# echo "1" > /proc/sys/net/ipv4/ip_forward

## bert

Small question: is there a preferred Gentoo way of enabling IP forwarding? I can do it manually and add it to some startup-script with

```
echo "1" >/proc/sys/net/ipv4/ip_forward
```

but most distro's have some sort of wrapper mechanism for this. I haven't been able to find this for Gentoo, it would seem to make sense to be able to configure this in /etc/conf.d/net...

----------

## pjp

iptables?

----------

## bert

For now I've added it to net.eth2, which handles the outside interface. /etc/init.d/iptables could be better, yes.

That script, iptables, could use some added sophistication BTW, like activating an OFF ruleset when the service is stopped, etc. Debian has really nice stuff for this. Personally I don't really like the current automagical saving of the current rule-set at service stop.

On a side-track, there is a bug in iptables 1.2.7, iptables-restore doesn't like the ruleset-file saved by iptables-save. I've merged 1.2.6a as a work-around.

----------

## phong

I just created my own script in init.d to do the echo (had it require() iptables) and added it to my default runlevel.  That way I can start and stop it easily if I had some reason to do so.  It's a q&d but this is what it looks like:

```
#!/sbin/runscript

# A simple service to start and stop IP masquerading

depend() {

        need iptables

}

start() {

        ebegin "Starting IP masquerading..."

        echo "1" > /proc/sys/net/ipv4/ip_forward

        echo "1" > /proc/sys/net/ipv4/ip_dynaddr

        eend $?

}

stop() {

        ebegin "Stopping IP masquerading..."

        echo "0" > /proc/sys/net/ipv4/ip_forward

        echo "0" > /proc/sys/net/ipv4/ip_dynaddr

        eend $?

}
```

Also, I'm glad others are having trouble with iptables-save in 1.2.7 - I thought for a minute I might be crazy.

----------

## kirill

 *phong wrote:*   

> I just created my own script in init.d to do the echo (had it require() iptables) and added it to my default runlevel.  That way I can start and stop it easily if I had some reason to do so.  It's a q&d but this is what it looks like:
> 
> ```
> #!/sbin/runscript
> 
> ...

 

What does ip_dynaddr exactly do? Is it needed if any interface has an dynamic ip-address?

 *phong wrote:*   

> ...I'm glad others are having trouble with iptables-save...

 

 :Twisted Evil: 

----------

## dingo

 *bert wrote:*   

> 
> 
> That script, iptables, could use some added sophistication BTW, like activating an OFF ruleset when the service is stopped, etc. Debian has really nice stuff for this. Personally I don't really like the current automagical saving of the current rule-set at service stop.
> 
> 

 

I completely agree, after setting up iptables I was so frustrated to find the iptables ruleset set up, but not working, only to find that  echo "1" > /proc/sys/net/ipv4/ip_forward isn't enabled by default. Should definitly be addded. And some default rule-sets should come with iptables, for masquerade, paraniod, etc.

----------

