英文源URL:http://www./2006/08/01/how-to-enable-ip-forwarding-in-linux/
一般情况下,我们的linux机器的ip forwarding选项都是关闭的。 但是如果我们的机器需要做网关,或路由器。那么这个就要打开了。
首先检查下ip forwarding是否已经打开。
- // Using sysctl:
- sysctl net.ipv4.ip_forward
- net.ipv4.ip_forward = 0
-
- //或者 just checking out the value in the /proc system
- cat /proc/sys/net/ipv4/ip_forward
- 0
- //打开ip forwarding
- sysctl -w net.ipv4.ip_forward=1
- //同样的或者
- echo 1 > /proc/sys/net/ipv4/ip_forward
-
- //这样的设置只是一次性的。我们可以永久的设置成打开。如下:
- //将文件设置/etc/sysctl.conf:
- net.ipv4.ip_forward = 1
- //如果已经将ip forwarding由0设置为1。为了使它生效。我们执行如下的命令。
- sysctl -p /etc/sysctl.conf
-
- //RedHat中执行如下:
- service network restart
-
- //Ubuntu/Debian系统则重启procps服务
- /etc/init.d/procps.sh restart
- /*
- 下面这段看看linux中的rp_filter是干什么的
-
- rp_filter, which automatically rejects incoming packets if the
-
- routing table entry for their source address doesn't match the
-
- network interface they're arriving on. This has security
-
- advantages because it prevents the so-called IP spoofing,
-
- however it can pose problems if you use asymmetric routing
-
- (packets from you to a host take a different path than packets
-
- from that host to you) or if you operate a non-routing host
-
- which has several IP addresses on different interfaces.
- */
-
- To turn rp_filter off, uncomment the lines below:
-
- /etc/sysctl.conf
-
- #net.ipv4.conf.default.rp_filter=1
-
- #net.ipv4.conf.all.rp_filter=1
-
-
- /etc/sysctl.d/10-network-security.conf
-
- #net.ipv4.conf.default.rp_filter=1
-
- #net.ipv4.conf.all.rp_filter=1
|