Bug 89491

Summary: [systemd] ipv4 forwarding not configured - systemd-sysctl fails to configure from /etc/sysctl.d/*.conf
Product: systemd Reporter: James <james>
Component: generalAssignee: systemd-bugs
Status: RESOLVED DUPLICATE QA Contact: systemd-bugs
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description James 2015-03-08 21:08:48 UTC
On Arch, systemd 218 or 219, and linux 3.19, ipv4 forwarding is not enabled, despite specifying in /etc/sysctl.d/30-ipforward.conf:

net.ipv4.conf.all.forwarding=1
net.ipv4.conf.default.forwarding=1

Explicitly adding per interface forwarding also fails:

net.ipv4.conf.enp0s7.forwarding=1
net.ipv4.conf.enp4s0.forwarding=1

Forwarding can be enabled manually, with, for instance, "sysctl --system".  ipv6 forwarding seems to be configured properly.
Comment 1 James 2015-04-23 19:57:25 UTC
linux 4.0-2
systemd 219-6

Now effects both ipv4 and ipv6 settings.

Note:

$ systemctl is-enabled systemd-sysctl.service
static

$ systemctl status sysinit.target
● sysinit.target - System Initialization
Loaded: loaded (/usr/lib/systemd/system/sysinit.target; static; vendor preset: disabled)
Active: active since Thu 2015-04-23 12:44:01 MDT; 26min ago
Docs: man:systemd.special(7)

Apr 23 12:44:01 topaz systemd[1]: Reached target System Initialization.
Apr 23 12:44:01 topaz systemd[1]: Starting System Initialization.

$ strace -e open /usr/lib/systemd/systemd-sysctl 2>&1 | grep \\.conf
open("/etc/sysctl.d/30-ipforward.conf", O_RDONLY|O_CLOEXEC) = 4
open("/usr/lib/sysctl.d/50-coredump.conf", O_RDONLY|O_CLOEXEC) = 4
open("/usr/lib/sysctl.d/50-default.conf", O_RDONLY|O_CLOEXEC) = 4

$ find /usr/lib/systemd/ -name "*systemd-sysctl*"
/usr/lib/systemd/system/systemd-sysctl.service
/usr/lib/systemd/system/sysinit.target.wants/systemd-sysctl.service
/usr/lib/systemd/systemd-sysctl

Immediately after boot:

$ sudo sysctl -a|grep forw
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.enp0s7.forwarding = 0
net.ipv4.conf.enp0s7.mc_forwarding = 0
net.ipv4.conf.enp4s0.forwarding = 0
net.ipv4.conf.enp4s0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.enp0s7.forwarding = 0
net.ipv6.conf.enp4s0.forwarding = 0
net.ipv6.conf.lo.forwarding = 1
[ 48.494836] nr_pdflush_threads exported in /proc is scheduled for removal

Subsequent to boot, run manually:

$ sudo sysctl --system
* Applying /etc/sysctl.d/30-ipforward.conf ...
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.enp0s7.forwarding = 1
net.ipv4.conf.enp4s0.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.enp0s7.forwarding = 1
net.ipv6.conf.enp4s0.forwarding = 1
net.ipv6.conf.enp0s7.accept_ra = 2
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq =16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...
sysctl: cannot open "/etc/sysctl.conf": No such file or directory

Could systemd-networkd be interfering?
Comment 2 James 2015-04-24 06:02:10 UTC
Bug 89509 - systemd-networkd: net.ipv4.conf.default.forwarding is ignored in 219
https://bugs.freedesktop.org/show_bug.cgi?id=89509

"Yeah this was an underdocumented change in 219: we manage the IP forwarding setting per interfac now. You have to set IPForward=yes in the .network files explicitly now, otherwise you will not get IP forwarding on that interface."

Seriously?!

"Either way, Tom really needs to sign off on this."

So then, Tom gets to decide personally, for the entire world-wide Linux-using community, whether to unilaterally "break" sysctl?

Seriously?!  Something like "the poster child for 'arrogant'" comes to mind...
Comment 3 Lennart Poettering 2015-04-24 08:56:03 UTC
(In reply to James from comment #2)
>
> So then, Tom gets to decide personally, for the entire world-wide
> Linux-using community, whether to unilaterally "break" sysctl?

Nope. I make the change in networkd. And it's not for the "entire world-wide Linux-using community", but only for those who decide to use networkd for network management.

*** This bug has been marked as a duplicate of bug 89509 ***
Comment 4 Lennart Poettering 2015-04-24 09:12:21 UTC
(In reply to Lennart Poettering from comment #3)
> (In reply to James from comment #2)
> >
> > So then, Tom gets to decide personally, for the entire world-wide
> > Linux-using community, whether to unilaterally "break" sysctl?
> 
> Nope. I make the change in networkd. And it's not for the "entire world-wide

Oops, wanted to say "I *made* that change in networkd".

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.