On /etc/conf.d/iptables we have the following: # Change to "yes" to enable forwarding support in the kernel. Please # note that this will override any setting placed in /etc/sysctl.conf. ENABLE_FORWARDING_IPv4="yes" *but*, forwarding was back *only* when I changed /etc/sysctl.conf to net.ipv4.ip_forward = 1 That happened after a huge emerge -uvD world, that updated among zillions of things, iptables (now version iptables-1.2.9-r3). Reproducible: Always Steps to Reproduce: 1. Set net.ipv4.ip_forward = 0 on /etc/sysctl.conf 2. Set ENABLE_FORWARDING_IPv4="yes" on /etc/conf.d/iptables 3. Restart your firewall (/etc/init.d/firewall restart). Actual Results: Firewall stopped forwarding. Expected Results: Firewall should allow forwarding.
You probably haven't updated /etc/init.d/confd with the new version (run etc-update). Forwarding was removed in 1.2.9-r1.