How to use IP Forwarding in Linux to connect an internal network to the Internet

How to use IP Forwarding in Linux to connect an internal network to the Internet

Hello everyone, today we will learn how to use iptables in Linux to implement IP Forwarding (packet forwarding) from one network interface to another interface ). IP forwarding allows Linux machines to send data from one network to another like a router. Therefore, it can be used as a router or proxy server to share a connected Internet or network connection with multiple client machines.

This is a simple step to enable IP forwarding or network packet forwarding.

 

1. Enable IPv4 forwarding

First, we need to enable IPv4 forwarding on our Linux operating system. To do this, we need to use sudo mode to execute the following commands in shell or terminal.

1. $ sudo -s
2. # echo 1 > /proc/sys/net/ipv4/ip_forward

Note: The above command can enable ip Forwarding immediately, but it is only temporary until the next restart. To enable it permanently, use our usual text editor to open the/etc/sysctl. conf file.

1. # nano /etc/sysctl.conf

Then, add net. ipv4.ip _ forward = 1 to the file, or delete the comments on that line, save and exit the file.

1. net.ipv4.ip_forward =1

Run the following command to enable the change.

1. # sysctl -p /etc/sysctl.conf

 

2. Configure Iptables Firewall

We need to allow specific (or all) packets to pass through our vro. Before that, we need to know the Interface Name of the network device connecting to Linux. You can run the following command on the terminal or shell to obtain the interface name.

1. # ifconfig -a

Here, in our machine, eth2 is the NIC interface connected to the Internet or the network, and wlan2 is the interface for us to use iptables to forward data packets from eth2. To implement forwarding, run the following command.

1. # iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT

Note: replace wlan2 and eth2 with the names of available devices on your Linux machine.

Now, because netfilter/iptables is a Stateless firewall, we need to allow established connections to pass. To do this, run the following command.

1. # iptables -A FORWARD -i eth2 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT

 

3. Configure NAT

Then, run the following command to modify the source address of the data packet sent to the Internet to eth2.

1. # iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

 

Summary

Finally, we successfully configured packet forwarding from one interface to another on the firewall Linux machine using iptables. This article teaches you to connect your private interface to the Internet. Instead of bridging interfaces, You can route data packets from one interface to another. If you have any questions, suggestions, or feedback, please write them to the comment box below, and then we can improve or update our content. Thank you very much! Enjoy it :-)

Via: http://linoxide.com/firewall/ip-forwarding-connecting-private-interface-internet/

Author: Arun Pyasi Translator: ictlyh Proofreader: wxy

This article was originally translated by LCTT and launched with the Linux honor in China

This article permanently updates the link address: