- How to enable IP Forwarding in Linux
- Check if IP Forwarding is enabled
- Enable IP Forwarding on the fly
- Permanent setting using /etc/sysctl.conf
- Using distribution specific init scripts
- Как включить/выключить IP Forwarding в Linux
- Проверяем включен или нет IP Forwarding в данный момент
- Временно включаем/отключаем IP Forwarding
- Постоянно включаем/отключаем IP Forwarding в системе
- IP Forwarding With net.ipv4.ip_forward
- Checking IP Forwarding Status
- How to Temporary Enable IP Forwarding
- How to Permanently Enable IP Forwarding
- Wrap Up
- About the author
- Denis Kariuki
- How To Enable IP Forwarding in Linux
- Steps To Enable and Disable IP Forwarding in Linux
- Check IP Forwarding Status
- Enable IP Forwarding in Linux
- Disable IP Forwarding in Linux
- IP Forwarding Troubleshooting
- Manage sysctl Command
- Conclusion
How to enable IP Forwarding in Linux
By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.
Check if IP Forwarding is enabled
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not: Using sysctl:
sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
or just checking out the value in the /proc system:
cat /proc/sys/net/ipv4/ip_forward 0
As we can see in both the above examples this was disabled (as show by the value 0).
Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):
sysctl -w net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward
the setting is changed instantly; the result will not be preserved after rebooting the system.
Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
/etc/sysctl.conf: net.ipv4.ip_forward = 1
if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:
On RedHat based systems this is also enabled when restarting the network service:
and on Debian/Ubuntu systems this can be also done restarting the procps service:
Using distribution specific init scripts
Although the methods presented above should work just fine and you would not need any other method of doing this, I just wanted to note that there are also other methods to enable IP Forwarding specific to some Linux distributions. For example Debian based distributions might use the setting:
/etc/network/options: ip_forward=no
set it to yes and restart the network service. Also RedHat distributions might set this using:
/etc/sysconfig/network: FORWARD_IPV4=true
and again restart the network service.
Regardless the method you have used once you have completed this you can check it out using the same method shown above:
sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1
cat /proc/sys/net/ipv4/ip_forward 1
If the result is 1 then the Linux system will start forwarding IP packets even if they are not destined to any of its own network interfaces.
ps. I was setting up a VPN dial-in server when I wrote this post ;-).
Как включить/выключить IP Forwarding в Linux
Почти во всех распространенных дистрибутивах IP Forwarding выключен по-умолчанию и это имеет смысл, так как далеко не каждый его использует. Но в том случае, если вы планируете поднять собственный маршрутизатор на ОС Linux, настроить VPN сервер и так далее, вам необходимо включить форвардинг пакетов (маршрутизацию транзитных IP-пакетов, т.е. тех пакетов, которые не предназначены именно для вашего компьютера) в вашей ОС. В данной мини-инструкции я расскажу как это можно сделать:
Проверяем включен или нет IP Forwarding в данный момент
Для проверки в каком состоянии в данный момент находится форвардинг пакетов (включен или выключен), мы должны сделать запрос к ядру через команду sysctl. Делается это так:
Временно включаем/отключаем IP Forwarding
Чтобы включить форвардинг пакетов «на лету» и не перезагружать систему, нам достаточно выполнить следующую команду:
sudo sysctl -w net.ipv4.ip_forward=1
Чтобы выключить форвардинг пакетов «на лету» и не перезагружать систему, нам достаточно выполнить следующую команду:
sudo sysctl -w net.ipv4.ip_forward=0
Постоянно включаем/отключаем IP Forwarding в системе
В том случае, если нам необходимо перманентно включить или отключить форвардинг пакетов в системе, нам необходимо внести правки в конфигурационный файл /etc/sysctl.conf Для перманентного включения IP Forwarding, в конец данного файла добавляем следующую строчку:
Для перманентного отключения IP Forwarding, в конец данного файла добавляем следующую строчку:
Если в конфигурационном файле /etc/sysctl.conf уже есть настройка net.ipv4.ip_forward и она не закомментирована, то можно в ней выставить нужное значение и добавлять в конец файла эту настройку еще раз — нет необходимости
Далее, чтобы применить новую настройку, которую мы добавили, нам необходимо выполнить следующую команду:
Все, теперь в зависимости от значения в /etc/sysctl.conf, после перезагрузки ОС, форвардинг пакетов будет либо включен (net.ipv4.ip_forward = 1), либо выключен (net.ipv4.ip_forward = 0).
IP Forwarding With net.ipv4.ip_forward
“IP forwarding in Linux refers to setting your Linux to accept incoming network packets and forwarding them to another network. Any modern Linux system does not allow IP forwarding as it wastes bandwidth as a regular user doesn’t need IP forwarding. However, if you need to set your Linux system to act as a gateway or router, you must enable IP forwarding and, in this case, IPv4 IP forwarding. If this sounds new to you, worry less, as this article covers all you need to know about IPv4 IP forwarding.”
Checking IP Forwarding Status
By default, your Linux system has IP forwarding disabled. You can confirm its status by checking the sysctl kernel or /proc. The values get displayed in binary, with 0 implying false and 1 implying true.
