[systemd-devel] Recommended way to enable IPForward for a system using networkd?
Mantas Mikulėnas
grawity at gmail.com
Fri Aug 3 11:36:58 UTC 2018
On Fri, Aug 3, 2018 at 2:33 PM Lennart Poettering <lennart at poettering.net>
wrote:
> On Do, 02.08.18 10:17, Filipe Brandenburger (filbranden at google.com) wrote:
>
> > So, IPForward is a global setting and yet with networkd it needs to be
> > attached to an interface...
> >
> > What's the best way to enable it on a system, that's general enough and
> > won't really depend on the existing interface configurations (let's
> assume
> > those will be managed separately through drop-ins somehow...)
> >
> > I tried creating an /etc/systemd/network/99-forwarding.network with the
> > configuration and no match:
> >
> > [Network]
> > IPForward=yes
> >
> > But that doesn't work since all the network interfaces get a match
> earlier
> > on...
> >
> > Using an earlier file would risk clobbering the actual configuration of
> > real interfaces...
> >
> > Since the setting is global anyways... Would it make sense to recognize
> it
> > in networkd.conf?
> >
> > Or am I missing an obvious way to set this up that would work regardless
> of
> > which *.network files are used to configure the interfaces?
>
> So in the kernel the flag is a bit weird, as it exists twice: once
> globally and once per-interface, and the relationship is just
> strange. Moreover on Ipv6 only the per-interface flag exists.
>
On IPv6 it's actually the opposite – the *global* flag controls whether
actual forwarding happens, while the per-interface flag just tweaks stuff
related to accept_ra and accept_redirects.
(Documentation/networking/ip-sysctl.txt:1472)
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180803/f4001654/attachment.html>
More information about the systemd-devel
mailing list