Thanks. The docs help, too.
Eric Hines
Deron Meranda wrote:
On 7/8/05, Eric Hines <eehines@xxxxxxxxxxx> wrote:
I must add the command
echo 1 > /proc/sys/net/ipv4/ip_forward
to the /etc/rc.d/boot.local. This person also advises that "I may want
to do the echo command last and include "0" in the init scripts, since
it opens up your network for a short time."
As others have mentioned you can set most kernel tunables (as
most anything under /proc/sys) by just editing /etc/sysctl.conf.
Read up on the man pages for sysctl(1) and sysctl.conf(5).
If you install the kernel documentation (yum install kernel-doc), you
can read up on what most things do by reading the files under
/usr/share/doc/kernel-doc-2.6.11/Documentation/sysctl/
You shouldn't need to worry about exposure during boot. All your
iptables firewall rules are loaded before the network interfaces are
brought up. Be sure to add whatever you want to your FORWARD
chain, and save it with iptables-save.
Note that just for safety, you may want to explicitly set your IPv6
stack to not do forwarding unless you're purposefully routing IPv6.
See /proc/sys/net/ipv6/conf/default/forwarding
--
He can compress the most words into the smallest ideas of any man
I ever met.
- Abraham Lincoln
