On Thu, 3 Dec 1998, Manuel Bouyer wrote:
> On Dec 3, Marinier, M. Claude, G. wrote
> > Hi all,
> > 
> > I have built a router/packet filter using NetBSD. I now use sysctl to turn
> > on net.inet.ip.forwarding in the 'netstart' script. Is there a recommended
> > place to do this? I am thinking in terms of the sequence of events at boot
> > time.
> 
> On some of my boxes I put it in netstart.local (which is run at the very end
> of netstart).

I did not know about netstart.local. Merci (French for thanks).

>               On some others I have a kernel compiled with "options GATEWAY",
> which turns on ip forwarding by default. So I'd say that either at the
> begining or end of netstart is ok.

I built a kernel with "options GATEWAY" and did a

	sysctl net.inet.ip.forwarding

and got

	net.inet.ip.forwarding = 0

This confirms that I need both the option set in the kernel and to set the
bit at boot time with sysctl.

> If you are using ip filter, you may want to put it at the end of netstart,
> so that filters are loaded before you start forwarding packets.

I do use IP packet filtering and I agree.

Merci.

--------------------
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca 
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca