Wanted to test the results of turning on/off IP_FORWARDING in a Sun
4.1.3.U1 kernel. First of all, I haven't yet found the blurb about
where you make this change. Have been browsing around in /sys/net and
looked through route.h, but couldn't find a mention of ipforwarding.
If anyone knows this off the top of their head, it would save me digging
through much piled paper.
After failing to find the correct kernel file to modify, I decided I
would set up my test case anyway. Ran into several problems. The machine
that I wanted to configure to SEND packets "through" the ipforwarding
machine is running Solaris 2.3. I attempted to set up a routing table
that contained ONLY the loopback route and a default route to the ipforward
machine: (scorpio is the ipforward machine)
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
localhost localhost UH 0 627591 lo0
default scorpio UG 0 557
This table was the first problem. Even though my mask was FFFFFF00, a
ping to another machine on the subnet would result in "Network Unreachable",
which I am assuming is complaining about not being able to find a route
to scorpio. I thought that this was the point of the subnet mask, i.e.
if the network part of the destination address matched the network part
of any interface's address, I would simply put the packet on that interface.
Scorpio is on the same subnet as the local machine.
At any rate, adding a route for the local net fixed the problem:
enet_f35_208 cygnus U 2 360 le0
(where cygnus is the local machine, enet_f35_208 is the local net).
I didn't have this problem on scorpio (4.1.3.U1). His resulting route
table did look a bit different, however:
Destination Gateway Flags Refcnt Use Interface
localhost localhost UH 5 999 lo0
default cisco1_17 UG 1 34 le0
The difference being the default route had an interface associated with it.
Is this difference a Solaris "feature" or am I missing something?
The subnet has a CISCO routing to other nets; it is running proxy arp.
(cisco1_17). I configured scorpio's route table to send all packets
to the cisco. I assumed that if ipforwarding was turned on, any attempt
by cygnus to send packets to an external machine would result in the
packet first being sent to scorpio, who would forward the packet (via
it's default route) to the cisco, which would take it from there. Have
I missed something here?
At any rate, it didn't fly. Any attempt to ping external machines from
cygnus would simply hang and result in "no answer". Changing the default
route on cygnus to point to the cisco and trying again, the ping would
be successful. I am tempted to make the conclusion that stock 4.1.3.U1
with the GENERIC kernel doesn't support ipforwarding (or it comes turned
The whole point of this was to make sure that I could trust a bastion
host loaded with 4.1.3.U1 after turning off ipforwarding. Apparently
I don't have anything to do...!
Ft. Worth, TX