IP Masquerade

I have recently installed Redhat 4.2 and am attempting to set up IP Masquerading. The firewall portion of ipfwadm seems to work fine, but when I try to do anything with the masquerading portion, I get the error 'setsockopt failed: Invalid argument'. I am entering commands straight out of the FAQ's (a number of different versions) so I'm not convinced that it's something wrong in my commands. The kernel has been compiled with options as per the FAQ and the modules have been installed. What little thing am I missing?
addendum: ipfwadm -M -l returns 'cannot open /proc/net/ip_masquerade'. (since that file doesn't exist I suppose)
Who is Participating?
bcookConnect With a Mentor Commented:
The problem is in your kernel
the /proc filesystem is automatically created by the kernel.

Have you read the kernel HOWTO about how to get the rebuilt
kernel to be booted against.

Do this:


and look for the kernel version line.
This tells you when the kernel you're booting was built, and on what system it was built.  If this is not the date you built it, then you've still got to sort that out.

This will involve updating the kernel where ever you have it.

lilo: /vmlinuz (Unless your lilo.conf has been modified)

floppy: use dd to write the kernel image onto the floppy.

loadlin(dos): the vmlinuz in the dos directory linux is booted from

This should all be covered in the kernel.HOWTO
This sounds to me as though the kernel lacks the necessary support. Go through the FAQ with a toothcomb, and check you really have enabled all the necessary kernel opitons, and check that you really are booting from the kernel with those options compiled in.

Also, under certain circumstances it is necessary to get an upgraded version of ipfwadm.

Have a look in /proc/net, and see if the ip_masquerade file is there, too. I assume you were trying to execute this as root?
murraydhAuthor Commented:
I'm quite sure that all the support is there. I've checked the settings against the FAQ a dozen times. I'm also running version 2.3.0 of ipfwadm. As for the ip_masquerade file in /proc/net, it does not exist. I'm sure this is (at least part of) the problem, though I have no idea how to go about fixing it.
Are all the ip_masquerade modules built and loaded? The docs clearly state you must manually load the modules NOT let the kerneld autoload them for you.
Well, as long as a ls / shows /probc to be there we can assume that he has indeed compiled in the /rpocfs.  Now to the rest.  Part of the trouble here is the lack of info we have been given to wirk with, I'd like to see things such as:  output from lsmod, show's us what modules have been loaded, perhaps the output from ls /proc/net, this will also give us some info about what may be compiled into the kernel, and I'd like a full accounting of the ipfwadm commands the user is attempting to give the system, typos are most often the cuase of troubles, not to mention slightly mundged command parms.  It's had, very hard to answer questions with so little info to go on.  I'm surprised others have as yet not requested more info...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.