这是一个创建于 2419 天前的主题,其中的信息可能已经有所发展或是发生改变。
发帖之前在网上搜了一下相关文章还是没有搞定
主机 openSUSE 42.3
修改后的内容如下
cat -n /etc/sysctl.conf | tail -n 5
22 # net.ipv6.conf.all.disable_ipv6 = 1
23 kernel.sysrq = 0
24 net.ipv4.ip_forward = 1
25 net.ipv4.tcp_syncookies = 1
26 net.ipv6.conf.all.forwarding = 0
重启失效
然后使用
sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
然后
sudo sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.forwarding = 0
重启依然失效
之后在 /etc/init.d/boot.local 添加了如下内容
/sbin/sysctl -e -p /etc/sysctl.conf
重启还是失败
请知道的麻烦告知一下这个该怎么修改 谢谢~
30 条回复 • 2018-03-26 18:03:49 +08:00
 |
1
fangdingjun 2018-03-25 16:55:39 +08:00
看一下系统启动脚本,可能哪个脚本把那些设置还原了
最有可能的是启动网络的相关脚本 boot.local 的执行顺序是很靠前的 你要找一个执行顺序在最后的脚本执行那个命令 |
 |
2
xfspace 2018-03-25 17:02:00 +08:00 via Android
systemctl status systemd-sysctl.service
|
 |
3
expy 2018-03-25 17:28:25 +08:00
可能是路径问题?来自 https://wiki.archlinux.org/index.php/sysctl
>Note: From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf. |
 |
4
liangzi OP @fangdingjun 感谢回复 我找找看
@xfspace systemctl status systemd-sysctl.service 输出内容如下: 日 3 月 25|18:53|0:>systemctl status systemd-sysctl.service ● systemd-sysctl.service - Apply Kernel Variables Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d └─50-kernel-uname_r.conf Active: active (exited) since 日 2018-03-25 15:53:46 CST; 3h 0min ago Docs: man:systemd-sysctl.service(8) man:sysctl.d(5) Process: 447 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS) Process: 437 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v (code=exited, status=0/SUCCESS) Main PID: 447 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 512) CGroup: /system.slice/systemd-sysctl.service Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. |
|
5
liangzi OP @expy 我系统的 /etc/sysctl.d/里面有这个文件 不过他还是指向了上级目录的配置文件
lrwxrwxrwx 1 root root 16 10 月 30 2015 99-sysctl.conf -> /etc/sysctl.conf |
 |
6
defunct9 2018-03-25 19:07:04 +08:00 via iPhone  1
开 ssh,让我上去看看
|
 |
7
f2f2f 2018-03-25 19:21:23 +08:00
不建议修改 sysctl.conf,可以在 /sysctl.d/下面创建一个 local.conf,再把设置放进去
|
|
8
liangzi OP @defunct9 SSH 服务随机启动 不过我把端口屏蔽了
另外在 /etc/hosts.deny 里面禁止 sshd 了 另外我刚才 sudo systemctl enable systemd-sysctl.service 之后 重启发现并没有预期结果 sudo systemctl list-unit-files | grep 'enable' 里面并没有这个服务在随开机启动 难道开错了? |
|
10
liangzi OP @f2f2f 这样配置对吗?
cd /etc/sysctl.d/ sudo cp ../sysctl.conf ./local.conf sudo mv local.conf 50-locla.conf sudo vim /etc/init.d/boot.local 重启还是不行.... |
 |
11
xAx 2018-03-25 20:19:43 +08:00
# vim /etc/sysctl.d/99-sysctl.conf
opensuse 不了解,但遇到几个发行版已将 sysctl.conf 移走,重启会自动还原,就像曾经 resolve.conf 一样 |
 |
14
tomychen 2018-03-25 23:38:31 +08:00
systemd 后,我感觉我是不会用 linux 了 :-(
|
 |
15
YanwenSun 2018-03-25 23:45:19 +08:00
会不会是 sysctl.conf 在 initrd 里 修改好后重建 initrd 试试
|
 |
16
Beebird 2018-03-26 00:16:38 +08:00
会不会其他地方有冲突的变量设定?
