 0 -j

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hello everybody. i have the folowing problem: i have this in the top of PREROUTING chain in mangle table iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 0 # rule 1 iptables -t mangle -A PREROUTING -m connmark --mark 5 # rule 2 iptables -t mangle -A PREROUTING -m connmark --mark 6 # rule 3 i think when packet is passing trough my POSTROUTING in mangle table

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hi, I want to classify with ipp2p packets that I''ve captured with tcpdump. I send the packets with tcpreply. I had to create a bridge interface in order to enable the listening interface in promiscous mode and to classify the traffic mirrored to that. In this mode the traffic pass through the prerouting chain of the mangle table (on bridge). I want to used connmark for recognized flows,

Hi All Take a look and please tell what is wrong: root@prensa:~# $IPT -t mangle -F PREROUTING root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables: No chain/target/match by that name root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK iptables v1.3.4: CONNMARK target: No operation specified Try `iptables -h'' or

Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class

Sorry for making this a cross-post, but the pressure is on for getting this bandwidth shaper working. I have an interesting dilemma with bi-directional packet classification while doing ACK prioritization. This is an overly simplified summary of my setup: Internet | Eth0 | Router | Eth1 | Intranet A client on the Intranet establishes a flow to a server on the Internet. Packets get

When I start my script: * - Creating classes on br1 for upload control ... * - tc class add dev br1 parent 2:0 classid 2:46 hfsc ls m1 576.0Kbit d 2000ms m2 192.0Kbit ul m2 384Kbit ... [ ok ] * - tc class add dev br1 parent 2:46 classid 2:47 hfsc sc umax 1500b dmax 30ms rate 80Kbit . [ ok ] * - tc class add dev br1 parent 2:46 classid 2:48 hfsc ls m2 152.0Kbit ul m2 152.0Kbit

Hello...I have a Slackware based machine doing routing & QoS for my internal LAN users... It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105) and eth0(100mbps) that connects to my local LAN... I''am using shorewall as a firewall...i think it''s configured well as it''s working as i want and i pass all the online firewall tests... :D All lan

Hello guys, I am still in doubt about this kind of server. So my question is about the "prio" at routing tables like: I have 3 tables in /etc/iproute2/rt_tables: 201 201 202 202 222 222 In table 201 there is the rules about my internet link (frame relay) that comes into eth0. So I made this route into it: [root@ns2 iproute2]# ip route show table 201 default via

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

hi i recently searched in the mailinglist archive and found similar problems, whose solutions helped very much, thank you. i have the following scenario: a firewall with one lan interface eth0 10.1.1.1/24 and two uplink interfaces eth1 10.2.2.1/24 eth2 10.3.3.1/24 each uplink interface does SNAT: iptables -t nat -I POSTROUTING -o eth1 -j SNAT --to-source 10.2.2.1 iptables -t nat -I POSTROUTING

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hi all, I have 2 ISPs on a Linux router and a local network with one Linux server and many windows. The local network is masqueraded. I want to give access to port 25 and 80 of my server from any incoming request (i.e. from my 2 ISP). I have made a DNAT translation, witch work but the outgoing answers are not routed correctly. Of course, the de-SNAT process is done before the routing process. So

hello, I try to use layer7 filter to classify packets. I have a proble with http match. This protocol seems to work well with l7-filter (http://l7-filter.sourceforge.net/protocols) but for me nothing is filtering in http class. Someone can help me ? Here is my script : #!/bin/bash IPT_BIN=/sbin/iptables TC_BIN=/sbin/tc INTER_OUT=ppp0 LINK_RATE_UP=1000Kbit RATE_ACK=200Kbit RATE_DEFAULT=100Kbit

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hi, I'm running CentOS 4 with most of the latest updates, but am having trouble with iptables and the CONNMARK target. Is it available in the CentOS 4 kernel? Running on i386: kernel: 2.6.9-67.0.4.ELsmp iptables: v1.2.11 # iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 1 iptables: No chain/target/match by that name I see I do have the CONNMARK lib in