How to enable IP Forwarding in Linux
By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.
Check if IP Forwarding is enabled
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
or just checking out the value in the /proc system:
cat /proc/sys/net/ipv4/ip_forward
0
As we can see in both the above examples this was disabled (as show by the value 0).
Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):
sysctl -w net.ipv4.ip_forward=1
or
echo 1 > /proc/sys/net/ipv4/ip_forward
the setting is changed instantly; the result will not be preserved after rebooting the system.
Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:
sysctl -p /etc/sysctl.conf
On RedHat based systems this is also enabled when restarting the network service:
service network restart
and on Debian/Ubuntu systems this can be also done restarting the procps service:
/etc/init.d/procps.sh restart
Using distribution specific init scripts
Although
the methods presented above should work just fine and you would not
need any other method of doing this, I just wanted to note that there
are also other methods to enable IP Forwarding specific to some Linux
distributions.
For example Debian based distributions might use the setting:
/etc/network/options:
ip_forward=no
set it to yes and restart the network service.
Also RedHat distributions might set this using:
/etc/sysconfig/network:
FORWARD_IPV4=true
and again restart the network service.
Regardless the method you have used once you have completed this you can check it out using the same method shown above:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
cat /proc/sys/net/ipv4/ip_forward
1
If the result is 1 then the Linux system will start forwarding IP packets even if they are not destined to any of its own network interfaces.
ps. I was setting up a VPN dial-in server when I wrote this post .
19th October 2006, 11:13
/etc/network/options is deprecated in Debian!
For more information: /usr/share/doc/netbase/README.Debian
27th February 2007, 12:37
[...] A great guide : http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
1st August 2007, 08:01
Okay, these steps were pretty easy to follow, but whenever I try to connect, my ubuntu box pops up a serial chat window., showing mostly gibberish. After about fifteen seconds my Palm TX says the connection timed out. What do I need to do to make ubuntu give my Palm an ip address and dns?
25th September 2007, 12:38
At least for me, the addition of the line
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
into /etc/rc.local is necessary to make forwarding work.
7th November 2007, 07:39
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
28th November 2007, 19:11
[...] How-to article on IP forwarding in different Linux distros [...]
27th December 2007, 05:43
this method did not work for me in fedora core 8
27th December 2007, 13:21
Josh: what is the output of this command?
cat /proc/sys/net/ipv4/ip_forward
1st February 2008, 09:24
Wonderful article! It helped me a lot.
7th April 2008, 04:28
DEAR
I HAVE UBUNTU SERVER WITH LTSP AND ONE OTHER FAT UBUNTU MACHINE BUT PROBLEM IS THAT I WANT TO CONNECT THAT ON MY HUB BUT EVERY DAY I WILL HAVE TO RUN “echo 1 >> /proc/sys/net/ipv4/ip_forward” can it be automaticly please help me
7th April 2008, 13:56
baba: add to your /etc/sysctl.conf:
net.ipv4.ip_forward = 1
10th April 2008, 05:37
Thanks i got you point
ARK
10th April 2008, 05:38
#- Marius -
#7th April 2008, 13:56
#
#baba: add to your /etc/sysctl.conf:
#net.ipv4.ip_forward = 1
Done Dear
4th June 2008, 19:44
#eth0 – internet
#eth1 – network
echo -e “192.168.10.99 00:15:F2:16:6C:C2 dev eth1″ > /srv/mac.list
arp -f /srv/mac.list
iptables -t nat -A POSTROUTING -o eth0-j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
#this script enable internet for ip 192.168.10.99 with MAC 00:15:F2:16:6C:C2
26th June 2008, 10:45
Mas stels88, gimana klo aku punya gini..
inet —- eth0 proxy (squid) eth1 —— user, supaya user bisa pake outlook express buat akses email di luar…di iptables mesti setting gimana …
22nd July 2008, 04:52
and i thought it’ll take me lots of command and howto reading to achieve this..
