Jump to content


Photo

IP Masquerade?


  • Please log in to reply
3 replies to this topic

#1 jim

jim

    Advanced Member

  • Administrators
  • 3,385 posts

Posted 12 February 2015 - 09:18 PM

Will IP Masquerade be supported any time in the pcduino port? Following instructions listed here (http://linux-sunxi.o...nel#Compilation) to configure the build to compile an ip masq module looks as though it's not supported, at least missing from menuconfig. Per attachment. 

Thanks in advance for any insight! 



#2 jim

jim

    Advanced Member

  • Administrators
  • 3,385 posts

Posted 12 February 2015 - 09:18 PM

IP_NF_TARGET_MASQUERADE depends on NF_CONNTRACK:
Networking options  --->

  • Network packet filtering framework (Netfilter)  --->   

   Core Netfilter Configuration  --->  
          <M> Netfilter connection tracking support 


You can find the config and dependces:

github/pcduino/kernel/linux-sunxi$ find ./ -name "Kconfig" | xargs grep "Masquerade" -i -n

./net/ipv4/netfilter/Kconfig:175:       tristate "MASQUERADE target support"


github/pcduino/kernel/linux-sunxi$ vi net/ipv4/netfilter/Kconfig
174 config IP_NF_TARGET_MASQUERADE
175         tristate "MASQUERADE target support"
176         depends on NF_NAT
177         default m if NETFILTER_ADVANCED=n
178         help
179           Masquerading is a special case of NAT: all outgoing connections are
180           changed to seem to come from a particular interface's address, and
181           if the interface goes down, those connections are lost.  This is
182           only useful for dialup accounts with dynamic IP address (ie. your IP
183           address will be different on next dialup).
184 
185           To compile it as a module, choose M here.  If unsure, say N.


157 # NAT + specific targets: nf_conntrack
158 config NF_NAT
159         tristate "Full NAT"
160         depends on NF_CONNTRACK_IPV4
161         default m if NETFILTER_ADVANCED=n
162         help
163           The Full NAT option allows masquerading, port forwarding and other
164           forms of full Network Address Port Translation.  It is controlled by
165           the `nat' table in iptables: see the man page for iptables(cool.gif.
166 
167           To compile it as a module, choose M here.  If unsure, say N.


 12 config NF_CONNTRACK_IPV4
 13         tristate "IPv4 connection tracking support (required for NAT)"
 14         depends on NF_CONNTRACK
 15         default m if NETFILTER_ADVANCED=n
 16         select NF_DEFRAG_IPV4
 17         ---help---
 18           Connection tracking keeps a record of what packets have passed
 19           through your machine, in order to figure out how they are related
 20           into connections.
 21 
 22           This is IPv4 support on Layer 3 independent connection tracking.
 23           Layer 3 independent connection tracking is experimental scheme
 24           which generalize ip_conntrack to support other layer 3 protocols.
 25 
 26           To compile it as a module, choose M here.  If unsure, say N.
 
IP_NF_TARGET_MASQUERADE depends on NF_NAT
NF_NAT depends on NF_CONNTRACK_IPV4
NF_CONNTRACK_IPV4 depends on NF_CONNTRACK


github/pcduino/kernel/linux-sunxi$ find ./ -name "Kconfig" | xargs grep "config NF_CONNTRACK"  -n
./net/netfilter/Kconfig:35:config NF_CONNTRACK
  35 config NF_CONNTRACK
  36         tristate "Netfilter connection tracking support"
  37         default m if NETFILTER_ADVANCED=n
  38         help
  39           Connection tracking keeps a record of what packets have passed
  40           through your machine, in order to figure out how they are related
  41           into connections.
  42 
  43           This is required to do Masquerading or other kinds of Network
  44           Address Translation.  It can also be used to enhance packet
  45           filtering (see `Connection state match support' below).
  46 
  47           To compile it as a module, choose M here.  If unsure, say N.
 



