SUMMARY: ip forwarding - turning it off

From: Larry Chin (larry@ca.cch.com)
Date: Tue Oct 08 1996 - 08:59:07 CDT


Finally got some definitive answers ( through your help and
experimenting ), so here is the summary.

RESOLUTION:
===========

It seems that as long as the IP interface being pinged belongs to the
machine in question, then the ping will receive a response. however, a
ping to an address "behind" the machine will receive no response, if
IP_FORWARDING is turned off. So, the machine will basically discard any
packets not belonging to itself, but will answer for any of it's
interfaces, internal or external.

As to turning IP_FORWARDING off. The setting is indeed -1 as detailed
in this code snippet from ip_proto.c ( SunOS 4.1.4 )

>From SunOS 4.1.4: (ip_proto.c)
/*
 * ip_forwarding controls whether or not to forward packets:
 * ip_forwarding == -1 -- never forward; never change this value.
 * ip_forwarding == 0 -- don't forward; set this value to 1 when
two
 * interfaces are up.
 * ip_forwarding == 1 -- always forward.
 */

#ifndef IPFORWARDING
#define IPFORWARDING 0
#endif

Thanks to:
==========

zaitcev@lab.sun.mcst.ru (Pete A. Zaitcev)
denm@mtl.digidyne.ca (Denis McMullen)
Daniel.Blander@acsacs.com
Ric Anderson <ric@rtd.com>
Andy Finkenstadt <kahuna@supernet.net>
Michael Ryan <mike@NetworX.ie>
Colin Campbell <sgcccdc@citec.qld.gov.au>
Mark Galbraith <mgg@sol.tins.net>
Robert Sargent <Robert@Sgt.COM>
Nobuhiko Yoshimoto <yoshi@koto.nikkei.co.jp>
geofft@x86.nz.mdis.com (Geoff Tribble)
Bernhard Schneck <Bernhard_Schneck@genua.de>
Don Lewis <Don.Lewis@tsc.tdk.com>
Robert Sargent <Robert@Sgt.COM>
Bernhard Schneck <Bernhard_Schneck@genua.de>
ront@coltrane.ns.cs.boeing.com (Ron Tazuma 865-2577)

for taking the time to answer me.

ORIGINAL QUERY:
===============

Situation:
==========

Sparc 20
SunOs 4.1.3_U1
2 ethernet cards
IP forwarding supposedly turned off

                  le0 ( 192.9.200.1 ) ------- internal net y
external net --- le1 ( 192.9.201.1 )

netstat -nr shows:
==================

Destination Gateway Flags Refcnt Use Interface
127.0.0.1 127.0.0.1 UH 0 197 lo0
default 192.9.201.253 UG 1 1231 le1
192.9.201.0 192.9.201.3 U 3 101 le1
192.9.200.0 192.9.200.1 U 3 1036 le0

The default gateway here pointing back to the external network

Kernel has:
===========
options IPFORWARDING="-1"

Problem:
========
Having remade the kernel with the above option and rebooted the machine with
this kernel in place if I go to a machine on the external net and do a:

        ping 192.9.200.1

the interface will answer with:
        
        192.9.200.1 is alive

I was under the impression that no packets should flow between le0 and
le1 with the IPFORWARDING turned off, such that a ping from the
external net would not receive any answer in the above scenario.

QUESTION:
=========
Should a ping of the le0 interface from a node on the external net
receive an "alive" answer ?

Tue Oct 8 09:54:24 EDT 1996
=====================================================================
Larry Chin {Larry_Chin@ca.cch.com} CCH Canadian Ltd.
Phone: 416-441-4001 ext. 349 6 Garamond Court
Fax: 416-441-3544 North York, Ontario, M3C 1Z5
=====================================================================



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:11 CDT