Re: [Users] /proc/sys/net/ipv4/conf/ipsec0/rp_filter

• Next message: Claudia Schmeing: "[Users] Async DNS in Pluto; new FTP mirror; zlib bug damage minimal for Linux FreeS/WAN"
• Previous message: Andreas Steffen: "[Users] X.509 patch brought up to latest snapshot!"
• Next in thread: D. Hugh Redelmeier: "Re: [Users] /proc/sys/net/ipv4/conf/ipsec0/rp_filter"
• Reply: D. Hugh Redelmeier: "Re: [Users] /proc/sys/net/ipv4/conf/ipsec0/rp_filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Set it to zero as the message is saying:
> echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter
>
> Also check /etc/sysctl.conf, otherwise the default will take over
> again the next time the network is restarted.

# Enables packet forwarding
net.ipv4.ip_forward = 1

# Disables source route verification
net.ipv4.conf.default.rp_filter = 0

I have these entries in /etc/sysctl.conf that fix the errors you are
getting. sysctl is by far a more elegant way of setting kernel
variables, shell scripts run form /etc/rc.d/rc.local border on the
moniker of 'bizarre hack'. It is unfortunate that many firewall scripts
and IPSec tutorials rely on scripts instead of sysctl.

Jeremiah Stanley

• application/pgp-signature attachment: This is a digitally signed message part

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Claudia Schmeing: "[Users] Async DNS in Pluto; new FTP mirror; zlib bug damage minimal for Linux FreeS/WAN"
• Previous message: Andreas Steffen: "[Users] X.509 patch brought up to latest snapshot!"
• Next in thread: D. Hugh Redelmeier: "Re: [Users] /proc/sys/net/ipv4/conf/ipsec0/rp_filter"
• Reply: D. Hugh Redelmeier: "Re: [Users] /proc/sys/net/ipv4/conf/ipsec0/rp_filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST