Method of IP forwarding on Linux system


Hello, everyone. Today, let’s learn how to use iptables to realize IP forwarding (packet forwarding) from one network interface to another on Linux. The concept of IP forwarding is to make Linux machines send data from one network to another like routers. Therefore, it can be used as a router or proxy server to share a connected Internet or network connection to multiple client machines.

These are some simple steps to enable IP forwarding or network packet forwarding methods.
1. Enable IPv4 forwarding

First, we need to enable IPv4 forwarding on our Linux operating system. To do this, we need to use sudo mode to execute the following commands under the shell or terminal.


Copy code

The code is as follows:

$ sudo -s
# echo 1 > /proc/sys/net/ipv4/ip_forward

2015724165356408.png (438×39)

Note: the above command can enable IP forwarding immediately, but it is only temporary until the next restart. To enable it permanently, we need to open the / etc / sysctl.conf file using our preferred text editor.


Copy code

The code is as follows:

# nano /etc/sysctl.conf

Then, add net.ipv4.ip_ Forward = 1 to the file, or delete the comment on that line, save and exit the file.


Copy code

The code is as follows:

net.ipv4.ip_forward = 1

    2015724165418216.png (684×490)

Run the following command to enable the change.


Copy code

The code is as follows:

# sysctl -p /etc/sysctl.conf

   2015724165456073.png (400×78)

2. Configure iptables firewall

We need to allow specific (or all) packets to pass through our router. Before that, we need to know the interface name of the network device connected to our Linux. We can get the interface name by running the following command on the terminal or shell.


Copy code

The code is as follows:

# ifconfig -a

2015724165518427.png (684×541)

Here, in our machine, eth2 is the network card interface connected to the Internet or network, and WLAN 2 is the interface where we want to forward packets from eth2 using iptables. To implement forwarding, we need to run the following command.


Copy code

The code is as follows:

# iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT

Note: replace wlan2 and eth2 with the device names available on your Linux machine.

Now, since Netfilter / iptables is a stateless firewall, we need iptables to allow established connections to pass through. To do this, we need to run the following command.

    # iptables -A FORWARD -i eth2 -o wlan2 -m state –state ESTABLISHED,RELATED  -j ACCEPT
    2015724165630146.png (644×71)

3. Configure nat

Then, finally, we need to modify the source address of the packet sent to the Internet to eth2 by executing the following command.

    # iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
  2015724165656811.png (517×35)


Finally, we successfully configured packet forwarding from one interface to another on our Linux machine with iptables as firewall. This article teaches you to connect your private interface to the Internet without bridging the interface, but to route packets from one interface to another. That’s all. If you have any questions, suggestions and feedback, please write in the comment box below, and then we can improve or update our content. Thank you. Enjoy: -)