CONFIG_NETFILTER_XT_TARGET_CONNMARK vs CONFIG_NETFILTER_XT_MATCH_CONNMARK
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Check out /proc/net/ip_tables_names for a list of a tables iptables got. You can get more tables with certain kernel-modules like nat. Look in /lib/modules/2.4.33.3/kernel/net/ipv6/netfilter/ for some modules to use with netfilter. Adjust your kernel version in last path.
A TARGET is the -j TARGET piece, and a MATCH is the -p MATCH piece.
So a MATCH compares your rule with the packets, to see which packets to operate on,
and a TARGET changes the packets with what you specify..
Your error "iptables: No chain/target/match by that name" has 3 parts.
Either you don't have a mangle POSTROUTING chain; (unlikely in a standard Ubuntu kernel), or
You don't have a match that exists; (unlikely as you don't specify any matches in your rule), so
You don't have a CONNMARK TARGET; (which you say it is not set in the kernel config.)
You can set it, but you will need to create a custom kernel and custom initrd from patched kernel sources, and then test that it works ok. Not recommended for the novice user.
CONNMARK is mostly used for bandwidth control (QOS), so if it's not required, nothing is lost by not having it.
Thanks, guys. I obviously need connmark for multipath routing. What I did is recompiled the kernel with CONFIG_NETFILTER_XT_TARGET_CONNMARK=m (and applied patches by Julian Anastasov so far) and for now that iptables rule doesn't throw an error.
But the question still remains as I want to get an idea on how do those two differ.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.