ip_forward file

ip_forward file

[Denis JULIEN]

Hi,
In order to validate the routing of my Red hat linux (7.2) I have to do an
echo "1" > /proc/sys/net/ipv4/ip_forward.
But every time that I restart the network service the ip_forward file
returns to the "0" value and my server does not route any more. 
How can I do to keep the ip_forward set to "1"?

(It's my first time on linux..)
thank in advance

Denis   

Re: ip_forward file

[Antony Stone]

On Thursday 04 July 2002 2:16 pm, Denis JULIEN wrote:

> Hi,
> In order to validate the routing of my Red hat linux (7.2) I have to do an
> echo "1" > /proc/sys/net/ipv4/ip_forward.
> But every time that I restart the network service the ip_forward file
> returns to the "0" value and my server does not route any more.
> How can I do to keep the ip_forward set to "1"?

Put the command:
echo "1" > /proc/sys/net/ipv4/ip_forward
into one of your startup scripts (preferably after setting the firewall 
rules).

 

Antony.

Re: ip_forward file

[Fabrice MARIE]

Hello,

On Thursday 04 July 2002 21:16, Denis JULIEN wrote:
> Hi,
> In order to validate the routing of my Red hat linux (7.2) I have to do an
> echo "1" > /proc/sys/net/ipv4/ip_forward.
> But every time that I restart the network service the ip_forward file
> returns to the "0" value and my server does not route any more.
> How can I do to keep the ip_forward set to "1"?
> (It's my first time on linux..)
> thank in advance
> Denis

If you have a file called /etc/sysctl.conf,
then add the following line in it :

net.ipv4.ip_forward = 1

Have a nice day,

Fabrice.
--
Fabrice MARIE
Senior R&D Engineer
Celestix Networks
http://www.celestix.com/

"Silly hacker, root is for administrators"
       -Unknown

RE: ip_forward file

[George Vieira]

Redhat uses it's /etc/sysconfig/network file to save that stuff.. 

IE..

FORWARD_IPV4=yes


thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au



-----Original Message-----
From: Antony Stone [mailto:Antony@Soft-Solutions.co.uk]
Sent: Thursday, 04 July 2002 11:17 PM
To: iptables
Subject: Re: ip_forward file


On Thursday 04 July 2002 2:16 pm, Denis JULIEN wrote:

> Hi,
> In order to validate the routing of my Red hat linux (7.2) I have to do an
> echo "1" > /proc/sys/net/ipv4/ip_forward.
> But every time that I restart the network service the ip_forward file
> returns to the "0" value and my server does not route any more.
> How can I do to keep the ip_forward set to "1"?

Put the command:
echo "1" > /proc/sys/net/ipv4/ip_forward
into one of your startup scripts (preferably after setting the firewall 
rules).

 

Antony.

Re: ip_forward file

[Jan Humme]

On Friday 05 July 2002 00:12, George Vieira wrote:
> Redhat uses it's /etc/sysconfig/network file to save that stuff..
>
> IE..
>
> FORWARD_IPV4=yes

Not on all RedHat versions work this way, e.g. NOT on RH 7.1 which I am 
running today.

But I seem to remember it did in RH 6.1; what version are you running?

On RedHat 7.1 a "service network stop" (or /etc/init.d/network stop) will 
disable forwarding, but "service network start" will NOT enable it again (!), 
unless specified in /etc/sysctl.conf.

So if you do a "service network restart" (or /etc/rc.d/init.d/network 
restart) and expect to have a clean network configuration (after messing 
around or whatever), then your forwarding won't work.

This is the reason why I now use /etc/sysctl.conf instead of a line in 
/etc/rc.local; then everything works fine.

Jan Humme.

RE: ip_forward file

[George Vieira]

I'm using 7.1 but I do admit I also have the "echo 1 > /proc/.." statement
in my firewall rules only because I've copied from other servers I
originally wrote this...

I also hate some redhat scripts and modified mine to check for added
requirements and removed some like (example of one):

#>vi /etc/init.d/network

if [ ! -f /etc/sysconfig/network ]; then
    exit 0
fi
. /etc/sysconfig/network

.
.
.

        if [ -d /proc/sys/net/ipv4 ]; then
#          if [ -f /proc/sys/net/ipv4/ip_forward ]; then
#                if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ]; then
#                        action $"Disabling IPv4 packet forwarding: " sysctl
-w net.ipv4.ip_forward=0
#                fi
#          fi
           case "$FORWARD_IPV4" in
              yes|true)
                 echo "1" > /proc/sys/net/ipv4/ip_forward
                 ;;

              *)
                 echo "0" > /proc/sys/net/ipv4/ip_forward
                 ;;
           esac
        fi


This is something like the one I did for recent clients but from memory
(modded my local machine to show you all)...

thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
http://www.citadelcomputer.com.au



-----Original Message-----
From: Jan Humme [mailto:jan.humme@xs4all.nl]
Sent: Friday, 05 July 2002 8:46 AM
To: George Vieira
Cc: iptables
Subject: Re: ip_forward file


On Friday 05 July 2002 00:12, George Vieira wrote:
> Redhat uses it's /etc/sysconfig/network file to save that stuff..
>
> IE..
>
> FORWARD_IPV4=yes

Not on all RedHat versions work this way, e.g. NOT on RH 7.1 which I am 
running today.

But I seem to remember it did in RH 6.1; what version are you running?

On RedHat 7.1 a "service network stop" (or /etc/init.d/network stop) will 
disable forwarding, but "service network start" will NOT enable it again
(!), 
unless specified in /etc/sysctl.conf.

So if you do a "service network restart" (or /etc/rc.d/init.d/network 
restart) and expect to have a clean network configuration (after messing 
around or whatever), then your forwarding won't work.

This is the reason why I now use /etc/sysctl.conf instead of a line in 
/etc/rc.local; then everything works fine.

Jan Humme.

Re: ip_forward file

[R. Sterenborg]

----- Original Message -----
From: "George Vieira" <GeorgeV@citadelcomputer.com.au>

> I'm using 7.1 but I do admit I also have the "echo 1 > /proc/.." statement
> in my firewall rules only because I've copied from other servers I
> originally wrote this...

Me too, but not because of inheritance.

When I start the firewall script, it handles echo 1 > ...
When I stop the firewall script, it handles echo 0 > ...
And I do that for multiple echo's to /proc/...

This way I have it all in one place instead of different places.
I think it's a matter of opinion where to put it.

Rob