From 2e88e4eaf3e4a23ad65bb3b0c98753a07a166036 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 18 Nov 2017 21:51:04 +0100 Subject: [PATCH] IP-Forwarding --- etc/sysctl.conf | 66 +++++++++++++++++++ .../net/ipv4/icmp_errors_use_inbound_ifaddr | 0 proc/sys/net/ipv4/ip_forward | 0 proc/sys/net/ipv6/conf/all/forwarding | 0 proc/sys/net/ipv6/conf/default/forwarding | 0 5 files changed, 66 insertions(+) create mode 100644 etc/sysctl.conf create mode 100644 proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr create mode 100644 proc/sys/net/ipv4/ip_forward create mode 100644 proc/sys/net/ipv6/conf/all/forwarding create mode 100644 proc/sys/net/ipv6/conf/default/forwarding diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..9485d8d --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,66 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# +kernel.panic = 10 +# +# Sonst landen ICMP-Fehlerpakete auf eth0 - mit source-IP 10.50.x.y... +# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt +net.ipv4.icmp_errors_use_inbound_ifaddr = 1 + diff --git a/proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr b/proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr new file mode 100644 index 0000000..e69de29 diff --git a/proc/sys/net/ipv4/ip_forward b/proc/sys/net/ipv4/ip_forward new file mode 100644 index 0000000..e69de29 diff --git a/proc/sys/net/ipv6/conf/all/forwarding b/proc/sys/net/ipv6/conf/all/forwarding new file mode 100644 index 0000000..e69de29 diff --git a/proc/sys/net/ipv6/conf/default/forwarding b/proc/sys/net/ipv6/conf/default/forwarding new file mode 100644 index 0000000..e69de29