IP forwarding is about sending a network packet from one network interface to another, it is a synonym of routing.
If your Linux machine has multiple network interfaces, and if traffic comes in one interface that matches a subnet of another interface, if IP forwarding is enabled, then it forwards that traffic to the other network interface.
On Linux operating systems, the kernel has the variable ip_forward
in the path '/proc/sys/net/ipv4/ip_forward'
. The default value is 0 (disabled), and you can change it to 1 (enabled).
Temporal IP Forwarding
If you want to enable IP forwarding temporarily, you can easily change the value from 0 to 1 of the ip_forward
file:
$ echo 1 > /proc/sys/net/ipv4/ip_forward
If you want to get the current value of ip_forward
, you can simply use cat
command:
$ cat /proc/sys/net/ipv4/ip_forward
Output:
1
Indeed, it’s enabled now and you can start forwarding packets. However, once you reboot your system, it goes back to 0 (disabled).
In the next section, we’ll see how to enable IP forwarding permanently.
Permanent IP Forwarding
The IP forwarding configuration file in Debian-based distributions is located in /etc/sysctl.conf
. As a result, we need to add IP forward configuration there, let’s edit that file:
$ nano /etc/sysctl.conf
Then add the following line:
net.ipv4.ip_forward=1
Usually, you’ll see this line exists but commented with the '#'
, you can either remove the '#'
or add a whole new line.
Also, if you want to enable IP forwarding on IPv6 instead of IPv4, then add the line:
net.ipv6.conf.all.forwarding=1
Similarly, the line is already there, you can either uncomment the line or add it. Finally, save the file and exit.
Now this won’t take effect immediately, you can either reboot your system, or reload the proc file system using the following command:
$ /etc/init.d/procps restart
You’ll immediately see effect in the /proc/sys/net/ipv4/ip_forward
file after the above command.
Conclusion
In this guide, you learned how to enable and disable IP forwarding in Debian-based Linux systems, both temporarily and permanently.
Learn also: How to Get your Public IP Address in Linux.
Happy Hacking!