On Fri, 2004-10-29 at 01:37, Tomek Macioszek wrote: > Hi! > I have problems with use target CONNMARK. When I type command : > iptables -j CONNMARK -h > output gives me information that iptables is compiled with this options, > but when I use command like this i.e.: > iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark > system couldn't do this. It write to me : > iptables: No chain/target/match by that name > > My system: FEDORA 2 > KERNEL: 2.6.5 ( compiled with target CONNMARK) > IPTABLET: v 1.2.9. > What is wrong wiht it?? > Sorry for my English > Best regards > Tomek it means the "iptables" command (/sbin/iptables) on FC2 has been compiled with awareness of the CONNMARK target, but your kernel does not have support for it (ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ipt_CONNMARK.ko) you need to grab patch-o-matic from: http://netfilter.org/files/patch-o-matic-ng-20040621.tar.bz2 and follow the instructions. a summary: cd /path/to/pom export KERNEL_DIR="/path/to/kernel_src" export IPTABLES_DIR="/path/to/iptables_src" ./runme pending ./runme extra/CONNMARK cd $KERNEL_DIR && make menuconfig [...] cd $IPTABLES_DIR && make && make install -j -- Jason Opperisano <opie@xxxxxxxxxxx>
