Page 1 of 1

IPtables nf_conntrack_ipv4

Posted: 2016/12/16 10:17:55
by maas187
Hey Guys,

I have a packages that needs a kernel that needs 2.6.18-398.el5, for some reason it cant work with CentOS 6 - So I installed CentOS 5 to get it to work.

Now - I was working with Centos5 to run some IP tables commands, however it seems that some modules are missing.

It says in the documentation that The following kernel module must be loaded: # modprobe nf_conntrack_ipv4

[root@localhost ~]# iptables -t mangle -N DIVERT
[root@localhost ~]# iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables v1.3.5: Bad MARK value `0x01/0x01'
Try `iptables -h' or 'iptables --help' for more information.

Anyone can help that would be great.


Re: IPtables nf_conntrack_ipv4

Posted: 2016/12/16 10:33:05
by TrevorH
I had a quick look at the page you linked to and the lnlb package that you're trying to use was last updated in 2008 - that's now 8 years ago. If it only works with CentOS 5 then you have a problem as CentOS 5 goes End Of Life in approximately 3 months time and there will be no more security updates for it after that. It's already falling behind in the security stakes as RH have only been patching things marked as "critical" for the last 2 years or so so it has a number of "important" and less vulnerabilities present that will never be fixed. There also the small matter that lnlb itself has had no TLC at all for 8 years or so.

Perhaps you'd be better off using CentOS 6 or, better, 7 and using something other than lnlb. I didn't read too much about what it does (did) but perhaps you can use or

Re: IPtables nf_conntrack_ipv4

Posted: 2016/12/16 23:11:59
by maas187
Hey TrevorH,

Thanks for your respond,

I am looking for a Layer 3 Load Balancer, What I am trying to setup is

Now having one system works fine - however the load is too high so I needed some way to Load Balance Layer 3 traffic not Ports (Layer 4). So having that tool will have the VIP IP on all three servers. Now I believe the link you have provided kind of does the same. ( Crossing Fingers ).

and yes - All my servers are CentOS 7 and I would like to keep it that way.

Thanks again and I will keep you posted.