Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: NetworkManager
Labels:

Fixed in Build:
NetworkManager-1.53.4-1.el9
Severity:
Moderate
Keywords:

ZStream

AssignedTeam:
rhel-net-mgmt
Sub-System Group:

ssg_networking

Story Points:
5
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None
Release Blocker:
Regression Exception
Target Backport Versions:

rhel-9.6.z, rhel-10.0.z

Acceptance Criteria:

Hide

Definition of Done:

Please mark each item below with ( / ) if completed or ( x ) if incomplete:

( ) The acceptance criteria defined below are met.

Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1),

When the system administrator sets ipv4.forwarding to yes in the NetworkManager profile for that interface,

Then NetworkManager should apply the sysctl setting net.ipv4.conf.eth1.forward=1, enabling IP forwarding for that interface

Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1),

When the system administrator sets ipv4.forwarding to no in the NetworkManager profile for that interface,

Then NetworkManager should apply the sysctl setting net.ipv4.conf.eth1.forward=0, disabling IP forwarding for that interface

Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1),

When the system administrator sets ipv4.forwarding to auto in the NetworkManager profile for that interface,

Then NetworkManager should set the forwarding only if there is an activated shared connection.

Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1),

When the system administrator sets ipv4.forwarding to ignore in the NetworkManager profile for that interface,

Then NetworkManager should not modify the current forwarding configuration for that interface.

( ) Code changes are included in a downstream build attached to an errata.

( ) All required testing (manual and/or automated) passes successfully.

( ) Related documentation updates (if applicable) have been completed.

Show
Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1), When the system administrator sets ipv4.forwarding to yes in the NetworkManager profile for that interface, Then NetworkManager should apply the sysctl setting net.ipv4.conf.eth1.forward=1, enabling IP forwarding for that interface Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1), When the system administrator sets ipv4.forwarding to no in the NetworkManager profile for that interface, Then NetworkManager should apply the sysctl setting net.ipv4.conf.eth1.forward=0, disabling IP forwarding for that interface Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1), When the system administrator sets ipv4.forwarding to auto in the NetworkManager profile for that interface, Then NetworkManager should set the forwarding only if there is an activated shared connection. Given a system administrator has configured a NetworkManager connection profile for an Ethernet interface (e.g., eth1), When the system administrator sets ipv4.forwarding to ignore in the NetworkManager profile for that interface, Then NetworkManager should not modify the current forwarding configuration for that interface. ( ) Code changes are included in a downstream build attached to an errata. ( ) All required testing (manual and/or automated) passes successfully. ( ) Related documentation updates (if applicable) have been completed.
Git Pull Request:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2071
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/146814
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.NetworkManager and Nmstate support configuring IPv4 forwarding per interface

With this enhancement, NetworkManager can enable and disable IPv4 forwarding per network interface. This enables granular control directly in NetworkManager connection profiles, and updating `sysctl` kernel settings is no longer required. If you enable the `ipv4.forwarding` parameter in a profile, the corresponding interface acts as a router and forwards IPv4 packets. With the default value `auto`, NetworkManager enables IPv4 forwarding if any shared connection is active and, in other cases, it uses the kernel default value.

This feature is also available in Nmstate.

Show
.NetworkManager and Nmstate support configuring IPv4 forwarding per interface With this enhancement, NetworkManager can enable and disable IPv4 forwarding per network interface. This enables granular control directly in NetworkManager connection profiles, and updating `sysctl` kernel settings is no longer required. If you enable the `ipv4.forwarding` parameter in a profile, the corresponding interface acts as a router and forwards IPv4 packets. With the default value `auto`, NetworkManager enables IPv4 forwarding if any shared connection is active and, in other cases, it uses the kernel default value. This feature is also available in Nmstate.
Release Note Status:
Done
ProdDocsReview-CCS:
Done
ProdDocsReview-Dev:
Done
ProdDocsReview-QE:
Not Required

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

To meet the needs of users configuring multi-interface nodes (OCP) and enable IPv4 forwarding per interface (See RHEL-36429), NetworkManager should support configuring sysctl settings for IPv4 forwarding.

Specifically, the setting net.ipv4.conf.<interface>.forward=1 should be configurable via NetworkManager profiles. This will allow specific interfaces to enable IPv4 forwarding, such as for use cases like Metallb load balancing, without requiring global ip_forward=1 settings.

blocks

RHEL-36429 Support per-interface IPv4 forwarding via sysctl in nmstate

Integration

is cloned by

RHEL-89582 Add support for configuring per-device IPv4 sysctl forwarding option in NetworkManager

Release Pending

links to

RHBA-2025:146814 NetworkManager bug fix and enhancement update

Assignee:: Stanislas Faye

Reporter:: Stanislas Faye

Developer:: Network Management Team

QA Contact:: Vladimir Benes

Doc Contact:: Marc Muehlfeld

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2024/09/17 7:20 AM

Updated:: 2025/10/15 10:51 AM

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide