These are the options from kernel config file. I'm just curious what's the difference between them as the first one is not set and I'm getting
TIA.

Check out /proc/net/ip_tables_names for a list of a tables iptables got. You can get more tables with certain kernel-modules like nat. Look in /lib/modules/2.4.33.3/kernel/net/ipv6/netfilter/ for some modules to use with netfilter. Adjust your kernel version in last path.

A TARGET is the -j TARGET piece, and a MATCH is the -p MATCH piece.

So a MATCH compares your rule with the packets, to see which packets to operate on,
and a TARGET changes the packets with what you specify..

Your error "iptables: No chain/target/match by that name" has 3 parts.
Either you don't have a mangle POSTROUTING chain; (unlikely in a standard Ubuntu kernel), or
You don't have a match that exists; (unlikely as you don't specify any matches in your rule), so
You don't have a CONNMARK TARGET; (which you say it is not set in the kernel config.)

You can set it, but you will need to create a custom kernel and custom initrd from patched kernel sources, and then test that it works ok. Not recommended for the novice user.

CONNMARK is mostly used for bandwidth control (QOS), so if it's not required, nothing is lost by not having it.

Thanks, guys. I obviously need connmark for multipath routing. What I did is recompiled the kernel with CONFIG_NETFILTER_XT_TARGET_CONNMARK=m (and applied patches by Julian Anastasov so far) and for now that iptables rule doesn't throw an error.
But the question still remains as I want to get an idea on how do those two differ.

So a MATCH compares your rule with the packets, to see which packets to operate on,(choosing packets)

and a TARGET changes the packets with what you specify.. (changing packets)