策略不起作用时，启用火墙的路由转发功能(IP和SPLAT平台)

network

策略不起作用时，启用火墙的路由转发功能(IP和SPLAT平台)

  

通常大家都知道火墙策略在执行网关是unload状态时，内部网络无法访问到外网，默认情况下IP Forwarding 是禁用的，如需让内内网访问需要如下命令:

IPSO平台:

To manually enable IP Forwarding on a system with VPN-1/FireWall-1 installed, use the command:

nokia[admin]# ipsofwd on admin

To manually disable IP Forwarding, use the command:

nokia[admin]# ipsofwd off admin

The "admin" part of both commands is simply a tag to let you know who last changed IP Forwarding. You can determine who last changed the state of IP Forwarding by using the command: 'ipsofwd list'

On a system without VPN-1/FireWall-1 installed, you can enable IP forwarding with the following command:

nokia[admin]# ipsctl -w net:ip:forwarding 1

To disableIP forwarding without VPN-1/FireWall-1 installed:

nokia[admin]# ipsctl -w net:ip:forwarding 0


SPLAT平台:

校验如果 IP Forwarding 是否被启用：

more /proc/sys/net/ipv4/ip_forward

Note:如果提示文件不存在请允许如下命令:

touch /proc/sys/net/ipv4/ip_forward

如果“more”命令I输出的不是1，则运行如下命令:

echo 1 > /proc/sys/net/ipv4/ip_forward