Solved

IP Masquerade

Posted on 1997-08-03
5
288 Views
Last Modified: 2010-07-27
I have recently installed Redhat 4.2 and am attempting to set up IP Masquerading. The firewall portion of ipfwadm seems to work fine, but when I try to do anything with the masquerading portion, I get the error 'setsockopt failed: Invalid argument'. I am entering commands straight out of the FAQ's (a number of different versions) so I'm not convinced that it's something wrong in my commands. The kernel has been compiled with options as per the FAQ and the modules have been installed. What little thing am I missing?
addendum: ipfwadm -M -l returns 'cannot open /proc/net/ip_masquerade'. (since that file doesn't exist I suppose)
0
Comment
Question by:murraydh
5 Comments
 
LVL 3

Expert Comment

by:sauron
Comment Utility
This sounds to me as though the kernel lacks the necessary support. Go through the FAQ with a toothcomb, and check you really have enabled all the necessary kernel opitons, and check that you really are booting from the kernel with those options compiled in.

Also, under certain circumstances it is necessary to get an upgraded version of ipfwadm.

Have a look in /proc/net, and see if the ip_masquerade file is there, too. I assume you were trying to execute this as root?
0
 

Author Comment

by:murraydh
Comment Utility
I'm quite sure that all the support is there. I've checked the settings against the FAQ a dozen times. I'm also running version 2.3.0 of ipfwadm. As for the ip_masquerade file in /proc/net, it does not exist. I'm sure this is (at least part of) the problem, though I have no idea how to go about fixing it.
0
 
LVL 2

Expert Comment

by:jeffa072897
Comment Utility
Are all the ip_masquerade modules built and loaded? The docs clearly state you must manually load the modules NOT let the kerneld autoload them for you.
0
 
LVL 1

Accepted Solution

by:
bcook earned 70 total points
Comment Utility
The problem is in your kernel
the /proc filesystem is automatically created by the kernel.

Have you read the kernel HOWTO about how to get the rebuilt
kernel to be booted against.

Do this:

dmesg|more

and look for the kernel version line.
This tells you when the kernel you're booting was built, and on what system it was built.  If this is not the date you built it, then you've still got to sort that out.

This will involve updating the kernel where ever you have it.



lilo: /vmlinuz (Unless your lilo.conf has been modified)

floppy: use dd to write the kernel image onto the floppy.

loadlin(dos): the vmlinuz in the dos directory linux is booted from

This should all be covered in the kernel.HOWTO
0
 

Expert Comment

by:smokie
Comment Utility
Well, as long as a ls / shows /probc to be there we can assume that he has indeed compiled in the /rpocfs.  Now to the rest.  Part of the trouble here is the lack of info we have been given to wirk with, I'd like to see things such as:  output from lsmod, show's us what modules have been loaded, perhaps the output from ls /proc/net, this will also give us some info about what may be compiled into the kernel, and I'd like a full accounting of the ipfwadm commands the user is attempting to give the system, typos are most often the cuase of troubles, not to mention slightly mundged command parms.  It's had, very hard to answer questions with so little info to go on.  I'm surprised others have as yet not requested more info...
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now