Hello, Since systemd v220, IPForward= parameter in [Network] set kernel parameters by interface (/proc/sys/net/ipv[46]/conf/*/forwarding). This is nice and works perfectly for ipv4.
Unfortunately, ipv6 forwarding doesn't works until we manually set /proc/sys/net/ipv6/conf/all/forwarding to 1. In term of user experience, IPforward=ipv6 doesn't enable ipv6 forwarding on the interface. That's tricked me. From: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt conf/all/forwarding - BOOLEAN Enable global IPv6 forwarding between all interfaces. IPv4 and IPv6 work differently here; e.g. netfilter must be used to control which interfaces may forward packets and which not. An maybe better explained here: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html This enables global IPv6 forwarding between all interfaces. In IPv6 you can't control forwarding per device, forwarding controlhas to be done using IPv6-netfilter (controlled with ip6tables)rulesets and specify input and output devices (see Firewalling/Netfilter6for more).This is different to IPv4, where you are able to control forwarding perdevice (decision is made on interface where packet came in). In others words, IPForward by interface for ipv6 as no sense. So, should we consider:- systemd-networkd have to set /proc/sys/net/ipv6/conf/all/forwarding to 1 when an IPForward=true or IpForward=ipv6- IPForward=ipv6 is nonsense and administrators have to enable ipv6 forwarding somewhere else Cheers, -- Sébastien "Seblu" Luttringer https://seblu.net | Twitter: @seblu42 GPG: 0x2072D77A
signature.asc
Description: This is a digitally signed message part
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
