Bug 1130195 - No documentation about permanently enabling IP packets forwarding
Summary: No documentation about permanently enabling IP packets forwarding
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-Networking_Guide
Version: 7.2
Hardware: All
OS: All
high
medium
Target Milestone: rc
: ---
Assignee: Ioanna Gkioka
QA Contact: Marcelo Ricardo Leitner
URL:
Whiteboard:
Depends On:
Blocks: 1444353
TreeView+ depends on / blocked
 
Reported: 2014-08-14 14:08 UTC by Răzvan Sandu
Modified: 2019-03-06 02:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1444353 (view as bug list)
Environment:
Last Closed: 2017-05-24 16:07:12 UTC


Attachments (Terms of Use)

Description Răzvan Sandu 2014-08-14 14:08:08 UTC
Description of problem:

Since Red Hat Enterprise Linux 7.0, the content of the file /etc/sysctl.conf has changed (together with the whole /etc/sysctl.d/ system).

The default setting of the net.ipv4.ip_forward ( = 0) has dissapeared from the file and there is no obvious way to permanently set IP packet forwarding in case the system is used as a router.

The same is true for setting IP packet forwarding for IPv6, if a separate kernel parameter is necessary. In the new paradigm, is /etc/sysctl.conf the correct place is there another method/another file ?


Actual results:
There is no obvious (recommended, documented) way of permanently setting the IPv4 and IPv6 packet forwarding.

Expected results:
Please document a recommended way of setting this, in the correct place (file).

Comment 2 Stephen Wadeley 2014-08-14 15:01:13 UTC
Hello Răzvan 

Thank you for raising this bug.

You may the Security Guide useful, in particular this section:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Network_Access.html#sec-Disabling_Source_Routing


Thank you

Comment 3 Răzvan Sandu 2014-08-14 16:06:02 UTC
Thank you, Stephen, but neither of the commands:

~]# /sbin/sysctl -w net.ipv4.conf.all.forwarding=1

~]# /sbin/sysctl -w net.ipv6.conf.all.forwarding=1

~]# /sbin/sysctl -w net.ipv4.ip_forward=1

does not survive a reboot (firewalld is disabled as a service, no other firewall solution in place - such as shorewall).

Should I put this back in /etc/sysctl.conf or /etc/sysctl.d/90-sysctl.conf, via a text editor, manually? What should be the correct file?


Best regards,
Răzvan

Comment 4 Stephen Wadeley 2014-09-16 14:00:42 UTC
Hello Răzvan

Re page as per link in comment 2.

I see this text at the end of "Disabling Source Routing" section:

 "In order to make the settings permanent they must be added to /etc/sysctl.conf. "

At the end of the "Reverse Path Filtering" section, I see this text:
 "To make these settings persistent across reboot, modify the /etc/sysctl.conf file."


Not consistent....I should improve that.

Comment 5 Stephen Wadeley 2014-09-16 14:05:59 UTC
I will review the Networking Guide to see if I can find an appropriate place to mention packet forwarding and link to the section in the Security Guide.

Comment 23 Mirek Jahoda 2017-05-24 16:07:12 UTC
The update has been published on the Customer Portal [1]

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/Networking_Guide/index.html


Note You need to log in before you can comment on or make changes to this bug.