grep -R 'net.ipv4.ip_forward' /etc/ 看看? /sbin/sysctl -e -p /etc/sysctl.conf 也不必要。。。 另外可以不必重启,先看 systemctl restart systemd-sysctl.service 能否载入内核参数。 |
 |
17
wwhc 2018-03-26 00:22:44 +08:00
几年前就讨论过:
The SuSeFirewall service overwrites network related sysctl settings. I suppose this is a bug. Do you know if there is a way to tell the firewall scripts to leave untouched sysctl parameters ? I had a look to SuSeFirewall yast graphic configuration mask and to /etc/sysconfig/SuSEFirewall* files, without any success. Is someone of you so kind to do a very simple test just to double check if this behavior is common to all 12.2 installations and it's not related someway with my particular configuration. ? The test could be very simple: 1) modify something network related using /etc/sysctl.conf, for example add some lines like this: net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.br0.log_martians = 0 net.ipv4.conf.eth0.log_martians = 0 Please note that the value you are modifying must be different from kernel default 2) enable SuSEFirewall service 3) reboot 4) verify that your modifications are reverted to default cat /proc/sys/net/ipv4/conf/eth0/log_martians 1 5) disable SuSEFirewall service 6) reboot 7) verify taht your modifications are in place cat /proc/sys/net/ipv4/conf/eth0/log_martians 0 It was not a bug! the FW_KERNEL_SECURITY parameter in /etc/sysconfig/ allows you to stop SuSeFirewall from automatically setting several sysctl network related parameters. https://forums.opensuse.org/showthread.php/483021-networking-settings-in-sysctl-conf-not-applyed-or-overwritten |
|
18
liangzi OP @wwhc 文件: /etc/sysconfig/SuSEfirewall2.rpmnew
可能的值:yes,no 描述: Do you want to enable additional kernel TCP/IP security features? If set to yes, some obscure kernel options are set. (log_martians, rp_filter, routing flush, accept_source_route) If you have configured one of these settings in /etc/sysctl.conf then SuSEfirewall2 won't apply any different value to allow you to override some of these settings to your liking. Also see FW_SYSCTL_DIRS. Tip: Set this to "no" until you have verified that you have got a configuration which works for you. Then set this to "yes" and keep it if everything still works. (It should!) ;-) Choice: "yes" or "no", if not set defaults to "yes" 这里显示的提示 if not set defaults to "yes |
|
19
liangzi OP @f2f2f
执行 sudo /sbin/sysctl -p/etc/sysctl.conf 之后 重新启动服务 sudo systemctl restart systemd-sysctl.service cat /proc/sys/net/ipv4/ip_forward 1 到这里设置是有效的 ------------------------------------------------- 重启系统: 执行 一 3 月 26|06:39|0:>cat /proc/sys/net/ipv4/ip_forward 0 到这里又失败了 ~ 一 3 月 26|06:39|0:>sudo sysctl --system [sudo] xuan 的密码: * Applying /boot/sysctl.conf-4.4.120-45-default ... kernel.hung_task_timeout_secs = 0 kernel.msgmax = 65536 kernel.msgmnb = 65536 kernel.shmmax = 0xffffffffffffffff kernel.shmall = 0x0fffffffffffff00 * Applying /usr/lib/sysctl.d/50-coredump.conf ... kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %e * Applying /usr/lib/sysctl.d/50-default.conf ... net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 net.ipv6.conf.default.use_tempaddr = 1 fs.inotify.max_user_watches = 65536 kernel.sysrq = 184 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 kernel.kptr_restrict = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... kernel.sysrq = 0 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.forwarding = 0 * Applying /etc/sysctl.conf ... kernel.sysrq = 0 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.forwarding = 0 ~ 一 3 月 26|06:40|0:>cat /proc/sys/net/ipv4/ip_forward 1 |
|
20
liangzi OP |
 |
21
rock6y 2018-03-26 07:44:30 +08:00 via Android
是 systemd 么 把 systemd 里面的 network 服务禁用掉试试 可以装 DHCPCD 或手动配置 IP
|
|
22
wwhc 2018-03-26 07:49:28 +08:00 1
https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_basicnet_router.html
Lastly configure the firewall. In SuSEfirewall2, you need to set FW_ROUTE="yes" (otherwise it will also reset forwarding sysctl again) and define the interfaces in the FW_DEV_INT, FW_DEV_EXT (and FW_DEV_DMZ) zone variables as needed, perhaps also FW_MASQUERADE="yes" and FW_MASQ_DEV. 以前的 suse 机器已经退役,手头上没有现成的 suse 来测试 |
|
27
YanwenSun 2018-03-26 09:32:43 +08:00 via Android
https://www.suse.com/zh-cn/documentation/sled-12/book_sle_admin/data/sec_boot_initrd.html
似乎 yast 里勾 ip_forward 保存的时候就会重建 initrd |
|
28
liangzi OP |
|
29
liangzi OP |
|
30
liangzi OP |
Select Language