Very Computer

> Hello.

> I have just installed Redhat 5 on a machine (fresh install) that had
> previously been running RH4.2 with a 2.0.30 kernel.

> On the previous setup I had an IP masquerade configuration of several
> TCP and UDP protocols that also included ICMP masquerading to permit
> ping,traceroute etc. from an internal network to the outside world via
> ISDN.   All services on that setup including ICMP worked correctly.

> After having done the upgrade, all TCP and UDP services work properly
> but not ICMP.

> IPFWADM complains as follows:

> ipfwadm -F -a masq -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0

> /ipfwadm: masquerading not allowed with protocol ICMP
> Try `/tmp/ipfwadm -h' for more information.

> I have checked the kernel setups and all relevant parameters appear to
> be correct:

> CONFIG_IP_FORWARD=y
> # CONFIG_IP_MULTICAST is not set
> CONFIG_IP_FIREWALL=y
> CONFIG_IP_FIREWALL_VERBOSE=y
> CONFIG_IP_MASQUERADE=y
> CONFIG_IP_MASQUERADE_IPAUTOFW=y
> CONFIG_IP_MASQUERADE_ICMP=y
> # CONFIG_IP_TRANSPARENT_PROXY is not set
> CONFIG_IP_ALWAYS_DEFRAG=y
> CONFIG_IP_ACCT=y
> # CONFIG_IP_ROUTER is not set
> # CONFIG_NET_IPIP is not set
> CONFIG_IP_NOSR=y

> IP forwarding is turned on on the control panel setting.

> I have also tried the new 2.0.33 kernel and see no difference with that.

> Has anybody else seen this or perhaps have some suggestions as to what
> the problem might be?

>> Hello.

>> I have just installed Redhat 5 on a machine (fresh install) that had
>> previously been running RH4.2 with a 2.0.30 kernel.

>> On the previous setup I had an IP masquerade configuration of several
>> TCP and UDP protocols that also included ICMP masquerading to permit
>> ping,traceroute etc. from an internal network to the outside world via
>> ISDN.   All services on that setup including ICMP worked correctly.

>> After having done the upgrade, all TCP and UDP services work properly
>> but not ICMP.

>> IPFWADM complains as follows:

>> ipfwadm -F -a masq -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0

>> /ipfwadm: masquerading not allowed with protocol ICMP
>> Try `/tmp/ipfwadm -h' for more information.

>> I have checked the kernel setups and all relevant parameters appear to
>> be correct:

>> CONFIG_IP_FORWARD=y
>> # CONFIG_IP_MULTICAST is not set
>> CONFIG_IP_FIREWALL=y
>> CONFIG_IP_FIREWALL_VERBOSE=y
>> CONFIG_IP_MASQUERADE=y
>> CONFIG_IP_MASQUERADE_IPAUTOFW=y
>> CONFIG_IP_MASQUERADE_ICMP=y
>> # CONFIG_IP_TRANSPARENT_PROXY is not set
>> CONFIG_IP_ALWAYS_DEFRAG=y
>> CONFIG_IP_ACCT=y
>> # CONFIG_IP_ROUTER is not set
>> # CONFIG_NET_IPIP is not set
>> CONFIG_IP_NOSR=y

>> IP forwarding is turned on on the control panel setting.

>> I have also tried the new 2.0.33 kernel and see no difference with that.

>> Has anybody else seen this or perhaps have some suggestions as to what
>> the problem might be?

>Sounds like you have an old IPFWADM program ...

>--

>Remove the <<!!!!>> and !! from the address to reply ..

>For the auto-spamers, here's a few addresses from the FCC...




>And for good measure......

>---------------------------------------------------------------------
>|  By sending me unsolicitated commercial email you agree to pay my |
>| standard consulting fee of $250/hr for examining your message (a  |
>| minimum charge of one (1) hour).  The bill for my service will be |
>| sent to you along with my analysis of your message.               |
>---------------------------------------------------------------------

> Tom

> I wondered about this, but not from the version point of view. I have tried
> IPFWADM from several sources (all 2.3.0).  These were the original site in
> Holland, and the source and binary RPMs from Redhat which has patches
> presumably to work witht  the glibc setup.   Result was the same.

