Problem setting up IP MASQUERADE with recent kernels


        With recent 2.6.21.x kernels IP-Masquerading, required by
        Mac-On-Linux,  has stopped working as expected.


        Has anyone successfully set up IP Masquerading using a recent



is a Linux/PPC program that virtualizes MacOS or MacOSX in Linux. MOL
uses an IP tunnel to eastabish communications between the Linux host and
the virtualized MAC operating system.

                   |                    | | 
              eth0 |             other_machine
              tun1 | |
                         |     virtual
                   +--- ip-tunnel ------- MOL

The Linux host performs network address translation to enable MOL to
communicate with the external network.

The mechanisms used by Mac-On-Linux to set up the IP tunnel and set up
NAT have worked successfully with 2.4.x and 2.6.x series kernels until
recently. Mac-on-Linux networking works correctly when run on FC6. It
has also run on fedora/rawhide with earlier 2.6.20.x kernels.

Two thoughts come to mind:

        * a kernel module has gone missing ==> kernel configuration

        * "something has changed" with how IP-Masquerading is setup /

I have examined the kernel configuration file for IPV4 netfiltering and
have not found any obvious omissions. [That does not mean that there are
no omissions of required modules. It just means I did not spot them.]
The only "suspect" is CONN_NF_CONNTRACK_PROC_COMPAT.

What appears to be happening with the latest kernels is some necessary
kernel modules are not being loaded initially. 

Consider the output from 'lsmod' from two successive attempts of
starting Mac-On-Linux:

Attempt #1
Mac-On-Linux comes up. Networking is borked.

[output from ldmod]

Module                  Size  Used by
nf_nat                 20660  0
nf_conntrack_ipv4      13448  1
nf_conntrack           73408  2 nf_nat,nf_conntrack_ipv4
nfnetlink               8344  3 nf_nat,nf_conntrack_ipv4,nf_conntrack
ip_tables              14900  0 
x_tables               18404  1 ip_tables
tun                    13728  1 
mol                    59304  1

Conspicuously absent from this list are

        * iptable_nat
        * ipt_MASQUERADE

Running 'dmesg' may provide a hint:

[output from dmesg]

MOL 0.9.73-SVN kernel module loaded
PM: Adding info for No Bus:mol
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk qualcomm com>
PM: Adding info for No Bus:tun
PM: Adding info for No Bus:tun1

Hmmmm... "can't setup rules." There it is again. Wonder what's going on.



jsacco [at] gnome [dot] org