To check the status using the /proc value, use the command below.
Alternatively, you can query the sysctl kernel using the command below.
From both outputs, we note the status is 0, meaning net.ipv4.ip_forward is not enabled.
How to Temporary Enable IP Forwarding
Various scenarios may require you to enable IP forwarding. For instance, if you wish to use your Linux server as a NAT device or a router, you must configure your Linux to receive network packets from one interface while forwarding them to another. Configuring the IP forwarding as a permanent solution is not preferred. Instead, you should temporarily enable it, which resets on the next reboot.
To enable IP forwarding, also known as routing, use the echo command to change the default values from 0 to 1 or use the sysctl command.
To use the echo command to enable IP forwarding, run the command below.
Similarly, run the command below to enable IP forwarding using sysctl.
Once you set the new binary value for the IP forward, you can check its status using the earlier commands. It should output 1 to imply IP forwarding is enabled.
You should know that the settings configured above won’t persist after the next reboot. Alternatively, if you wish to regain the initial state of the disabled IP forwarding before the reboot, all you need is to change the values to 0 instead of 1.
Therefore, any of the commands below will disable the IP forwarding.
$ echo 0 > / proc / sys / net / ipv4 / ip_forward
$ sysctl -w net.ipv4.ip_forward= 0
We see that the status is disabled and set to 0.
How to Permanently Enable IP Forwarding
Permanently enabling IP forwarding is not recommended, but if you must, you can edit the sysctl.conf file, and the changes will survive a reboot until you again change the settings in the configuration file to disable it.
The changes are similar to those of a temporary configuration. You need to add the state 1 to enable and 0 to disable.
Using an editor of choice, open the /etc/sysctl.conf file. In our case, we are using nano editor, and you should have root privileges to modify the file.
Once opened, you can enable IP forwarding by adding the below line of code. You can also locate the line below in the file and uncomment it by deleting the #.
If the IP forwarding was enabled and you wish to disable it permanently, replace the above line of code with the one below.
Once you’ve edited the file, run the command below for the changes to take effect.
That’s it! You’ve successfully enabled IP forwarding permanently.
Wrap Up
This guide shows how to enable and disable IP forwarding either temporarily or permanently. Using the commands presented, you should easily configure your Linux distro depending on your tasks. Hopefully, you now understand net.ipv4.ip_forwarding.
About the author
Denis Kariuki
Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.
How To Enable IP Forwarding in Linux
In this tutorial, we want to show you How To Enable IP forwarding in Linux. Also, you will learn to Disable IP Forwarding in Linux.
“IP forwarding” is a synonym for “routing.” It is called “kernel IP forwarding” because it is a feature of the Linux kernel.
A router has multiple network interfaces. If traffic comes in on one interface that matches a subnet of another network interface, a router then forwards that traffic to the other network interface.
When enabled, “IP forwarding” allows a Linux machine to receive incoming packets and forward them.
Steps To Enable and Disable IP Forwarding in Linux
To complete this guide, you need privileged access to your Linux system as a root or non-root user with sudo privileges.
Now follow the steps below.
Check IP Forwarding Status
First, you must check your current IP forwarding status that is enabled or disabled on your server. To do this, you can use the following command:
Example Output net.ipv4.ip_forward = 0
In this example output, you will see that net.ipv4.ip_forward = 0 . It means that your IP forwarding is disabled. If it were set to 1, that would mean it’s enabled.
Alternatively, you can use the following command:
cat /proc/sys/net/ipv4/ip_forward
Enable IP Forwarding in Linux
At this point, you can easily enable your IP forwarding by using the following command:
sysctl -w net.ipv4.ip_forward=1
Also, you can use the following command instead the above command:
echo 1 > /proc/sys/net/ipv4/ip_forward
Next, you need to make sure that your changes apply to the system reboot. To do this, you need to edit the /etc/sysctl.conf file. Open the file with your favorite text editor, here we use vi:
Add the following line to the bottom of the file:
When you are done, save and close the file.
To apply the changes, run the command below:
Disable IP Forwarding in Linux
Disabling IP forwarding in Linux is the same step as enabling it. To disable it, run the command below:
sysctl -w net.ipv4.ip_forward=0
Or, you can use the following command instead:
echo 0 > /proc/sys/net/ipv4/ip_forward
To make sure the new setting survives a reboot, open the /etc/sysctl.conf file:
Add the following line to the bottom of the file:
When you are done, save and close the file.
To apply the changes, run the command below:
IP Forwarding Troubleshooting
If you have successfully enabled the Linux IP forwarding (verified by checking the kernel variable after reboot), but you’re still not receiving traffic on destination systems, check the FORWARD rules of iptables. To do this, run the command below:
Your FORWARD chain should either be set to ACCEPT or have rules listed that allow certain connections. You can see if traffic is reaching the FORWARD chain of iptables by checking the number of packets and bytes that have hit the chain. If there aren’t any, then you may have some higher rules in your chain that are blocking traffic.
Manage sysctl Command
If the sysctl command is not activated on your server, you can use the following command to start your service:
sudo systemctl start sysctl
Conclusion
At this point, you have learned to Enable and Disable IP forwarding in Linux.
You may be like these articles: