The content of this topic has been archived between 12 Apr 2018 and 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
root@OpenWrt:/lib/modules/2.6.22# iptables -t mangle -A FORWARD -p udp -j MARK --set-mark 4
iptables v1.3.7: Unknown arg `--set-mark'
Try `iptables -h' or 'iptables --help' for more information.
hi,
anybody knows why i cant use --set-mark ?
i searched for missing kernel module , i have not found ipt_mark , but what packet do i need to install ??
thx
Simon
Before you use the --set-mark option, you have to load the "mark" module:
iptables -t mangle -A FORWARD -p udp -j MARK -m mark --set-mark 4i searched for missing kernel module , i have not found ipt_mark , but what packet do i need to install ??
You can found it in the kmod-ipt-iptopt package.
sorry , this answer is not correct for kamikaze 7.09 ... still --set-mark is not recognized
Install the iptables-mod-ipopt package which autotomatically installs kmod-ipt-iptopt as a dependency.
(Last edited by forum2006 on 27 Oct 2007, 21:09)
Just tried it in trunk and it works, kmod-ipt-iptopt has the files
hmmm ... hows the correct kernel module named ? ipt_mark.ko ?
hmmm ... hows the correct kernel module named ? ipt_mark.ko ?
xt_mark.ko
is inserted and can be seen with lsmod
but this:
iptables -t mangle -I FORWARD -p tcp -j MARK --set-mark 1
is not workin anymore
I just tried iptables -t mangle -A POSTROUTING -d 203.202.158.128/32 -j MARK --set-mark 0x90 and it work for me
try lsmod | grep -i mark
there should be some modules with mark in their name loaded
also iptables -v should give you 1.3.8
Kamikaze 7.09 uses Iptables 1.3.7. Trunk uses 1.3.8.
lsmod | grep -i mark
root@OpenWrt:/lib/modules/2.6.22# lsmod | grep -i mark
xt_MARK 960 0
xt_mark 640 0
root@OpenWrt:/lib/modules/2.6.22# iptables -t mangle -A POSTROUTING -d 203.202.158.128/32 -j MARK --set-mark 0x90
iptables v1.3.7: Unknown arg `--set-mark'
hmmmm whats goin on here ?
anyone can help me here ?
lsmod | grep -i mark
root@OpenWrt:/lib/modules/2.6.22# lsmod | grep -i mark
xt_MARK 960 0
xt_mark 640 0root@OpenWrt:/lib/modules/2.6.22# iptables -t mangle -A POSTROUTING -d 203.202.158.128/32 -j MARK --set-mark 0x90
iptables v1.3.7: Unknown arg `--set-mark'hmmmm whats goin on here ?
Why not try -j CONNMARK ?
is the oldstyle mark not "okay" anymore ?
what it return if you do
iptables -j MARK -h
?
the whole iptables help returns
SirDodger.... at the end you should see
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
MARK target v1.3.8 options:
--set-mark value Set nfmark value
--and-mark value Binary AND the nfmark with value
--or-mark value Binary OR the nfmark with value
wyn:/home/acidfu/pic#
is the oldstyle mark not "okay" anymore ?
I was suggesting as a work around
SirDodger.... at the end you should see
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.MARK target v1.3.8 options:
--set-mark value Set nfmark value
--and-mark value Binary AND the nfmark with value
--or-mark value Binary OR the nfmark with valuewyn:/home/acidfu/pic#
and this is telling me ?
I want to se what :` iptables -j MARK -h ` return to _you_
could you past me that ? thank you
:-)) ah okay ...............................
here we go !
root@OpenWrt:~# iptables -j MARK -h
iptables v1.3.7
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
root@OpenWrt:~#
There is a problem.... you should get , after all the iptables command help, something like:
-------------------------------------------------------------------------------------
[...]
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
MARK target v1.3.7 options: <<-- you should have that !!!!!!
--set-mark value Set nfmark value
--and-mark value Binary AND the nfmark with value
--or-mark value Binary OR the nfmark with value
root@OpenWrt$
---------------------------------
now, could you do ` ls -l /usr/lib/iptables/ `
and past me the result, thanks
here we go !
thx for help
root@OpenWrt:~# ls -l /usr/lib/iptables/
-rwxr-xr-x 1 root root 3162 Sep 29 07:38 libipt_CHAOS.so
-rwxr-xr-x 1 root root 2566 Sep 29 07:38 libipt_DELUDE.so
-rwxr-xr-x 1 root root 5754 Sep 29 07:38 libipt_DNAT.so
-rwxr-xr-x 1 root root 6202 Sep 29 07:38 libipt_LOG.so
-rwxr-xr-x 1 root root 4370 Sep 29 07:38 libipt_MASQUERADE.so
-rwxr-xr-x 1 root root 4370 Sep 29 07:38 libipt_REDIRECT.so
-rwxr-xr-x 1 root root 5182 Sep 29 07:38 libipt_REJECT.so
-rwxr-xr-x 1 root root 5738 Sep 29 07:38 libipt_SNAT.so
-rwxr-xr-x 1 root root 3638 Sep 29 07:38 libipt_TCPMSS.so
-rwxr-xr-x 1 root root 9318 Sep 29 07:38 libipt_conntrack.so
-rwxr-xr-x 1 root root 6674 Sep 29 07:38 libipt_icmp.so
-rwxr-xr-x 1 root root 7890 Sep 29 07:38 libipt_ipp2p.so
-rwxr-xr-x 1 root root 7918 Sep 29 07:38 libipt_layer7.so
-rwxr-xr-x 1 root root 4894 Sep 29 07:38 libipt_limit.so
-rwxr-xr-x 1 root root 6462 Sep 29 07:38 libipt_multiport.so
-rwxr-xr-x 1 root root 5974 Sep 29 07:38 libipt_owner.so
-rwxr-xr-x 1 root root 4422 Sep 29 07:38 libipt_pkttype.so
-rwxr-xr-x 1 root root 3658 Sep 29 07:38 libipt_portscan.so
-rwxr-xr-x 1 root root 2650 Sep 29 07:38 libipt_standard.so
-rwxr-xr-x 1 root root 4474 Sep 29 07:38 libipt_state.so
-rwxr-xr-x 1 root root 6690 Sep 29 07:38 libipt_string.so
-rwxr-xr-x 1 root root 7966 Sep 29 07:38 libipt_tcp.so
-rwxr-xr-x 1 root root 4362 Sep 29 07:38 libipt_tcpmss.so
-rwxr-xr-x 1 root root 5362 Sep 29 07:38 libipt_udp.so
1- you dont have libipt_MARK.so, that's why it doesn't work and return you: iptables v1.3.7: Unknown arg `--set-mark'
2- there is a bug in iptables because you should get an error when you do : iptables -j MARK -h (module not found...)
the only way I know to add this module, is by recompiling your kernel and iptables.
just by curiosity, could you tell me what return : ls -l /lib/modules/`uname -r`/