Red Hat Bugzilla – Bug 21
IP Masquerading broken
Last modified: 2008-05-01 11:37:48 EDT
Trying to follow the HOWTO to add a subnet for IP Masqurade results in and error stating setsockopt recieved an invalid parameter. I have recompiled the kernel, as well as the source RPM of ipfwadm with no lock. I first noticed this when I updated my system to RawHide 1.0.6 and it persists even after an upgrade to 5.2. I flag this as major, as this is a very common feature used by those with a SOHO on their hands. Thanks. Please contact me if you want more info.
Please provide the exact text of the commands that you are trying to do, and the failure messages.
I have the exact same problem on my 5.1 system. I have also noted that my modules do not load correctly. I think this is because of the rc.sysinit file that has a reference to /sbin/lilo (this is on an alpha) in order to get the kernel version to create the link to preferred.
This is what I am using Redhat 5.1 Kern. 2.0.34, and this is what I type. ipfwadm -F -p deny <cr> works fine ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 <cr> returns ipfwadm: setsocketopt failed: Invalid argument
5.2 no longer uses cmdline stuff from LILO to create the preferred link in /lib/modules. Therefor there is no longer reference in rc.sysinit for /sbin/lilo. It sounds like you may have forgot to run make modules and make modules_install after compiling the kernel with IP firewalling as a module. If you do this and everything goes properly, the depmod -a in rc.sysint should find the modules.
I don't think this is fixed yet, as the resolution is NOT for the problem as initially described. IP Masqurading is not a module (but there are helper modules.) The ipfwadm problem is still outstanding, and I have recently found two emails related to it with workarounds in my Inbox. The first is a quick fix, and the second gets to the heart of the matter. ---[First: Quick fix]---------- Date: Fri, 20 Nov 1998 11:43:22 -0500 (EST) From: Michael <michael@area54.net> To: jhohertz@golden.net Subject: Re: Anyone else have problems with ip_masq and Alpha Linux kernel 2.0.35?? The problem is the ipfwadm rpm that ships with 5.1 & 5.2 . Uninstall it and grab the one in the 5.0 dist. and it will work fine (assuming the kernel is built for it). ---[Second: Heart of the matter]----- Date: Fri, 20 Nov 1998 10:29:03 -0500 From: Bob Fahey <bob@invengen.com> To: axp-list@redhat.com Subject: RE: Anyone else have problems with ip_masq and Alpha Linux kernel 2.0.35?? GREAT question. I spent about the last 3 days on my Alpha trying to figure out the exact same problem. The problem is that, from what I can tell, one of the includes with glibc 2.0.7 is incorrect, since it assumes you're running on a 32-bit machine. This problem still exists even in 2.0.7-29, and needs to be fixed in the next release, IMHO. Comments? I changed /usr/include/netinet/ip_fw.h, and recompiled ipfwadm. Now it works just fine. The change is in the struct ip_fw -- there are 2 arguments, fw_pcnt and fw_bcnt that are defined as u_int32_t. If you change these to long, and recompile ipfwadm, it should work fine. On the same note, when you set up masquerading, don't forget to change /etc/sysconfig/network, setting FORWARD_IPV4 to true. I didn't find a reference to this in the IP-Masquerading HOWTO, but maybe it is in some other documentation somewhere.... -bob fahey (bob@invengen.com)