]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
man: mention that IPMasquerade= and IPv6SendRA= implies IPv4Forwarding=/IPv6Forwarding=
authorYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 30 May 2024 03:44:07 +0000 (12:44 +0900)
committerLuca Boccassi <luca.boccassi@gmail.com>
Thu, 30 May 2024 08:20:33 +0000 (10:20 +0200)
It has been mentioned in IPv4Forwarding= and IPv6Forwarding=,
but let's also explain in the settings who imply these settings.

Follow-up for 3976c430927e1bfefa0413f80ebac84ab9a64350 and
485f5148b3a3e5ebc7e14acef78494a98435c4b9.

man/systemd.network.xml

index 10876ae3095f229e084ea8cd9d0a6cdd17093cd7..82dff651222674c555e5af055a7f1305f665d882 100644 (file)
@@ -866,11 +866,20 @@ Table=1234</programlisting></para>
         <term><varname>IPMasquerade=</varname></term>
         <listitem>
           <para>Configures IP masquerading for the network interface. If enabled, packets forwarded
-          from the network interface will be appear as coming from the local host. Takes one of
-          <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>both</literal>, or
-          <literal>no</literal>. Defaults to <literal>no</literal>.</para>
-          <para>Note. Any positive boolean values such as <literal>yes</literal> or
-          <literal>true</literal> are now deprecated. Please use one of the values above.</para>
+          from the network interface will be appear as coming from the local host. Typically, this should be
+          enabled on the downstream interface of routers. Takes one of <literal>ipv4</literal>,
+          <literal>ipv6</literal>, <literal>both</literal>, or <literal>no</literal>. Defaults to
+          <literal>no</literal>. Note. Any positive boolean values such as <literal>yes</literal> or
+          <literal>true</literal> are now deprecated. Please use one of the values above. Specifying
+          <literal>ipv4</literal> or <literal>both</literal> implies <varname>IPv4Forwarding=</varname>,
+          unless it is explicitly specified. Similary for <varname>IPv6Forwarding=</varname> when
+          <literal>ipv6</literal> or <literal>both</literal> is specified. These implications are only on
+          this interface. Hence, to make the IP packet forwarding works,
+          <varname>IPv4Forwarding=</varname>/<varname>IPv6Forwarding=</varname> need to be enabled on an
+          upstream interface, or globally enabled by specifying them in
+          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+          See <varname>IPv4Forwarding=</varname>/<varname>IPv6Forwarding=</varname> in the above for more
+          details.</para>
 
           <xi:include href="version-info.xml" xpointer="v219"/>
         </listitem>
@@ -1068,6 +1077,9 @@ Table=1234</programlisting></para>
           distributed. See <varname>DHCPPrefixDelegation=</varname> setting and the [IPv6SendRA],
           [IPv6Prefix], [IPv6RoutePrefix], and [DHCPPrefixDelegation] sections for more configuration
           options.</para>
+          <para>If enabled, <varname>IPv6Forwarding=</varname> on this interface is also enabled, unless
+          the setting is explicitly specified. See <varname>IPv6Forwarding=</varname> in the above for more
+          details.</para>
 
           <xi:include href="version-info.xml" xpointer="v247"/>
         </listitem>