On Fri, 2004-06-25 at 20:16, Michael Eck wrote: > I'm unable to get CONNMARK rules to work. Issuing > # iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark > yields: > # iptables: No chain/target/match by that name > > Now, I've loaded ip_conntrack module with > # modprobe ip_conntrack > lsmod indicates that the module is loaded You need 1) the connmark kernel module, ipt_CONNMARK.ko, and 2) the iptables userland library, libipt_CONNMARK.so. Connection tracking and connection marking are different things, although the latter is implemented as an extension to the former. Ciao, Sheldon.
