[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem setting up IP MASQUERADE with recent kernels



Hoisted by my own petard...  

Using the TUN driver supplied with the kernel rather than building one
within MOL, avoids the problem.  

See

     https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231606


-Joseph

====================================================================

On Fri, 2007-03-16 at 16:01 -0400, Joseph Sacco wrote:
> Problem
> -------
> 
>         With recent 2.6.21.x kernels IP-Masquerading, required by
>         Mac-On-Linux,  has stopped working as expected.
> 
> 
> Question
> --------
> 
>         Has anyone successfully set up IP Masquerading using a recent
>         kernel?
>          
> 
> 
> Discussion
> ----------
> Mac-On-Linux 
> 
>         http://sourceforge.net/projects/mac-on-linux/
> 
> is a Linux/PPC program that virtualizes MacOS or MacOSX in Linux. MOL
> uses an IP tunnel to eastabish communications between the Linux host and
> the virtualized MAC operating system.
> 
> -Ethernet----------------------------------------
>                    |                    |
>    130.237.226.234 |           130.237.226.239
>               eth0 |             other_machine
>                  linux
>               tun1 |
>        192.168.41.1 |
>                          |     virtual
>                    +--- ip-tunnel ------- MOL
>                                       192.168.41.2
> 
> 
> The Linux host performs network address translation to enable MOL to
> communicate with the external network.
> 
> The mechanisms used by Mac-On-Linux to set up the IP tunnel and set up
> NAT have worked successfully with 2.4.x and 2.6.x series kernels until
> recently. Mac-on-Linux networking works correctly when run on FC6. It
> has also run on fedora/rawhide with earlier 2.6.20.x kernels.
> 
> Two thoughts come to mind:
> 
>         * a kernel module has gone missing ==> kernel configuration
>         problem
> 
>         * "something has changed" with how IP-Masquerading is setup /
>         works.
> 
> I have examined the kernel configuration file for IPV4 netfiltering and
> have not found any obvious omissions. [That does not mean that there are
> no omissions of required modules. It just means I did not spot them.]
> The only "suspect" is CONN_NF_CONNTRACK_PROC_COMPAT.
> 
> What appears to be happening with the latest kernels is some necessary
> kernel modules are not being loaded initially. 
> 
> Consider the output from 'lsmod' from two successive attempts of
> starting Mac-On-Linux:
> 
> 
> Attempt #1
> ----------
> Mac-On-Linux comes up. Networking is borked.
> 
> [output from ldmod]
> 
> Module                  Size  Used by
> nf_nat                 20660  0
> nf_conntrack_ipv4      13448  1
> nf_conntrack           73408  2 nf_nat,nf_conntrack_ipv4
> nfnetlink               8344  3 nf_nat,nf_conntrack_ipv4,nf_conntrack
> ip_tables              14900  0 
> x_tables               18404  1 ip_tables
> tun                    13728  1 
> mol                    59304  1
> 
> Conspicuously absent from this list are
> 
>         * iptable_nat
>         * ipt_MASQUERADE
> 
> 
> Running 'dmesg' may provide a hint:
> 
> [output from dmesg]
> 
> MOL 0.9.73-SVN kernel module loaded
> PM: Adding info for No Bus:mol
> tun: Universal TUN/TAP device driver, 1.6
> tun: (C) 1999-2004 Max Krasnyansky <maxk qualcomm com>
> PM: Adding info for No Bus:tun
> PM: Adding info for No Bus:tun1
> 
> Hmmmm... "can't setup rules." There it is again. Wonder what's going on.
> 
> 
> 
> Thoughts???
> 
> 
> -Joseph
> 
> 
> -- 
> jsacco [at] gnome [dot] org

-- 
jsacco [at] gnome [dot] org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]