[GLLUG] ipchains

djf2 djf2@danu.ili.net
Wed, 12 Feb 2003 16:22:09 -0500 (EST) 

On Tue, 11 Feb 2003, David Lee Lambert wrote:

> > The IP masquerading code will only work if IP forwarding is enabled
> > in your kernel; you can do this by saying Y to "/proc
> > filesystem support" and "Sysctl support" below and then executing a
> > line like
> >
> >   echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > from a boot time script after the /proc filesystem has been mounted.
> 
> When I try doing this,  I get a 'file not found' error.  I do have a /proc
> filesystem,  and the option '/proc filesystem' is enabled in the kernel
> configuration (under the section Filesystems);  is there another option
> elsewhere I should know about?
> 

     You should also be able to find this info out through sysctl :

[root@]# /sbin/sysctl -A net.ipv4 | grep forward
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.ip_forward = 0


     Sysctl acted a bit weird on one of the machines I tried this on, a
2.4 series machine, so I had to grep for 'net.ipv4' and then grep for
'forward'.  However, the variables are still the same.  I haven't
worked with linux based firwalls/nats in awhile, but my guess would be if
you change net.ipv4.ip_forward or net.ipv4.conf.all.forwarding to 1 it'd
have the effect you're looking for.  If you see values of 0 for these you
probably dont have forwarding enabled.  I believe you can have changes to
variables set at boot time using /etc/sysctl.conf.  Oddly, on the BSD
machines that I herd, there's only one variable to enable
forwarding...does anyone know why this is?  My only guess was that linux
wants you to make changes like this in /proc, but all these same variables
are in /proc as well.  Anyways, HTH. 


--
"Is that sound you're hearing the trumpeting of St. Peter's angels
 or the screams of Memnoch's tortured souls?"
Don Flynn        djf2@ili.net                   Sayge@IRC