[SLL] Masquerading mystery
Glenn Stone
technoshaman at liawol.org
Wed Sep 26 12:27:31 PDT 2007
On Wed, Sep 26, 2007 at 12:23:12PM -0700, Bill Campbell wrote:
>On Wed, Sep 26, 2007, Francois Caen wrote:
>>On 9/26/07, Rob Sherwood <capveg at cs.umd.edu> wrote:
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>>Or do it the right / modern way:
>>sysctl and sysctl.conf .
>
>There are valid reasons not to do it that way. We set that in
>our local firewall system, after setting the iptables and NAT
>rules, and unset it when turning off the firewall.
Agreed, modern != right. You might still use sysctl rather than echo, but
sysctl.conf isn't where you want to turn on ip forwarding if you're being
paranoid about it; you don't want to do a change-config/reload cycle because
if your system goes down in a non-controlled fashion, then it comes back up
with forwarding on, and that's not what you want.
-- Glenn
More information about the linux-list
mailing list