-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is using net.ipv6.conf.all.forwarding
correct?
#21
Comments
So, I did some investigation. Fortunately, we're mostly OK. The IsRouter flag is set on Neighbor Advertisement messages - it does not cause Router Advertisement messages to be sent. This is good. However, administrators will probably want to set |
Next TODO: can we get away with setting forward only on the host-side interface? |
Another interesting discovery: If you want to do Masquerading (i know, i know), then |
Closing this; there's nothing to do here. |
Revert CGO enabled / no_openssl tag
Enabling ipv6 forwarding has some interesting side-effects. According to the kernel docs:
We almost certainly do not want to do this globally. As the kernel docs say,
However, that's exactly the scenario we might find ourselves in.
So, if we want to support a host with a SLAAC uplink and, say, host-local masqueraded link, I think we'll be in trouble. I need to do some experimenting and test this out.
The text was updated successfully, but these errors were encountered: