Bug 21
Summary: | IP Masquerading broken | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | jhohertz |
Component: | distribution | Assignee: | David Lawrence <dkl> |
Status: | CLOSED WORKSFORME | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 5.2 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | alpha | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1998-11-19 16:25:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jhohertz
1998-11-10 13:02:27 UTC
Please provide the exact text of the commands that you are trying to do, and the failure messages. I have the exact same problem on my 5.1 system. I have also noted that my modules do not load correctly. I think this is because of the rc.sysinit file that has a reference to /sbin/lilo (this is on an alpha) in order to get the kernel version to create the link to preferred. This is what I am using Redhat 5.1 Kern. 2.0.34, and this is what I type. ipfwadm -F -p deny <cr> works fine ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 <cr> returns ipfwadm: setsocketopt failed: Invalid argument 5.2 no longer uses cmdline stuff from LILO to create the preferred link in /lib/modules. Therefor there is no longer reference in rc.sysinit for /sbin/lilo. It sounds like you may have forgot to run make modules and make modules_install after compiling the kernel with IP firewalling as a module. If you do this and everything goes properly, the depmod -a in rc.sysint should find the modules. I don't think this is fixed yet, as the resolution is NOT for the problem as initially described. IP Masqurading is not a module (but there are helper modules.) The ipfwadm problem is still outstanding, and I have recently found two emails related to it with workarounds in my Inbox. The first is a quick fix, and the second gets to the heart of the matter. ---[First: Quick fix]---------- Date: Fri, 20 Nov 1998 11:43:22 -0500 (EST) From: Michael <michael> To: jhohertz Subject: Re: Anyone else have problems with ip_masq and Alpha Linux kernel 2.0.35?? The problem is the ipfwadm rpm that ships with 5.1 & 5.2 . Uninstall it and grab the one in the 5.0 dist. and it will work fine (assuming the kernel is built for it). ---[Second: Heart of the matter]----- Date: Fri, 20 Nov 1998 10:29:03 -0500 From: Bob Fahey <bob> To: axp-list Subject: RE: Anyone else have problems with ip_masq and Alpha Linux kernel 2.0.35?? GREAT question. I spent about the last 3 days on my Alpha trying to figure out the exact same problem. The problem is that, from what I can tell, one of the includes with glibc 2.0.7 is incorrect, since it assumes you're running on a 32-bit machine. This problem still exists even in 2.0.7-29, and needs to be fixed in the next release, IMHO. Comments? I changed /usr/include/netinet/ip_fw.h, and recompiled ipfwadm. Now it works just fine. The change is in the struct ip_fw -- there are 2 arguments, fw_pcnt and fw_bcnt that are defined as u_int32_t. If you change these to long, and recompile ipfwadm, it should work fine. On the same note, when you set up masquerading, don't forget to change /etc/sysconfig/network, setting FORWARD_IPV4 to true. I didn't find a reference to this in the IP-Masquerading HOWTO, but maybe it is in some other documentation somewhere.... -bob fahey (bob) |