On Do, 02.08.18 10:17, Filipe Brandenburger (filbranden at google.com) wrote: > So, IPForward is a global setting and yet with networkd it needs to be > attached to an interface... > > What's the best way to enable it on a system, that's general enough and > won't really depend on the existing interface configurations (let's assume > those will be managed separately through drop-ins somehow...) > > I tried creating an /etc/systemd/network/99-forwarding.network with the > configuration and no match: > > [Network] > IPForward=yes > > But that doesn't work since all the network interfaces get a match earlier > on... > > Using an earlier file would risk clobbering the actual configuration of > real interfaces... > > Since the setting is global anyways... Would it make sense to recognize it > in networkd.conf? > > Or am I missing an obvious way to set this up that would work regardless of > which *.network files are used to configure the interfaces? So in the kernel the flag is a bit weird, as it exists twice: once globally and once per-interface, and the relationship is just strange. Moreover on Ipv6 only the per-interface flag exists. networkd currently was written in a style that the global flag was a mistake of history, and the per-interface one is the one that matters and is what users should use. It will touch the global one only in very limited ways: as soon as one interface wants forwarding it will turn on the global one if it was off before. It will never turn it off again. This simplistic logic is also implemented as there's no clear ownership of the knob, and other network configuration tools might want to change it too. hence, if you want to enable it globally for all interfaces then networkd won't really help you... for the interfaces networkd manages it will ensure that the per-interface ip forwarding bool is excactly on when the .network file says so and not otherwise. This means turning on the global setting won't bother networkd much, forwarding will remain off on specific interfaces if the individual .network files didn't say otherwise. If you want to turn on the flag for all interfaces managed by networkd, you'd have to modify the .network file for each (or add a .d/ dropin for them). There's currently no concept in networkd for setting options on really *all* interfaces at once. Lennart -- Lennart Poettering, Red Hat
Recommended way to enable IPForward for a system using networkd?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Recommended way to enable IPForward for a system using networkd?
- From: lennart@xxxxxxxxxxxxxx (Lennart Poettering)
- Date: Fri, 3 Aug 2018 13:31:24 +0200
- In-reply-to: <CADU+-uCs3ZKatZpQnQ8-eP3T6d0fAuEis-BKt7m0nSpLGgggGg@mail.gmail.com>
- References: <CADU+-uCs3ZKatZpQnQ8-eP3T6d0fAuEis-BKt7m0nSpLGgggGg@mail.gmail.com>
- Follow-Ups:
- Recommended way to enable IPForward for a system using networkd?
- From: Filipe Brandenburger
- Recommended way to enable IPForward for a system using networkd?
- From: Mantas Mikulėnas
- Recommended way to enable IPForward for a system using networkd?
- References:
- Recommended way to enable IPForward for a system using networkd?
- From: Filipe Brandenburger
- Recommended way to enable IPForward for a system using networkd?
- Prev by Date: Best way to run upstream systemd
- Next by Date: Recommended way to enable IPForward for a system using networkd?
- Previous by thread: Recommended way to enable IPForward for a system using networkd?
- Next by thread: Recommended way to enable IPForward for a system using networkd?
- Index(es):
 |