IP: advanced router
configname: CONFIG_IP_ADVANCED_ROUTER
Linux Kernel Configuration
└─>Networking support
└─>Networking options
└─>IP: advanced router
In linux kernel since version 2.6.12
If you intend to run your Linux box mostly as a router, i.e. as a
computer that forwards and redistributes network packets, say Y; you
will then be presented with several options that allow more precise
control about the routing process.
The answer to this question won't directly affect the kernel:
answering N will just cause the configurator to skip all the
questions about advanced routing.
Note that your box can only act as a router if you enable IP
forwarding in your kernel; you can do that by saying Y to "/proc
file system support" and "Sysctl support" below and executing the
line
echo "1" > /proc/sys/net/ipv4/ip_forward
at boot time after the /proc file system has been mounted.
If you turn on IP forwarding, you will also get the rp_filter, which
automatically rejects incoming packets if the routing table entry
for their source address doesn't match the network interface they're
arriving on. This has security advantages because it prevents the
so-called IP spoofing, however it can pose problems if you use
asymmetric routing (packets from you to a host take a different path
than packets from that host to you) or if you operate a non-routing
host which has several IP addresses on different interfaces. To turn
rp_filter off use:
echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
or
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
If unsure, say N here.
computer that forwards and redistributes network packets, say Y; you
will then be presented with several options that allow more precise
control about the routing process.
The answer to this question won't directly affect the kernel:
answering N will just cause the configurator to skip all the
questions about advanced routing.
Note that your box can only act as a router if you enable IP
forwarding in your kernel; you can do that by saying Y to "/proc
file system support" and "Sysctl support" below and executing the
line
echo "1" > /proc/sys/net/ipv4/ip_forward
at boot time after the /proc file system has been mounted.
If you turn on IP forwarding, you will also get the rp_filter, which
automatically rejects incoming packets if the routing table entry
for their source address doesn't match the network interface they're
arriving on. This has security advantages because it prevents the
so-called IP spoofing, however it can pose problems if you use
asymmetric routing (packets from you to a host take a different path
than packets from that host to you) or if you operate a non-routing
host which has several IP addresses on different interfaces. To turn
rp_filter off use:
echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
or
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
If unsure, say N here.