Hello List:

I am working in RHEL 4.0 AS. I want to load balance two ISPs through a software Shorewall. I have successfully installed shorewall. I also installed SQUID2.6 from source code. I have then configured shorewall with all the necessary entries. but when I did /etc/init.d/shorewall start, I received the following error:
--------------------------------------------------------
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/providers ...
ERROR: the provider 'track' option requires Connmark Match in your kernel and iptables
--------------------------------------------------------
I also downloaded the patch for kernel (its something like CONNMARK.diff), but I don't know how to incorporate it with my kernel.
By the way the 'uname -r' command gives the kernel ver as 2.6.9-42.EL.

Can someone plz. tell me the solution of patching my kernel? Do I have to compile a newly downloaded kernel? Or is there a short-cut just to solve this connmark problem? Plz. advise...

TIA.

--
Javed

Connmark Match should already be built into the kernel, however it may not be enabled or 'built' in your specific kernel configuration.
Before figuring you need to patch something, why not load up menuconfig or xconfig, load your running kernel's configuration into it, and have a look in the NET section(s) and see if you simply need to tick the box for Conn-Match and recompile the kernel.
The kernel has LOADS of networking features and options, and only a small portion of them are enabled by default.
NOTE: I am basing this advice on general knowledge of the kernel structure and usual features configured. I don't use RHEL personally, but typically the kernel is the kernel is the kernal.

So, navigate to your kernel sourcecode folder and with a console (or from the console) type 'make menuconfig' or 'make xconfig' and load the running config into it, and have a look.

EDIT: If need be, it's a relatively simple matter to patch a C file, however patching the file won't do anything for you if the file isn't being used anyways (not enabled in config) and if you DO need to patch the file for some reason, then you will STILL need to rebuild the kernel anyway.

Try

You may (should?) have both these available as loadable modules in your kernel.

Thank you both of you (Grapefruitgirl & jcliburn). But the strange thing in RHEL 4 is I can't find kernel's installation path/directory as most of linux users suggest (i.e. /usr/src/Linux*

In my src/ I find /src/redhat/SOURCES and /src/redhat/SPECS. Due to this, I have no option of loading or recompiling my existing kernel & making changes into it. Can you plz tell me the command to find where the kernel would be installed?

Besides $ modprobe -l *connmark and $ modprobe -l *CONNMARK didn't return anything.. (by the way, what is this command used for?)

Plz advise...

modprobe has a man page.

I went thru the mans of modprobe but as I said, it didn't return anything useful; so obviously that module is not present.

Can someone please provide a reliable solution to my problem...

Thank you

Config files are usually copied to /boot - have a look for something obvious with your current `uname -r` in the name. Grep it for "connmark".
Else if you're lucky, they'll have enabled /proc/config.gz - try zgrep on that.

Kernel modules are found in /lib/modules/`uname -r`/kernel. You can see all the netfilter (iptables) modules that are installed for your kernel by looking inside this directory:

/lib/modules/`uname -r`/kernel/net/netfilter

The kernel itself is found in /boot and is called vmlinuz.

If you're looking for the kernel source code, it's likely not installed unless you installed it yourself. It's not installed by default. If it *were* installed, it'd be at /usr/src/redhat/BUILD.

Yes, you were right, it wasn't installed. I had to download and install a brand new kernel (kernel2.6.22.6) in order to get my job done.

Now, I pray & hope my shorewall CONNMARK problem might get solved for load balancing 2 ISP connections...

Well, finally I was successfull in installing my kernel. Now its shorewall's turn: it gives error msgs when I run /etc/init.d/shorewall start
---------------------------------------
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/providers ...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Use of uninitialized value in string ne at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1424.
Use of uninitialized value in hash element at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1425.
ERROR: No policy defined for zone fw to zone net
---------------------------------------
I have configured Shorewall as on http://www.shorewall.net/MultiISP.html#Example1

Can someone plz tell me how to load balance two DSL connections using Shorewall? (both are 1MB each)

TIA