Problem setting up IP MASQUERADE with recent kernels
Joseph Sacco
jsacco at gnome.org
Fri Mar 16 20:01:55 UTC 2007
Problem
-------
With recent 2.6.21.x kernels IP-Masquerading, required by
Mac-On-Linux, has stopped working as expected.
Question
--------
Has anyone successfully set up IP Masquerading using a recent
kernel?
Discussion
----------
Mac-On-Linux
http://sourceforge.net/projects/mac-on-linux/
is a Linux/PPC program that virtualizes MacOS or MacOSX in Linux. MOL
uses an IP tunnel to eastabish communications between the Linux host and
the virtualized MAC operating system.
-Ethernet----------------------------------------
| |
130.237.226.234 | 130.237.226.239
eth0 | other_machine
linux
tun1 |
192.168.41.1 |
| virtual
+--- ip-tunnel ------- MOL
192.168.41.2
The Linux host performs network address translation to enable MOL to
communicate with the external network.
The mechanisms used by Mac-On-Linux to set up the IP tunnel and set up
NAT have worked successfully with 2.4.x and 2.6.x series kernels until
recently. Mac-on-Linux networking works correctly when run on FC6. It
has also run on fedora/rawhide with earlier 2.6.20.x kernels.
Two thoughts come to mind:
* a kernel module has gone missing ==> kernel configuration
problem
* "something has changed" with how IP-Masquerading is setup /
works.
I have examined the kernel configuration file for IPV4 netfiltering and
have not found any obvious omissions. [That does not mean that there are
no omissions of required modules. It just means I did not spot them.]
The only "suspect" is CONN_NF_CONNTRACK_PROC_COMPAT.
What appears to be happening with the latest kernels is some necessary
kernel modules are not being loaded initially.
Consider the output from 'lsmod' from two successive attempts of
starting Mac-On-Linux:
Attempt #1
----------
Mac-On-Linux comes up. Networking is borked.
[output from ldmod]
Module Size Used by
nf_nat 20660 0
nf_conntrack_ipv4 13448 1
nf_conntrack 73408 2 nf_nat,nf_conntrack_ipv4
nfnetlink 8344 3 nf_nat,nf_conntrack_ipv4,nf_conntrack
ip_tables 14900 0
x_tables 18404 1 ip_tables
tun 13728 1
mol 59304 1
Conspicuously absent from this list are
* iptable_nat
* ipt_MASQUERADE
Running 'dmesg' may provide a hint:
[output from dmesg]
MOL 0.9.73-SVN kernel module loaded
PM: Adding info for No Bus:mol
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk at qualcomm.com>
PM: Adding info for No Bus:tun
PM: Adding info for No Bus:tun1
Hmmmm... "can't setup rules." There it is again. Wonder what's going on.
Thoughts???
-Joseph
--
jsacco [at] gnome [dot] org
More information about the fedora-devel-list
mailing list