Linux enable packet forwarding

From Ever changing code
Jump to navigation Jump to search

By default Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding.

Check if IP Forwarding is enabled

Using sysctl query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not 

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or checking out the value in the /proc system: 

cat /proc/sys/net/ipv4/ip_forward
0

In the both examples IP forwarding is disabled as show the value 0

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly without rebooting the system 

sysctl -w net.ipv4.ip_forward=1

or 

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

To make this configuration permanent is using the file /etc/sysctl.conf where we add a line containing net.ipv4.ip_forward = 1 

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the 'value 0 you can change that to 1.

To enable the changes made in sysctl.conf you will need to run the command: 

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service: 

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service: 

/etc/init.d/procps.sh restart

Using distribution specific init scripts

Although the methods presented above should work just fine and you would not need any other method of doing this, I just wanted to note that there are also other methods to enable IP Forwarding specific to some Linux distributions. For example Debian based distributions might use the setting: 

/etc/network/options:
ip_forward=no

set it to yes and restart the network service. Also RedHat distributions might set this using: 

/etc/sysconfig/network:
FORWARD_IPV4=true

and again restart the network service.

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_enable_packet_forwarding&oldid=1653