Differences

This shows you the differences between two versions of the page.

--- unix:gateway [2010/10/24 00:57]
robm
+++ unix:gateway [2013/10/13 12:32]
robm [IP Forwarding and NAT]
@@ Line 32: / Line 32: @@
 	lan -> switch
 	switch -> gateway:eth0:w
-	gateway:eth0:e -> switch
 }
@@ Line 40: / Line 39: @@
 ^ Device ^ Notes ^
 | modem | ADSL modem with 1x phone line socket and 1x ethernet socket. Tends to get clogged for some reason (high latency, but connection stays up) |
-| gateway | Fast desktop PC with two network adaptors, loads of RAM and nothing much to do |
+| gateway | Linux host with *one* network adaptor, and nothing much to do |
 | LAN | 4 or so PCs, Wii, Xbox, couple of Nintendo DS consoles, etc |
@@ Line 228: / Line 227: @@
 <code>
-echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
+echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/accept_redirects
-echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
+echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects
 </code>
-Or permanently by adding the following to ''/etc/sysctl.conf'':
+**Update 2013-10:** This guide used to update ''/proc/sys/net/ipv4/conf/all/accept_redirects'', but now uses ''*'' in place of ''all''. That was bad as the ''all'' configuration merely sets the default, but won't alter any existing interfaces. Thanks to [[http://unix.stackexchange.com/a/58081/22537|unix.stackexchange.com]] for this tip.
+Or permanently by adding the following to ''/etc/sysctl.conf''. Again, be on the safe side and explicitly name your interfaces:
 <code>
 net/ipv4/conf/all/accept_redirects = 0
 net/ipv4/conf/all/send_redirects = 0
+net/ipv4/conf/eth0/accept_redirects = 0
+net/ipv4/conf/eth0/send_redirects = 0
 </code>
 See http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security-redhatdebianubuntususe-tested/
 ==== DNS Service ====
 <code>sudo aptitude install bind9</code>

RobMeerman.co.uk

User Tools

Site Tools

Differences

Page Tools