英文源URL:http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/
一般情况下,我们的linux机器的ip forwarding选项都是关闭的。 但是如果我们的机器需要做网关,或路由器。那么这个就要打开了。
首先检查下ip forwarding是否已经打开。
//Using sysctl:sysctl net.ipv4.ip_forwardnet.ipv4.ip_forward = 0//或者 just checking out the value in the /proc systemcat /proc/sys/net/ipv4/ip_forward0//打开ip forwardingsysctl -w net.ipv4.ip_forward=1//同样的或者echo 1 > /proc/sys/net/ipv4/ip_forward//这样的设置只是一次性的。我们可以永久的设置成打开。如下://将文件设置/etc/sysctl.conf:net.ipv4.ip_forward = 1//如果已经将ip forwarding由0设置为1。为了使它生效。我们执行如下的命令。sysctl -p /etc/sysctl.conf//RedHat中执行如下:service network restart//Ubuntu/Debian系统则重启procps服务/etc/init.d/procps.sh restart
/*下面这段看看linux中的rp_filter是干什么的 rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a host take a different path than packets from that host to you) or if you operate a non-routing host which has several IP addresses on different interfaces. */To turn rp_filter off, uncomment the lines below:/etc/sysctl.conf#net.ipv4.conf.default.rp_filter=1#net.ipv4.conf.all.rp_filter=1/etc/sysctl.d/10-network-security.conf#net.ipv4.conf.default.rp_filter=1#net.ipv4.conf.all.rp_filter=1
有的事情现在不做,就一辈子也不会做了。
