iptables targets MARK, TOS, and TTL are not working.

For example:



/ # iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 2
iptables v1.2.7a: Unknown arg `--set-mark'
Try `iptables -h' or 'iptables --help' for more information.


Same for -j TTL or -j TOS. Marking with --set-mark or --set-tos would be nice in order to be able to shape differently in upstream direction for multiple IP addresses in the LAN (which translate to a single WAN address after NAT).

I can see that in /usr/lib/iptables libraries corresponding with these targets are lacking. How can I get these libraries? Are they automatically generated when I use the correct config fot kernel compilation?

iptables targets MARK, TOS, and TTL are not working.

For example:



/ # iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 2
iptables v1.2.7a: Unknown arg `--set-mark'
Try `iptables -h' or 'iptables --help' for more information.


Same for -j TTL or -j TOS. Marking with --set-mark or --set-tos would be nice in order to be able to shape differently in upstream direction for multiple IP addresses in the LAN (which translate to a single WAN address after NAT).

I can see that in /usr/lib/iptables libraries corresponding with these targets are lacking. How can I get these libraries? Are they automatically generated when I use the correct config fot kernel compilation?

you've figured out this already:

/mnt/ramfs/local/root # iptables --help
iptables v1.2.7a

Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.

anyway probably iptables has to be updated or something to support those extra commands and it seems afaik that iptables is not the integrated package from busybox (am I correct someone??)

iptables requires recompiling to add missing libs. Kernel support MARK since 1.7.5.9-4.