-----Original Message----- From: Jozsef Kadlecsik [mailto:kadlec@xxxxxxxxxxxxxxxxx] Sent: 2013年5月7日 2:28 To: tian fang Cc: netfilter@xxxxxxxxxxxxxxx Subject: RE: Fwd: ipset and counters On Mon, 6 May 2013, tian fang wrote: > > > > create SETNAME bitmap:ip range IP/CIDR|FROM-TO > > > > [netmask CIDR] [timeout VALUE] [counters] > > > > > > So the ipset binary does support counters. Then what is the output > > > of "modinfo ip_set_bitmap_ip"? Also, if you had the previous ipset > > > kernel modules loaded in, then just installing them won't unload them. > > > > I successfully built and executed ipset 6.19 ,but when I try to > > run this command, I failed. > > > > iptables -t nat -A POSTROUTING -m set --match-set ipc src,dst -j > > MASQUERADE > > iptables: No chain/target/match by that name. > > > > could you please help me on this ? > > [There's no ipset 6.19 yet.] > > I succeeded after I sudo cp xt_set.ko > /lib/modules/3.5.0-28-generic/kernel/net/netfilter/ . > Thanks for your help. > But I am just alittlebit curious why can't I do it by make install. I suspect your "depmod" utility is not configured to process the /lib/modules/`uname -r`/extra/ directory, in which the modules are installed by the command "make modules_install". It's strange. You're the second reporting such kind of problem. What is your distribution and what's its version? Best regards, Jozsef - Jozsef, I am using ubuntu 12.04 LTS. And I got an issue ,I am sorry if I am wrong because I am a quite newbie. I am confused of the "--match-set setname src,dst" . it seems only the one before the comma is functional. Please look at this . I added an IP into the ipset sec,and set the iptables FORWARD Chain as "dst, src" ,I guess this means dst OR src, but unfortunately ,my outgoing packages was dropped. If I set two separated lines ,it works. Could you please help me on this? Great appreciation ! Tian tfang@gateway:~$ sudo iptables -nvL Chain INPUT (policy ACCEPT 83 packets, 4308 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set sec dst,src 4 252 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 114 packets, 14440 bytes) pkts bytes target prot opt in out source destination E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
