[gentoo-dev] iptables

[gentoo-dev] iptables

[Grant Goodyear]

[-- Attachment #1: Type: text/plain, Size: 574 bytes --]

Dear all,
  I noticed the other day that recent versions of iptables have 
removed ipforwarding support and suggest that the user add 
	echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
to /etc/conf.d/local.start to enable IP forwarding.  

Instead of adding that string to local.start, wouldn't it be better
to direct the user to uncomment the appropriate line in
/etc/sysctl.conf?

Thanks,
g2boojum
-- 
Grant Goodyear	
Gentoo Developer
g2boojum@gentoo.org
http://www.gentoo.org/~g2boojum
GPG Fingerprint: D706 9802 1663 DEF5 81B0  9573 A6DC 7152 E0F6 5B76

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] iptables

[Ned Ludd]

[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

On Wed, 2004-07-07 at 17:57, Grant Goodyear wrote:
> Dear all,
>   I noticed the other day that recent versions of iptables have 
> removed ipforwarding support and suggest that the user add 
> 	echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
> to /etc/conf.d/local.start to enable IP forwarding.  
> 
> Instead of adding that string to local.start, wouldn't it be better
> to direct the user to uncomment the appropriate line in
> /etc/sysctl.conf?

indeed it would be.

> 
> Thanks,
> g2boojum
-- 
Ned Ludd <solar@gentoo.org>
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] iptables

[Anthony G. Basile]

If it is any help to the developers, I'm running several gentoo servers
which require ipv4 forwarding and I have been setting forwarding=1 through
sysctl.conf without any problem whatsoever.  When I first noticed this
message, I thought that maybe something was broken with sysctl.conf and
that users were being instructed to used echo 1 > .../forwarding.  But I
convinced myself there was no problem with the boot scripts and sysctl,
and indeed, there doesn't seem to be.

> On Wed, 2004-07-07 at 17:57, Grant Goodyear wrote:
>> Dear all,
>>   I noticed the other day that recent versions of iptables have
>> removed ipforwarding support and suggest that the user add
>> 	echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
>> to /etc/conf.d/local.start to enable IP forwarding.
>>
>> Instead of adding that string to local.start, wouldn't it be better
>> to direct the user to uncomment the appropriate line in
>> /etc/sysctl.conf?
>
> indeed it would be.
>
>>
>> Thanks,
>> g2boojum
> --
> Ned Ludd <solar@gentoo.org>
> Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer
>


-- 

Anthony G. Basile, Ph.D.
Director of Information Technology,
D'Youville College,
320 Porter Ave.
Buffalo NY, 14201

Work: (716) 881-8197 (voicemail)




--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] iptables

[Michael C. Ferguson]

On Wednesday 07 July 2004 04:57 pm, Grant Goodyear wrote:
> Dear all,
>   I noticed the other day that recent versions of iptables have
> removed ipforwarding support and suggest that the user add
> 	echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
> to /etc/conf.d/local.start to enable IP forwarding.

Yes -- if you are curious why, I wrote a small comment in bug 14761. (Az you 
can close this bug any time...)

> Instead of adding that string to local.start, wouldn't it be better
> to direct the user to uncomment the appropriate line in
> /etc/sysctl.conf?

Really, yes, since there has been talk on lkml about removing the /proc 
interface for doing things like this, in favor of using sysctl, sysfs, or 
basically anything else. IMHO, our best option is to integrate ALL of the 
net.ipv4 and net.ipv6 options into the net.* scripts, where they belong; in 
fact, many net.ipv4.conf options already are in the net scripts, and there is 
already a bug open for this type of feature (48968).




-- mcf

--
gentoo-dev@gentoo.org mailing list