Line 82: |
Line 82: |
| This is experimental. Please provide your feedback in the forums. | | This is experimental. Please provide your feedback in the forums. |
| | | |
− | To disable redirects (port forwarding) within the IPsec tnnels, we have to create a custom template that will disable these at boot time. To create the custom template execute the following commands as root (simplefied) | + | To disable redirects (port forwarding) within the IPsec tnnels, we have to create a custom template that will disable these at boot time. To create the custom template execute the following commands as root (simplefied): |
| touch /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects | | touch /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects |
| Then copy the below contents so you can paste them into the above custom template: | | Then copy the below contents so you can paste them into the above custom template: |
− | # SME Server Openswan specifics # Send redirects, No! net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Accept packets with SRR option? No! net.ipv4.conf.all.accept_source_route = 0 # Accept Redirects? No! net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 | + | # SME Server Openswan specifics |
− | and paste this into the above custome template using nano: nano -w /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirectsNow we need to expand the newly created custome template: expand-template /etc/sysctl.confand make them effective: TBA | + | # Send redirects, No! |
− | Another way to disable/enable redirects on all interfaces on the fly from the console as root would be: for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/secure_redirects; do echo 0 > $f; done | + | net.ipv4.conf.all.send_redirects = 0 |
| + | net.ipv4.conf.default.send_redirects = 0 |
| + | # Accept packets with SRR option? No! |
| + | net.ipv4.conf.all.accept_source_route = 0 |
| + | # Accept Redirects? No! |
| + | net.ipv4.conf.all.accept_redirects = 0 |
| + | net.ipv4.conf.all.secure_redirects = 0 |
| + | and paste this into the above custome template using nano: |
| + | nano -w /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects |
| + | Now we need to expand the newly created custome template: expand-template /etc/sysctl.confand make them effective: |
| + | TBA |
| + | Another way to disable/enable redirects on all interfaces on the fly from the console as root would be: |
| + | for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done |
| + | for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done |
| + | for f in /proc/sys/net/ipv4/conf/*/secure_redirects; do echo 0 > $f; done |
| end of experimental section---- | | end of experimental section---- |
| | | |