Enabling IP-Forwarding for IPv4 in Debian GNU/Linux

Chưa phân loại
Setting up a computer network can be tricky sometimes. Enabling IPv4 Forwarding on a Linux machine is a rather simple task, luckily.

The term IP Forwarding describes sending a network package from one network interface to another one on the same device. It should be enabled when you want your system to act as a router that transfers IP packets from one network to another.

On a Linux system the Linux kernel has a variable named `ip_forward` that keeps this value. It is accessible using the file `/proc/sys/net/ipv4/ip_forward`. The default value is 0 which means no IP Forwarding, because a regular user who runs a single computer without further components is not in need of that, usually. In contrast, for routers, gateways and VPN servers it is quite an essential feature.

Next, we will explain to you how to enable IP Forwarding temporarily, and permanently.

IP Forwarding As A Temporary Solution

In order to enable this kernel parameter on the fly you have two options. Option 1 simply stores the value of 1 in the variable from above as follows:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Option 2 uses the `sysctl` command that allows you to adjust different kernel parameters at runtime, too [2]. As an administrative user run the following command:

# sysctl -w net.ipv4.ip_forward=1

Keep in mind that this setting is changed instantly. Also, the result will not be preserved after rebooting the system.

You can query the stored value as follows:

# cat /proc/sys/net/ipv4/ip_forward

This command returns a value of 0 for no IP Forwarding, and a value of 1 for IP Forwarding enabled. As an alternative, using `sysctl` also shows you the current status:

# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

Enabling IP Forwarding Permanently

In order to achieve this some other steps have to be done. First, edit the file `/etc/sysctl.conf`. Search for a line containing the entry “#net.ipv4.ip_forward=1”, and remove the # at the beginning of the line.

Then, save the file, and run the `sysctl` command in order to enable the adjusted settings:

# sysctl -p /etc/sysctl.conf

The option `-p` is short for `–load`, and requires a name for the configuration file to be followed.

Next, restart the proc file system that provides information about the status of the Linux kernel using the following command:

# /etc/init.d/procps restart

In about 2015 the file name was shortened from `procps.sh` to `procps`. So, on elderly Debian systems the script that you have to invoke is named `procps.sh`, instead.

Dealing With Systemd

The next hurdle came with the release of Systemd version 221. IP Forwarding is disabled by default, and enabling requires an additional file to be there. If it is not there yet, just add it. The file name consists of the name of the network interface followed by the suffix `.network`, for example `eth0.network` for the network interface `/dev/eth0`. As stated in the documentation [4], other extensions are ignored.

The following code snippet shows the setup for the network interface `/dev/tun0`. It contains of two sections — `Match` and `Network`. In the Match section define the name of the network interface, and in the network section enable IP Forwarding.

# cat /etc/systemd/network/tun0.network


Activating IP Forwarding for IPv4 is not a mystery. Just a few steps, and your are there. Happy hacking!

Links and references

* [1] Setting up Systemd-Networkd, Debian Wiki
* [2] Juergen Haas: Learn the Linux sysctl command
* [3] Systemd News for version 221
* [4] Documentation for Systemd

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Install TeamViewer on Arch Linuxm

Team Viewer is an awesome application for remotely accessing a computer or letting someone remotely access your computer....

OProfile Tutorial

OProfile is a performance profiler for Linux. In this article, we’ll explore what it does, how to install and configure...

Nextcloud [Part 1] – Cài đặt Nextcloud trên CentOS 7

Mục lục Chuẩn bị môi trường Cài đặt dịch vụ Web Cài đặt MariaDB Cài đặt PHP 7.2 Cài...
Bài Viết

Bài Viết Mới Cập Nhật

mua Proxy riêng ở đâu, và nó đem lại lợi ích gì cho người sử dụng

Hướng dẫn sử dụng Proxy Helper Fakeip khi thuê proxy


Mua Proxy Nuôi Zalo Giá Rẻ Tại Onet.com.vn