Failed to install socket filter

Gerald Combs gerald at ethereal.com
Mon Nov 3 20:41:34 CST 2003 

On Mon, 3 Nov 2003, brad wrote:

> Just adding a second IP address to a single physical NIC with the second
> IP address being in the same network as the first.  For example to a
> machine with 10.0.1.1/255.255.255.0 I want to add 10.0.1.2/255.255.255.0
> on the same eth0.  A problem I have seen with this is when pointing an
> access server to 10.0.1.2 the radius service hears the request, but then
> replies on 10.0.1.1.  Is that normal?  I have had other issues as well,
> but this one sticks out.  Could this be the problem causing my 'Warning:
> Failed to install socket filter' error in nagios?

Which RADIUS server are you using?  Does it have an option to bind to a
specific IP address?  Since RADIUS runs over UDP, it's possible for the
server to open a new socket when sending replies.  In your case, the reply
socket is apparently binding to the first available IP address (.1).  
This is arguably a bug in the RADIUS server; it ought to bind to the
inbound address.  To get around this, you can set up the RADIUS server to
support listening on a specific IP address.

The "Failed to install socket filter" error sounds like you don't have
socket filtering (CONFIG_FILTER) support enabled in your kernel.  It
sounds like one of the Nagios plugins requires it.

> 
> Thanks,
> 
> Brad
> 
> 
> -----Forwarded Message-----
> > From: Jonathan Hutchins <hutchins at tarcanfel.net>
> > To: kclug at kclug.org
> > Subject: Re: Failed to install socket filter
> > Date: Mon, 03 Nov 2003 11:28:01 -0600
> > 
> > What exactly are you trying to do Brad?
> > 
> > If you're adding a second NIC to a RedHat system, it's pretty easy although
> > some releases don't do it automatically.  If that's the case, let us know
> > (again?) what cards you're using and we should be able to walk you through
> > it.
> > 
> > It sounds a bit as though one of your issues may be installing two
> > interfaces on the same logical and physical subnet.  That can be done, but
> > it's considerably more interesting.  Although I know it can be done,
> > automatically load-sharing between the interfaces is not standard linux
> > stuff.  You can use virtual machines with the respective cards configured
> > seperately; you can use applications (such as Apache) that can be told which
> > card to use.
> > 
> > Personally I'm not familiar with sub-interfaces - the eth0:(n)
> > specifications.  As far as I know using those specifications require that
> > all of the applications specify which instance of the interface they're
> > talking to, and some default applications do not allow it.
> > 
> > Give us a clearer picture of what you're trying to do and we'll try again.
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
>

More information about the Kclug mailing list