This is an old revision of the document!
Table of Contents
Networking - IP Forwarding
IP forwarding is also known as routing.
If the Linux server is acting as a firewall, router, or NAT device, it will need to be capable of forwarding packets that are meant for other destinations (other than itself).
- IP forwarding should usually be turned off if one of the aforementioned configurations is not being used.
- This prevents wasting bandwidth or resources to forward packets elsewhere, if not needed.
Linux uses the net.ipv4.ip_forward kernel variable to toggle this setting on or off.
Check if IP forwarding is enabled or disabled, using sysctl
sysctl net.ipv4.ip_forward
returns:
net.ipv4.ip_forward = 0
NOTE: This shows the net.ipv4.ip_forward kernel setting is 0, which means it is off.
- If it were set to 1, that would mean it is enabled.
Alternatively, check if IP forwarding is enabled or disabled, using proc
cat /proc/sys/net/ipv4/ip_forward
returns:
0
Enable or disable IP forwarding
Using sysctl
sysctl -w net.ipv4.ip_forward=0 or sysctl -w net.ipv4.ip_forward=1
WARNING: This will not make the change persistent.
Alternatively, using proc
Change the setting inside /proc/sys/net/ipv4/ip_forward to turn the setting on or off.
echo 0 > /proc/sys/net/ipv4/ip_forward or echo 1 > /proc/sys/net/ipv4/ip_forward
WARNING: This will not make the change persistent.
Ensure persistency
To make sure the new setting survives a reboot, edit the /etc/sysctl.conf file.
Add one of the following lines to the bottom of the file, depending on whether to have IP forwarding on or off.
- /etc/sysctl.conf
net.ipv4.ip_forward = 0 or net.ipv4.ip_forward = 1
Then, save your changes to this file.
NOTE: The setting will be permanent across reboots.
Make the changes take effect right away
sysctl -p
TAGS
- TAG: Firewall
- TAG: Networking
- TAG: Router
- TAG: Routing
- TAG: Security