Problem setting up IP MASQUERADE with recent kernels

Joseph Sacco jsacco at gnome.org
Mon Mar 19 02:14:17 UTC 2007 

Hoisted by my own petard...  

Using the TUN driver supplied with the kernel rather than building one
within MOL, avoids the problem.  

See

     https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231606


-Joseph

====================================================================

On Fri, 2007-03-16 at 16:01 -0400, Joseph Sacco wrote:
> Problem
> -------
> 
>         With recent 2.6.21.x kernels IP-Masquerading, required by
>         Mac-On-Linux,  has stopped working as expected.
> 
> 
> Question
> --------
> 
>         Has anyone successfully set up IP Masquerading using a recent
>         kernel?
>          
> 
> 
> Discussion
> ----------
> Mac-On-Linux 
> 
>         http://sourceforge.net/projects/mac-on-linux/
> 
> is a Linux/PPC program that virtualizes MacOS or MacOSX in Linux. MOL
> uses an IP tunnel to eastabish communications between the Linux host and
> the virtualized MAC operating system.
> 
> -Ethernet----------------------------------------
>                    |                    |
>    130.237.226.234 |           130.237.226.239
>               eth0 |             other_machine
>                  linux
>               tun1 |
>        192.168.41.1 |
>                          |     virtual
>                    +--- ip-tunnel ------- MOL
>                                       192.168.41.2
> 
> 
> The Linux host performs network address translation to enable MOL to
> communicate with the external network.
> 
> The mechanisms used by Mac-On-Linux to set up the IP tunnel and set up
> NAT have worked successfully with 2.4.x and 2.6.x series kernels until
> recently. Mac-on-Linux networking works correctly when run on FC6. It
> has also run on fedora/rawhide with earlier 2.6.20.x kernels.
> 
> Two thoughts come to mind:
> 
>         * a kernel module has gone missing ==> kernel configuration
>         problem
> 
>         * "something has changed" with how IP-Masquerading is setup /
>         works.
> 
> I have examined the kernel configuration file for IPV4 netfiltering and
> have not found any obvious omissions. [That does not mean that there are
> no omissions of required modules. It just means I did not spot them.]
> The only "suspect" is CONN_NF_CONNTRACK_PROC_COMPAT.
> 
> What appears to be happening with the latest kernels is some necessary
> kernel modules are not being loaded initially. 
> 
> Consider the output from 'lsmod' from two successive attempts of
> starting Mac-On-Linux:
> 
> 
> Attempt #1
> ----------
> Mac-On-Linux comes up. Networking is borked.
> 
> [output from ldmod]
> 
> Module                  Size  Used by
> nf_nat                 20660  0
> nf_conntrack_ipv4      13448  1
> nf_conntrack           73408  2 nf_nat,nf_conntrack_ipv4
> nfnetlink               8344  3 nf_nat,nf_conntrack_ipv4,nf_conntrack
> ip_tables              14900  0 
> x_tables               18404  1 ip_tables
> tun                    13728  1 
> mol                    59304  1
> 
> Conspicuously absent from this list are
> 
>         * iptable_nat
>         * ipt_MASQUERADE
> 
> 
> Running 'dmesg' may provide a hint:
> 
> [output from dmesg]
> 
> MOL 0.9.73-SVN kernel module loaded
> PM: Adding info for No Bus:mol
> tun: Universal TUN/TAP device driver, 1.6
> tun: (C) 1999-2004 Max Krasnyansky <maxk at qualcomm.com>
> PM: Adding info for No Bus:tun
> PM: Adding info for No Bus:tun1
> 
> Hmmmm... "can't setup rules." There it is again. Wonder what's going on.
> 
> 
> 
> Thoughts???
> 
> 
> -Joseph
> 
> 
> -- 
> jsacco [at] gnome [dot] org

-- 
jsacco [at] gnome [dot] org

More information about the fedora-devel-list mailing list