Problem setting up IP MASQUERADE with recent kernels

Joseph Sacco jsacco at gnome.org
Fri Mar 16 20:01:55 UTC 2007


Problem
-------

        With recent 2.6.21.x kernels IP-Masquerading, required by
        Mac-On-Linux,  has stopped working as expected.


Question
--------

        Has anyone successfully set up IP Masquerading using a recent
        kernel?
         


Discussion
----------
Mac-On-Linux 

        http://sourceforge.net/projects/mac-on-linux/

is a Linux/PPC program that virtualizes MacOS or MacOSX in Linux. MOL
uses an IP tunnel to eastabish communications between the Linux host and
the virtualized MAC operating system.

-Ethernet----------------------------------------
                   |                    |
   130.237.226.234 |           130.237.226.239
              eth0 |             other_machine
                 linux
              tun1 |
       192.168.41.1 |
                         |     virtual
                   +--- ip-tunnel ------- MOL
                                      192.168.41.2


The Linux host performs network address translation to enable MOL to
communicate with the external network.

The mechanisms used by Mac-On-Linux to set up the IP tunnel and set up
NAT have worked successfully with 2.4.x and 2.6.x series kernels until
recently. Mac-on-Linux networking works correctly when run on FC6. It
has also run on fedora/rawhide with earlier 2.6.20.x kernels.

Two thoughts come to mind:

        * a kernel module has gone missing ==> kernel configuration
        problem

        * "something has changed" with how IP-Masquerading is setup /
        works.

I have examined the kernel configuration file for IPV4 netfiltering and
have not found any obvious omissions. [That does not mean that there are
no omissions of required modules. It just means I did not spot them.]
The only "suspect" is CONN_NF_CONNTRACK_PROC_COMPAT.

What appears to be happening with the latest kernels is some necessary
kernel modules are not being loaded initially. 

Consider the output from 'lsmod' from two successive attempts of
starting Mac-On-Linux:


Attempt #1
----------
Mac-On-Linux comes up. Networking is borked.

[output from ldmod]

Module                  Size  Used by
nf_nat                 20660  0
nf_conntrack_ipv4      13448  1
nf_conntrack           73408  2 nf_nat,nf_conntrack_ipv4
nfnetlink               8344  3 nf_nat,nf_conntrack_ipv4,nf_conntrack
ip_tables              14900  0 
x_tables               18404  1 ip_tables
tun                    13728  1 
mol                    59304  1

Conspicuously absent from this list are

        * iptable_nat
        * ipt_MASQUERADE


Running 'dmesg' may provide a hint:

[output from dmesg]

MOL 0.9.73-SVN kernel module loaded
PM: Adding info for No Bus:mol
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk at qualcomm.com>
PM: Adding info for No Bus:tun
PM: Adding info for No Bus:tun1

Hmmmm... "can't setup rules." There it is again. Wonder what's going on.



Thoughts???


-Joseph


-- 
jsacco [at] gnome [dot] org




More information about the fedora-devel-list mailing list