netbsd-help: Re: Is net.inet.ip.forwarding=1 required for a (non-NAT) firewall?

Subject: Re: Is net.inet.ip.forwarding=1 required for a (non-NAT) firewall?
To: =?ISO-8859-1?Q?Gr=E9goire?= Sutre <sutre@labri.fr>
From: Alexander Flott <aflott-netbsd@gmx.de>
List: netbsd-help
Date: 11/03/2003 20:23:08

> Hi,
> 
> 
> I'm running IP Filter on a NetBSD 1.6.1 workstation, but I'm not 
> using IP Nat (my /etc/rc.conf script says ipfilter=YES and ipnat=NO).
> 
> Do I need to enable IP forwarding with 
> sysctl -w net.inet.ip.forwarding= 1 or can I leave IP forwarding 
> disabled?
> 
> I guess I can leave it disabled, but I'm not sure...

> Hi,
> 
> 
> I'm running IP Filter on a NetBSD 1.6.1 workstation, but I'm not using 
> IP Nat (my /etc/rc.conf script says ipfilter=YES and ipnat=NO).
> 
> Do I need to enable IP forwarding with 
> sysctl -w net.inet.ip.forwarding= 1 or 
> can I leave IP forwarding disabled?

Hi,
AFAIR IP forwarding is only needed to perform routing tasks - For just 
filtering unwanted traffic out, you shouldn't need it.

HTH

-Alex