Recommended way to enable IPForward for a system using networkd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Aug 3, 2018 at 2:33 PM Lennart Poettering <lennart at poettering.net>
wrote:

> On Do, 02.08.18 10:17, Filipe Brandenburger (filbranden at google.com) wrote:
>
> > So, IPForward is a global setting and yet with networkd it needs to be
> > attached to an interface...
> >
> > What's the best way to enable it on a system, that's general enough and
> > won't really depend on the existing interface configurations (let's
> assume
> > those will be managed separately through drop-ins somehow...)
> >
> > I tried creating an /etc/systemd/network/99-forwarding.network with the
> > configuration and no match:
> >
> >   [Network]
> >   IPForward=yes
> >
> > But that doesn't work since all the network interfaces get a match
> earlier
> > on...
> >
> > Using an earlier file would risk clobbering the actual configuration of
> > real interfaces...
> >
> > Since the setting is global anyways... Would it make sense to recognize
> it
> > in networkd.conf?
> >
> > Or am I missing an obvious way to set this up that would work regardless
> of
> > which *.network files are used to configure the interfaces?
>
> So in the kernel the flag is a bit weird, as it exists twice: once
> globally and once per-interface, and the relationship is just
> strange. Moreover on Ipv6 only the per-interface flag exists.
>

On IPv6 it's actually the opposite â?? the *global* flag controls whether
actual forwarding happens, while the per-interface flag just tweaks stuff
related to accept_ra and accept_redirects.
(Documentation/networking/ip-sysctl.txt:1472)

-- 
Mantas MikulÄ?nas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180803/f4001654/attachment.html>
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux