How to implement ip forwarding in Linux

	IP forwarding is a concept to make Linux machine to send data from one network to other, this is same as a router(A router is a device to send packets from one point to other point depending on the packet destination/rules etc). 

	

Why we need IP forwarding on a Linux machine?

Ans : We need IP forwarding on a Linux machine because to make it as a router or proxy server to share one internet connection to many client machines.

Let me explain how this will work with small example.

You have 2 machines which are in different network(PC1 in 10.0.0.0/255.0.0.0 network and PC2 in 192.168.0.0/255.255.255.0 network) and connected with a Linux machine(which is having two network interfaces). The IP address is as follows..

PC1: 192.168.0.1/255.255.255.0 default gateway:192.168.0.2

PC2: 10.0.0.1/255.0.0.0 default gateway:10.0.0.2

Linuxbox eth0 : 192.168.0.2/255.255.255.0

eth1 : 10.0.0.2/255.0.0.0

and Linuxbox is having two LAN cards which are connected to both the machines as shown below

	

So do you think PC1 is capable of communicating with PC2?
Ans :
The answer to this question is No.

How to make PC1 to communicate with PC2?
Ans :
The answer is enable ip forwarding on Linux machine. Some times this is known as bridging two networks.

To make IP forwarding we have to edit /etc/sysctl.conf as shown below. Open sysctl.conf and change the value of “net.ipv4.ip_forward” from 0 to 1 and save the file

#vi /etc/sysctl.conf

net.ipv4.ip_forward = 0

to

net.ipv4.ip_forward = 1

	

Once its done still you are not able to ping from PC1 to PC2. We have to restart the linuxbox to take this update to kernel. 

Why to restart if it's a production machine try below command to make your linuxbox aware of IP forwarding without a restart.

echo 1 > /proc/sys/net/ipv4/ip_forward

Now try to ping from PC1 to PC2 which will ping successfully.

Please visit http://www.linuxnix.com for more Linux admin stuff

The following two tabs change content below.
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.
  • Nice post

  • If the command is "echo 1 > /proc/sys/net/ipv4/ip-forward"

    Then 1 is indicating to ……..?

  • Farooque Syed

    echo 1 > /proc/sys/net/ipv4/ip_forward

    The file is ip_forward not ip-forward

    • hi Syed,

                   Thanks for heads up. Updated the post.

      Surendra.

  • sudhakar

    do we need to put two default gateways or any one default gateway is enough in linuxbox

    • One default gateway is enough. And having two default gateways is not advaisable though..!

  • Aryan Joshi

    I tried to implement similar setup in my small scale company but it didn’t go through.
    Here is the details:

    I have 2 machines which are in different network(PC1 in 10.15.103.114/255.255.255.192 and PC2 in 192.168.100.11/255.255.255.0 ) and connected with a Linux machine(which is having two network interfaces) one is dhcp client(10.15.103.117) and one is Static (192.168.100.1) s follows..

    PC1: 10.15.103.114/255.255.255.192 default gateway: 10.15.103.65

    PC2: 192.168.100.11/255.255.255.0 default gateway:192.168.100.1

    Linuxbox eth0 : 10.15.103.117/255.255.255.192 (GW: 10.15.103.65)

    eth1 : 192.168.100.1/255.255.255.0 (No Gateway)

    I have enable the ip forwording on my linux machine through #vi /etc/sysctl.conf

    net.ipv4.ip_forward = 1

    I am able to ping to Linux box (eth0 and eth1) from PC2 n/w, but I am anable to ping to Linuxbox eth1 from PC1 or unable to ping PC1->PC2 or PC2->PC1.

    Do you have any suggestion for this?

    • Aryan Joshi

      Just to update on above query :
      I have add following entries in iptables and with this change I am able to ping PC2 to PC1, but still Linuxbox eth1 from PC1 or PC1->PC2 is not working.

      iptables -A FORWARD –in-interface eth1 –out-interface eth0 –source 192.168.100.0/255.255.255.0 -m state –state NEW -j ACCEPT
      iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
      iptables -A POSTROUTING -t nat -j MASQUERADE

      • Hi Joshi,

        Can you try traceroute and tcpdump(try to ping pc2 from pc1 when you try tcpdump) to check more details.

        • Aryan Joshi

          I ran following command on PC1:

          -bash-4.1# traceroute 192.168.100.1
          traceroute to 192.168.100.1 (192.168.100.1), 30 hops max, 60 byte packets
          1 10.15.103.65 (10.15.103.65) 0.513 ms 0.829 ms 1.174 ms
          2 10.142.80.3 (10.142.80.3) 5.892 ms 5.944 ms 5.995 ms
          3 * * *
          4 * * *
          5 * * *
          6 * * *

          and tried to ping Linuxbox eth1 from PC1 and ran tcpdump on Linuxbox for eth1, shows the following results.

          tcpdump -i eth1
          tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
          listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
          11:52:56.856740 ARP, Request who-has 192.168.100.50 tell 192.168.100.1, length 28
          11:52:57.856786 ARP, Request who-has 192.168.100.50 tell 192.168.100.1, length 28
          11:52:58.856786 ARP, Request who-has 192.168.100.50 tell 192.168.100.1, length 28
          11:52:59.926733 ARP, Request who-has 192.168.100.50 tell 192.168.100.1, length 28
          11:53:00.926780 ARP, Request who-has 192.168.100.50 tell 192.168.100.1, length 28

  • XBOOT

    I don't really understand about ip forwarding in linux, but thanks for the implementation ip forwarding article 

banner