networking:ip_forwarding
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| networking:ip_forwarding [2025/05/21 08:57] – created peter | networking:ip_forwarding [2025/05/21 09:10] (current) – peter | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| </ | </ | ||
| - | < | + | <WRAP info> |
| **NOTE: | **NOTE: | ||
| Line 58: | Line 58: | ||
| sysctl -w net.ipv4.ip_forward=1 | sysctl -w net.ipv4.ip_forward=1 | ||
| </ | </ | ||
| + | |||
| + | <WRAP important> | ||
| + | **WARNING: | ||
| + | </ | ||
| ---- | ---- | ||
| - | Alternatively, | + | ==== Alternatively, |
| + | |||
| + | Change | ||
| <code bash> | <code bash> | ||
| Line 70: | Line 76: | ||
| echo 1 > / | echo 1 > / | ||
| </ | </ | ||
| + | |||
| + | <WRAP important> | ||
| + | **WARNING: | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ==== Ensure persistency ==== | ||
| + | |||
| + | To make sure the new setting survives a reboot, edit the **/ | ||
| + | |||
| + | Add one of the following lines to the bottom of the file, depending on whether to have IP forwarding on or off. | ||
| + | |||
| + | <file bash / | ||
| + | net.ipv4.ip_forward = 0 | ||
| + | |||
| + | or | ||
| + | |||
| + | net.ipv4.ip_forward = 1 | ||
| + | </ | ||
| + | |||
| + | Then, save your changes to this file. | ||
| + | |||
| + | <WRAP info> | ||
| + | **NOTE:** The setting will be permanent across reboots. | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ==== Make the changes take effect right away ==== | ||
| + | |||
| + | <code bash> | ||
| + | sysctl -p | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Troubleshooting ===== | ||
| + | |||
| + | Check the status of sysctl with this command: | ||
| + | |||
| + | <code bash> | ||
| + | systemctl status sysctl | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | The service should say that it is active. If not, start the service with this command: | ||
| + | |||
| + | <code bash> | ||
| + | sudo systemctl start sysctl | ||
| + | </ | ||
| + | |||
| + | |||
| + | On non-systemd Linux installs, checking the status of sysctl will be different. Try: | ||
| + | |||
| + | <code bash> | ||
| + | rc-service sysctl status | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | If IP forwarding is successfully enabled (verified by checking the kernel variable after reboot), but traffic is still not being received on destination systems, check the FORWARD rules of iptables. | ||
| + | |||
| + | <code bash> | ||
| + | iptables -L -v -n | ||
| + | </ | ||
| + | |||
| + | returns: | ||
| + | |||
| + | < | ||
| + | ... | ||
| + | Chain FORWARD (policy ACCEPT 667 packets, 16724 bytes) | ||
| + | pkts bytes target | ||
| + | </ | ||
| + | |||
| + | <WRAP info> | ||
| + | **NOTE: | ||
| + | |||
| + | * Check if traffic is reaching the FORWARD chain of iptables by checking the amount of packets and bytes that have hit the chain. | ||
| + | * If none, then there may be some higher rules in the chain that are blocking traffic. | ||
| + | |||
| + | </ | ||
| + | |||
| ---- | ---- | ||
| Line 80: | Line 171: | ||
| * TAG: Routing | * TAG: Routing | ||
| * TAG: Security | * TAG: Security | ||
| + | * TAG: Server | ||
| + | |||
| + | ---- | ||
| + | |||
networking/ip_forwarding.1747817826.txt.gz · Last modified: 2025/05/21 08:57 by peter