|Summary:||No documentation about permanently enabling IP packets forwarding|
|Product:||Red Hat Enterprise Linux 7||Reporter:||Răzvan Sandu <razvan.sandu>|
|Component:||doc-Networking_Guide||Assignee:||Ioanna Gkioka <igkioka>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Marcelo Ricardo Leitner <mleitner>|
|Version:||7.2||CC:||mjahoda, mleitner, swadeley|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|:||1444353 (view as bug list)||Environment:|
|Last Closed:||2017-05-24 16:07:12 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Răzvan Sandu 2014-08-14 14:08:08 UTC
Description of problem: Since Red Hat Enterprise Linux 7.0, the content of the file /etc/sysctl.conf has changed (together with the whole /etc/sysctl.d/ system). The default setting of the net.ipv4.ip_forward ( = 0) has dissapeared from the file and there is no obvious way to permanently set IP packet forwarding in case the system is used as a router. The same is true for setting IP packet forwarding for IPv6, if a separate kernel parameter is necessary. In the new paradigm, is /etc/sysctl.conf the correct place is there another method/another file ? Actual results: There is no obvious (recommended, documented) way of permanently setting the IPv4 and IPv6 packet forwarding. Expected results: Please document a recommended way of setting this, in the correct place (file).
Comment 2 Stephen Wadeley 2014-08-14 15:01:13 UTC
Hello Răzvan Thank you for raising this bug. You may the Security Guide useful, in particular this section: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Network_Access.html#sec-Disabling_Source_Routing Thank you
Comment 3 Răzvan Sandu 2014-08-14 16:06:02 UTC
Thank you, Stephen, but neither of the commands: ~]# /sbin/sysctl -w net.ipv4.conf.all.forwarding=1 ~]# /sbin/sysctl -w net.ipv6.conf.all.forwarding=1 ~]# /sbin/sysctl -w net.ipv4.ip_forward=1 does not survive a reboot (firewalld is disabled as a service, no other firewall solution in place - such as shorewall). Should I put this back in /etc/sysctl.conf or /etc/sysctl.d/90-sysctl.conf, via a text editor, manually? What should be the correct file? Best regards, Răzvan
Comment 4 Stephen Wadeley 2014-09-16 14:00:42 UTC
Hello Răzvan Re page as per link in comment 2. I see this text at the end of "Disabling Source Routing" section: "In order to make the settings permanent they must be added to /etc/sysctl.conf. " At the end of the "Reverse Path Filtering" section, I see this text: "To make these settings persistent across reboot, modify the /etc/sysctl.conf file." Not consistent....I should improve that.
Comment 5 Stephen Wadeley 2014-09-16 14:05:59 UTC
I will review the Networking Guide to see if I can find an appropriate place to mention packet forwarding and link to the section in the Security Guide.
Comment 23 Mirek Jahoda 2017-05-24 16:07:12 UTC
The update has been published on the Customer Portal   https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/Networking_Guide/index.html