To turn it on temporarily, use one of the following commands:
# echo 1 > /proc/sys/net/ipv4/ip_forward
or
# sysctl net.ipv4.ip_forward=1
To turn on IP forwarding permanently, add the following line to the /etc/sysctl.conf file:
net.ipv4.ip_forward = 1
If you require it, here??™s how to turn on dynamic IP addressing:
# echo 1 > /proc/sys/net/ipv4/ip_dynaddr
or
# sysctl net.ipv4.ip_dynaddr=1
To turn on dynamic IP addressing permanently, add the following line to the /etc/sysctl.conf file:
net.ipv4.ip_dynaddr = 1
Adding Modules with iptables
Some firewall features require that modules be added to the kernel. For example, if a client behind
your firewall needs to access an FTP server using passive FTP, special modules are required. With
passive FTP, the FTP client sends its IP address and the port number on which it will listen for data
to the server. If that client is on a computer that is behind your firewall, for which you are doing
NAT, that information must be translated as well or the FTP server will not be able to communicate
with the client.
The iptables facility uses modules to track connections, looking inside the FTP data themselves
(that is, not in the IP packet header) to get the information it needs to do NAT (remember that
computers from the Internet can??™t talk directly to your private IP addresses).
Pages:
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937