Thanks a lot, you save my day
27th July 2008, 18:00
[...] The last thing you need to do is enable the host computer to do ip forwarding so that the client computer can get to the internet and download the packages it needs. To do so is fairly simple: [...]
17th September 2008, 13:58
That was very helpful.Does the same logic work for ipv6 forwarding also.As my sysconf file has a statement for ipv6 that is commented out.
net.ipv6.ip_forward = 1
But wen i enable it and run sysctl -p /etc/sysctl.conf
i get an error!!!!
Thanks in advance!
31st October 2008, 22:30
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
22nd November 2008, 12:22
Great tutorial.
However i was wondering how to forward all unused ip addresses in a single linux machine. Could anyone help me out here or post a link that gives info on how to do so.
26th November 2008, 03:29
[...] http://www.thebakershome.net/openvpn_tutorial http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ Tags: TAP VPN, Ubuntu [...]
28th November 2008, 12:20
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
17th January 2009, 17:46
[...] > das unter Debian? Was sagt denn `cat /proc/sys/net/ipv4/ip_forward`? Falls 0, guck mal unter http://www.ducea.com/2006/08/01/how-…ding-in-linux/ —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.9 (GNU/Linux) [...]
9th February 2009, 12:06
How to enable IP Forwarding in Linux…
How to enable IP Forwarding in Linux | MDLog:/sysadminHow to enable IP Forwarding in Linux…
11th March 2009, 22:58
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
26th March 2009, 17:27
Above mentioned commands concerning the iptables are necessary only if the netfilter/iptables are active and if you wish to use the NAT (network address translation) – MASQUERADE etc.
A Linux based computer is very good router even if the address translation is not used. It can use dynamic routing with the OSPF protocol. It can be configured with VLAN trunk interface as “router on the stick” having one Ethernet port only etc.
27th March 2009, 06:28
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
8th May 2009, 10:52
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
4th June 2009, 05:27
Dear all
How can i Configure RedHat 9 Gate Way.Pls Help me.Step By Step.
Best Regards
Fahim
29th June 2009, 20:43
[...] denn nun f?r VPN respektive IPSec arbeiten soll, muss dort zwingend IP-forwarding aktiviert sein. How to enable IP Forwarding in Linux | MDLog:/sysadmin [...]
5th August 2009, 18:53
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
23rd August 2009, 17:51
Great info! Concise and up to the point!
Thank you for your contribution.
20th November 2009, 13:21
[...] digress. Good article here on how to dis/enable IP Forwarding, but more importantly for my memory it also has the sysctl [...]
26th November 2009, 01:05
[...] to your old server will be automatically redirected to the new server. This guide will help: How to enable IP Forwarding in Linux | MDLog:/sysadmin __________________ cPanelAutoBackup.Com – Automated Daily cPanel [...]
15th December 2009, 04:45
[...] ?????/etc/sysctl.conf (via)????????????????iptables(via)? [...]
19th December 2009, 18:44
[...] – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic esTcpipParametersIPEnableRouter:1 linux – http://www.ducea.com/2006/08/01/how-…ding-in-linux/ set your client IP/subnet/dns to be compatible with your host network… set your gateway as your [...]
24th January 2010, 00:35
[...] grep forw rc.d/init.d/network echo 1 2>/dev/null >/proc/sys/net/bridge/forwarding Also, from here, it looks like you can use sysctl to do this as well. To check IP forwarding: [...]
30th January 2010, 01:54
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
18th September 2010, 01:39
[...] machine http://support.microsoft.com/kb/315236 (shows how to enable IP forwarding on Windows) http://www.ducea.com/2006/08/01/how-…ding-in-linux/ (shows how to enable it on Linux) or enable it on linux Then you can use this setup Windows IP: [...]
21st September 2010, 05:31
[...] No matter what distribution you’re using, you need reboot after changed settings. (According THIS, you have several ways to enable ipv4 forwarding, without [...]
21st September 2010, 09:28
[...] echo 1 > /proc/sys/net/ipv4/ip_forward [...]