> I wondering if there is an easy way to tell whether this is actually a
> kernel problem or ipfwadm (perhaps by looking at the /proc area.....?

> andy

> >> Hello.

> >> I have just installed Redhat 5 on a machine (fresh install) that had
> >> previously been running RH4.2 with a 2.0.30 kernel.

> >> On the previous setup I had an IP masquerade configuration of several
> >> TCP and UDP protocols that also included ICMP masquerading to permit
> >> ping,traceroute etc. from an internal network to the outside world via
> >> ISDN.   All services on that setup including ICMP worked correctly.

> >> After having done the upgrade, all TCP and UDP services work properly
> >> but not ICMP.

> >> IPFWADM complains as follows:

> >> ipfwadm -F -a masq -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0

> >> /ipfwadm: masquerading not allowed with protocol ICMP
> >> Try `/tmp/ipfwadm -h' for more information.

> >> I have checked the kernel setups and all relevant parameters appear to
> >> be correct:

> >> CONFIG_IP_FORWARD=y
> >> # CONFIG_IP_MULTICAST is not set
> >> CONFIG_IP_FIREWALL=y
> >> CONFIG_IP_FIREWALL_VERBOSE=y
> >> CONFIG_IP_MASQUERADE=y
> >> CONFIG_IP_MASQUERADE_IPAUTOFW=y
> >> CONFIG_IP_MASQUERADE_ICMP=y
> >> # CONFIG_IP_TRANSPARENT_PROXY is not set
> >> CONFIG_IP_ALWAYS_DEFRAG=y
> >> CONFIG_IP_ACCT=y
> >> # CONFIG_IP_ROUTER is not set
> >> # CONFIG_NET_IPIP is not set
> >> CONFIG_IP_NOSR=y

> >> IP forwarding is turned on on the control panel setting.

> >> I have also tried the new 2.0.33 kernel and see no difference with that.

> >> Has anybody else seen this or perhaps have some suggestions as to what
> >> the problem might be?

> >Sounds like you have an old IPFWADM program ...

>> Tom

>> I wondered about this, but not from the version point of view. I have
tried
>> IPFWADM from several sources (all 2.3.0).  These were the original site
in
>> Holland, and the source and binary RPMs from Redhat which has patches
>> presumably to work witht  the glibc setup.   Result was the same.

>> I wondering if there is an easy way to tell whether this is actually a
>> kernel problem or ipfwadm (perhaps by looking at the /proc area.....?

>> andy

>> >> Hello.

>> >> I have just installed Redhat 5 on a machine (fresh install) that had
>> >> previously been running RH4.2 with a 2.0.30 kernel.

>> >> On the previous setup I had an IP masquerade configuration of several
>> >> TCP and UDP protocols that also included ICMP masquerading to permit
>> >> ping,traceroute etc. from an internal network to the outside world via
>> >> ISDN.   All services on that setup including ICMP worked correctly.

>> >> After having done the upgrade, all TCP and UDP services work properly
>> >> but not ICMP.

>> >> IPFWADM complains as follows:

>> >> ipfwadm -F -a masq -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0

>> >> /ipfwadm: masquerading not allowed with protocol ICMP
>> >> Try `/tmp/ipfwadm -h' for more information.

>> >> I have checked the kernel setups and all relevant parameters appear to
>> >> be correct:

>> >> CONFIG_IP_FORWARD=y
>> >> # CONFIG_IP_MULTICAST is not set
>> >> CONFIG_IP_FIREWALL=y
>> >> CONFIG_IP_FIREWALL_VERBOSE=y
>> >> CONFIG_IP_MASQUERADE=y
>> >> CONFIG_IP_MASQUERADE_IPAUTOFW=y
>> >> CONFIG_IP_MASQUERADE_ICMP=y
>> >> # CONFIG_IP_TRANSPARENT_PROXY is not set
>> >> CONFIG_IP_ALWAYS_DEFRAG=y
>> >> CONFIG_IP_ACCT=y
>> >> # CONFIG_IP_ROUTER is not set
>> >> # CONFIG_NET_IPIP is not set
>> >> CONFIG_IP_NOSR=y

>> >> IP forwarding is turned on on the control panel setting.

>> >> I have also tried the new 2.0.33 kernel and see no difference with
that.

