Linux Commands

IP Forwarding With net.ipv4.ip_forward

“IP forwarding in Linux refers to setting your Linux to accept incoming network packets and forwarding them to another network. Any modern Linux system does not allow IP forwarding as it wastes bandwidth as a regular user doesn’t need IP forwarding. However, if you need to set your Linux system to act as a gateway or router, you must enable IP forwarding and, in this case, IPv4 IP forwarding. If this sounds new to you, worry less, as this article covers all you need to know about IPv4 IP forwarding.”

Checking IP Forwarding Status

By default, your Linux system has IP forwarding disabled. You can confirm its status by checking the sysctl kernel or /proc. The values get displayed in binary, with 0 implying false and 1 implying true.

To check the status using the /proc value, use the command below.

$ cat /proc/sys/net/ipv4/ip_forward

Alternatively, you can query the sysctl kernel using the command below.

$ sysctl net.ipv4.ip_forward

From both outputs, we note the status is 0, meaning net.ipv4.ip_forward is not enabled.

How to Temporary Enable IP Forwarding

Various scenarios may require you to enable IP forwarding. For instance, if you wish to use your Linux server as a NAT device or a router, you must configure your Linux to receive network packets from one interface while forwarding them to another. Configuring the IP forwarding as a permanent solution is not preferred. Instead, you should temporarily enable it, which resets on the next reboot.

To enable IP forwarding, also known as routing, use the echo command to change the default values from 0 to 1 or use the sysctl command.

To use the echo command to enable IP forwarding, run the command below.

$ echo 1 > /proc/sys/net/ipv4/ip_forward

Similarly, run the command below to enable IP forwarding using sysctl.

$ sysctl -w net.ipv4.ip_forward=1

Once you set the new binary value for the IP forward, you can check its status using the earlier commands. It should output 1 to imply IP forwarding is enabled.

You should know that the settings configured above won’t persist after the next reboot. Alternatively, if you wish to regain the initial state of the disabled IP forwarding before the reboot, all you need is to change the values to 0 instead of 1.

Therefore, any of the commands below will disable the IP forwarding.

$ echo 0 > /proc/sys/net/ipv4/ip_forward

$ sysctl -w net.ipv4.ip_forward=0

We see that the status is disabled and set to 0.

How to Permanently Enable IP Forwarding

Permanently enabling IP forwarding is not recommended, but if you must, you can edit the sysctl.conf file, and the changes will survive a reboot until you again change the settings in the configuration file to disable it.

The changes are similar to those of a temporary configuration. You need to add the state 1 to enable and 0 to disable.

Using an editor of choice, open the /etc/sysctl.conf file. In our case, we are using nano editor, and you should have root privileges to modify the file.

$ sudo nano /etc/sysctl.conf

Once opened, you can enable IP forwarding by adding the below line of code. You can also locate the line below in the file and uncomment it by deleting the #.

net.ipv4.ip_forward = 1

If the IP forwarding was enabled and you wish to disable it permanently, replace the above line of code with the one below.

net.ipv4.ip_forward = 0

Once you’ve edited the file, run the command below for the changes to take effect.

$ sysctl -p /etc/sysctl.conf

That’s it! You’ve successfully enabled IP forwarding permanently.

Wrap Up

This guide shows how to enable and disable IP forwarding either temporarily or permanently. Using the commands presented, you should easily configure your Linux distro depending on your tasks. Hopefully, you now understand net.ipv4.ip_forwarding.

About the author

Denis Kariuki

Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.