LARTC
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [LARTC] Re: what's wrong?

from [francesco messineo] [Permanent Link][Original]
To: "Andrew Beverley" <andy@andybev.com>
Subject: Re: [LARTC] Re: what's wrong?
From: "francesco messineo" <francesco.messineo@gmail.com>
Date: Thu, 22 Feb 2007 16:44:14 +0100
Cc: lartc@mailman.ds9a.nl
Delivered-to: sp-com-lists@consult.net
Delivered-to: lartc-list@securepoint.com
Delivered-to: lartc@outpost.ds9a.nl
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LkCMzlI+TUBjOFK8jSz02AxiOYuJEknDv3wFhVaBIwwCTrOsVAInIRWs73/xMuFbZLokPNdNF/Rpw0jACGt/MAw9SqQjDhnNs3FeOQzuXC/p8iw2CZoVhT3mw4KnB1oxM343tjX/FFzHXJNaaOlCVH/cJ+FrIlAaz6liDsNe1PY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oo4/2gTlwgTm1T+Gt6q5WsRLN1wFLUCWrebnNSIS117zNC+LGe0cU8YYG+NaWgtb95qtDoZRc24LgUGbGA+l6AMIRA2LJrIABSw7r6UyGMdgaBwr5KAdE9qcG7vqqGWNudluSNG8O37xvFcrffwGD8IQjtJr2zshNGjYuRxYKsM=
In-reply-to: <1172158702.4446.7.camel@andybev.localdomain>
List-archive: <http://mailman.ds9a.nl/pipermail/lartc>
List-help: <mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id: "Mailinglist of the Linux Advanced Routing &amp; Traffic Control project" <lartc.mailman.ds9a.nl>
List-post: <mailto:lartc@mailman.ds9a.nl>
List-subscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References: <d9f2bc20702220158w4376d77bv65e56023997b8c1a@mail.gmail.com> <d9f2bc20702220530oa2e339bt4caff830f2a11229@mail.gmail.com> <1172158702.4446.7.camel@andybev.localdomain>
Sender: lartc-bounces@mailman.ds9a.nl 
Hi Andrew,

On 2/22/07, Andrew Beverley <andy@andybev.com> wrote:

On Thu, 2007-02-22 at 14:30 +0100, francesco messineo wrote:
> On 2/22/07, francesco messineo <francesco.messineo@gmail.com> wrote:
> > # iptables -t mangle -A POSTROUTING -m mark  --mark ! 0 -j ACCEPT
> >
> > iptables v1.3.3: Bad MARK value `!'
> >
> >
> > I'm puzzled, what's wrong with this syntax?
> > kernel is 2.6.15.7-ubuntu1

Not all extensions support all types of matching. Looks like MARK
doesn't support an inverse match.

If you want the same effect redirect all traffic to another chain, and
within that chain RETURN if you match a 0, and then with a subsequent
rule ACCEPT any other packets. This way if packets are MARKed 0 then
they will carry on traversing the table, otherwise they will be ACCEPTed

iptables -t mangle -A POSTROUTING -J new_chain

--

iptables -t mangle -N new_chain
iptables -t mangle -A new_chain -m mark --mark 0 -j RETURN
iptables -t mangle -A new_chain -j ACCEPT




ok, that's easy enough, in fact this isn't the worst problem...


> also tried with a 2.6.20.1 compiled from source and same result.
> I can't make also work these two rules:
>
>
> iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
>
> iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
>
> both fail with:
>
> iptables: Invalid argument

Looks like your iptables (or your kernel?) doesn't support CONNMARK.
What version of iptables do you have?


kernel has the CONNMARK support built as module and loaded.
iptables is v1.3.3

Thanks
Francesco
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [LARTC] Re: what's wrong?, Andrew Beverley
Next by Date:  Re: [LARTC] Re: what's wrong?, Andrew Beverley
Previous by Thread:  Re: [LARTC] Re: what's wrong?, Andrew Beverley
Next by Thread:  Re: [LARTC] Re: what's wrong?, Andrew Beverley
Indexes:  [Date] [Thread] [Top] [All Lists]