PDA

View Full Version : How use -j MARK in the iptables from the SLES11SP1 ?



skoltogyan
12-Sep-2011, 08:06
before SP1 for SLES11 was:
modprobe ipt_MARK
/sbin/ip route add default via 195.184.209.241 dev vlan107 table
todipt
/sbin/ip rule add fwmark 0x21 lookup todipt
....
/usr/sbin/iptables -t mangle -I PREROUTING -i $LINT -s 172.16.16.184 -j
MARK --set-mark 0x21
....

After apply SP1 for SLES11 this construction has stopped operation !!!
Probably that has stopped to work marking of packets...

Which one module need use in the iptables for "-j MARK" in the
SLES11SP1 ?

Serg


--
skoltogyan
------------------------------------------------------------------------
skoltogyan's Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=444541

Automatic Reply
16-Sep-2011, 17:38
skoltogyan,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

malcolmlewis
16-Sep-2011, 17:51
On Mon, 12 Sep 2011 07:06:02 GMT
skoltogyan <skoltogyan@no-mx.forums.novell.com> wrote:

>
> before SP1 for SLES11 was:
> modprobe ipt_MARK
> /sbin/ip route add default via 195.184.209.241 dev vlan107 table
> todipt
> /sbin/ip rule add fwmark 0x21 lookup todipt
> ...
> /usr/sbin/iptables -t mangle -I PREROUTING -i $LINT -s 172.16.16.184
> -j MARK --set-mark 0x21
> ...
>
> After apply SP1 for SLES11 this construction has stopped operation !!!
> Probably that has stopped to work marking of packets...
>
> Which one module need use in the iptables for "-j MARK" in the
> SLES11SP1 ?
>
> Serg
>
>
Hi
There is no module ipt_MARK, there is however xt_MARK with an alias of
ipt_MARK.
[/CODE]
modinfo xt_MARK
filename: /lib/modules/2.6.32.45-0.3-pae/kernel/net/netfilter/xt_MARK.ko
alias: ip6t_MARK
alias: ipt_MARK
description: Xtables: packet mark modification
author: Marc Boucher <marc@mbsi.ca>
license: GPL
srcversion: F6BCAA87AE9351361D8D73C
depends: x_tables
supported: yes
vermagic: 2.6.32.45-0.3-pae SMP mod_unload modversions 686
[/CODE]

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 3 days 19:50, 4 users, load average: 0.16, 0.27, 0.34
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

amaltsev1
19-Sep-2011, 08:16
Hi,
Your recommendation to use xt_MARK instead of ipt_MARK after update to
SLES11SP1?

Serg


--
amaltsev1
------------------------------------------------------------------------
amaltsev1's Profile: http://forums.novell.com/member.php?userid=8964
View this thread: http://forums.novell.com/showthread.php?t=444541

malcolmlewis
19-Sep-2011, 14:31
On Mon, 19 Sep 2011 07:16:01 GMT
amaltsev1 <amaltsev1@no-mx.forums.novell.com> wrote:

>
> Hi,
> Your recommendation to use xt_MARK instead of ipt_MARK after update to
> SLES11SP1?
>
> Serg
>
>
Hi
No was pointing out that it aliases to the xt_mark module, there were
some issues with the older iptables...

@OP so what is the error your seeing or it just doesn't work as
expected?

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 6 days 16:13, 3 users, load average: 0.01, 0.10, 0.14
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

skoltogyan
21-Sep-2011, 08:36
malcolmlewis;2138547 Wrote:
> On Mon, 19 Sep 2011 07:16:01 GMT
> amaltsev1 <amaltsev1@no-mx.forums.novell.com> wrote:
>
> >
> > Hi,
> > Your recommendation to use xt_MARK instead of ipt_MARK after update
> to
> > SLES11SP1?
> >
> > Serg
> >
> >
> Hi
> No was pointing out that it aliases to the xt_mark module, there were
> some issues with the older iptables...
>
> @OP so what is the error your seeing or it just doesn't work as
> expected?
>
> --
> Cheers Malcolm °¿° (Linux Counter #276890)
> openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
> up 6 days 16:13, 3 users, load average: 0.01, 0.10, 0.14
> GPU GeForce 8600 GTS Silent - Driver Version: 280.13

before SP1 for SLES11 was:
modprobe ipt_MARK
/sbin/ip route add default via 195.184.209.241 dev vlan107 table
todipt
/sbin/ip rule add fwmark 0x21 lookup todipt
....
/usr/sbin/iptables -t mangle -I PREROUTING -i $LINT -s 172.16.16.184 -j
MARK --set-mark 0x21
....

After apply SP1 for SLES11 this construction has stopped operation !!!
Probably that has stopped to work marking of packets...

Serg


--
skoltogyan
------------------------------------------------------------------------
skoltogyan's Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=444541