[CLUE-Tech] turning off routing on a dual homed box
Nate Duehr
nate at natetech.com
Wed Jan 14 22:29:17 MST 2004
On Wednesday, Jan 14, 2004, at 15:19 America/Denver, Sterling, Willard
wrote:
> How do I make sure a dual homed Red Hat 7.2 box will not route between
> interfaces? In Solaris I can touch /etc/norouter but there doesn't
> seem to
> be anything like that in RH 7.2
Wow, I had to dig a bit to find an old 7.x box to look for sure.
That's getting pretty old... heck, RedHat end-of-life'd 8.0 today, in
fact... and RH 9.0 is end-of-life in April of this year. (Bummer.)
The lowest level way to make sure that you're not forwarding IPv4
between interfaces is to see if the kernel thinks it's allowed to by
looking in the special /proc filesystem which shows kernel internals
and lets you set many of them also:
cat /proc/sys/net/ipv4/ip_forward
0 = no
1 = yes
I don't think they had it implemented in RedHat 7.x, but in later
versions of RedHat the startup scripts look for a shell variable
IP_FORWARD in your /etc/sysconfig/network file and if ="YES" they turn
the kernel forwarding on. So in later versions of RedHat they provided
a way to set it in a file similar, but not quite the same as Sun's
/etc/norouter file. Different distributions of linux do this
differently but they're all doing the same thing under-the-hood...
putting a 1 into /proc/sys/net/ipv4/ip_forward.
Using default kernel settings (unless you recompile most distro's
kernels -- you can set it as an option at build time) you'll see it's
set to 0. The way to change it is just to echo in what you want...
echo 1 > /proc/sys/net/ipv4/ip_forward
For those that build their own firewalls with iptables, you'll usually
see this line (hopefully at the bottom) in the script.
--
Nate Duehr, nate at natetech.com
More information about the clue-tech
mailing list