Red Hat Bugzilla – Bug 21
IP Masquerading broken
Last modified: 2008-05-01 11:37:48 EDT
Trying to follow the HOWTO to add a subnet for IP Masqurade
results in and error stating setsockopt recieved an invalid
parameter. I have recompiled the kernel, as well as the
source RPM of ipfwadm with no lock.
I first noticed this when I updated my system to RawHide
1.0.6 and it persists even after an upgrade to 5.2.
I flag this as major, as this is a very common feature used
by those with a SOHO on their hands.
Thanks. Please contact me if you want more info.
Please provide the exact text of the commands that you are trying
to do, and the failure messages.
I have the exact same problem on my 5.1 system. I have also noted
that my modules do not load correctly. I think this is because of
the rc.sysinit file that has a reference to /sbin/lilo (this is on an
alpha) in order to get the kernel version to create the link to
This is what I am using Redhat 5.1 Kern. 2.0.34, and this is what I
ipfwadm -F -p deny <cr> works fine
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 <cr> returns
ipfwadm: setsocketopt failed: Invalid argument
5.2 no longer uses cmdline stuff from LILO to create the preferred
link in /lib/modules. Therefor there is no longer reference in
rc.sysinit for /sbin/lilo. It sounds like you may have forgot to run
make modules and make modules_install after compiling the kernel with
IP firewalling as a module. If you do this and everything goes
properly, the depmod -a in rc.sysint should find the modules.
I don't think this is fixed yet, as the resolution is NOT for the
problem as initially described. IP Masqurading is not a module (but
there are helper modules.)
The ipfwadm problem is still outstanding, and I have recently found
two emails related to it with workarounds in my Inbox. The first is a
quick fix, and the second gets to the heart of the matter.
---[First: Quick fix]----------
Date: Fri, 20 Nov 1998 11:43:22 -0500 (EST)
From: Michael <firstname.lastname@example.org>
Subject: Re: Anyone else have problems with ip_masq and Alpha Linux
The problem is the ipfwadm rpm that ships with 5.1 & 5.2 .
Uninstall it and grab the one in the 5.0 dist. and it will work fine
(assuming the kernel is built for it).
---[Second: Heart of the matter]-----
Date: Fri, 20 Nov 1998 10:29:03 -0500
From: Bob Fahey <email@example.com>
Subject: RE: Anyone else have problems with ip_masq and Alpha Linux
GREAT question. I spent about the last 3 days on my Alpha trying to
figure out the exact same problem.
The problem is that, from what I can tell, one of the includes with
glibc 2.0.7 is incorrect, since it assumes you're running on a 32-bit
machine. This problem still exists even in 2.0.7-29, and needs to be
fixed in the next release, IMHO. Comments?
I changed /usr/include/netinet/ip_fw.h, and recompiled ipfwadm. Now
it works just fine. The change is in the struct ip_fw -- there are
2 arguments, fw_pcnt and fw_bcnt that are defined as u_int32_t. If
you change these to long, and recompile ipfwadm, it should work fine.
On the same note, when you set up masquerading, don't forget to change
/etc/sysconfig/network, setting FORWARD_IPV4 to true. I didn't find
a reference to this in the IP-Masquerading HOWTO, but maybe it is
in some other documentation somewhere....