table of contents
other versions
- unstable 6.17-1
| proc_sys_net_ipv4(5) | File Formats Manual | proc_sys_net_ipv4(5) |
NAME¶
/proc/sys/net/ipv4/ - IPv4
DESCRIPTION¶
The IP protocol supports a set of /proc interfaces to configure some global parameters. The parameters can be accessed by reading or writing files in the directory /proc/sys/net/ipv4/. Interfaces described as Boolean take an integer value, with a nonzero value ("true") meaning that the corresponding option is enabled, and a zero value ("false") meaning that the option is disabled.
- /proc/sys/net/ipv4/ip_always_defrag (Boolean; since Linux 2.2.13)
- [New with Linux 2.2.13; in earlier kernel versions this feature was controlled at compile time by the CONFIG_IP_ALWAYS_DEFRAG option; this option is not present in Linux 2.4.x and later]
- When this boolean flag is enabled (not equal 0), incoming fragments (parts of IP packets that arose when some host between origin and destination decided that the packets were too large and cut them into pieces) will be reassembled (defragmented) before being processed, even if they are about to be forwarded.
- Enable only if running either a firewall that is the sole link to your network or a transparent proxy; never ever use it for a normal router or host. Otherwise, fragmented communication can be disturbed if the fragments travel over different links. Defragmentation also has a large memory and CPU time cost.
- This is automagically turned on when masquerading or transparent proxying are configured.
- /proc/sys/net/ipv4/ip_autoconfig (since Linux 2.2 to Linux 2.6.17)
- Not documented.
- /proc/sys/net/ipv4/ip_default_ttl (integer; default: 64; since Linux 2.2)
- Set the default time-to-live value of outgoing packets. This can be changed per socket with the IP_TTL option.
- /proc/sys/net/ipv4/ip_dynaddr (Boolean; default: disabled; since Linux 2.0.31)
- Enable dynamic socket address and masquerading entry rewriting on interface address change. This is useful for dialup interface with changing IP addresses. 0 means no rewriting, 1 turns it on and 2 enables verbose mode.
- /proc/sys/net/ipv4/ip_forward (Boolean; default: disabled; since Linux 1.2)
- Enable IP forwarding with a boolean flag. IP forwarding can be also set on a per-interface basis.
- /proc/sys/net/ipv4/ip_local_port_range (since Linux 2.2)
- This file contains two integers that define the default local port range allocated to sockets that are not explicitly bound to a port number—that is, the range used for ephemeral ports. An ephemeral port is allocated to a socket in the following circumstances:
- •
- the port number in a socket address is specified as 0 when calling bind(2);
- •
- listen(2) is called on a stream socket that was not previously bound;
- •
- connect(2) was called on a socket that was not previously bound;
- •
- sendto(2) is called on a datagram socket that was not previously bound.
- Allocation of ephemeral ports starts with the first number in /proc/sys/net/ipv4/ip_local_port_range and ends with the second number. If the range of ephemeral ports is exhausted, then the relevant system call returns an error (but see BUGS).
- Note that the port range in /proc/sys/net/ipv4/ip_local_port_range should not conflict with the ports used by masquerading (although the case is handled). Also, arbitrary choices may cause problems with some firewall packet filters that make assumptions about the local ports in use. The first number should be at least greater than 1024, or better, greater than 4096, to avoid clashes with well known ports and to minimize firewall problems.
- /proc/sys/net/ipv4/ip_no_pmtu_disc (Boolean; default: disabled; since Linux 2.2)
- If enabled, don't do Path MTU Discovery for TCP sockets by default. Path MTU discovery may fail if misconfigured firewalls (that drop all ICMP packets) or misconfigured interfaces (e.g., a point-to-point link where the both ends don't agree on the MTU) are on the path. It is better to fix the broken routers on the path than to turn off Path MTU Discovery globally, because not doing it incurs a high cost to the network.
- /proc/sys/net/ipv4/ip_nonlocal_bind (Boolean; default: disabled; since Linux 2.4)
- If set, allows processes to bind(2) to nonlocal IP addresses, which can be quite useful, but may break some applications.
- /proc/sys/net/ipv4/ip6frag_time (integer; default: 30)
- Time in seconds to keep an IPv6 fragment in memory.
- /proc/sys/net/ipv4/ip6frag_secret_interval (integer; default: 600)
- Regeneration interval (in seconds) of the hash secret (or lifetime for the hash secret) for IPv6 fragments.
- /proc/sys/net/ipv4/ipfrag_high_thresh (integer)
- /proc/sys/net/ipv4/ipfrag_low_thresh (integer)
- If the amount of queued IP fragments reaches /proc/sys/net/ipv4/ipfrag_high_thresh, the queue is pruned down to /proc/sys/net/ipv4/ipfrag_low_thresh. Contains an integer with the number of bytes.
- /proc/sys/net/ipv4/neigh/*
- See arp(7).
SEE ALSO¶
| 2025-12-25 | Linux man-pages 6.17 |