alt Hacker NewsWhat changes when you turn a Linux box into a router
Comments
Used to run a virtualized firewall setup. And then one day discovered that somewhere along the lines I had made a change (or an update changed something) that meant proxmox admin interface was being served publicly. That's despite confirming during initial setup that it isn't.
So now I do not do any funky stuff with firewalls anymore. Separate appliance with opnsense bare metal.
My very first exposure to Linux was in 2000, my school was about to throw away an old gateway computer and I took it home and turned it into router
As a kid with no AI, no google, it was quite a feat and I’m still very proud of it
Was my introduction into how the internet works and I’ll never forget working with ipchains
I remember enduring a lot of people in forums calling me a noob, but only after spending collective hours answering my dumb questions
I credit a big part of my moderate success in tech, to being familiar with stuff at just a tad bit lower of a level than the average bear
To my friend Sam who I haven’t talked to in 20 years, thanks for the idea
[dead]
The Linux box instantly turns into a router as soon as you run `sysctl net.ipv4.ip_forward=1`, because the default policy for FORWARD table is ACCEPT.
You need to explicitly reconfigure the iptables/nftables to prevent that from happening.
Some software, say LXD/Incus, enable forwarding automatically upon installation/startup, and do not configure firewall to block non-their traffic, making the machine an open router. I've reported that, the developers said that's by design (despite other virtualization/containerization systems block forwarding if they happen to enable the sysctl).