layer7 problem

Jörg Harmuth harmuth at mnemon.de
Wed Aug 24 16:32:03 CEST 2005


Antonio Pérez schrieb:
> Hello,
> I want to use layer7 in my linux box. I have the 2.6.12.5 kerner version
> and the 1.3.3 iptables version. I patched the kernel and the iptables
> with kernel-2.6.11-layer7-1.4.patch, linux-2.6.9-imq1.diff,
> iptables-1.3.0-imq1.diff and iptables-layer7-1.4.patch.
> When i run:
> iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j MARK
> --set-mark 3
> no error show, but when i do:
> iptables -t mangle -L -v
> pkts bytes target     prot opt in     out     source              
> destination
>    0     0 MARK       all  --  any    any     anywhere            
> anywhere            LAYER7 l7proto http MARK set 0x3
> the packets marked always is 0.

So, as we now - only a few posts later - know, that there are no other
rules in the way, we can start looking elsewhere ;)

Hmm, only suggestions available (I have L7 on 2.4.31 and 1.3.2 -
everything is fine). Maybe there is a version mismatch. The kernel patch
is for 2.6.11, whilst you use 2.6.12. Try with kernel 2.6.11 and see if
it works. I will conquer my lazyness and test wether 1.3.3 works with
L7. I'll tell you tomorrow.

Have a nice time,

Joerg



More information about the netfilter mailing list