[systemd-devel] ip forwarding

[Johannes Ernst]

TL;DR: I propose to have IPForward default to “no change”, rather than 0, as 0 has unexpected consequences for non-expert users.

Details: A few months ago there where some threads about ip_forwarding needing a toggle from 1 to 0 and back to 1 before it would work. [1][2][3]

It appears I found the reason for this. With "net.ipv4.ip_forward = 1” in sysctl.d, after a fresh boot:

    > for i in /proc/sys/net/ipv4/ip_forward /proc/sys/net/ipv4/conf/*/forwarding; do echo -n $i: ; cat $i; done
    /proc/sys/net/ipv4/ip_forward:1
    /proc/sys/net/ipv4/conf/all/forwarding:1
    /proc/sys/net/ipv4/conf/default/forwarding:1
    /proc/sys/net/ipv4/conf/enp0s3/forwarding:0    <= Why?
    /proc/sys/net/ipv4/conf/lo/forwarding:1

If I then do the toggle dance:

    > sysctl net.ipv4.ip_forward=0
    > sysctl net.ipv4.ip_forward=1

I get what I expected in the first place:

    /proc/sys/net/ipv4/ip_forward:1
    /proc/sys/net/ipv4/conf/all/forwarding:1
    /proc/sys/net/ipv4/conf/default/forwarding:1
    /proc/sys/net/ipv4/conf/enp0s3/forwarding:1
    /proc/sys/net/ipv4/conf/lo/forwarding:1

Adding net.ipv4.conf.enp0s3.forwarding = 1 to sysctl.d does not have the desired effect.

Turns out my innocent-looking .network file is the culprit:

    [Match]
    Name=en*

    [Network]
    DHCP=ipv4

Without that file, after boot the enp0s3 flag remains 1 as expected.

The problem: I thought I created that file to say “get an IP address via DHCP” because that’s all it talks about. But due to the IPForward default, I also specified “and turn off ip forwarding”, which is non-obvious (e.g. I just found out, and I originally ran into this in June). So I suggest the default should be “don’t touch this setting” instead of 0.

Cheers,



Johannes.


[1] http://lists.freedesktop.org/archives/systemd-devel/2015-June/033239.html
[2] http://lists.freedesktop.org/archives/systemd-devel/2015-July/033738.html
[3] https://github.com/systemd/systemd/issues/468