Re: [Routing?] Adding Components and Peripherals

[Steve Borho <sborho ststech com>]

On Fri, Apr 30, 1999 at 03:05:23PM -0400, Eric Wood wrote:
> Can you still make FORWARD_IPV4=true even if you don't use routing of
> masquerading?  Is this option only meant for performance reasons?

It's a purely functional setting.  If FORWARD_IPV4 is set to false,
the kernel will drop all packets it receives which weren't destined to
one of it's IP addresses, ie.  it won't route packets between
network interfaces.

If FORWARD_IPV4 is set to true, then the kernel will look the
destination address up in it's routing table, apply any masquerading
and/or firewall rules, then send the packet on it's way.

The reason the switch exists is that, by POSIX definition, no OS
kernel should route packets by default.  So the Linux kernel, even if
packet forwarding was compiled in, will not route packets until it is
told to (by cat'ing a '1' in /proc/sys/net/ipv4/ip_forward).  The Red
Hat initscripts do this for you when you set FORWARD_IPV4=true in
/etc/sysconfg/network.

Setting FORWARD_IPV4 to false will not give you any negligeable
performance boost, unless everyone is trying to use your machine as a
router when it in fact can't route.

-- 
Steve Borho <sborho ststech com>