Comment # 32 on bug 1171770 from 
(In reply to Martin Weiss from comment #29)
> FYI - just had to realize the same issue on SLES 15 SP1 with kernel
> 4.12.14-197.40-default and we have realized that all forward = 1 JUST the
> eth0 and the lo interfaces have 0 !
> 
> While all other ipv4 forwarding were 1 we saw these two on 0:
> 
> /proc/sys/net/ipv4/conf/eth0/forwarding
> 0
> /proc/sys/net/ipv4/conf/lo/forwarding
> 0

Dammit. Yeah I had noticed this last week (when I was figuring out how
forwarding configuration worked), but I misunderstood what I was looking at --
my assumption was that forwarding meant forwarding in *both* directions. But I
think it only refers to forwarding *incoming* packets (so forwarding being
disabled on the host still allows forwarded packets from the container to go to
the internet).

> BUT - a sysctl --system (with only net.ipv4.ip_forward=1 in the conf) did
> NOT change the interfaces from 0 to 1!!

Yeah, this behaviour is expected (if misguided IMHO). The kernel treats setting
this sysctl to its current value as a no-op. I guess we'll need to explicitly
do

  % echo 1 | tee /proc/sys/ipv[46]/conf/*/forwarding

somewhere...

You are receiving this mail because: