SUMMARY: Non-forwarding kernel - Supplement

Date: Thu Oct 01 1992 - 02:22:03 CDT

It seems I sent my summary out a bit soon. I have had responses from
the following people, some in response to my summary. "Bobby Bodenheimer"
greg_tusar@Warren.MENTORG.COM "Greg Tusar" "Marc P. Rinfret" "Mike Raffety"
trc@NSD.3Com.COM "Tom Conroy" "Michael Homsey"


Several people pointed out that it is possible to turn of the
IP forwarding with the following option in the kernel configuration
file. Note that the quotes around the -1 seem to be essential.
This would be the prefered method so I changed /sys/netinet/in_proto.c
back to its original form, changed the configuration file, and made
another kernel.

options IPFORWARDING="-1" # see /sys/netinet/in_proto.c

Some questioned whether setting the forwarding to 0 in the running
kernel via adb would work. It does turn off forwarding in the running
kernel, but this is not a permanant fix. This would have to be done
after every reboot.

The following reply has some additional useful information

From: IN%"" "Mike Raffety" 30-SEP-1992 02:44:59.88

Sure, it's simple. There's two ways:

1. Kill and restart in.routed with the "-q" (quiet) flag. This will
prevent it from advertising to each net that it can route to the other
net. This is simplest (modify /etc/rc.local so it's always started
this way, to).

See the routed man page for more information.

2. Turn off ipforwarding (or ip_forwarding, depending on OS version)
in the kernel, making it impossible for it to forward packets. You can
either use adb on /vmunix and/or /dev/mem (so it takes effect
immediately, without rebooting), or I think you can edit something in a
config file (I prefer adb, since it's faster). Something like this
should do it, both permanently, and immediately:

adb -k -w /vmunix /dev/mem
ip_forwarding/D (to display current value; when you ifconfig the
                        second interface up, this gets automagically changed
                        to one)
ip_forwarding/W0 (to turn off IP forwarding on currently running kernel)
ip_forwarding?W(-1) (to turn it off permanently in the /vmunix image)

See the discussion of this kernel global in "System and Network
Administration", Section 22.6, TCP/IP Configuration Options for SunOS
4.1. I found this by looking up ip_forwarding in the AnswerBook (great
thing, AnswerBook).
Bill Rea (o o)
| Bill Rea, Computer Services Centre| E-Mail |
| University of Canterbury | or |
| Christchurch, New Zealand | Phone +64 3 364-2331 Fax +64 3 364-2332 |

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:50 CDT