similar to: CONFIG_IP_ROUTE_FWMARK missing

Hello, I am trying to use iptables together with tc I need to use IPMARK module of iptables, but I got a strange error after I run ''iptables -t mangle -A POSTROUTING -o eth0 -j IPMARK --addr=dst --and-mask=0xffff --or-mask=0x1000'' The command is copied from iptables manual itself (of course interface changed) I only got " iptables v1.3.5: Unknown arg

Hello, I''m trying to configure a machine to send mail traffic out on eth0 and web traffic, via Squid, out of eth1, with the default gw on the eth0 interface. After spending most of the day of trying this and that and reading docs until my eye hurts, I have had zero luck making anything work expect for standard routing. The Advance Routing Howto makes it seams easy to do this, but I fear

Hello, IPMark won''t compile on a vanilla 2.6.20 kernel I obtain this error during the compilation under debian sarge 3.1 CC [M] net/ipv4/netfilter/ipt_TTL.o CC [M] net/ipv4/netfilter/ipt_IPMARK.o net/ipv4/netfilter/ipt_IPMARK.c: In function `target'': net/ipv4/netfilter/ipt_IPMARK.c:37: error: structure has no member named `nfmark''

I want to configure a device with three network interfaces where two of them would bridge two segments of the LAN subnet and the third one would be connected to the WAN link. eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP 10.10.10.1/24 (also the default gateway for the device) eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to different segments of the

I''m using htb classes on my firewall to queue traffic and implement different restrictions on different protocols. tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 190 tc class add dev eth0 parent 1: classid 1:3 htb rate 2mbit burst 30k tc class add dev eth0 parent 1:1 classid 1:90 htb rate 50kbit ceil 384kbit burst 5k tc qdisc add dev eth0 parent 1:90 handle

Hi there. My name is Lucas and I''m from Argentina. Firstly, forgive me for my english since it is not my native languaje. Now, I''ve been reading on how to compile iproute2 and found that I need to add the following to my kernel, which in my case it is 2.4.20, and it is also the one which this document I read talked about: CONFIG_NETLINK=y CONFIG_RTNETLINK=y # CONFIG_NETLINK_DEV

Hi everyone, Xtables-addons 1.5.4 has been released; highlights of this release are the import, cleanup/bugfixing the "condition" and "ipp2p" matches and additionally extending the "IPMARK" by IPv6. I hope people don''t mind, but I have not heard back so far, so I take it it''s ok. LOGMARK (for analyzing packet marks and connection states) now

Hi! Some time ago I faced a problem in limiting traffic on host with multiple uplinks. Since all the stuff worked nice seemed that there will be no problems. But then I realized that P2P users are smart enough to bypass limits as sfq doesn''t give fair sharing in this case (thousands of connections from one user versus few from the other). I tried IMQ but it''s instability in my

Hello, Currently I use following htb configuration: --------------- 1:0 ----------- / | \ 1:1 1:2 1:x / | \ / | \ / | \ 1:1001 1:2001 1:3001 1:1002 1:2002 1:3002 Classes like 1:1,1:2,1:3 limit my clients to some value, let''s say 128kbit/s. Classes like 1:1001 are

Hi all, i am using iptables (1.2.8) + iproute on Slackware 8.0 (i386) working fine, marking packet based in destination port and network and selecting the appropriate route with this marks (i have two links, a 256Kb frame relay and a 512Kb ADSL). Now i change the machine for a Sun Enterprise 250 (Sparc64 with Debian 3.0r1) and iptables works fine (the packets are marked) but iproute

Hello, i´ve installed a Suse 8.1 minimal System with iproute 2.4.7 and iptables, Suse default Kernel 2.4.19. When I start the Wondershaper 1.1a Script I get the following Error: CBQ: "allot" is required to set WRR parameters. /home/skripte/./wshaper: line 72: allot: command not found CBQ: "allot" is required to set WRR parameters. /home/skripte/./wshaper: line 78: allot:

hi all, am getting neighbour table overflow messages very often... Dec 9 09:59:54 ICG kernel: NET: 13 messages suppressed. Dec 9 09:59:54 ICG kernel: Neighbour table overflow. Dec 9 09:59:59 ICG kernel: NET: 12 messages suppressed. Dec 9 09:59:59 ICG kernel: Neighbour table overflow. how can i stop/reduce it ?? what factors does it depends on ?? kernel configuration are...

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hi, I''ve been trying out the wondershaper script, but on several of the examples I keep getting the error message:- RTNETLINK answers: Invalid argument On the following line:- tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate 512kbit burst 10k drop flowid :1 Based on other posts to this mail list, I gather it is an issue with kernel

Hi , I am trying to set up a GRE tunnel between two linux routers. The routers have a 400 MHz Processor. Linux .2 65.0.0.2 Linux LAN1 -------- Router -------- INTERNET ---- Router ---- LAN2 10.10.10.0 .1 208.1.0.1 (Simulated) .1 .1 192.168.2.0/24 /24 Scripts to Create the tunnel ip tunnel add tun0 mode gre remote 65.0.0.1 local

I am trying to build a trafic control rule set for a huge NATed network, and I have it working for single known addresses but I need to scale it to 16M potential client addresses. I''m using iptables for NAT. Incoming traffic is simple because I can match destination address, outgoing traffic I use iptables IPMARK then tc match mark and it works perfectly if I build rules for each client

Hi All, concerning the problem when running the "ip ru ls" command. I faced with the same problem, and I solved it by making sure to include the following settings into the kernel configuration (2.4.18): CONFIG_IP_ADVANCED_ROUTER=y <=== CONFIG_IP_MULTIPLE_TABLES=y <=== CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y

Hello everybody! Some time ago I''ve decided that using the MARK property of the Linux IP packet structure for the needs of traffic control is not very useful. So I wrote an iptables patch called IPCLASSIFY. It is fully based on IPMARK but it uses the PRIORITY field instead of MARK. The relation between IPCLASSIFY<->CLASSIFY is the same as IPMARK<->MARK. By using

I have a connection to the Internet (on eth1), and over this I also have a PPTP tunnel set up (on ppp0). Temporarily I use the (slower) PPTP tunnel for everything, but I really just have to use it for some specific purposes, which are distinguishable by port. So, I want to direct only some specific ports to ppp0, using eth1 for the rest. I have tried following the instructions on

Hi, I''m trying to activate IFB device support in a 2.6.17 kernel from Debian Sid. I read that IFB device is the replacement for IMQ device, but I haven''t found any useful documentantion on how to activate this feature and the kernel documentation lacks of this information. I remember that IMQ could be activated in the ''Network devices'' menu in 2.6.8 kernels,