WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux  (Read 4669 times)

Offline mulletman87

  • Newbie
  • *
  • Posts: 27
Hi all,

I need to enable IP forwarding on my picore 7 OS but i am having a little trouble with it.

Code: [Select]
I followed this guide: http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/
When I run "cat /proc/sys/net/ipv4/ip_forward", it says 0, telling me what it is NOT allowing forwarding. However, if I run "sudo echo 1 > /proc/sys/net/ipv4/ip_forward", I get an access denied. Additionally, the file seems to be empty? When I did this on ubuntu, I was able to edit the /etc/sysctl.conf file, don't see anything like that on tinycorelinux.

Additionally, since the RPi only has a single interface, I have created a couple subinterfaces like this:

Code: [Select]
eth0 - 10.0.0.50 /24
eth0:0 - 192.168.10.1 /24

I have also run the following iptable commands (after adding iproute2 package)

Code: [Select]
sudo iptables --table nat --append POSTROUTING --out-interface eth0:0 -j MASQUERADE
sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

My DSL router is 192.168.10.2 /24 and I have made a static route from it saying "10.0.0.0 /24 255.255.255.0 192.168.10.1"

I can ping 8.8.8.8 from my RPi but from my desktop (with my IP config being 10.0.0.199 255.255.255.0 10.0.0.50), I get a timed out.

As far as I can tell, all is 100% except that IP forwarding? Also, I need to disable ICMP redirect (which was usually in /etc/sysctl.conf if I was not mistaken) because I want to force the traffic to route between subinterfaces.

I will play with TCP dump, etc. shortly but if someone could tell me how to enable IP forwarding and disable ICMP redirect, I would really appreciate it.

My end goal is:

PC -> RPi (10.0.0.50) -> RPi (192.168.10.1) -> DSL Router (192.168.10.2) -> Internet

Thank you :)


Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11694
Re: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux
« Reply #1 on: March 18, 2016, 02:18:31 PM »
Hi mulletman87
Quote
However, if I run "sudo echo 1 > /proc/sys/net/ipv4/ip_forward", I get an access denied.
I think it has something to do with sudo affects echo but not the redirection. Try:
Code: [Select]
sudo su
echo 1 > /proc/sys/net/ipv4/ip_forward
exit

Offline patrikg

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 722
Re: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux
« Reply #2 on: March 18, 2016, 03:46:39 PM »
One line
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
« Last Edit: March 18, 2016, 03:49:17 PM by patrikg »

Offline mulletman87

  • Newbie
  • *
  • Posts: 27
Re: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux
« Reply #3 on: March 18, 2016, 07:25:39 PM »
Thank you!

And any idea how to turn off ICMP redirects?

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11694
Re: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux
« Reply #4 on: March 18, 2016, 08:24:14 PM »
Hi mulletman87
A little Googling turnd up this:
Quote
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
found here:
https://www.agwa.name/blog/post/icmp_redirect_attacks_in_the_wild

Offline mulletman87

  • Newbie
  • *
  • Posts: 27
Re: Enable IP Forwarding and ICMP redirect settings in TinyCoreLinux
« Reply #5 on: March 19, 2016, 07:55:56 AM »
Thank you @Rich

Just incase someone needs it (will be posting a complete guide on how to make a RPi into a router, even though it has a single NIC), here are the commands I used:

Code: [Select]
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects"
sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects"
sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6"
sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6"
sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6"

Enjoy!