There's subtle differences between both of the forward statements though.
net.ipv4.ip_forward = 0
is referring to allowing IP traffic to forward between two networks, be it virtual or physical.
The IP Tables forwarding rules are more for forwarding traffic into different IP tables chains to then be dealt with. i.e.
http://jengelh.medozas.de/images/nf-packet-flow.png
This doesn't mean it can't be used to then send the traffic out of another network port, but to do that you need the net.ipv4.ip_forward = 1
where as sendign it down a different IP tables chain you do not necessarily need that set.
Hope that made sense :)
Matt
2009/1/20 Mike McGrath <mmcgrath@xxxxxxxxxx>
On Tue, 20 Jan 2009, Jorge Bras wrote:I could be wrong on this but:
> Hi there,
>
> in iptables config, why not, change the default forward policy to drop ?
> by default ip forwarding is off, but I think is a good practice deny
> everything by default, just in case.
>
net.ipv4.ip_forward = 0
listed in 1.2 should cover that. I'm not sure how its all designed to
work. I just know how it seems to work.
Its probably not a bad idea to set it in both places though.
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
