Sometimes, you may need to setup IP forwarding on your Linux server, especially if it is acting as a firewall, router or NAT device. In such cases, it will need to forward all packets that it receives to another system. On the other hand, you need to turn off IP forwarding if you are not using any of the above configurations, since you don’t need to waste your system resources sending packets to other systems unnecessarily. In this article, we will learn how to enable IP forwarding in Ubuntu. You can also use these steps for Debian, RHEL, CentOS, Fedora & SUSE Linux systems.
How to Enable IP Forwarding in Ubuntu
Here are the steps to enable IP forwarding in Ubuntu.
1. Check Current IP forwarding status
Most Linux systems have sysctl command that allows you to check IP forwarding status of your system. You can open terminal and use the following command to check the current status of IP forwarding on your system.
# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
If IP forwarding is turned on, you will see the output value of net.ipv4.ip_forward as 1, else it will be 0.
Alternatively, you can view the settings in file /proc/sys/net/ipv4/ip_forward.
# cat /proc/sys/net/ipv4/ip_forward 0
2. Enable/Disable IP Forwarding
You can enable or disable IP forwarding on your system by setting the value of net.ipv4.ip_forward variable as 1 or 0 respectively.
# sysctl -w net.ipv4.ip_forward=0 OR # sysctl -w net.ipv4.ip_forward=1
You can also change setting of file /proc/sys/net/ipv4/ip_forward as shown.
# echo 0 > /proc/sys/net/ipv4/ip_forward OR # echo 1 > /proc/sys/net/ipv4/ip_forward
However, please note, the above changes are not persistent and will be lost on system reboot. In order to persistently enable/disable IP forwarding, edit /etc/sysctl.conf.
# vi /etc/sysctl.conf
Add either of the following line at the bottom of the file, to disable (value=0) or enable(value=1) IP forwarding on your Linux system.
net.ipv4.ip_forward = 0 OR net.ipv4.ip_forward = 1
Save and close the file. Run the following command to applu changes.
# sysctl -p
3. Check status
You can check the status of IP forwarding on your system with the following command.
$ systemctl status sysctl
You can start the service with the following command.
$ sudo systemctl start sysctl
If your Linux system does not have systemd, you can start it with the following command.
# rc-service sysctl status
If you still find that your system is unable to forward packets, check the iptables to see if there is a firewall rules blocking inbound traffic.
# iptables -L -v -n ... Chain FORWARD (policy ACCEPT 667 packets, 16724 bytes) pkts bytes target prot opt in out source destination
Your forward policy should be accept or have rules allowing connections.
In this article, we have learnt how to turn on or off IP forwarding on your Linux system, by using kernel variables. We have also seen how to make those changes persistent.