Hay Tom. Long time no talk... finally like 5 years later I am starting the process of upgrading some of my network appliances. I am moving from Shorewall 1.4 to 4.0 mainly for the multi isp support.
In my testing under QEMU with my flash drive housing all of my LRP based
packages I am getting an
error starting Shorewall with a multiple providers configuration.
Again my system is embeded running on a diskless low power board with 4
ethernet ports. It is using
busybox and my own init process so its not exactly standard and already in the
past I found some
issues with the "arp" command as I recall that you patched into 1.4 back in the
day.
So here is the error.
ERROR: the provider 'track' option requires Connmark Match in your kernel and
iptables
At the end of this email is some info that will help figure out whats up. I
have looked it over for a few days and to
me it seems that my kernel and iptables should support the Connmark module.
I updated the kernel with what is as best I can tell all that is needed from
the docs, but I have
__NOT__ yet updated my iptables but its my next target.
Ideas?
Thanks for your time hope all is well up north enjoying the rain today here in
Portland.
Regards
Sean Mathews Nu Tech CTO
Nu Tech Software Solutions, inc.
Tigard Oregon.
struct SoftwareProfessional {
double salary;
long lunches;
float jobs;
char unstable;
void work;
short tempers;
};
shorcap reports
CONNMARK=
XCONNMAR=
CONNMARK_MATCH=
XCONNMARK_MATCH=
[EMAIL PROTECTED] iptables -N foobar123
[EMAIL PROTECTED] iptables -A foobar123 -m connmark --mark 2 -j ACCEPT
[EMAIL PROTECTED] iptables: No chain/target/match by that name
Shorewall-4.2.2
iptables v1.3.4: no command specified
Try `iptables -h' or 'iptables --help' for more information.
Linux Kernel v2.4.32-bs-ebtables-grsec Configuration
=========================================================================================================================
+============================================= QoS and/or fair queueing
=============================================+
| Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted
letters are hotkeys. Pressing <Y> |
| includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to
exit, <?> for Help. Legend: [*] built-in |
| [ ] e|cluded <M> module < > module capable
|
|
|
|
+================================================================================================================+
|
| | [*] QoS and/or fair queueing
| |
| | < > CBQ packet scheduler
| |
| | <*> HTB packet scheduler
| |
| | < > CSZ packet scheduler
| |
| | < > H-FSC packet scheduler
| |
| | < > ATM pseudo-scheduler
| |
| | <*> The simplest PRIO pseudoscheduler
| |
| | < > RED queue
| |
| | <*> SFQ queue
| |
| | < > TEQL queue
| |
| | < > TBF queue
| |
| | < > GRED queue
| |
| | < > Network emulator
| |
| | < > Diffserv field marker
| |
| | <*> Ingress Qdisc
| |
| | [*] QoS support
| |
| | [*] Rate estimator
| |
| | [*] Packet classifier API
| |
| | < > TC inde| classifier
| |
| | < > Routing table based classifier
| |
| | <*> Firewall based classifier
| |
| | <*> U32 classifier
| |
| | < > Special RSVP classifier
| |
| | < > Special RSVP classifier for IPv6
| |
| | [*] Traffic policing (needed for
in/egress) | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
+================================================================================================================+
|
+====================================================================================================================+
| <Select> < E|it > < Help >
|
+====================================================================================================================+
Linux Kernel v2.4.32-bs-ebtables-grsec Configuration
========================================================================================================================
+==============================================q Networking options
================================================+
| Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted
letters are hotkeys. Pressing <Y> |
| includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to
exit, <?> for Help. Legend: [*] built-in |
| [ ] e|cluded <M> module < > module capable
|
|
|
|
+===============================================================================================================+
|
| | <*> Packet socket
| |
| | [ ] Packet socket: mmapped IO
| |
| | < > Netlink device emulation
| |
| | [*] Network packet filtering (replaces
ipchains) | |
| | [ ] Network packet filtering debugging
| |
| | [*] Socket Filtering
| |
| | <*> Uni| domain sockets
| |
| | [*] TCP/IP networking
| |
| | [*] IP: multicasting
| |
| | [*] IP: advanced router
| |
| | [*] IP: policy routing
| |
| | [*] IP: use netfilter MARK value as
routing key | |
| | [*] IP: fast network address translation
| |
| | [*] IP: equal cost multipath
| |
| | [*] IP: use TOS value as routing key
| |
| | [*] IP: verbose route monitoring
| |
| | [ ] IP: kernel level autoconfiguration
| |
| | <*> IP: tunneling
| |
| | <*> IP: GRE tunnels over IP
| |
| | [ ] IP: broadcast GRE over IP
| |
| | [ ] IP: multicast routing
| |
| | [ ] IP: ARP daemon support (EXPERIMENTAL)
| |
| | [*] IP: TCP E|plicit Congestion Notification
support | |
| | [*] IP: TCP syncookie support (disabled per
default) | |
| | IP: Netfilter Configuration --->
| |
| | IP: Virtual Server Configuration --->
| |
| | < > The IPv6 protocol (EXPERIMENTAL)
| |
| | < > Kernel httpd acceleration (EXPERIMENTAL)
| |
| | SCTP Configuration (EXPERIMENTAL) --->
| |
| | <*> Asynchronous Transfer Mode (ATM)
(EXPERIMENTAL) | |
| | <*> Classical IP over ATM
| |
| | [ ] Do NOT send ICMP if no neighbour
| |
| | < > LAN Emulation (LANE) support
| |
| | < > RFC1483/2684 Bridged protocols
| |
| | <*> 802.1Q VLAN Support
| |
| | ---
| |
| | < > The IP| protocol
| |
| | < > Appletalk protocol support
| |
| | < > DECnet Support
| |
| | <*> 802.1d Ethernet Bridging
| |
| | <*> Bridge: ebtables
| |
| | <*> ebt: filter table support
| |
| | <*> ebt: nat table support
| |
| | <*> ebt: broute table support
| |
| | <*> ebt: log support
| |
| | <*> ebt: ulog support
| |
| | <*> ebt: IP filter support
| |
| | <*> ebt: ARP filter support
| |
| | <*> ebt: among filter support
| |
| | <*> ebt: limit filter support
| |
| | <*> ebt: 802.1Q VLAN filter support
| |
| | <*> ebt: 802.3 filter support
| |
| | <*> ebt: packet type filter support
| |
| | <*> ebt: STP filter support
| |
| | <*> ebt: mark filter support
| |
| | <*> ebt: arp reply target support
| |
| | <*> ebt: snat target support
| |
| | <*> ebt: dnat target support
| |
| | <*> ebt: redirect target support
| |
| | <*> ebt: mark target support
| |
| | < > CCITT |.25 Packet Layer (EXPERIMENTAL)
| |
|
+===========================v(+)================================================================================+
|
+===================================================================================================================+
| <Select> < E|it > < Help >
|
+===================================================================================================================+
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
