Hello everyone, today we learn to use Iptables to implement IP forwarding (packet forwarding) from one network interface to another on Linux. The concept of IP forwarding is to make a Linux machine like a router to send data from one network to another. As a result, it can be used as a router or proxy server to share a connected Internet or network connection to multiple client machines.
This is a few simple steps to enable IP forwarding or network packet forwarding methods.
1. Enable IPV4 forwarding
First, we need to enable IPV4 forwarding on our Linux operating system. To do this, we need to use sudo mode to execute the following command under the shell or terminal.
The code is as follows:
$ sudo-s
# echo 1 >/proc/sys/net/ipv4/ip_forward
Note: The above command enables IP forwarding immediately, but only temporarily until the next reboot. To be enabled permanently, we need to open the/etc/sysctl.conf file using our usual text editor.
The code is as follows:
# nano/etc/sysctl.conf
Then, add Net.ipv4.ip_forward = 1 to the file, or delete the comment for that line, and save and exit the file.
The code is as follows:
Net.ipv4.ip_forward = 1
Run the following command to enable the change.
The code is as follows:
# sysctl-p/etc/sysctl.conf
2. Configure Iptables Firewall
We need to allow specific (or all) packets to pass through our routers. Before that, we need to know the interface name of the network device that connects us to Linux. We can get the interface name by running the following command at the terminal or shell.
The code is as follows:
# ifconfig-a
Here, in our machine, eth2 is the interface to the Internet or network, WLAN2 is the interface that we use iptables to forward packets from eth2. To implement forwarding, we need to run the following command.
The code is as follows:
# iptables-a forward-i wlan2-o eth2-j ACCEPT
Note: Please replace wlan2 and eth2 with the available device names in your Linux machine.
Now, since Netfilter/iptables is a stateless firewall, we need to let iptables allow established connections to pass. To do this, we want to run the following command.
# iptables-a Forward-i eth2-o wlan2-m State--state established,related-j ACCEPT
3. Configuring NAT
Then, finally, we need to modify the source address of the packet sent to the Internet as eth2 by executing the following command.
# iptables-t nat-a postrouting-o eth2-j Masquerade
Summarize
Finally, we have successfully configured a packet forwarding from one interface to another in our iptables as a firewall Linux machine. This article teaches you to connect your private interface to the Internet without having to bridge the interface, but to route packets from one interface to another. That's all, if you have any questions, suggestions, feedback, please write down in the comments box below, and then we can improve or update our content. Thank you very much! Enjoy it:-)