这是一个创建于 2887 天前的主题,其中的信息可能已经有所发展或是发生改变。
发帖之前在网上搜了一下相关文章还是没有搞定
主机 openSUSE 42.3
修改后的内容如下
cat -n /etc/sysctl.conf | tail -n 5 22 # net.ipv6.conf.all.disable_ipv6 = 1 23 kernel.sysrq = 0 24 net.ipv4.ip_forward = 1 25 net.ipv4.tcp_syncookies = 1 26 net.ipv6.conf.all.forwarding = 0 重启失效
然后使用
sudo sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 然后
sudo sysctl -p kernel.sysrq = 0 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.forwarding = 0 重启依然失效
之后在 /etc/init.d/boot.local 添加了如下内容
/sbin/sysctl -e -p /etc/sysctl.conf 重启还是失败
请知道的麻烦告知一下这个该怎么修改 谢谢~
30 条回复 2018-03-26 18:03:49 +08:00
 | 1 fangdingjun 2018 年 3 月 25 日 看一下系统启动脚本,可能哪个脚本把那些设置还原了 最有可能的是启动网络的相关脚本 boot.local 的执行顺序是很靠前的 你要找一个执行顺序在最后的脚本执行那个命令 |
 | 2 xfspace 2018 年 3 月 25 日 via Android systemctl status systemd-sysctl.service |
 | 3 expy 2018 年 3 月 25 日 可能是路径问题?来自 https://wiki.archlinux.org/index.php/sysctl >Note: From version 207 and 21x, systemd only applies settings from /etc/sysctl.d/*.conf and /usr/lib/sysctl.d/*.conf. If you had customized /etc/sysctl.conf, you need to rename it as /etc/sysctl.d/99-sysctl.conf. If you had e.g. /etc/sysctl.d/foo, you need to rename it to /etc/sysctl.d/foo.conf. |
 | 4 liangzi OP @fangdingjun 感谢回复 我找找看 @xfspace systemctl status systemd-sysctl.service 输出内容如下: 日 3 月 25|18:53|0:>systemctl status systemd-sysctl.service ● systemd-sysctl.service - Apply Kernel Variables Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/systemd-sysctl.service.d └─50-kernel-uname_r.conf Active: active (exited) since 日 2018-03-25 15:53:46 CST; 3h 0min ago Docs: man:systemd-sysctl.service(8) man:sysctl.d(5) Process: 447 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS) Process: 437 ExecStartPre=/usr/lib/systemd/systemd-sysctl /boot/sysctl.conf-%v (code=exited, status=0/SUCCESS) Main PID: 447 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 512) CGroup: /system.slice/systemd-sysctl.service Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. |
| 5 liangzi OP @expy 我系统的 /etc/sysctl.d/里面有这个文件 不过他还是指向了上级目录的配置文件 lrwxrwxrwx 1 root root 16 10 月 30 2015 99-sysctl.conf -> /etc/sysctl.conf |
 | 6 defunct9 2018 年 3 月 25 日 via iPhone  1 开 ssh,让我上去看看 |
 | 7 f2f2f 2018 年 3 月 25 日 不建议修改 sysctl.conf,可以在 /sysctl.d/下面创建一个 local.conf,再把设置放进去 |
| 8 liangzi OP @defunct9 SSH 服务随机启动 不过我把端口屏蔽了 另外在 /etc/hosts.deny 里面禁止 sshd 了 另外我刚才 sudo systemctl enable systemd-sysctl.service 之后 重启发现并没有预期结果 sudo systemctl list-unit-files | grep 'enable' 里面并没有这个服务在随开机启动 难道开错了? |
| 10 liangzi OP @f2f2f 这样配置对吗? cd /etc/sysctl.d/ sudo cp ../sysctl.conf ./local.conf sudo mv local.conf 50-locla.conf sudo vim /etc/init.d/boot.local 重启还是不行.... |
 | 11 xAx 2018 年 3 月 25 日 # vim /etc/sysctl.d/99-sysctl.conf opensuse 不了解,但遇到几个发行版已将 sysctl.conf 移走,重启会自动还原,就像曾经 resolve.conf 一样 |
 | 14 tomychen 2018 年 3 月 25 日 systemd 后,我感觉我是不会用 linux 了 :-( |
 | 15 YanwenSun 2018 年 3 月 25 日 会不会是 sysctl.conf 在 initrd 里 修改好后重建 initrd 试试 |
 | 16 Beebird 2018 年 3 月 26 日 会不会其他地方有冲突的变量设定? grep -R 'net.ipv4.ip_forward' /etc/ 看看? /sbin/sysctl -e -p /etc/sysctl.conf 也不必要。。。 另外可以不必重启,先看 systemctl restart systemd-sysctl.service 能否载入内核参数。 |
 | 17 wwhc 2018 年 3 月 26 日 几年前就讨论过: The SuSeFirewall service overwrites network related sysctl settings. I suppose this is a bug. Do you know if there is a way to tell the firewall scripts to leave untouched sysctl parameters ? I had a look to SuSeFirewall yast graphic configuration mask and to /etc/sysconfig/SuSEFirewall* files, without any success. Is someone of you so kind to do a very simple test just to double check if this behavior is common to all 12.2 installations and it's not related someway with my particular configuration. ? The test could be very simple: 1) modify