Linux enable packet forwarding

From Ever changing code
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

By default Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding.

Check if IP Forwarding is enabled

Using sysctl query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not 

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or checking out the value in the /proc system: 

cat /proc/sys/net/ipv4/ip_forward
0

In the both examples IP forwarding is disabled as show the value 0

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly without rebooting the system 

sysctl -w net.ipv4.ip_forward=1

or 

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

To make this configuration permanent is using the file /etc/sysctl.conf where we add a line containing net.ipv4.ip_forward = 1 

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the 'value 0 you can change that to 1.

To enable the changes made in sysctl.conf you will need to run the command: 

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service: 

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service: 

/etc/init.d/procps.sh restart

Using distribution specific init scripts

Although the methods presented above should work just fine and you would not need any other method of doing this, I just wanted to note that there are also other methods to enable IP Forwarding specific to some Linux distributions. For example Debian based distributions might use the setting: 

/etc/network/options:
ip_forward=no

set it to yes and restart the network service. Also RedHat distributions might set this using: 

/etc/sysconfig/network:
FORWARD_IPV4=true

and again restart the network service.

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_enable_packet_forwarding&oldid=1653