This makes my point. The default = 0 is counter intuitive and costs much time for the lucky ones among us who can figure it out. The rest will just give up...
Sent from my iPad. > On Nov 5, 2015, at 22:32, Peter Paule <systemd-de...@fedux.org> wrote: > > Hi Johannes, > > I had the same problem, I even wrote an article about that > (https://www.fedux.org/articles/2015/09/09/having-no-fun-with-rubygems-systemd-docker-and-networking.html). > > I think, you use `systemd-networkd`. Correct? The behaviour is documented > in "systemd.network-manual". > > Note: unless this option is turned on, or set to “kernel”, no IP > forwarding is done on this interface, even if this is globally turned on > in the kernel, with the net.ipv4.ip_forward, > net.ipv4.conf.all.forwarding, and net.ipv6.conf.all.forwarding sysctl > options. > > I took me by surprise, too. But a new tool needs some learning. > Unfortunately. Though I would suggest to add some example to the manual > `systemd.network` or at least add a comment like that. > > ~~~ > Example 2. /etc/systemd/network/80-dhcp.network > > [Match] > Name=en* > > [Network] > DHCP=yes > # enable ip forwarding for that interface, defaults to "no" > # IPForward=yes > ~~~ > > Cheers, > Dennis > > Excerpts from Johannes Ernst's message of 2015-11-05 16:08:26 -0800: >> TL;DR: I propose to have IPForward default to “no change”, rather than 0, as >> 0 has unexpected consequences for non-expert users. >> >> Details: A few months ago there where some threads about ip_forwarding >> needing a toggle from 1 to 0 and back to 1 before it would work. [1][2][3] >> >> It appears I found the reason for this. With "net.ipv4.ip_forward = 1” in >> sysctl.d, after a fresh boot: >> >>> for i in /proc/sys/net/ipv4/ip_forward >>> /proc/sys/net/ipv4/conf/*/forwarding; do echo -n $i: ; cat $i; done >> /proc/sys/net/ipv4/ip_forward:1 >> /proc/sys/net/ipv4/conf/all/forwarding:1 >> /proc/sys/net/ipv4/conf/default/forwarding:1 >> /proc/sys/net/ipv4/conf/enp0s3/forwarding:0 <= Why? >> /proc/sys/net/ipv4/conf/lo/forwarding:1 >> >> If I then do the toggle dance: >> >>> sysctl net.ipv4.ip_forward=0 >>> sysctl net.ipv4.ip_forward=1 >> >> I get what I expected in the first place: >> >> /proc/sys/net/ipv4/ip_forward:1 >> /proc/sys/net/ipv4/conf/all/forwarding:1 >> /proc/sys/net/ipv4/conf/default/forwarding:1 >> /proc/sys/net/ipv4/conf/enp0s3/forwarding:1 >> /proc/sys/net/ipv4/conf/lo/forwarding:1 >> >> Adding net.ipv4.conf.enp0s3.forwarding = 1 to sysctl.d does not have the >> desired effect. >> >> Turns out my innocent-looking .network file is the culprit: >> >> [Match] >> Name=en* >> >> [Network] >> DHCP=ipv4 >> >> Without that file, after boot the enp0s3 flag remains 1 as expected. >> >> The problem: I thought I created that file to say “get an IP address via >> DHCP” because that’s all it talks about. But due to the IPForward default, I >> also specified “and turn off ip forwarding”, which is non-obvious (e.g. I >> just found out, and I originally ran into this in June). So I suggest the >> default should be “don’t touch this setting” instead of 0. >> >> Cheers, >> >> >> >> Johannes. >> >> >> [1] http://lists.freedesktop.org/archives/systemd-devel/2015-June/033239.html >> [2] http://lists.freedesktop.org/archives/systemd-devel/2015-July/033738.html >> [3] https://github.com/systemd/systemd/issues/468 >> > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
