3,704
edits
Changes
Jump to navigation
Jump to search
mLine 76:
Line 76: + + + + + + + + + + + + + + +
add experimental disable redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/ppp0/accept_redirects
# echo 0 > /proc/sys/net/ipv4/conf/ppp0/accept_redirects
----
{{Note box|Experimental code to disable redirects for both SME8 and SME9}}
This is experimental. Please provide your feedback in the forums.
To disable redirects (port forwarding) within the IPsec tnnels, we have to create a custom template that will disable these at boot time. To create the custom template execute the following commands as root (simplefied)
touch /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirects
Then copy the below contents so you can paste them into the above custom template:
# SME Server Openswan specifics # Send redirects, No! net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Accept packets with SRR option? No! net.ipv4.conf.all.accept_source_route = 0 # Accept Redirects? No! net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0
and paste this into the above custome template using nano: nano -w /etc/e-smith/templates/templates-custom/etc/sysctl.conf/net.ipv4.ip_deny_redirectsNow we need to expand the newly created custome template: expand-template /etc/sysctl.confand make them effective: TBA
Another way to disable/enable redirects on all interfaces on the fly from the console as root would be: for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/secure_redirects; do echo 0 > $f; done
end of experimental section----