Loading ...How to enable IP Forwarding in Linux
By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most peoples will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.
Check if IP Forwarding is enabled
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0or just checking out the value in the /proc system:
cat /proc/sys/net/ipv4/ip_forward
0As we can see in both the above examples this was disabled (as show by the value 0).
Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):
sysctl -w net.ipv4.ip_forward=1or
echo 1 > /proc/sys/net/ipv4/ip_forwardthe setting is changed instantly; the result will not be preserved after rebooting the system.
Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
/etc/sysctl.conf:
net.ipv4.ip_forward = 1if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:
sysctl -p /etc/sysctl.confOn RedHat based systems this is also enabled when restarting the network service:
service network restartand on Debian/Ubuntu systems this can be also done restarting the procps service:
/etc/init.d/procps.sh restartUsing distribution specific init scripts
Although the methods presented above should work just fine and you would not need any other method of doing this, I just wanted to note that there are also other methods to enable IP Forwarding specific to some Linux distributions.
For example Debian based distributions might use the setting:
/etc/network/options:
ip_forward=noset it to yes and restart the network service.
Also RedHat distributions might set this using:
/etc/sysconfig/network:
FORWARD_IPV4=trueand again restart the network service.
Regardless the method you have used once you have completed this you can check it out using the same method shown above:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1cat /proc/sys/net/ipv4/ip_forward
1If the result is 1 then the Linux system will start forwarding IP packets even if they are not destined to any of its own network interfaces.
ps. I was setting up a VPN dial-in server when I wrote this post 
.
19th October 2006, 11:13
/etc/network/options is deprecated in Debian!
For more information: /usr/share/doc/netbase/README.Debian
27th February 2007, 12:37
[...] A great guide : http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
1st August 2007, 08:01
Okay, these steps were pretty easy to follow, but whenever I try to connect, my ubuntu box pops up a serial chat window., showing mostly gibberish. After about fifteen seconds my Palm TX says the connection timed out. What do I need to do to make ubuntu give my Palm an ip address and dns?
25th September 2007, 12:38
At least for me, the addition of the line
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
into /etc/rc.local is necessary to make forwarding work.
7th November 2007, 07:39
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
28th November 2007, 19:11
[...] How-to article on IP forwarding in different Linux distros [...]
27th December 2007, 05:43
this method did not work for me in fedora core 8
27th December 2007, 13:21
Josh: what is the output of this command?
cat /proc/sys/net/ipv4/ip_forward1st February 2008, 09:24
Wonderful article! It helped me a lot.
7th April 2008, 04:28
DEAR
I HAVE UBUNTU SERVER WITH LTSP AND ONE OTHER FAT UBUNTU MACHINE BUT PROBLEM IS THAT I WANT TO CONNECT THAT ON MY HUB BUT EVERY DAY I WILL HAVE TO RUN “echo 1 >> /proc/sys/net/ipv4/ip_forward” can it be automaticly please help me
7th April 2008, 13:56
baba: add to your /etc/sysctl.conf:
net.ipv4.ip_forward = 110th April 2008, 05:37
Thanks i got you point
ARK
10th April 2008, 05:38
#- Marius -
#7th April 2008, 13:56
#
#baba: add to your /etc/sysctl.conf:
#net.ipv4.ip_forward = 1
Done Dear
4th June 2008, 19:44
#eth0 – internet
#eth1 – network
echo -e “192.168.10.99 00:15:F2:16:6C:C2 dev eth1″ > /srv/mac.list
arp -f /srv/mac.list
iptables -t nat -A POSTROUTING -o eth0-j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
#this script enable internet for ip 192.168.10.99 with MAC 00:15:F2:16:6C:C2
26th June 2008, 10:45
Mas stels88, gimana klo aku punya gini..
inet —- eth0 proxy (squid) eth1 —— user, supaya user bisa pake outlook express buat akses email di luar…di iptables mesti setting gimana …
22nd July 2008, 04:52
and i thought it’ll take me lots of command and howto reading to achieve this..
Thanks a lot, you save my day
27th July 2008, 18:00
[...] The last thing you need to do is enable the host computer to do ip forwarding so that the client computer can get to the internet and download the packages it needs. To do so is fairly simple: [...]
17th September 2008, 13:58
That was very helpful.Does the same logic work for ipv6 forwarding also.As my sysconf file has a statement for ipv6 that is commented out.
net.ipv6.ip_forward = 1
But wen i enable it and run sysctl -p /etc/sysctl.conf
i get an error!!!!
Thanks in advance!
31st October 2008, 22:30
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
22nd November 2008, 12:22
Great tutorial.
However i was wondering how to forward all unused ip addresses in a single linux machine. Could anyone help me out here or post a link that gives info on how to do so.
26th November 2008, 03:29
[...] http://www.thebakershome.net/openvpn_tutorial http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ Tags: TAP VPN, Ubuntu [...]
28th November 2008, 12:20
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
17th January 2009, 17:46
[...] > das unter Debian? Was sagt denn `cat /proc/sys/net/ipv4/ip_forward`? Falls 0, guck mal unter http://www.ducea.com/2006/08/01/how-…ding-in-linux/ —–BEGIN PGP SIGNATURE—– Version: GnuPG v1.4.9 (GNU/Linux) [...]
9th February 2009, 12:06
How to enable IP Forwarding in Linux…
How to enable IP Forwarding in Linux | MDLog:/sysadminHow to enable IP Forwarding in Linux…
11th March 2009, 22:58
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
26th March 2009, 17:27
Above mentioned commands concerning the iptables are necessary only if the netfilter/iptables are active
and if you wish to use the NAT (network address translation) – MASQUERADE etc.
A Linux based computer is very good router even if the address translation is not used. It can use dynamic routing with the OSPF protocol. It can be configured with VLAN trunk interface as “router on the stick” having one Ethernet port only etc.
27th March 2009, 06:28
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
8th May 2009, 10:52
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
4th June 2009, 05:27
Dear all
How can i Configure RedHat 9 Gate Way.Pls Help me.Step By Step.
Best Regards
Fahim
29th June 2009, 20:43
[...] denn nun f?r VPN respektive IPSec arbeiten soll, muss dort zwingend IP-forwarding aktiviert sein. How to enable IP Forwarding in Linux | MDLog:/sysadmin [...]
5th August 2009, 18:53
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
23rd August 2009, 17:51
Great info! Concise and up to the point!
Thank you for your contribution.
20th November 2009, 13:21
[...] digress. Good article here on how to dis/enable IP Forwarding, but more importantly for my memory it also has the sysctl [...]
26th November 2009, 01:05
[...] to your old server will be automatically redirected to the new server. This guide will help: How to enable IP Forwarding in Linux | MDLog:/sysadmin __________________ cPanelAutoBackup.Com – Automated Daily cPanel [...]
15th December 2009, 04:45
[...] ?????/etc/sysctl.conf (via)????????????????iptables(via)? [...]
19th December 2009, 18:44
[...] – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic esTcpipParametersIPEnableRouter:1 linux – http://www.ducea.com/2006/08/01/how-…ding-in-linux/ set your client IP/subnet/dns to be compatible with your host network… set your gateway as your [...]
24th January 2010, 00:35
[...] grep forw rc.d/init.d/network echo 1 2>/dev/null >/proc/sys/net/bridge/forwarding Also, from here, it looks like you can use sysctl to do this as well. To check IP forwarding: [...]
30th January 2010, 01:54
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
18th September 2010, 01:39
[...] machine http://support.microsoft.com/kb/315236 (shows how to enable IP forwarding on Windows) http://www.ducea.com/2006/08/01/how-…ding-in-linux/ (shows how to enable it on Linux) or enable it on linux Then you can use this setup Windows IP: [...]
21st September 2010, 05:31
[...] No matter what distribution you’re using, you need reboot after changed settings. (According THIS, you have several ways to enable ipv4 forwarding, without [...]
21st September 2010, 09:28
[...] echo 1 > /proc/sys/net/ipv4/ip_forward [...]
21st April 2011, 08:28
[...] l’ip forwarding : Windows (pensez à redémarrer après le changement dans le registre) | GNU/Linux. Vous n’avez pas besoin d’activer le [...]
14th May 2011, 06:08
If u already have a router the only thing u need it;s a static route on ur router and ip4_forward on ur linux system…
the use of iptables if u already have a router it;s stupid… DOUBLE NAT is fuckin idiotic
26th May 2011, 22:16
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ Uncategorized ← Install Nagios in ubuntu ?i?u may m?n → /* [...]
28th June 2011, 06:00
[...] I must do the cat command again to activate it or doing something different like this website suggested. Thanks for the [...]
2nd August 2011, 19:14
[...] apabila ingin menggunakan password yang dibuat secara random. Lalu klik tombol “OK“. Untuk mengaktifkan IP Forward, kita dapat mengklik panel Applications->Accecories->Terminal Setelah muncul terminalnya, [...]
22nd August 2011, 10:53
enable ip forwarding :-
#vim /etc/sysctl.conf
net.ipv4.ip_forward=1
#change 0 to 1
:wq
#sysctl -p (save ip forwarding in kernel)
28th August 2011, 21:02
[...] http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ [...]
6th January 2012, 05:09
[...] Forwarding instructions above kindly copied from: http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/ This entry was posted in tutorial and tagged debian network by admin. Bookmark the [...]
1st February 2012, 17:06
I turned IP forwarding on my linux server, router, and my wimax motorola modem but when i go to my public IP adress in a browser it takes me to the modem’s log in screen? Do have any ideas on how to get around this?
20th February 2012, 00:26
[...] sysctl -p /etc/sysctl.conf ?ród?o: How to enable IP Forwarding in Linux [...]
21st February 2012, 10:12
Hi,
I have a server with different applications installed. The server have to interfaces eth0 (192.168.1.2) and eth1 (192.168.1.3).
Actually, i’m monitoring the interfaces and I see that all the requests going to eth1 are ignored and they pass through eth0.
it means, if for exemple i open a web page with http://192.168.1.3 the bandwitdh will be through 192.168.1.2.
I enabled the ip forwarding but nothing happened, any ideas please?
29th February 2012, 10:38
Hamdi, it’s in your routing parameters.
use the route command and look the “Use Iface” mention.
If both interfaces eth0 and eth1 are able to goin out independently, change routes manualy buy setting “Use Iface” eth1 for the default route will solve your problems.
29th February 2012, 12:44
Hi klm thanks for your answer,
actually i can’t find the options you mentioned. I’m working on a Debian 6.0 Squezy.
for my routing table in the server, I can find a duplicated routes to 0.0.0.0 from the two interfaces.
But, what I need is to separate depending on the service the outgoing/ingoing trafic.
For exemple, http for eth1, and ssh for eth0.
10th March 2012, 16:29
One question to the experts here: I want to share the WAN connection on my PC1 with a second PC, PC2. And I do not want any double masquerade or NAT.
So what I did, is connecting the 2 PCs with an Ethernet cable and set static addresses. I can ping forth and back. Done.
I have as well set IP_forward on PC1, the one connected to WAN. PC1 connects totally correct to the Internet. Done.
What I don’t manage yet is the connection to the Internet from the second PC. I can only ping the first PC, the one connected to the Internet.
The default gateway of that second PC is the first PC, with eth0 as Iface.
The default gateway of the first PC is the WAN address on the WAN Iface.
What am I missing?
15th March 2012, 12:45
[...] Use YaST->system->/etc/sysconfig editor search for ip_forward. Alternatively use this : How to enable IP Forwarding in Linux | MDLog:/sysadmin Best regards, Greg Box: Windows 7 / Windows XP | Intel Dual-Core E5200 | ATI Radeon HD4850 | [...]
23rd April 2012, 23:20
[...] may have a check box for forwarding in the network setup gui dialog. If not, look at the blog post: http://www.ducea.com/2006/08/01/how-…ding-in-linux/ Also look at the route command or ip command for setting routes. You should indicate which Linux [...]