| View previous topic :: View next topic |
| Author |
Message |
bert
n00b
Joined: 20 Jun 2002
Posts: 11
Location: Amsterdam
|
 Posted: Wed Aug 21, 2002 5:00 pm Post subject: echo "1" > /proc/sys/net/ipv4/ip_forward |
 |
|
Small question: is there a preferred Gentoo way of enabling IP forwarding? I can do it manually and add it to some startup-script with
| Code: | | echo "1" >/proc/sys/net/ipv4/ip_forward |
but most distro's have some sort of wrapper mechanism for this. I haven't been able to find this for Gentoo, it would seem to make sense to be able to configure this in /etc/conf.d/net... |
|
| Back to top |
|
 |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20067
|
| Posted: Wed Aug 21, 2002 5:02 pm Post subject: |
|
|
iptables?
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
bert
n00b
Joined: 20 Jun 2002
Posts: 11
Location: Amsterdam
|
| Posted: Wed Aug 21, 2002 5:20 pm Post subject: |
|
|
For now I've added it to net.eth2, which handles the outside interface. /etc/init.d/iptables could be better, yes.
That script, iptables, could use some added sophistication BTW, like activating an OFF ruleset when the service is stopped, etc. Debian has really nice stuff for this. Personally I don't really like the current automagical saving of the current rule-set at service stop.
On a side-track, there is a bug in iptables 1.2.7, iptables-restore doesn't like the ruleset-file saved by iptables-save. I've merged 1.2.6a as a work-around. |
|
| Back to top |
|
|
phong
Bodhisattva
Joined: 16 Jul 2002
Posts: 778
Location: Michigan - 15 & Ryan
|
| Posted: Wed Aug 21, 2002 6:12 pm Post subject: |
|
|
I just created my own script in init.d to do the echo (had it require() iptables) and added it to my default runlevel. That way I can start and stop it easily if I had some reason to do so. It's a q&d but this is what it looks like:
| Code: | #!/sbin/runscript
# A simple service to start and stop IP masquerading
depend() {
need iptables
}
start() {
ebegin "Starting IP masquerading..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
eend $?
}
stop() {
ebegin "Stopping IP masquerading..."
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/ip_dynaddr
eend $?
} |
Also, I'm glad others are having trouble with iptables-save in 1.2.7 - I thought for a minute I might be crazy.
_________________
"An empty head is not really empty; it is stuffed with rubbish. Hence the difficulty of forcing anything into an empty head."
-- Eric Hoffer |
|
| Back to top |
|
|
kirill
Apprentice
Joined: 01 Aug 2002
Posts: 183
Location: Finland
|
| Posted: Wed Aug 21, 2002 7:28 pm Post subject: |
|
|
| phong wrote: | I just created my own script in init.d to do the echo (had it require() iptables) and added it to my default runlevel. That way I can start and stop it easily if I had some reason to do so. It's a q&d but this is what it looks like:
| Code: | #!/sbin/runscript
# A simple service to start and stop IP masquerading
depend() {
need iptables
}
start() {
ebegin "Starting IP masquerading..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
eend $?
}
stop() {
ebegin "Stopping IP masquerading..."
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/ip_dynaddr
eend $?
} |
|
What does ip_dynaddr exactly do? Is it needed if any interface has an dynamic ip-address?
| phong wrote: | | ...I'm glad others are having trouble with iptables-save... |
_________________
--kirill |
|
| Back to top |
|
|
dingo
n00b
Joined: 18 Aug 2002
Posts: 58
|
| Posted: Mon Aug 26, 2002 1:03 am Post subject: |
|
|
| bert wrote: |
That script, iptables, could use some added sophistication BTW, like activating an OFF ruleset when the service is stopped, etc. Debian has really nice stuff for this. Personally I don't really like the current automagical saving of the current rule-set at service stop.
|
I completely agree, after setting up iptables I was so frustrated to find the iptables ruleset set up, but not working, only to find that echo "1" > /proc/sys/net/ipv4/ip_forward isn't enabled by default. Should definitly be addded. And some default rule-sets should come with iptables, for masquerade, paraniod, etc. |
|
| Back to top |
|
|
|
Networking & Security