>> >> Has anybody else seen this or perhaps have some suggestions as to what
>> >> the problem might be?

>> >Sounds like you have an old IPFWADM program ...

>Have you searched your system for an old copy of IPFWADM to make sure
>that you are executing the version that you think?  Type IPFWADM --help
>and see if it has options about ICMP.  The error message from the kernel
>that I have gotten is that something to the effect that the target port
>is not available, not the message that you describe.
>--

>Remove the <<!!!!>> and !! from the address to reply ..

>For the auto-spamers, here's a few addresses from the FCC...




>And for good measure......

>---------------------------------------------------------------------
>|  By sending me unsolicitated commercial email you agree to pay my |
>| standard consulting fee of $250/hr for examining your message (a  |
>| minimum charge of one (1) hour).  The bill for my service will be |
>| sent to you along with my analysis of your message.               |
>---------------------------------------------------------------------

>I checked the version of ipfwadm (source and binary) and it does have ICMP
>as an option as well as the supporting code.

>andy

>>> Tom

>>> I wondered about this, but not from the version point of view. I have
>tried
>>> IPFWADM from several sources (all 2.3.0).  These were the original site
>in
>>> Holland, and the source and binary RPMs from Redhat which has patches
>>> presumably to work witht  the glibc setup.   Result was the same.

>>> I wondering if there is an easy way to tell whether this is actually a
>>> kernel problem or ipfwadm (perhaps by looking at the /proc area.....?

>>> andy

>>> >> Hello.

>>> >> I have just installed Redhat 5 on a machine (fresh install) that had
>>> >> previously been running RH4.2 with a 2.0.30 kernel.

>>> >> On the previous setup I had an IP masquerade configuration of several
>>> >> TCP and UDP protocols that also included ICMP masquerading to permit
>>> >> ping,traceroute etc. from an internal network to the outside world
via
>>> >> ISDN.   All services on that setup including ICMP worked correctly.

>>> >> After having done the upgrade, all TCP and UDP services work properly
>>> >> but not ICMP.

>>> >> IPFWADM complains as follows:

>>> >> ipfwadm -F -a masq -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0

>>> >> /ipfwadm: masquerading not allowed with protocol ICMP
>>> >> Try `/tmp/ipfwadm -h' for more information.

>>> >> I have checked the kernel setups and all relevant parameters appear
to
>>> >> be correct:

>>> >> CONFIG_IP_FORWARD=y
>>> >> # CONFIG_IP_MULTICAST is not set
>>> >> CONFIG_IP_FIREWALL=y
>>> >> CONFIG_IP_FIREWALL_VERBOSE=y
>>> >> CONFIG_IP_MASQUERADE=y
>>> >> CONFIG_IP_MASQUERADE_IPAUTOFW=y
>>> >> CONFIG_IP_MASQUERADE_ICMP=y
>>> >> # CONFIG_IP_TRANSPARENT_PROXY is not set
>>> >> CONFIG_IP_ALWAYS_DEFRAG=y
>>> >> CONFIG_IP_ACCT=y
>>> >> # CONFIG_IP_ROUTER is not set
>>> >> # CONFIG_NET_IPIP is not set
>>> >> CONFIG_IP_NOSR=y

>>> >> IP forwarding is turned on on the control panel setting.

>>> >> I have also tried the new 2.0.33 kernel and see no difference with
>that.

>>> >> Has anybody else seen this or perhaps have some suggestions as to
what
>>> >> the problem might be?

>>> >Sounds like you have an old IPFWADM program ...

>>Have you searched your system for an old copy of IPFWADM to make sure
>>that you are executing the version that you think?  Type IPFWADM --help
>>and see if it has options about ICMP.  The error message from the kernel
>>that I have gotten is that something to the effect that the target port
>>is not available, not the message that you describe.
>>--

>>Remove the <<!!!!>> and !! from the address to reply ..

>>For the auto-spamers, here's a few addresses from the FCC...




>>And for good measure......

>>---------------------------------------------------------------------
>>|  By sending me unsolicitated commercial email you agree to pay my |
>>| standard consulting fee of $250/hr for examining your message (a  |
>>| minimum charge of one (1) hour).  The bill for my service will be |
>>| sent to you along with my analysis of your message.               |
>>---------------------------------------------------------------------