FS#3530 - ip_forward is overwritten after iptables start
Attached to Project:
Arch Linux
Opened by Not Important (pholie) - Sunday, 27 November 2005, 19:44 GMT
Opened by Not Important (pholie) - Sunday, 27 November 2005, 19:44 GMT
|
Details
I use masquerading with iptables on my system, iptables are
in DAEMONS array in rc.conf. rc.d/iptables script writes "1"
into /proc/sys/net/ipv4/ip_forward after it is started (i
made the script more verbose to make sure it does, yes it
does) but then something changes the content of the
ip_forward back to 0. I don't know which process does it,
but this makes my masquerading not working. I need to
restart iptables everytime even though it is already
started. When starting iptables manually, this problem won't
occur.
Related bbs thread where one more user describes the same problem: http://bbs.archlinux.org/viewtopic.php?t=16658&start=0&postdays=0&postorder=asc&highlight= |
This task depends upon
# Load sysctl variables if sysctl.conf is present
[ -r /etc/sysctl.conf ] && /sbin/sysctl -q -p &>/dev/null
The thing is, there is
# Disable packet forwarding
net.ipv4.ip_forward=0
in sysctl.conf. Shouldn't the iptables script modify sysctl.conf too and not only ip_forward? I'm not kernel/system hacker so I don't know which one has bigger priority or what. I just want it to be working correctly :)
Configuration files should not be modified by services like iptables.
Jürgen
I've moved sysctl stuff to precede daemon startup in rc.multi. The next initscripts build will have this change.