发帖之前在网上搜了一下相关文章还是没有搞定
主机 openSUSE 42.3
修改后的内容如下
cat -n /etc/sysctl.conf | tail -n 5
22 # net.ipv6.conf.all.disable_ipv6 = 1
23 kernel.sysrq = 0
24 net.ipv4.ip_forward = 1
25 net.ipv4.tcp_syncookies = 1
26 net.ipv6.conf.all.forwarding = 0
重启失效
然后使用
sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
然后
sudo sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
重启依然失效
之后在 /etc/init.d/boot.local 添加了如下内容
/sbin/sysctl -e -p /etc/sysctl.conf
重启还是失败
请知道的麻烦告知一下这个该怎么修改 谢谢~
看一下系统启动脚本,可能哪个脚本把那些设置还原了
最有可能的是启动网络的相关脚本
boot.local 的执行顺序是很靠前的
你要找一个执行顺序在最后的脚本执行那个命令
systemctl status systemd-sysctl.service
可能是路径问题?来自 https://wiki.archlinux.org/index.php/sysctl
>Note: From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf.
感谢回复 我找找看
systemctl status systemd-sysctl.service 输出内容如下:
日 3 月 25|18:53|0:>systemctl status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d
└─50-kernel-uname_r.conf
Active: active (exited) since 日 2018-03-25 15:53:46 CST; 3h 0min ago
Docs: man:systemd-sysctl.service(8)
man:sysctl.d(5)
Process: 447 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
Process: 437 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v (code=exited, status=0/SUCCESS)
Main PID: 447 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
CGroup: /system.slice/systemd-sysctl.service
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
我系统的 /etc/sysctl.d/里面有这个文件 不过他还是指向了上级目录的配置文件
lrwxrwxrwx 1 root root 16 10 月 30 2015 99-sysctl.conf -> /etc/sysctl.conf
开 ssh,让我上去看看
不建议修改 sysctl.conf,可以在 /sysctl.d/下面创建一个 local.conf,再把设置放进去
SSH 服务随机启动 不过我把端口屏蔽了
另外在 /etc/hosts.deny 里面禁止 sshd 了
另外我刚才 sudo systemctl enable systemd-sysctl.service 之后
重启发现并没有预期结果
sudo systemctl list-unit-files | grep 'enable' 里面并没有这个服务在随开机启动 难道开错了?
我试试 谢谢
这样配置对吗?
cd /etc/sysctl.d/
sudo cp ../sysctl.conf ./local.conf
sudo mv local.conf 50-locla.conf
sudo vim /etc/init.d/boot.local
重启还是不行....
vim /etc/sysctl.d/99-sysctl.conf
opensuse 不了解,但遇到几个发行版已将 sysctl.conf 移走,重启会自动还原,就像曾经 resolve.conf 一样
resolve.conf 可以 chmod attr +i 来解决
sysctl --system 执行一下?
systemd 后,我感觉我是不会用 linux 了 :-(
会不会是 sysctl.conf 在 initrd 里 修改好后重建 initrd 试试
会不会其他地方有冲突的变量设定?
grep -R 'net.ipv4.ip_forward' /etc/ 看看?
/sbin/sysctl -e -p /etc/sysctl.conf 也不必要。。。
另外可以不必重启,先看 systemctl restart systemd-sysctl.service 能否载入内核参数。
几年前就讨论过:
The SuSeFirewall service overwrites network related sysctl settings. I suppose this is a bug. Do you know if there is a way to tell the firewall scripts to leave untouched sysctl parameters ?
I had a look to SuSeFirewall yast graphic configuration mask and to /etc/sysconfig/SuSEFirewall* files, without any success.
Is someone of you so kind to do a very simple test just to double check if this behavior is common to all 12.2 installations and it's not related someway with my particular configuration. ?
The test could be very simple:
1) modify something network related using /etc/sysctl.conf, for example add some lines like this:
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.br0.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
Please note that the value you are modifying must be different from kernel default
2) enable SuSEFirewall service
3) reboot
4) verify that your modifications are reverted to default
cat /proc/sys/net/ipv4/conf/eth0/log_martians
1
5) disable SuSEFirewall service
6) reboot
7) verify taht your modifications are in place
cat /proc/sys/net/ipv4/conf/eth0/log_martians
0
It was not a bug! the FW_KERNEL_SECURITY parameter in /etc/sysconfig/ allows you to stop SuSeFirewall from automatically setting several sysctl network related parameters.
https://forums.opensuse.org/showthread.php/483021-networking-settings-in-sysctl-conf-not-applyed-or-overwritten
文件: /etc/sysconfig/SuSEfirewall2.rpmnew
可能的值:yes,no
描述:
Do you want to enable additional kernel TCP/IP security features?
If set to yes, some obscure kernel options are set.
(log_martians, rp_filter, routing flush, accept_source_route)
If you have configured one of these settings in /etc/sysctl.conf then
SuSEfirewall2 won't apply any different value to allow you to override some
of these settings to your liking. Also see FW_SYSCTL_DIRS.
Tip: Set this to "no" until you have verified that you have got a
configuration which works for you. Then set this to "yes" and keep it
if everything still works. (It should!) ;-)
Choice: "yes" or "no", if not set defaults to "yes"
这里显示的提示 if not set defaults to "yes
执行 sudo /sbin/sysctl -p/etc/sysctl.conf 之后
重新启动服务
sudo systemctl restart systemd-sysctl.service
cat /proc/sys/net/ipv4/ip_forward
1
到这里设置是有效的
-------------------------------------------------
重启系统:
执行
一 3 月 26|06:39|0:>cat /proc/sys/net/ipv4/ip_forward
0
到这里又失败了
~
一 3 月 26|06:39|0:>sudo sysctl --system
[sudo] xuan 的密码:
* Applying /boot/sysctl.conf-4.4.120-45-default ...
kernel.hung_task_timeout_secs = 0
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.shmmax = 0xffffffffffffffff
kernel.shmall = 0x0fffffffffffff00
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.ipv6.conf.default.use_tempaddr = 1
fs.inotify.max_user_watches = 65536
kernel.sysrq = 184
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
* Applying /etc/sysctl.conf ...
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
~
一 3 月 26|06:40|0:>cat /proc/sys/net/ipv4/ip_forward
1
没有重新建立引导 现在的问题是不知道原因具体在哪里 为嘛重启服务后修改是有效的 重启系统后修改就失败了
不知道其他变量到底是不是对这个修改有影响
是 systemd 么 把 systemd 里面的 network 服务禁用掉试试 可以装 DHCPCD 或手动配置 IP
https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_basicnet_router.html
Lastly configure the firewall. In SuSEfirewall2, you need to set FW_ROUTE="yes" (otherwise it will also reset forwarding sysctl again) and define the interfaces in the FW_DEV_INT, FW_DEV_EXT (and FW_DEV_DMZ) zone variables as needed, perhaps also FW_MASQUERADE="yes" and FW_MASQ_DEV.
以前的 suse 机器已经退役,手头上没有现成的 suse 来测试
是 systemd 管理的 不过目前还不想禁用那个 network 服务 谢谢
好的我下班回来测试一下 谢谢
这是简单粗暴的方法 我就这么解决的