SuSE 9.3 keeps disabling ip_forward

I have set up a PC with four Ethernet interfaces as a router with
SuSE 9.3 (minimal install). Of course I enabled IP forwarding in YaST.
The machine even displays an "Enabling IP Forwarding" message during
boot. But still, for some reason, after each reboot
/proc/sys/net/ipv4/ip_forward ends up being 0, and indeed the router
only starts to do its job after I log in and run:
# echo 1 > /proc/sys/net/ipv4/ip_forward

I grepped everything in /etc/init.d for "forward": it appears nowhere
but in boot.ipconfig which does the "Enabling IP Forwarding" bit above.
I also tried to add debugging output to /etc/init.d/rc3.d to pinpoint
the moment in the boot sequence where the IP forwarding is getting
switched off again but was unable to make my debug output appear
anywhere - apparently SuSE doesn't execute just any script dumped there.

Any hints where to look?

Thx
T.

--
Tilman Schmidt E-Mail: tilman@imap.cc
Bonn, Germany
- In theory, there is no difference between theory and practice.
In practice, there is.

Tilman Schmidt wrote:

> I have set up a PC with four Ethernet interfaces as a router with
> SuSE 9.3 (minimal install). Of course I enabled IP forwarding in YaST.
> The machine even displays an "Enabling IP Forwarding" message during
> boot. But still, for some reason, after each reboot
> /proc/sys/net/ipv4/ip_forward ends up being 0, and indeed the router
> only starts to do its job after I log in and run:
> # echo 1 > /proc/sys/net/ipv4/ip_forward

Check the routing configuration of that network card in YaST.

--
Ruurd

R.F. Pels wrote:

> Tilman Schmidt wrote:
>
>> I have set up a PC with four Ethernet interfaces as a router with
>> SuSE 9.3 (minimal install). Of course I enabled IP forwarding in YaST.
>> The machine even displays an "Enabling IP Forwarding" message during
>> boot. But still, for some reason, after each reboot
>> /proc/sys/net/ipv4/ip_forward ends up being 0, and indeed the router
>> only starts to do its job after I log in and run:
>> # echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Check the routing configuration of that network card in YaST.

Looks alright to me. (Unsurprisingly, as I wrote it myself.)
Anything in particular I should focus my attention on?

Thx
T.

It's getting weirder and weirder.

In order to pinpoint the moment during the boot sequence when
IP forwarding is getting disabled, I set RUN_PARALLEL to "no" in
/etc/sysconfig/boot and added trace statements to /etc/init.d/rc
logging the value of /proc/sys/net/ipv4/ip_forward before each
individual rc script. The result is that the value changes from
1 to 0 during execution of /etc/init.d/rc3.d/S11powersaved.

Now the powersaved script does not contain anything I would
expect to influence IP forwarding. Also, I tried running
# rcpowersaved restart
during normal operation and it didn't affect
/proc/sys/net/ipv4/ip_forward at all.

Ideas, anyone?

Thx
T.

Tilman Schmidt wrote:

> In order to pinpoint the moment during the boot sequence when
> IP forwarding is getting disabled, I set RUN_PARALLEL to "no" in
> /etc/sysconfig/boot and added trace statements to /etc/init.d/rc
> logging the value of /proc/sys/net/ipv4/ip_forward before each
> individual rc script. The result is that the value changes from
> 1 to 0 during execution of /etc/init.d/rc3.d/S11powersaved.
>
> Now the powersaved script does not contain anything I would
> expect to influence IP forwarding. Also, I tried running
> # rcpowersaved restart
> during normal operation and it didn't affect
> /proc/sys/net/ipv4/ip_forward at all.

Hehehe. I would find it highly unusual if one of the power modules would
interfere with that bit...

--
Ruurd

Still trying to pinpoint the moment during the boot sequence when
IP forwarding is getting disabled. After removing the firewall
script called by /etc/init.d/network, the moment the value of
/proc/sys/net/ipv4/ip_forward changes from 1 to 0 moved from
/etc/init.d/rc3.d/S11powersaved to /etc/init.d/rc3.d/S11hwscan.
So this confirms my suspicion that it is happening asynchronously
to the actual processing of the init scripts.

Does anyone have any helpful hints on how to go about locating
that kind of problem?
What could possibly switch off IP forwarding after it has been
explicitly enabled by /etc/init.d/boot.ipconfig obeying to the
setting of IP_FORWARD in /etc/sysconfig/sysctl?

On Windows it is normal not to know what's going on in the system,
but on Linux??

Thx
T.

PS: I am keeping the /etc/sysconfig/boot setting RUN_PARALLEL="no"
anyway because it fixes a different problem I posted in the old
Novell support group with PERSISTENT_NAME for several network
cards, see: <FJAQe.4495$w73.1966@prv-forum2.provo.novell.com>

R.F. Pels wrote:

>> IP forwarding is getting disabled, I set RUN_PARALLEL to "no" in
>> /etc/sysconfig/boot and added trace statements to /etc/init.d/rc
>> logging the value of /proc/sys/net/ipv4/ip_forward before each
>> individual rc script. The result is that the value changes from
>> 1 to 0 during execution of /etc/init.d/rc3.d/S11powersaved.
>
> Hehehe. I would find it highly unusual if one of the power modules would
> interfere with that bit...

So would I.

But do you have any idea what *could* interfere with the ip_forward
setting, outside of the regular system startup sequence?

Thx
Tilman

On Thu, 25 Aug 2005 22:57:01 GMT
Tilman Schmidt <t.schmidt@phoenixsoftware.de> wrote:

> I grepped everything in /etc/init.d for "forward": it appears nowhere
> but in boot.ipconfig which does the "Enabling IP Forwarding" bit
> above.

Look through:

/etc/sysconfig/SuSEfirewall2

There is a section there that talks about a setting that overrides the
IP_FORWARD from /etc/sysconfig/network/options. Could this be the
problem?


--
Kevin Nathan (Arizona, USA)
Linux Potpourri and a.o.l.s. FAQ -- http://www.project54.com/linux/

Open standards. Open source. Open minds.
The command line is the front line.
Linux 2.6.8-24.17-default
9:35pm up 20 days 2:26, 15 users, load average: 0.32, 0.33, 0.19

Kevin Nathan wrote:

> Look through:
>
> /etc/sysconfig/SuSEfirewall2
>
> There is a section there that talks about a setting that overrides the
> IP_FORWARD from /etc/sysconfig/network/options. Could this be the
> problem?

I don't see how it could. The machine doesn't even have SuSEfirewall2
installed. It has an iptables script of its own (generated by FWBuilder)
which actually ends in

echo 1 > /proc/sys/net/ipv4/ip_forward

and the trace output confirms that /proc/sys/net/ipv4/ip_forward is
indeed 1 after this. However, a little later it changes to 0.
If I log in interactively and repeat the echo command then all is
well, /proc/sys/net/ipv4/ip_forward stays at 1 and the machine
routes as it should. I would however much prefer if it did that
without manual intervention.

Thx
T.

Tilman Schmidt adjusted his/her tinfoil beanie to post:

Hi Tilman,

have you checked with FWBuilders site ?

Could be that is where the problem is at.

Snip from the FAQ there:


<<snip>>

We can not guarantee that Firewall Builder would work flawlessly on
Debian or SuSe since we do not have access to these distributions for
testing.
Sometimes we recieve packages built for these distributions by
volunteers. In this case we post these packages in "Contribs" area on
the project's page on Sourceforge. We do not verify or even try these
packages and completely rely on people who submit them. We usually post
information about authors, so if you have questions you can contact
them directly.
We welcome help from anyone who can test Firewall Builder on these
distributions and provide feedback.
<<pins>>

Not trying to pass the buck Tilman :-)


--
Mark
Twixt hill and high water
N. Wales, UK
Novell Support Forums SysOp