Re: IP-Masquerade
Ip forwarding is controlled by the content in
/proc/sys/net/ipv4/ip_forward.
It is documented in:
/path_to_your_kernel_source/Documentation/Configure.help
/path_to_your_kernel_source/Documentation/Documentation/networking/ip-sysctl.txt
(I.e. if you have the kernel source available)
$ cat /proc/sys/net/ipv4/ip_forward
1
As seen by example above, I have forwarding enabled.
--------------------
Boot time setup:
Forwarding is set up by /etc/init.d/networking, as seen by:
$ grep -C5 ip_forward /etc/init.d/*
/etc/init.d/networking- else
/etc/init.d/networking- echo "FAILED"
/etc/init.d/networking- fi
/etc/init.d/networking-}
/etc/init.d/networking-
/etc/init.d/networking:ip_forward () {
/etc/init.d/networking: if [ -e /proc/sys/net/ipv4/ip_forward ]; then
/etc/init.d/networking- echo -n "Enabling packet forwarding: "
/etc/init.d/networking: echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking- echo "done."
/etc/init.d/networking- fi
/etc/init.d/networking-}
/etc/init.d/networking-
/etc/init.d/networking-syncookies () {
--
/etc/init.d/networking-
/etc/init.d/networking-case "$1" in
/etc/init.d/networking- start)
/etc/init.d/networking- doopt spoofprotect yes
/etc/init.d/networking- doopt syncookies no
/etc/init.d/networking: doopt ip_forward no
/etc/init.d/networking-
/etc/init.d/networking- echo -n "Configuring network interfaces: "
/etc/init.d/networking- ifup -a
/etc/init.d/networking- echo "done."
/etc/init.d/networking- ;;
where some routine called 'doopt' does the job:
$ grep -C5 doopt /etc/init.d/networking
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "done."
fi
}
doopt () {
optname=$1
default=$2
opt=`grep "^$optname=" /etc/network/options`
if [ -z "$opt" ]; then
opt="$optname=$default"
--
fi
}
case "$1" in
start)
doopt spoofprotect yes
doopt syncookies no
doopt ip_forward no
echo -n "Configuring network interfaces: "
ifup -a
echo "done."
;;
doopt asks the file /etc/network/options for settings (the grep thing above).
It contains:
$ cat /etc/network/options
ip_forward=no
spoofprotect=yes
syncookies=no
So to have the box do forwarding by default after boot, edit the file above
and set ip_forward to yes.
Regards,
/Karl
-----------------------------------------------------------------------
Karl Hammar Aspö Data karl@kalle.csb.ki.se
Lilla Aspö 2340 +46 173 140 57 Networks
S-742 94 Östhammar +46 70 511 97 84 Computers
Sweden Consulting
-----------------------------------------------------------------------
From: Geoff <debian_newbie@clear.net.nz>
Subject: IP-Masquerade
Date: Sat, 05 Aug 2000 23:28:42 +1200
> Hi... I'm an absolute newbie to Debian Linux. I had this guy come visit and
> set up a Debian server using Ip-Masq and forwarding. He set it up to "Dial
> on Demand" and "Forward IP requests" just the usual things.
> It was going real well in a P75 with 32 meg of ram... It was set up so I
> could do a simple PON or POFF command to initiate it. For one reason or
> another I had to shut it down using the CTRL-ALT-DEL command. I flicked the
> power off and Subsequently on restarting the "Server" again. The forwarding
> (when you look at the system log) is being denied for one reason or
> another... is there a command that I have to type (before the PON
> command)say as root or something to initiate it.
> I'm not very good at command line... so this might be tricky for you guys
> to help me.
> Cheers
> Geoff
> A Real Newbie
> Geoff
> New Zealand
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: