3,704
edits
Changes
Jump to navigation
Jump to search
mLine 82:
Line 82: − + − + − + − + + + + + + + + + + + + + + +
formatting
This is experimental. Please provide your feedback in the forums.
This is experimental. Please provide your feedback in the forums.
To disable redirects (port forwarding) within the IPsec tnnels, we have to create a custom template that will disable these at boot time. To create the custom template execute the following commands as root (simplefied)
To disable redirects (port forwarding) within the IPsec tnnels, we have to create a custom template that will disable these at boot time. To create the custom template execute the following commands as root (simplefied):
touch /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects
touch /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects
Then copy the below contents so you can paste them into the above custom template:
Then copy the below contents so you can paste them into the above custom template:
# SME Server Openswan specifics # Send redirects, No! net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Accept packets with SRR option? No! net.ipv4.conf.all.accept_source_route = 0 # Accept Redirects? No! net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0
# SME Server Openswan specifics
and paste this into the above custome template using nano: nano -w /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirectsNow we need to expand the newly created custome template: expand-template /etc/sysctl.confand make them effective: TBA
# Send redirects, No!
Another way to disable/enable redirects on all interfaces on the fly from the console as root would be: for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/secure_redirects; do echo 0 > $f; done
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Accept packets with SRR option? No!
net.ipv4.conf.all.accept_source_route = 0
# Accept Redirects? No!
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
and paste this into the above custome template using nano:
nano -w /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects
Now we need to expand the newly created custome template: expand-template /etc/sysctl.confand make them effective:
TBA
Another way to disable/enable redirects on all interfaces on the fly from the console as root would be:
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/secure_redirects; do echo 0 > $f; done
end of experimental section----
end of experimental section----