Bug 1130195

Summary: No documentation about permanently enabling IP packets forwarding
Product: Red Hat Enterprise Linux 7 Reporter: Răzvan Sandu <razvan.sandu>
Component: doc-Networking_GuideAssignee: Ioanna Gkioka <igkioka>
Status: CLOSED CURRENTRELEASE QA Contact: Marcelo Ricardo Leitner <mleitner>
Severity: medium Docs Contact:
Priority: high    
Version: 7.2CC: mjahoda, mleitner, swadeley
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1444353 (view as bug list) Environment:
Last Closed: 2017-05-24 16:07:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1444353    

Description Răzvan Sandu 2014-08-14 14:08:08 UTC
Description of problem:

Since Red Hat Enterprise Linux 7.0, the content of the file /etc/sysctl.conf has changed (together with the whole /etc/sysctl.d/ system).

The default setting of the net.ipv4.ip_forward ( = 0) has dissapeared from the file and there is no obvious way to permanently set IP packet forwarding in case the system is used as a router.

The same is true for setting IP packet forwarding for IPv6, if a separate kernel parameter is necessary. In the new paradigm, is /etc/sysctl.conf the correct place is there another method/another file ?


Actual results:
There is no obvious (recommended, documented) way of permanently setting the IPv4 and IPv6 packet forwarding.

Expected results:
Please document a recommended way of setting this, in the correct place (file).

Comment 2 Stephen Wadeley 2014-08-14 15:01:13 UTC
Hello Răzvan 

Thank you for raising this bug.

You may the Security Guide useful, in particular this section:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Network_Access.html#sec-Disabling_Source_Routing


Thank you

Comment 3 Răzvan Sandu 2014-08-14 16:06:02 UTC
Thank you, Stephen, but neither of the commands:

~]# /sbin/sysctl -w net.ipv4.conf.all.forwarding=1

~]# /sbin/sysctl -w net.ipv6.conf.all.forwarding=1

~]# /sbin/sysctl -w net.ipv4.ip_forward=1

does not survive a reboot (firewalld is disabled as a service, no other firewall solution in place - such as shorewall).

Should I put this back in /etc/sysctl.conf or /etc/sysctl.d/90-sysctl.conf, via a text editor, manually? What should be the correct file?


Best regards,
Răzvan

Comment 4 Stephen Wadeley 2014-09-16 14:00:42 UTC
Hello Răzvan

Re page as per link in comment 2.

I see this text at the end of "Disabling Source Routing" section:

 "In order to make the settings permanent they must be added to /etc/sysctl.conf. "

At the end of the "Reverse Path Filtering" section, I see this text:
 "To make these settings persistent across reboot, modify the /etc/sysctl.conf file."


Not consistent....I should improve that.

Comment 5 Stephen Wadeley 2014-09-16 14:05:59 UTC
I will review the Networking Guide to see if I can find an appropriate place to mention packet forwarding and link to the section in the Security Guide.

Comment 23 Mirek Jahoda 2017-05-24 16:07:12 UTC
The update has been published on the Customer Portal [1]

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/Networking_Guide/index.html