IP Forwarding is used when you need to send packets from one interface to
another. So if you're using Shorewall there's a good change you're doing
this if you're using it as a firewall for a LAN. By default it's turned off
on most Distrobutions.
ip_forwarding is the kernel parameter that allows IP Forwarding. It's
current value can be found in /proc:
# cat /proc/sys/net/ipv4/ip_forward 0 is off; 1 is on
There are several ways to turn in on:
1) # echo 1 > /proc/sys/net/ipv4/ip_forward
2) # sysctl -w net.ipv4.ip_forward=1
3)# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p
4) add IP_FORWARDING=On to shorewall.conf and run shorewall restart
Note that ONLY the 3rd and 4th options I gave will persist after
reboot. (So use one of those)
So you said that IP Forwarding was not working when you set
IP_FORWARDING=On, well perhaps you didn't
restart Shorewall.
Test it by:
# echo 0 > /proc/sys/net/ipv4/ip_forward
# cat /proc/sys/net/ipv4/ip_forward
# sed -i 's/IP_FORWARDING=&/IP_FORWARDING=On/g' /etc/shorewall/shorewall.conf
# shorewall check && shorewall restart
# cat /proc/sys/net/ipv4/ip_forward
The result should be 1
On Fri, Aug 2, 2013 at 6:01 AM, Timothy Murphy <[email protected]> wrote:
> On Thursday, August 01, 2013 04:02:29 PM johnny bowen wrote:
>
> > > IP_FORWARDING=On
> > >
> > > in /etc/shorewall/shorewall.conf .
> > >
> > > Does this setting over-ride the sysctl setting?
> > > Or do they have different effects?
>
> > Yes the setting in shorewall.conf will override the setting in
> sysctl.conf.
>
> > You can set
> > IP_FORWARDING=KEEP
> > so that it will keep whatever the setting is for ip_forwarding.
>
> Thanks for the response.
> But what exactly do you mean by "the setting for ip_forwarding"?
> Do you mean the sysctl.conf setting?
>
> And as a matter of interest,
> why would the IP_FORWARDING setting change?
>
> As it happened, it seemed as though IP forwarding was _not_ working
> on my CentOS server with IP_FORWARDING=On,
> even after re-starting shorewall (and powering the router on and off).
> That was with net.ipv4.ip_forward = 0.
> But after changing this with
> sudo sysctl -w net.ipv4.ip_forward=1
> the problem seemed to go away.
>
> Is that plausible?
>
> --
> Timothy Murphy
> e-mail: gayleard /at/ eircom.net
> tel: +353-86-2336090, +353-1-2842366
> School of Mathematics, Trinity College, Dublin 2, Ireland
>
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
