Re: [systemd-devel] Recommended way to enable IPForward for a system using networkd?
On Fri, Aug 3, 2018 at 2:33 PM Lennart Poettering wrote: > On Do, 02.08.18 10:17, Filipe Brandenburger (filbran...@google.com) wrote: > > > So, IPForward is a global setting and yet with networkd it needs to be > > attached to an interface... > > > > What's the best way to enable it on a system, that's general enough and > > won't really depend on the existing interface configurations (let's > assume > > those will be managed separately through drop-ins somehow...) > > > > I tried creating an /etc/systemd/network/99-forwarding.network with the > > configuration and no match: > > > > [Network] > > IPForward=yes > > > > But that doesn't work since all the network interfaces get a match > earlier > > on... > > > > Using an earlier file would risk clobbering the actual configuration of > > real interfaces... > > > > Since the setting is global anyways... Would it make sense to recognize > it > > in networkd.conf? > > > > Or am I missing an obvious way to set this up that would work regardless > of > > which *.network files are used to configure the interfaces? > > So in the kernel the flag is a bit weird, as it exists twice: once > globally and once per-interface, and the relationship is just > strange. Moreover on Ipv6 only the per-interface flag exists. > On IPv6 it's actually the opposite – the *global* flag controls whether actual forwarding happens, while the per-interface flag just tweaks stuff related to accept_ra and accept_redirects. (Documentation/networking/ip-sysctl.txt:1472) -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Recommended way to enable IPForward for a system using networkd?
On Do, 02.08.18 10:17, Filipe Brandenburger (filbran...@google.com) wrote: > So, IPForward is a global setting and yet with networkd it needs to be > attached to an interface... > > What's the best way to enable it on a system, that's general enough and > won't really depend on the existing interface configurations (let's assume > those will be managed separately through drop-ins somehow...) > > I tried creating an /etc/systemd/network/99-forwarding.network with the > configuration and no match: > > [Network] > IPForward=yes > > But that doesn't work since all the network interfaces get a match earlier > on... > > Using an earlier file would risk clobbering the actual configuration of > real interfaces... > > Since the setting is global anyways... Would it make sense to recognize it > in networkd.conf? > > Or am I missing an obvious way to set this up that would work regardless of > which *.network files are used to configure the interfaces? So in the kernel the flag is a bit weird, as it exists twice: once globally and once per-interface, and the relationship is just strange. Moreover on Ipv6 only the per-interface flag exists. networkd currently was written in a style that the global flag was a mistake of history, and the per-interface one is the one that matters and is what users should use. It will touch the global one only in very limited ways: as soon as one interface wants forwarding it will turn on the global one if it was off before. It will never turn it off again. This simplistic logic is also implemented as there's no clear ownership of the knob, and other network configuration tools might want to change it too. hence, if you want to enable it globally for all interfaces then networkd won't really help you... for the interfaces networkd manages it will ensure that the per-interface ip forwarding bool is excactly on when the .network file says so and not otherwise. This means turning on the global setting won't bother networkd much, forwarding will remain off on specific interfaces if the individual .network files didn't say otherwise. If you want to turn on the flag for all interfaces managed by networkd, you'd have to modify the .network file for each (or add a .d/ dropin for them). There's currently no concept in networkd for setting options on really *all* interfaces at once. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Recommended way to enable IPForward for a system using networkd?
On Thu, Aug 2, 2018 at 8:18 PM Filipe Brandenburger wrote: > So, IPForward is a global setting and yet with networkd it needs to be > attached to an interface... > > What's the best way to enable it on a system, that's general enough and > won't really depend on the existing interface configurations (let's assume > those will be managed separately through drop-ins somehow...) > It's a sysctl, so just set it through /etc/sysctl.d: net.ipv4.conf.all.forwarding = 1 net.ipv6.conf.all.forwarding = 1 (For IPv4 it is both a global *and* per-interface setting, for some reason.) -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
