IP packet forwarding is the process of routing packets between network interfaces on one system. A packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface. While this is a job for the network router, Servers with multiple interfaces connected to different network can perform this action as well. This behaviour as a router is a default in Sun Solaris Operating Systems.
If your Sun Solaris server has multiple interfaces and is not intended to route packets between the networks it is connected to, then it is advisable to disable this option. This can be a potential target for a malicious hacker as this can potentially allow the hacker access to the network at the other side.
To disable this packet forwarding in Solaris, simply create the file
/etc/notrouter
and reboot the server. However, if reboot is not an option at this time, then usee the NDD command to disble the option:
To display the current status
# ndd /dev/ip ip_forwarding
1
0 is Disabled
1 is Enabled
To disable,
# ndd -set /dev/ip ip_forwarding 0
For IPv6
# ndd -set /dev/ip6 ip6_forwarding 0
This should disable. To confirm change,
# ndd /dev/ip ip_forwarding
0
# ndd /dev/ip6 ip6_forwarding
0
In Solaris 8 and later, IP forwarding can be enabled or disabled on a per interface basis. For example, if there are 3 hme NIC cards namely hme0,hme1,hme2 then assume, we allow IP Forwarding only from hme0 and disable on hme1 and hme2 then the following will help:
# ndd -set /dev/ip hme0:ip_forwarding 1
# ndd -set /dev/ip hme1:ip_forwarding 0
# ndd -set /dev/ip hme2:ip_forwarding 0
This should help