Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 21 - IP Masquerading broken
Summary: IP Masquerading broken
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: distribution
Version: 5.2
Hardware: alpha
OS: Linux
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1998-11-10 13:02 UTC by jhohertz
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1998-11-19 16:25:39 UTC

Attachments (Terms of Use)

Description jhohertz 1998-11-10 13:02:27 UTC
Trying to follow the HOWTO to add a subnet for IP Masqurade
results in and error stating setsockopt recieved an invalid
parameter. I have recompiled the kernel, as well as the
source RPM of ipfwadm with no lock.

I first noticed this when I updated my system to RawHide
1.0.6 and it persists even after an upgrade to 5.2.

I flag this as major, as this is a very common feature used
by those with a SOHO on their hands.

Thanks. Please contact me if you want more info.

Comment 1 Preston Brown 1998-11-13 17:01:59 UTC
Please provide the exact text of the commands that you are trying
to do, and the failure messages.

Comment 2 ddionne 1998-11-19 16:01:59 UTC
I have the exact same problem on my 5.1 system.  I have also noted
that my modules do not load correctly.  I think this is because of
the rc.sysinit file that has a reference to /sbin/lilo (this is on an
alpha) in order to get the kernel version to create the link to

Comment 3 ddionne 1998-11-19 16:06:59 UTC
This is what I am using Redhat 5.1 Kern. 2.0.34, and this is what I

ipfwadm -F -p deny <cr> works fine
ipfwadm -F -a m -S -D <cr> returns
ipfwadm: setsocketopt failed: Invalid argument

Comment 4 David Lawrence 1998-11-19 16:25:59 UTC
5.2 no longer uses cmdline stuff from LILO to create the preferred
link in /lib/modules. Therefor there is no longer reference in
rc.sysinit for /sbin/lilo. It sounds like you may have forgot to run
make modules and make modules_install after compiling the kernel with
IP firewalling as a module. If you do this and everything goes
properly, the depmod -a in rc.sysint should find the modules.

Comment 5 jhohertz 1998-11-20 13:48:59 UTC
I don't think this is fixed yet, as the resolution is NOT for the
problem as initially described. IP Masqurading is not a module (but
there are helper modules.)

The ipfwadm problem is still outstanding, and I have recently found
two emails related to it with workarounds in my Inbox. The first is a
quick fix, and the second gets to the heart of the matter.

---[First: Quick fix]----------
Date: Fri, 20 Nov 1998 11:43:22 -0500 (EST)
From: Michael <>
Subject: Re: Anyone else have problems with ip_masq and Alpha Linux
kernel 2.0.35??

The problem is the ipfwadm rpm that ships with 5.1 & 5.2 .

Uninstall it and grab the one in the 5.0 dist. and it will work fine
(assuming the kernel is built for it).

---[Second: Heart of the matter]-----
Date: Fri, 20 Nov 1998 10:29:03 -0500
From: Bob Fahey <>
Subject: RE: Anyone else have problems with ip_masq and Alpha Linux
kernel 2.0.35??

GREAT question.  I spent about the last 3 days on my Alpha trying to
figure out the exact same problem.

The problem is that, from what I can tell, one of the includes with
glibc 2.0.7 is incorrect, since it assumes you're running on a 32-bit
machine.  This problem still exists even in 2.0.7-29, and needs to be
fixed in the next release, IMHO.  Comments?

I changed /usr/include/netinet/ip_fw.h, and recompiled ipfwadm.  Now
it works just fine.  The change is in the struct ip_fw -- there are
2 arguments, fw_pcnt and fw_bcnt that are defined as u_int32_t.  If
you change these to long, and recompile ipfwadm, it should work fine.

On the same note, when you set up masquerading, don't forget to change
/etc/sysconfig/network, setting FORWARD_IPV4 to true.  I didn't find
a reference to this in the IP-Masquerading HOWTO, but maybe it is
in some other documentation somewhere....

-bob fahey

Note You need to log in before you can comment on or make changes to this bug.