'RE: Kernel Variables on OpenBSD 2.8+ for IPF.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    RE: Kernel Variables on OpenBSD 2.8+ for IPF.
From:       Juwan Lee <jlee () hm-loan ! com>
Date:       2000-12-22 18:12:58
[Download RAW message or body]

Thanks Nick.
Mine also is set 0 for Sourceroute and Directed-Broadcast
and Portfirst is 1024.

Thanks for quick reply!!

-----Original Message-----
From: Nick Evans [mailto:nevans@ibeam.com]
Sent: Friday, December 22, 2000 12:55 PM
To: 'Juwan Lee'; 'ipfilter@coombs.anu.edu.au'
Subject: RE: Kernel Variables on OpenBSD 2.8+ for IPF.


>1) Enabling net.inet.ip.forwarding=1 in /etc/sysctl.conf and compiling
>kernel WITHOUT GATEWAY option enable

>2) NOT Enabling net.inet.ip.forwarding=1 in /etc/sysctl.conf and compiling
>kernel WITH GATEWAY option enable.

These are synonymous. There should be no difference if you enable both or
only one. As for the others check OpenBSD's default settings before adding
any lines to /etc/sysctl.conf

sysctl -a | grep net | more

Should show you their current values. In my default 2.8-RELEASE install the
sourceroute and directed broadcast are both set to 0. Portfirst is not the
same, but I don't really see it's relevance to ipf.

Nick

-----Original Message-----
From: Juwan Lee [mailto:jlee@hm-loan.com]
Sent: Friday, December 22, 2000 11:43 AM
To: 'ipfilter@coombs.anu.edu.au'
Subject: Kernel Variables on OpenBSD 2.8+ for IPF.


I was reading http://www.obfuscation.org/ipf/ipf-howto.html
and Assorted Kernel Variables section got me thinking.

It says you need to enable net.inet.ip.forwarding=1 in /etc/sysctl.conf for
forwarding IP packets.(I only do IPv4 at this moment)
But, I compiled Kernel with GATEWAY option enabled in
/usr/src/sys/conf/GENERIC file and it still works

What's the difference between:

1) Enabling net.inet.ip.forwarding=1 in /etc/sysctl.conf and compiling
kernel WITHOUT GATEWAY option enable

2) NOT Enabling net.inet.ip.forwarding=1 in /etc/sysctl.conf and compiling
kernel WITH GATEWAY option enable.

Any benefits from each settings?

And, other settings, like net.inet.ip.portfirst = 25000,
net.inet.ip.sourceroute = 0, net.inet.ip.directed-broadcast = 0,
where should I put these in?
Should I just go ahead and put these in /etc/sysctl.conf file ?

Thanks so much!!!!!!!

Juwan

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic