How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

MDLog:/sysadmin
The Journal Of A Linux Sysadmin
RSS

» RSS

Blog
Archives
About
Contact

How to Enable IP Forwarding in Linux

Aug 1st, 2006 | Comments

By default any modern Linux distributions will have IP Forwarding disabled. This is normally a
good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux
router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will
need to enable forwarding. This can be done in several ways that I will present bellow.

Check if IP Forwarding is enabled

We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or
not: Using sysctl:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

cat /proc/sys/net/ipv4/ip_forward
0

As we can see in both the above examples this was disabled (as show by the value 0).

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly
(without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

1 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file
/etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service:

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service:

/etc/init.d/procps.sh restart

Using distribution specific init scripts

Although the methods presented above should work just fine and you would not need any other
method of doing this, I just wanted to note that there are also other methods to enable IP
Forwarding specific to some Linux distributions. For example Debian based distributions might
use the setting:

/etc/network/options:
ip_forward=no

set it to yes and restart the network service. Also RedHat distributions might set this using:

/etc/sysconfig/network:
FORWARD_IPV4=true

and again restart the network service.

Regardless the method you have used once you have completed this you can check it out using
the same method shown above:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

2 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

cat /proc/sys/net/ipv4/ip_forward
1

If the result is 1 then the Linux system will start forwarding IP packets even if they are not
destined to any of its own network interfaces.

ps. I was setting up a VPN dial-in server when I wrote this post ;-).

Posted by Marius Ducea Aug 1st, 2006 posted in: Centos, Debian, Fedora, Linux, RHEL, Tips &
Tricks, Ubuntu

Tweet 9

« Debian GNU/Linux 4.0 (ETCH) will be released in December 2006 200607 Poll Results: Where is
your dedicated server hosted? »

Comments

3 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

ALSO ON MDLOG:/SYSADMIN AROUND THE WEB What's this?

HowTo recompile Debian packages 2 months ago How to Find and Close Old Online Accounts
Citi Women & Co.
Linux Tips: get the list of subdirectories with
their owner & permissions and full paths 25 Best Laptops in the World My Life Scoop

Remove debian udev persistent-net-rules Symptoms of Not Drinking Enough Water eHow
2 months ago
Chemist Shows Why this Artificial Sweetener
Debian 6.0 Squeeze expected to be released is Risky The People's Chemist
by the end of the year… if all goes well

28 comments ★ 0

Leave a message...

Best Community Share ⤤ #

sanjeeb • 2 years ago

enable ip forwarding :-
#vim /etc/sysctl.conf

net.ipv4.ip_forward=1
#change 0 to 1
:wq
#sysctl -p (save ip forwarding in kernel)
5 1 Reply Share ›

stels88 • 5 years ago

#eth0 - internet
#eth1 - network
echo -e "192.168.10.99 00:15:F2:16:6C:C2 dev eth1" > /srv/mac.list
arp -f /srv/mac.list
iptables -t nat -A POSTROUTING -o eth0-j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
#this script enable internet for ip 192.168.10.99 with MAC 00:15:F2:16:6C:C2
2 Reply Share ›

tty • 6 years ago

At least for me, the addition of the line

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

into /etc/rc.local is necessary to make forwarding work.

1 Reply Share ›

4 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

About Me

Marius Ducea
(SF Bay Area, CA)

Sysadmin; Freelancer; Blogger. Automated infrastructure; Chef, Ruby, DevOps, EC2.

Contact

@mariusducea (Twitter)
mariusducea (LinkedIn)
mariusducea (Facebook)
mariusducea (Google+)
marius.ducea (Posterous)
mdxp (GitHub)

Recent Posts

HowTo Migrate to Chef 11

knife-backup
knife-cleanup
Bay Area Chef User Group Update - After One Year
Finally Migrated to Octopress

GitHub Repos

knife-cleanup

knife plugin to help cleanup unused cookbook versions from a chef server.

knife-backup

knife plugin to help backup and restore a chef server.

nodejs-cookbook

icinga-cookbook

chef-jenkins

Chef/Jenkins workflow integration

drupal-cookbook

5 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

cookbooks

My custom Cookbooks for Chef

chef-server-bootstrap

@mdxp on GitHub

Latest Tweets

4dLess than 2 days uptime and my MBP already reached 8G swap and growing. This is
insane! #macosx

5d94F

5dLooking forward for the ChefCafe today in MV to talk about #ChefConf and see how
people liked it. Crazy how many people we have registered!

5dAre resumes still a thing these days? What do you guys reply to someone asking for your
resume?

Follow @mariusducea 1,080 followers

Categories

Centos
Certifications
Chef
Cloud Computing
Conferences
Configuration management
Contribute
CPanel
Debian
Fedora
Freelancer
General
Hardware
Linux
MacOSX
Meetups
Monitoring
News from Outside
RHEL
Scaling
Security
Tips & Tricks
Tools
Ubuntu

6 of 7 05/08/2013 08:51 AM
How to enable IP Forwarding in Linux - MDLog:/sysadmin http://www.ducea.com/2006/08/01/how-to-enable-ip-forwardin...

Virtualization
WordPress

Tags

CPanel Centos Cloud Computing Conferences Debian Fedora Freelancer LISA Linux RHEL Security Tips & Tricks

Tools WordPress amazon ami apache apache-tips-and-tricks apache2 apt aws awstats backup bash bcfg2 bnx2 chef datacenter deb
debian-etch debian-lenny debian_packages debian_tools dell devops distributions eaccelerator ec2 elance etch github google howto initramfs
initrd install interviews kernel knife ldirectord lenny lighttpd load_balancing log_rotation logrotate lvs meetups memcached mysql mysql-5.1 mysqldump nagios
news opschef outside php5 polls redhat releases reviews site squeeze ssh stats sudo sysadmin syslog tips trac up2date velocityconf whm
xen yum

Copyright © 2006-2013 - Marius Ducea - Powered by Octopress

7 of 7 05/08/2013 08:51 AM