question about forwarding and sysfs entries

Discussion in 'Linux Networking' started by wkevin, Jun 15, 2013.

  1. wkevin

    wkevin Guest

    Hello,
    As I know, in order that IPv4 traffic could be forwarded in a Linux machine, we should set /proc/sys/net/ipv4/ip_forward to 1.

    My question is:
    there is also:
    /proc/sys/net/ipv4/conf/all/forwarding
    /proc/sys/net/ipv4/conf/default/forwarding
    /proc/sys/net/ipv4/conf/eth0/forwarding
    /proc/sys/net/ipv4/conf/eth1/forwarding
    are they needed also in order to forward a packet which arrives
    on eth0 and should be transmitter from eth1 ?

    I would appreciate if someone can elaborate on it?

    regards,
    Kevin
     
    wkevin, Jun 15, 2013
    #1
    1. Advertisements

  2. wkevin

    Xavier Roche Guest

    Le 15/06/2013 13:26, wkevin a écrit :
    From Documentation/networking/ip-sysctl.txt:

    conf/default/*:
    Change the interface-specific default settings.

    conf/all/*:
    Change all the interface-specific settings.

    conf/interface/*:
    Change special settings per interface.

    The functional behaviour for certain settings is different
    depending on whether local forwarding is enabled or not.

    conf/all/forwarding - BOOLEAN
    Enable global IPv6 forwarding between all interfaces.

    IPv4 and IPv6 work differently here; e.g. netfilter must be used
    to control which interfaces may forward packets and which not.

    This also sets all interfaces' Host/Router setting
    'forwarding' to the specified value. See below for details.

    This referred to as global forwarding.

    forwarding - BOOLEAN
    Enable IP forwarding on this interface.

    When you want to change a specific interface, use the conf/<interface>
    one. Changing all will affect all interfaces (which seems logical). The
    default one probably affects interfaces being created (?)
     
    Xavier Roche, Jun 15, 2013
    #2
    1. Advertisements

  3. I looked into the meaning of ‘all’ in another place back in March. It
    turns out to be a bit weird. Here’s what I wrote at the time:

    I don’t think it has a single coherent meaning. For instance:

    - Setting net.ipv4.conf.all.forwarding=1 sets
    net.ipv4.conf.<device>.forwarding for every device.

    - Setting net.ipv4.conf.all.accept_redirects=0 doesn’t disable it for
    any of the individual devices.

    This is done on a case-by-case basis for each sysctl (although most are
    like accept_redirects rather than forwarding).

    The value you get back is the last value you wrote to that sysctl, even
    if it’s now inconsistent with everything else. For instance you can
    have:

    net.ipv4.conf.all.forwarding = 1
    net.ipv4.conf.default.forwarding = 0
    net.ipv4.conf.lo.forwarding = 0
    net.ipv4.conf.eth0.forwarding = 0
    net.ipv4.conf.br0.forwarding = 0
    net.ipv4.conf.vboxnet0.forwarding = 0
    net.ipv4.conf.pan0.forwarding = 0

    ...if you’ve set all.forwarding=1 and then set all the rest to 0.

    Moreover: these things are all just kernel variables, not behaviors as
    such; the way they get used depends on whether the relevant bit of
    kernel code reads the all version, the device version or both. The
    documentation does reflect this point; for instance the accept_redirects
    section describes what combination of sysctl values will turn the
    behaviour on or off. (I’ve not done an exhaustive check though.)
     
    Richard Kettlewell, Jun 15, 2013
    #3
  4. Richard Kettlewell a écrit :
    Indeed 'forwarding' is the special case. For most other parameters under
    net.ipv4.conf, the operationnal value for each interface is a
    combination of net.ipv4.conf.<interface>.<parameter> and
    net.ipv4.conf.all.<parameter>. The operator may be AND, OR, MAX...
    depending on each parameter. See the descriptions in ip-sysctl.txt.
    AFAICS, it seems that most parameters under net.ipv6.conf.all other that
    forwarding are just ignored.
     
    Pascal Hambourg, Jun 22, 2013
    #4
  5. wkevin a écrit :

    /proc/sys/net/ipv4/ip_forward

    /proc/sys/ has nothing to do with sysfs (as mentionned in your subject).
    sysfs is mounted on /sys.
     
    Pascal Hambourg, Jun 22, 2013
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.