#3 jim

jim

    Advanced Member

  • Administrators
  • 3,385 posts

Posted 12 February 2015 - 09:18 PM

Thanks! The configuration will now build the modules for iptables and MASQUERADE, however, when I copied them to pcduino v2 and try to insmod (/store is a 32GB micro SD) -

root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# ls
ipt_MASQUERADE.ko     nf_nat_amanda.ko      nf_nat_proto_gre.ko
ipt_REDIRECT.ko       nf_nat_ftp.ko         nf_nat_proto_sctp.ko
iptable_nat.ko        nf_nat_h323.ko        nf_nat_proto_udplite.ko
nf_conntrack_ipv4.ko  nf_nat_irc.ko         nf_nat_sip.ko
nf_defrag_ipv4.ko     nf_nat_pptp.ko        nf_nat_snmp_basic.ko
nf_nat.ko             nf_nat_proto_dccp.ko  nf_nat_tftp.ko
root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# insmod iptable_nat.ko 
insmod: error inserting 'iptable_nat.ko': -1 Invalid module format
root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# file iptable_nat.ko
iptable_nat.ko: ELF 32-bit LSB relocatable, ARM, version 1 (SYSV), BuildID[sha1]=0x77a7c53a1ef87129e0c23eac2ffda44b4c2dbec7, not stripped
root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# insmod ipt_MASQUERADE.ko 
insmod: error inserting 'ipt_MASQUERADE.ko': -1 Invalid module format
root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netf

This is by configuring linux-sunxi directly after running make based on the instructions here - http://www.pcduino.c...el-for-pcduino/  which fails in this way (from top level directory) -- 
make[1]: Entering directory `/home/bots/local/kernel/sunxi-tools'
gcc -g -O0 -Wall -Wextra -std=c99 -D_POSIX_C_SOURCE=200112L -Iinclude/ `pkg-config --cflags libusb-1.0`  -o fel fel.c  `pkg-config --libs libusb-1.0`
Package libusb-1.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `libusb-1.0.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libusb-1.0' found
Package libusb-1.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `libusb-1.0.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libusb-1.0' found
fel.c:21:20: fatal error: libusb.h: No such file or directory
compilation terminated.
make[1]: *** [fel] Error 1
make[1]: Leaving directory `/home/bots/local/kernel/sunxi-tools'
make: *** [tools] Error 2


So to recap: 
1) Follow pcduino kernel directions. 
2) exec make, git clones linux-sunxi source but fails on libusb missing error.. 
3) cd linux-sunxi 
4) make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- menuconfig   (per instructions here - http://linux-sunxi.o...nel#Compilation ) 
5) enable ip net filtering, nat, ip masquerade
6) make -j4 ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- modules 
7) make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- INSTALL_MOD_PATH=output modules_install 
cool.gif tar pczf linux-3.4.29-modules.tgz output/ 
9) scp to arduino, unpack
10) root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# insmod iptable_nat.ko 
insmod: error inserting 'iptable_nat.ko': -1 Invalid module format
root@ubuntu:/store/src/linux-3.4.29-modules/modules/3.4.29+/kernel/net/ipv4/netfilter# file iptable_nat.ko
iptable_nat.ko: ELF 32-bit LSB relocatable, ARM, version 1 (SYSV), BuildID[sha1]=0x77a7c53a1ef87129e0c23eac2ffda44b4c2dbec7, not stripped


Thanks in advance! 



#4 jim

jim

    Advanced Member

  • Administrators
  • 3,385 posts

Posted 12 February 2015 - 09:19 PM

When the update kernel config, compile time if the impact to some data structure definition , you need to take the whole kernel and modules according to updated together .So your problem is probably caused because the kernel did not update .In addition, because many modules have dependencies , it is recommended to use modprobe to load , such as :
insmod iptable_nat.ko instead of  modprobe iptable_nat
Or added to / etc / modules file inside the boot automatically loaded.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users