From 5a8bcb674f71a20e95df55319b34c556638378ce Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 13 Jan 2015 13:47:08 +0100 Subject: networkd: add minimal IP forwarding and masquerading support to .network files This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box. --- man/systemd.network.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'man') diff --git a/man/systemd.network.xml b/man/systemd.network.xml index ea278c70d7..d54026874e 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -344,6 +344,30 @@ An NTP server address. This option may be specified more than once. + + IPForward= + Configures IP + forwarding for the network + interface. If enabled incoming + packets on the network + interface will be forwarded to + other interfaces according to + the routing table. Takes a + boolean + argument. + + + IPMasquerade= + Configures IP + masquerading for the network + interface. If enabled packets + forwarded from the network + interface will be appear as + coming from the local + host. Takes a boolean + argument. Implies + IPForward=yes. + Bridge= -- cgit v1.2.3-54-g00ecf