IP-Forwarding

[Deron Meranda]

On 7/8/05, Eric Hines <eehines at comcast.net> wrote:
> I must add the command
> 
>     echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> to the /etc/rc.d/boot.local.  This person also advises that "I may want
> to do the echo command last and include "0" in the init scripts, since
> it opens up your network for a short time."

As others have mentioned you can set most kernel tunables (as
most anything under /proc/sys) by just editing /etc/sysctl.conf.
Read up on the man pages for sysctl(1) and sysctl.conf(5).

If you install the kernel documentation (yum install kernel-doc), you
can read up on what most things do by reading the files under
/usr/share/doc/kernel-doc-2.6.11/Documentation/sysctl/

You shouldn't need to worry about exposure during boot.  All your
iptables firewall rules are loaded before the network interfaces are
brought up.  Be sure to add whatever you want to your FORWARD
chain, and save it with iptables-save.

Note that just for safety, you may want to explicitly set your IPv6
stack to not do forwarding unless you're purposefully routing IPv6.
See /proc/sys/net/ipv6/conf/default/forwarding
-- 
Deron Meranda