Next-in-Thread Next Message

Question Possible need for a FORWARDING="y/n" setting 

Forum: PCMCIA Network Adapter Issues
Date: 2000, Apr 05
From: Dagmar d'Surreal Dagmar_dSurreal

Okay, I've got a set of wireless ethernet cards, and while frankly I would not recommend people doing this excepting in certain situations, I found a need last night for turning on ip_forwarding for the interface created by pcmcia-cs for them. This normally defaults to off (unless you turn on forwarding globally, in which case you should go stand in the corner now) but some people might have a genuine need to do this.

I know this probably seems like a minor thing, but I want to know if anyone else has any opinions on the subject of whether or not they think an IP_FORWARDING="y/n" option would be apropos for the /etc/pcmcia/network.opts file.

(For the record, I would not normally use forwarding blatantly across the interface. I'm working with Free S/WAN to get an encrypted connection authenticated by secret key which DOES have forwarding turned on)

Next-in-Thread Next Message

Messages Inline: 0 1

None Another way to do it: use start_fn()

Re: Question Possible need for a FORWARDING="y/n" setting (Dagmar d'Surreal)
Date: 2000, Apr 05
From: David Hinds <dhinds@pcmcia.sourceforge.org>

The start_fn() and stop_fn() parameters can be used to specify
additional actions to be taken after a network card is configured; you
could provide a start_fn() to turn on forwarding.  I think this might
be a sufficiently specialized application, that adding a new general
option might not be worth it: each new parameter is something else
that might confuse the majority of users who don't need it.

What is the command you use to enable forwarding?

-- Dave

Note Untitled

Re: None Another way to do it: use start_fn() (David Hinds)
Date: 2000, Apr 06
From: Dagmar d'Surreal Dagmar_dSurreal

Actually, it's fairly straightforward now compared to what it's been in the past for Linux. Forwarding of packets across interfaces is disabled by default, and to turn it on you have to do one of two things to files under /proc...

Either enable packet forwarding globally across all interfaces by stuffing a 1 into /proc/sys/net/ipv4/ip_forward (or /proc/sys/net/ipv4/conf/all/forwarding, changes made to either seem to affect both), in which case all NEW interfaces will have forwarding on by default (which is why this approach is non-optimal from a security standpoint), or...

Enable packet forwarding on an interface by interface basis by stuffing a 1 into /proc/sys/net/ipv4/conf/$IFNAME/forwarding. (Where $IFNAME is the name of the interface you wish to alter, for those who might be reading this but aren't so quick to spot implied shell substitutions)

I'll do some digging and exploring with start_fn() and stop_fn() over the weekend and see how well it works out, although for this, I don't think stop_fn() will have to be used, since the interfaces seem to go back to default settings when they are destroyed and recreated (but I haven't seen anything in documentation claiming that this is something intentional and unlikely to change, yet).

Possible need for a FORWARDING="y/n" setting


Add Message to: "Possible need for a FORWARDING="y/n" setting"

Members Subscribe Admin Mode Show Frames Help for HyperNews at pcmcia-cs.sourceforge.net 1.10