something network related using /etc/sysctl.conf, for example add some lines like this: net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.br0.log_martians = 0 net.ipv4.conf.eth0.log_martians = 0 Please note that the value you are modifying must be different from kernel default 2) enable SuSEFirewall service 3) reboot 4) verify that your modifications are reverted to default cat /proc/sys/net/ipv4/conf/eth0/log_martians 1 5) disable SuSEFirewall service 6) reboot 7) verify taht your modifications are in place cat /proc/sys/net/ipv4/conf/eth0/log_martians 0 It was not a bug! the FW_KERNEL_SECURITY parameter in /etc/sysconfig/ allows you to stop SuSeFirewall from automatically setting several sysctl network related parameters. https://forums.opensuse.org/showthread.php/483021-networking-settings-in-sysctl-conf-not-applyed-or-overwritten |
| 18 liangzi OP @wwhc 文件: /etc/sysconfig/SuSEfirewall2.rpmnew 可能的值:yes,no 描述: Do you want to enable additional kernel TCP/IP security features? If set to yes, some obscure kernel options are set. (log_martians, rp_filter, routing flush, accept_source_route) If you have configured one of these settings in /etc/sysctl.conf then SuSEfirewall2 won't apply any different value to allow you to override some of these settings to your liking. Also see FW_SYSCTL_DIRS. Tip: Set this to "no" until you have verified that you have got a configuration which works for you. Then set this to "yes" and keep it if everything still works. (It should!) ;-) Choice: "yes" or "no", if not set defaults to "yes" 这里显示的提示 if not set defaults to "yes |
| 19 liangzi OP @f2f2f 执行 sudo /sbin/sysctl -p/etc/sysctl.conf 之后 重新启动服务 sudo systemctl restart systemd-sysctl.service cat /proc/sys/net/ipv4/ip_forward 1 到这里设置是有效的 ------------------------------------------------- 重启系统: 执行 一 3 月 26|06:39|0:>cat /proc/sys/net/ipv4/ip_forward 0 到这里又失败了 ~ 一 3 月 26|06:39|0:>sudo sysctl --system [sudo] xuan 的密码: * Applying /boot/sysctl.conf-4.4.120-45-default ... kernel.hung_task_timeout_secs = 0 kernel.msgmax = 65536 kernel.msgmnb = 65536 kernel.shmmax = 0xffffffffffffffff kernel.shmall = 0x0fffffffffffff00 * Applying /usr/lib/sysctl.d/50-coredump.conf ... kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %e * Applying /usr/lib/sysctl.d/50-default.conf ... net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.promote_secOndaries= 1 net.ipv4.conf.all.promote_secOndaries= 1 net.ipv6.conf.default.use_tempaddr = 1 fs.inotify.max_user_watches = 65536 kernel.sysrq = 184 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 kernel.kptr_restrict = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... kernel.sysrq = 0 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.forwarding = 0 * Applying /etc/sysctl.conf ... kernel.sysrq = 0 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.forwarding = 0 ~ 一 3 月 26|06:40|0:>cat /proc/sys/net/ipv4/ip_forward 1 |
| 20 liangzi OP |
 | 21 rock6y 2018 年 3 月 26 日 via Android 是 systemd 么 把 systemd 里面的 network 服务禁用掉试试 可以装 DHCPCD 或手动配置 IP |
| 22 wwhc 2018 年 3 月 26 日 1 https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_basicnet_router.html Lastly configure the firewall. In SuSEfirewall2, you need to set FW_ROUTE="yes" (otherwise it will also reset forwarding sysctl again) and define the interfaces in the FW_DEV_INT, FW_DEV_EXT (and FW_DEV_DMZ) zone variables as needed, perhaps also FW_MASQUERADE="yes" and FW_MASQ_DEV. 以前的 suse 机器已经退役,手头上没有现成的suse 来测试 |
| 27 YanwenSun 2018 年 3 月 26 日 via Android https://www.suse.com/zh-cn/documentation/sled-12/book_sle_admin/data/sec_boot_initrd.html 似乎 yast 里勾 ip_forward 保存的时候就会重建 initrd |
| 28 liangzi OP |
| 29 liangzi OP |
Select Language