Bug 426792 - after a boot /proc/sys/net/ipv4/ip_forward always equals one
after a boot /proc/sys/net/ipv4/ip_forward always equals one
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: rcs (Show other bugs)
8
i386 Linux
low Severity low
: ---
: ---
Assigned To: Jiri Moskovcak
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-26 08:16 EST by Bert Baare
Modified: 2015-02-01 17:47 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-09 00:37:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bert Baare 2007-12-26 08:16:53 EST
[root@localhost ipv4]# uname -a
Linux localhost.localdomain 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 14:52:29 EST 2007
i686 i686 i386 GNU/Linux
[root@bert ipv4]# cd /proc/sys/net/ipv4
[root@bert ipv4]# cat ip_forward
1
[root@bert ipv4]# cat /etc/sysctl.conf | grep ip_forward
net.ipv4.ip_forward = 0
[root@bert ipv4]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
[root@bert ipv4]# init 6
And after the boot:
[root@localhost ~]# cd /proc/sys/net/ipv4
[root@localhost ipv4]# cat ip_forward
1

This happened both for a system with one eth card and with two cards.
Comment 1 Jiri Moskovcak 2008-01-04 07:03:30 EST
Hi, are you sure, that you don't run any script that does this?

Jirka
Comment 2 Jiri Moskovcak 2008-01-04 10:30:47 EST
You can try to reboot the machine and login via console (don't use graphical 
interface) so you'll avoid any gui/automagic network setting and then check the 
value of ip_forward.

Jirka
Comment 3 Bert Baare 2008-01-04 11:06:54 EST
Hi Jirka, did so, no change...
Modified inittab, shutdown, booted up, no more commands, just these below, first
locally on console, later via SSH for cutting/pasting.
[root@thuis ~]# who -r
         run-level 3  2008-01-04 16:44                   last=S
[root@thuis ~]# cat /etc/sysctl.conf | grep forward
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
[root@thuis ~]# cat /proc/sys/net/ipv4/ip_forward
1

Bert
Comment 4 Jiri Moskovcak 2008-01-04 11:20:44 EST
You can try to find every place, where ip_forward is mentioned, smth like:
$ grep -R "ip_forward" /

but be carefull this command will take a while to complete, so I wouldn't 
recommend it on some important server...

Jirka
Comment 5 Bert Baare 2008-01-10 10:44:11 EST
Had it run for 80 mins. Don't see the entries in /proc and /etc:
[root@thuis ~]# mount
/dev/sda6 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda2 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
[root@thuis ~]# grep -R "ip_forward" / --exclude=/tmp
Binary file /var/cache/yum/fedora/filelists.sqlite matches
grep: /var/lib/xend/xend-socket: No such device or address
grep: /var/lib/xend/relocation-socket: No such device or address
Binary file /var/lib/rpm/Packages matches
grep: /var/run/libvirt/libvirt-sock: No such device or address
grep: /var/run/libvirt/libvirt-sock-ro: No such device or address
grep: /var/run/dbus/system_bus_socket: No such device or address
grep: /var/run/pcscd.comm: No such device or address
grep: /var/run/acpid.socket: No such device or address
grep: /var/run/avahi-daemon/socket: No such device or address
grep: /var/run/rpcbind.sock: No such device or address
grep: /var/run/audispd_events: No such device or address
Comment 6 Bert Baare 2008-01-10 11:42:15 EST
Was messing around on another machine and restarted the network. There I saw IP 
forwarding being switched off whilst restarting. Repeated this on the little 
machine I am using for this.
Watch the "Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0":
[root@thuis ~]# cat /etc/sysctl.conf | grep ip_
net.ipv4.ip_forward = 0  *****What things should be
[root@thuis ~]# cat /proc/sys/net/ipv4/ip_forward
1                        *****What things are
[root@thuis ~]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0... done.
                                                           [  OK  ]
[root@thuis ~]# cat /proc/sys/net/ipv4/ip_forward
0                        *****Look at that!!
Hope this helps narrowing down?
Comment 7 Jiri Moskovcak 2008-01-11 06:20:39 EST
You probably installed some aditional software, because ip_forward is set to 0 
by default (just tested it on the fresh install of F8). The only files used to 
set this on startup are /etc/sysctl.conf and /etc/rc.local otherwise you have 
some script/software that does this. I would guess it's somewhere in /etc 
directory.. So try to grep the /etc dir.
Comment 8 Bert Baare 2008-01-11 08:38:57 EST
Only "extra" thing I did was default Fedora iSCSI initiator. Disabled that via
chkconf; no change.
Had the grep running for an hour:
[root@thuis ~]# grep -ri "ip_forward" /etc
/etc/rc1.d/K76openvpn:  #echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/rc1.d/K90network:    if [ -f /proc/sys/net/ipv4/ip_forward ]; then
/etc/rc1.d/K90network:          if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ];
then
/etc/rc1.d/K90network:                  action $"Disabling IPv4 packet
forwarding: " sysctl -w net.ipv4.ip_forward=0
/etc/rc5.d/S10network:    if [ -f /proc/sys/net/ipv4/ip_forward ]; then
/etc/rc5.d/S10network:          if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ];
then
/etc/rc5.d/S10network:                  action $"Disabling IPv4 packet
forwarding: " sysctl -w net.ipv4.ip_forward=0
/etc/rc5.d/K76openvpn:  #echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/rc4.d/S10network:    if [ -f /proc/sys/net/ipv4/ip_forward ]; then
/etc/rc4.d/S10network:          if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ];
then
/etc/rc4.d/S10network:                  action $"Disabling IPv4 packet
forwarding: " sysctl -w net.ipv4.ip_forward=0
/etc/rc4.d/K76openvpn:  #echo 1 > /proc/sys/net/ipv4/ip_forward
grep: /etc/httpd/run/libvirt/libvirt-sock: No such device or address
grep: /etc/httpd/run/libvirt/libvirt-sock-ro: No such device or address
grep: /etc/httpd/run/dbus/system_bus_socket: No such device or address
grep: /etc/httpd/run/pcscd.comm: No such device or address
grep: /etc/httpd/run/acpid.socket: No such device or address
grep: /etc/httpd/run/avahi-daemon/socket: No such device or address
grep: /etc/httpd/run/rpcbind.sock: No such device or address
grep: /etc/httpd/run/audispd_events: No such device or address

Comment 9 Jiri Moskovcak 2008-01-11 10:44:45 EST
You're right, I tried it on another machine with default settings and it's set 
to 1, so now I'm reinstalling my testing machine :) Did you use default 
settings?

J.
Comment 10 Bug Zapper 2008-11-26 04:10:31 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 11 Bug Zapper 2009-01-09 00:37:33 EST
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.