Great Circle Associates Firewalls
(March 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IP_FORWARDING
From: kannan @ catarina . usc . edu
Date: Fri, 04 Mar 1994 18:39:00 -0800
To: Mark Verber <verber @ parc . xerox . com>
Cc: jpf @ mig . com, firewalls @ greatcircle . com
In-reply-to: Your message of Fri, 04 Mar 1994 17:11:19 -0800.<94Mar4 . 171122pst . 2440 @ avalon . parc . xerox . com> 
>>> From: Mark Verber <verber @
 parc .
 xerox .
 com>
>>> Date: Fri, 04 Mar 1994 17:11:19 PST

> > >Note: unless 4.1.3.U1 has changed from 4.1.3, turning off ip forwarding
> > >*does not* turn off source routing.  If you have full sources you need
> > >to modify /sys/netinet/ip_input.c or get a patch from Sun to disable
> > 
> > options	IPFORWARDING
> 
> with adb works just as well as editing ip_proto.c.  Once again, my primary
> warning is that  source routing happens whether you have IPfowarding on
or off.

Given that we are talking about sunos machines, on sunos 4.*:
Actually, you want to set IPFORWARDING=-1.  Setting it to 0 disables
forwarding on a single homed machine, and re-enables it (sets it back
to 1) on a multi-homed machine.  Setting it to -1 leaves it
permanently disabled.

When disabled, source routing only happens if the packet leaves on the
same interface it arrived at.


Kannan
References:
Indexed By Date Previous: Re: IP_FORWARDING
From: Mark Verber <verber @ parc . xerox . com>
Next: Re: IP_FORWARDING
From: Mark Verber <verber @ parc . xerox . com>
Indexed By Thread Previous: Re: IP_FORWARDING
From: Mark Verber <verber @ parc . xerox . com>
Next: Re: IP_FORWARDING
From: Mark Verber <verber @ parc . xerox . com>
Google
 
Search Internet Search www.greatcircle.com