How to implement IP forwarding on Linux systems

Source: Internet
Author: User
Tags iptables firewall

Hello everyone, today we learn to use Iptables to implement IP forwarding (packet forwarding) from one network interface to another on Linux. The concept of IP forwarding is to make a Linux machine like a router to send data from one network to another. As a result, it can be used as a router or proxy server to share a connected Internet or network connection to multiple client machines.

This is a few simple steps to enable IP forwarding or network packet forwarding methods.

1. Enable IPV4 forwarding

First, we need to enable IPV4 forwarding on our Linux operating system. To do this, we need to use sudo mode to execute the following command under the shell or terminal.

The code is as follows:

$ sudo-s

# echo 1 >/proc/sys/net/ipv4/ip_forward

Note: The above command enables IP forwarding immediately, but only temporarily until the next reboot. To be enabled permanently, we need to open the/etc/sysctl.conf file using our usual text editor.

The code is as follows:

# nano/etc/sysctl.conf

Then, add Net.ipv4.ip_forward = 1 to the file, or delete the comment for that line, and save and exit the file.

The code is as follows:

Net.ipv4.ip_forward = 1

Run the following command to enable the change.

The code is as follows:

# sysctl-p/etc/sysctl.conf

2. Configure Iptables Firewall

We need to allow specific (or all) packets to pass through our routers. Before that, we need to know the interface name of the network device that connects us to Linux. We can get the interface name by running the following command at the terminal or shell.

The code is as follows:

# ifconfig-a

Here, in our machine, eth2 is the interface to the Internet or network, WLAN2 is the interface that we use iptables to forward packets from eth2. To implement forwarding, we need to run the following command.

The code is as follows:

# iptables-a forward-i wlan2-o eth2-j ACCEPT

Note: Please replace wlan2 and eth2 with the available device names in your Linux machine.

Now, since Netfilter/iptables is a stateless firewall, we need to let iptables allow established connections to pass. To do this, we want to run the following command.

# iptables-a Forward-i eth2-o wlan2-m State--state established,related-j ACCEPT

3. Configuring NAT

Then, finally, we need to modify the source address of the packet sent to the Internet as eth2 by executing the following command.

# iptables-t nat-a postrouting-o eth2-j Masquerade

Summarize

Finally, we have successfully configured a packet forwarding from one interface to another in our iptables as a firewall Linux machine. This article teaches you to connect your private interface to the Internet without having to bridge the interface, but to route packets from one interface to another. That's all, if you have any questions, suggestions, feedback, please write down in the comments box below, and then we can improve or update our content. Thank you very much! Enjoy it:-)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.