• question about forwarding and sysfs entries

    From wkevin@1:0/0 to All on Sat Jun 15 11:26:26 2013

    Hello,
    As I know, in order that IPv4 traffic could be forwarded in a Linux machine, we should set /proc/sys/net/ipv4/ip_forward to 1.

    My question is:
    there is also:
    /proc/sys/net/ipv4/conf/all/forwarding /proc/sys/net/ipv4/conf/default/forwarding /proc/sys/net/ipv4/conf/eth0/forwarding
    /proc/sys/net/ipv4/conf/eth1/forwarding
    are they needed also in order to forward a packet which arrives
    on eth0 and should be transmitter from eth1 ?

    I would appreciate if someone can elaborate on it?

    regards,
    Kevin

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobb
  • From Xavier Roche@110:110/2002 to All on Sat Jun 15 12:05:36 2013

    Le 15/06/2013 13:26, wkevin a ‚crit :
    I would appreciate if someone can elaborate on it?

    From Documentation/networking/ip-sysctl.txt:

    conf/default/*:
    Change the interface-specific default settings.

    conf/all/*:
    Change all the interface-specific settings.

    conf/interface/*:
    Change special settings per interface.

    The functional behaviour for certain settings is different
    depending on whether local forwarding is enabled or not.

    conf/all/forwarding - BOOLEAN
    Enable global IPv6 forwarding between all interfaces.

    IPv4 and IPv6 work differently here; e.g. netfilter must be used
    to control which interfaces may forward packets and which not.

    This also sets all interfaces' Host/Router setting
    'forwarding' to the specified value. See below for details.

    This referred to as global forwarding.

    forwarding - BOOLEAN
    Enable IP forwarding on this interface.

    When you want to change a specific interface, use the conf/<interface>
    one. Changing all will affect all interfaces (which seems logical). The
    default one probably affects interfaces being created (?)


    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Nowhere Corp. (110:110/2002@linuxnet)
  • From Richard Kettlewell@110:110/2002 to All on Sat Jun 15 15:14:42 2013

    Xavier Roche <xroche@free.fr.NOSPAM.invalid> writes:
    Le 15/06/2013 13:26, wkevin a ‚crit :
    I would appreciate if someone can elaborate on it?

    From Documentation/networking/ip-sysctl.txt:

    conf/default/*:
    Change the interface-specific default settings.

    conf/all/*:
    Change all the interface-specific settings.

    conf/interface/*:
    Change special settings per interface.

    The functional behaviour for certain settings is different
    depending on whether local forwarding is enabled or not.

    conf/all/forwarding - BOOLEAN
    Enable global IPv6 forwarding between all interfaces.

    IPv4 and IPv6 work differently here; e.g. netfilter must be used
    to control which interfaces may forward packets and which not.

    This also sets all interfaces' Host/Router setting
    'forwarding' to the specified value. See below for details.

    This referred to as global forwarding.

    forwarding - BOOLEAN
    Enable IP forwarding on this interface.

    When you want to change a specific interface, use the conf/<interface>
    one. Changing all will affect all interfaces (which seems logical). The default one probably affects interfaces being created (?)

    I looked into the meaning of ‘all’ in another place back in March. It turns out to be a bit weird. Here’s what I wrote at the time:

    I don’t think it has a single coherent meaning. For instance:

    - Setting net.ipv4.conf.all.forwarding=1 sets
    net.ipv4.conf.<device>.forwarding for every device.

    - Setting net.ipv4.conf.all.accept_redirects=0 doesn’t disable it for
    any of the individual devices.

    This is done on a case-by-case basis for each sysctl (although most are
    like accept_redirects rather than forwarding).

    The value you get back is the last value you wrote to that sysctl, even
    if it’s now inconsistent with everything else. For instance you can
    have:

    net.ipv4.conf.all.forwarding = 1
    net.ipv4.conf.default.forwarding = 0
    net.ipv4.conf.lo.forwarding = 0
    net.ipv4.conf.eth0.forwarding = 0
    net.ipv4.conf.br0.forwarding = 0
    net.ipv4.conf.vboxnet0.forwarding = 0
    net.ipv4.conf.pan0.forwarding = 0

    ...if you’ve set all.forwarding=1 and then set all the rest to 0.

    Moreover: these things are all just kernel variables, not behaviors as
    such; the way they get used depends on whether the relevant bit of
    kernel code reads the all version, the device version or both. The
    documentation does reflect this point; for instance the accept_redirects
    section describes what combination of sysctl values will turn the
    behaviour on or off. (I’ve not done an exhaustive check though.)

    --
    http://www.greenend.org.uk/rjk/

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Anjou (110:110/2002@linuxnet)
  • From Pascal Hambourg@110:110/2002 to All on Sat Jun 22 12:40:40 2013

    Reply-To: pascal.news@plouf.fr.eu.org

    Richard Kettlewell a ‚crit :

    I looked into the meaning of 'all' in another place back in March. It
    turns out to be a bit weird. Here's what I wrote at the time:

    I don't think it has a single coherent meaning. For instance:

    - Setting net.ipv4.conf.all.forwarding=1 sets
    net.ipv4.conf.<device>.forwarding for every device.

    - Setting net.ipv4.conf.all.accept_redirects=0 doesn't disable it for
    any of the individual devices.

    This is done on a case-by-case basis for each sysctl (although most are
    like accept_redirects rather than forwarding).

    Indeed 'forwarding' is the special case. For most other parameters under net.ipv4.conf, the operationnal value for each interface is a
    combination of net.ipv4.conf.<interface>.<parameter> and net.ipv4.conf.all.<parameter>. The operator may be AND, OR, MAX...
    depending on each parameter. See the descriptions in ip-sysctl.txt.
    AFAICS, it seems that most parameters under net.ipv6.conf.all other that forwarding are just ignored.

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Plouf ! (110:110/2002@linuxnet)
  • From Pascal Hambourg@110:110/2002 to All on Sat Jun 22 12:42:18 2013

    Reply-To: pascal.news@plouf.fr.eu.org

    wkevin a ‚crit :

    /proc/sys/net/ipv4/ip_forward

    /proc/sys/ has nothing to do with sysfs (as mentionned in your subject).
    sysfs is mounted on /sys.

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Plouf ! (110:110/2002@linuxnet)