It seems I sent my summary out a bit soon. I have had responses from
the following people, some in response to my summary.
bobby@hot.caltech.edu "Bobby Bodenheimer"
greg_tusar@Warren.MENTORG.COM "Greg Tusar"
Marc.Rinfret@eng.canadair.ca "Marc P. Rinfret"
craig@cam.nist.gov
miker@sbcoc.com "Mike Raffety"
trc@NSD.3Com.COM "Tom Conroy"
msh@otc.otca.oz.au "Michael Homsey"
JanBerger.Henriksen@ii.uib.no
Thanks.
Several people pointed out that it is possible to turn of the
IP forwarding with the following option in the kernel configuration
file. Note that the quotes around the -1 seem to be essential.
This would be the prefered method so I changed /sys/netinet/in_proto.c
back to its original form, changed the configuration file, and made
another kernel.
options IPFORWARDING="-1" # see /sys/netinet/in_proto.c
Some questioned whether setting the forwarding to 0 in the running
kernel via adb would work. It does turn off forwarding in the running
kernel, but this is not a permanant fix. This would have to be done
after every reboot.
------
The following reply has some additional useful information
From: IN%"miker@sbcoc.com" "Mike Raffety" 30-SEP-1992 02:44:59.88
Sure, it's simple. There's two ways:
1. Kill and restart in.routed with the "-q" (quiet) flag. This will
prevent it from advertising to each net that it can route to the other
net. This is simplest (modify /etc/rc.local so it's always started
this way, to).
See the routed man page for more information.
2. Turn off ipforwarding (or ip_forwarding, depending on OS version)
in the kernel, making it impossible for it to forward packets. You can
either use adb on /vmunix and/or /dev/mem (so it takes effect
immediately, without rebooting), or I think you can edit something in a
config file (I prefer adb, since it's faster). Something like this
should do it, both permanently, and immediately:
adb -k -w /vmunix /dev/mem
ip_forwarding/D (to display current value; when you ifconfig the
second interface up, this gets automagically changed
to one)
ip_forwarding/W0 (to turn off IP forwarding on currently running kernel)
ip_forwarding?W(-1) (to turn it off permanently in the /vmunix image)
See the discussion of this kernel global in "System and Network
Administration", Section 22.6, TCP/IP Configuration Options for SunOS
4.1. I found this by looking up ip_forwarding in the AnswerBook (great
thing, AnswerBook).
___
Bill Rea (o o)
--------------------------------------------------------------------w--U--w---
| Bill Rea, Computer Services Centre| E-Mail b.rea@csc.canterbury.ac.nz |
| University of Canterbury | or cctr114@csc.canterbury.ac.nz |
| Christchurch, New Zealand | Phone +64 3 364-2331 Fax +64 3 364-2332 |
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:50 CDT