[systemd-devel] systemd-networkd: IPForward with ipv6
Sébastien Luttringer
seblu at seblu.net
Wed Jun 3 10:18:58 PDT 2015
Hello,
Since systemd v220, IPForward= parameter in [Network] set kernel
parameters by interface (/proc/sys/net/ipv[46]/conf/*/forwarding).
This is nice and works perfectly for ipv4.
Unfortunately, ipv6 forwarding doesn't works until we manually set
/proc/sys/net/ipv6/conf/all/forwarding to 1.
In term of user experience, IPforward=ipv6 doesn't enable ipv6
forwarding on the interface. That's tricked me.
From:
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
conf/all/forwarding - BOOLEAN
Enable global IPv6 forwarding between all interfaces.
IPv4 and IPv6 work differently here; e.g. netfilter must be
used
to control which interfaces may forward packets and which not.
An maybe better explained here:
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html
This enables global IPv6 forwarding between all interfaces.
In IPv6 you can't control forwarding per device, forwarding controlhas to be done using IPv6-netfilter (controlled with ip6tables)rulesets and specify input and output devices (see Firewalling/Netfilter6for more).This is different to IPv4, where you are able to control forwarding perdevice (decision is made on interface where packet came in).
In others words, IPForward by interface for ipv6 as no sense.
So, should we consider:- systemd-networkd have to set /proc/sys/net/ipv6/conf/all/forwarding to 1 when an IPForward=true or IpForward=ipv6- IPForward=ipv6 is nonsense and administrators have to enable ipv6 forwarding somewhere else
Cheers,
--
Sébastien "Seblu" Luttringer
https://seblu.net | Twitter: @seblu42
GPG: 0x2072D77A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150603/aff22276/attachment.sig>
More information about the systemd-devel
mailing list