How to enable or disable ip_forwarding in Solaris 10 and prior

A number of factors affect how IP forwarding and routing is configured at boot time. Prior to Solaris 10, IPv4 forwarding could be disabled at boot time by creating the file /etc/notrouter. Solaris 10 no longer makes use of the /etc/notrouter file. For Solaris 10, IP forwarding is disabled by default and can be enabled using the routeadm utility.

The following instructions show how to change ip_forwarding settings for various Solaris Operating system releases.

For releases prior to Solaris 10

IP forwarding settings can be manipulated by using ndd command.

To enable/disable IPv4 forwarding:

# ndd -set /dev/ip ip_forwarding [value]

For example:

# ndd -set /dev/ip ip_forwarding 0

To view the current setting:

# ndd -get /dev/ip ip_forwarding

The value can be 0, or 1:

  • 0 - do not forward
  • 1 - forward

For Solaris 8 and 9, there is also a capability to control IPv6 packet forwarding.

# ndd -set /dev/ip ip6_forwarding [value]

For example:

# ndd -set /dev/ip ip6_forwarding 0

Additionally, Solaris 8 and 9 can provide a finer-grained IP forwarding on an interface by interface basis.

# ndd -set /dev/ip [interface]:ip_forwarding [value]

For example:

# ndd -set /dev/ip interface:ip_forwarding 1

For Solaris 9 only IPv6 interfaces:

# ndd -set /dev/ip [interface]:ip6_forwarding [value]

To preserve changes across reboots, include the appropriate ndd statement in a system startup script. The script should be run between existing S69inet and S72inetsvc scripts.

For Solaris 10

Solaris 10 introduced a new utility called routeadm to allow configuration of IP forwarding and routing. Enabling or disabling forwarding with routeadm commands are persistent across reboots.

To enable IP forwarding:

# routeadm -e ipv4-forwarding
# routeadm -e ipv6-forwarding

To disable IP forwarding:

# routeadm -d ipv4-forwarding
# routeadm -d ipv6-forwarding

To apply the changes to the running system:

# routeadm -u

routeadm arguments may also be combined:

# routeadm -e ipv4-forwarding -e ipv6-forwarding -u

Without arguments, routeadm reports the current configuration.

To control IP forwarding on a individual IPv4 or IPv6 interface use the ifconfig utility:

- To enable IP forwarding:

# ifconfig interface router
# ifconfig  interface ipv6 router

- To disable IP forwarding:

# ifconfig  interface -router
# ifconfig  interface ipv6 -router

To preserve these changes across reboots, the router or -router flag may be added to the file /etc/hostame.[interface] or /etc/hostname6.[interface] (in case of IPv6).