[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


IP Masquerade

Posted on 1997-08-03
Medium Priority
Last Modified: 2010-07-27
I have recently installed Redhat 4.2 and am attempting to set up IP Masquerading. The firewall portion of ipfwadm seems to work fine, but when I try to do anything with the masquerading portion, I get the error 'setsockopt failed: Invalid argument'. I am entering commands straight out of the FAQ's (a number of different versions) so I'm not convinced that it's something wrong in my commands. The kernel has been compiled with options as per the FAQ and the modules have been installed. What little thing am I missing?
addendum: ipfwadm -M -l returns 'cannot open /proc/net/ip_masquerade'. (since that file doesn't exist I suppose)
Question by:murraydh
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 1585813
This sounds to me as though the kernel lacks the necessary support. Go through the FAQ with a toothcomb, and check you really have enabled all the necessary kernel opitons, and check that you really are booting from the kernel with those options compiled in.

Also, under certain circumstances it is necessary to get an upgraded version of ipfwadm.

Have a look in /proc/net, and see if the ip_masquerade file is there, too. I assume you were trying to execute this as root?

Author Comment

ID: 1585814
I'm quite sure that all the support is there. I've checked the settings against the FAQ a dozen times. I'm also running version 2.3.0 of ipfwadm. As for the ip_masquerade file in /proc/net, it does not exist. I'm sure this is (at least part of) the problem, though I have no idea how to go about fixing it.

Expert Comment

ID: 1585815
Are all the ip_masquerade modules built and loaded? The docs clearly state you must manually load the modules NOT let the kerneld autoload them for you.

Accepted Solution

bcook earned 280 total points
ID: 1585816
The problem is in your kernel
the /proc filesystem is automatically created by the kernel.

Have you read the kernel HOWTO about how to get the rebuilt
kernel to be booted against.

Do this:


and look for the kernel version line.
This tells you when the kernel you're booting was built, and on what system it was built.  If this is not the date you built it, then you've still got to sort that out.

This will involve updating the kernel where ever you have it.

lilo: /vmlinuz (Unless your lilo.conf has been modified)

floppy: use dd to write the kernel image onto the floppy.

loadlin(dos): the vmlinuz in the dos directory linux is booted from

This should all be covered in the kernel.HOWTO

Expert Comment

ID: 1585817
Well, as long as a ls / shows /probc to be there we can assume that he has indeed compiled in the /rpocfs.  Now to the rest.  Part of the trouble here is the lack of info we have been given to wirk with, I'd like to see things such as:  output from lsmod, show's us what modules have been loaded, perhaps the output from ls /proc/net, this will also give us some info about what may be compiled into the kernel, and I'd like a full accounting of the ipfwadm commands the user is attempting to give the system, typos are most often the cuase of troubles, not to mention slightly mundged command parms.  It's had, very hard to answer questions with so little info to go on.  I'm surprised others have as yet not requested more info...

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question