IP Forwarding
Saturday, April 25, 2009
IP Forwarding is a feature of the LINUX kernel, which can be turned on or off,
if needed, without rebooting the computer. It is very much needed, especially
when a LINUX system is used as a Firewall/Router or a Proxy Server for
a network and is doing Network Address Translation (NAT) to masquerade
a private subnet behind a single public IP address. In this regard,
what Administrators do is –
Install two network cards (one will be assigned with the real or public IP
address and the second will be assign ed with the private IP address.)
To turn IP Forwarding on we can run the following command –
echo 1 > /proc/sys/net/ipv4/ip_forward
The above command will enable IP forwarding for the current session,
as the default setting is “disable”. To make it permanent, modify /etc/sysctl.conf as follows -
net.ipv4.ip_forward = 1
By default the value 0 is set, means the NATing is disabled. However, after modifying
/etc/sysctl.conf, reboot your machine to make it permanent. During the time of
booting the computer will check the /etc/sysctl.conf and read the IP forwarding related
parameters net.ipv4.ip_forward = x and load it to /proc/sys/net/ipv4/ip_forward file.
However, by executing - echo 1 > /proc/sys/net/ipv4/ip_forward you can enable IP
forwarding instantly.
if needed, without rebooting the computer. It is very much needed, especially
when a LINUX system is used as a Firewall/Router or a Proxy Server for
a network and is doing Network Address Translation (NAT) to masquerade
a private subnet behind a single public IP address. In this regard,
what Administrators do is –
Install two network cards (one will be assigned with the real or public IP
address and the second will be assign ed with the private IP address.)
To turn IP Forwarding on we can run the following command –
echo 1 > /proc/sys/net/ipv4/ip_forward
The above command will enable IP forwarding for the current session,
as the default setting is “disable”. To make it permanent, modify /etc/sysctl.conf as follows -
net.ipv4.ip_forward = 1
By default the value 0 is set, means the NATing is disabled. However, after modifying
/etc/sysctl.conf, reboot your machine to make it permanent. During the time of
booting the computer will check the /etc/sysctl.conf and read the IP forwarding related
parameters net.ipv4.ip_forward = x and load it to /proc/sys/net/ipv4/ip_forward file.
However, by executing - echo 1 > /proc/sys/net/ipv4/ip_forward you can enable IP
forwarding instantly.
Labels: firewall, IP Forwarding, kernel, Linux, NAT, Proxy server, Router
posted by Gautam at 1:10 AM, | 
Post a Comment