Problem with connrate

Problem with connrate

[Michael Goldish]

Hello,

This is my first post to this list. I've just started using iptables and I 
very much like it, except for two little things --


(1) I tried the following command:

iptables -A OUTPUT -m connrate --connrate 1024 -j ACCEPT

and got this error message:

iptables v1.2.11: Couldn't load match 
`connrate':/usr/local/lib/iptables/libipt_connrate.so: cannot open shared 
object file: No such file or directory

(other match modules like connmark seem to work fine)

To solve this I tried looking for related config options in my kernel and I 
think I pretty much enabled everything (I know it's not a good idea). Then I 
recompiled iptables but I still don't seem to have libipt_connrate.so. I've 
noticed that there's a .C file with a similar name in my iptables source 
tree, but it probably just doesn't get compiled for some reason.

I also tried using patch-o-matic, which brings me to my second problem:




(2) No patch in patch-o-matic could be applied. I tried:

KERNEL_DIR=/usr/src/linux 
IPTABLES_DIR=/home/cyber/Installs/iptables-1.2.11 ./runme base

and got:

Kernel:   2.6.10, /usr/src/linux
Iptables: 1.2.11, /home/cyber/Installs/iptables-1.2.11
Each patch is a new feature: many have minimal impact, some do not.
Almost every one has bugs, so don't apply what you don't need!
-------------------------------------------------------
Already applied: CLASSIFY_more-hooks amanda_offset-fix

Testing conntrack-acct... not applied
The conntrack-acct patch:
   Author: Harald Welte <laforge@netfilter.org> 
   Status: Stable

If you enable this option, the connection tracking code will keep
per-flow packet and byte counters. 

Those counters can be used for flow-based accounting or the `connbytes' match.

If unsure, say N.
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
cannot apply (10 rejects out of 12 hunks)
-----------------------------------------------------------------

This happened for every patch that followed.

The patch-o-matic I downloaded was patch-o-matic-ng-20050130.







(I'm using Slackware 10 with kernel 2.6.10)

Sorry for the long post and the for the newbie questions. But if you can help 
me somehow I'll be grateful.

Re: Problem with connrate

[Nguyen Dinh Nam]

Based on netfilter developer workshop 2004
http://www.netfilter.org/documentation/conferences/nf-workshop-2004-summary.html
I think two related patches of connbytes and connrate doesn't work with 
2.6.10, you can down grade your kernel or wait for the developers for 
awhile.

Michael Goldish wrote:

>(I'm using Slackware 10 with kernel 2.6.10)
>
>Sorry for the long post and the for the newbie questions. But if you can help 
>me somehow I'll be grateful.
>  
>