Bible echo 1 procsysnetipv4ipforward

This will immediately enable IP forwarding on your Linux machine. This is a volatile operation, and once your machine has been rebooted, IP forwarding will be turned off by default.

FIGURE 24-2

Network using a netfilter firewall

AirPort

OS X

192.168.1.0/24 DHCP

OS X

192.168.1.0/24 DHCP

To set IP forwarding on by default, edit the file /etc/sysconfig/sysctl, change IP_FORWARD from no to yes, and re-run SuSEconfig. While editing the sysctl file, make sure that DISABLE_ECN is set to yes.

p : I , ECN is short for Enhanced Congestion Notification. This new feature of TCP/IP allows

^ i".-.,".\'CV..\*:machines to notify you that a network route is congested. It is a great feature, but unfortunately is not in widespread circulation and can stop your network traffic from traversing the Internet correctly if it goes through a router that does not support ECN. We have been on customer sites where certain sites seemed to be unavailable across their networks for no apparent reason. Turning off ECN fixed this.

When IP forwarding has been enabled, you can insert the SNAT rule into the POSTROUTING chain.

In the home network, you need to source NAT all the internal traffic (192.168.1.0/24) to the firewall public address of 217.41.132.74. To do this, you need to insert a SNAT rule into the NAT table.

The NAT table is used specifically for address translation rules. This includes source and destination address translation.

Was this article helpful?

0 0

Post a comment