How to Enable/Disable IP Forwarding in Linux

How to Enable/Disable IP Forwarding in Linux

 

RSY Digital World Logo

In this information sharing we are going to share about what is IP Forwarding in linux and how to enable IP forwarding in linux and how to disable IP forwarding in linux or simply you can say how to enable/disable ip forwarding in linux.

What is IP Forwarding in Linux ?

IP forwarding is nothing but it is just another word for routing.This is a feature of RHEL distribution and for most of the recent linux distros .It is also known as Kernel IP Forwarding in linux or rhel7.

As mentioned it is included security feature in all linux distributions and by default IP Forwarding disabled.IP forwarding determines what will be the path adopted by a packet which is been sent.

IP forwarding process use routing information  from system to decide to send packets to many networks.

Now a days many modern cracking tools available which can spoof internal IP addresses and can attack machine acting like a local node on internal LAN.

This is the reason it is by default made disabled to keep system to avoid exploitation and attack.There are many softwares for managing organization security to keep organization safe and secure like Tideway Compliance Management from BMC or Bigfix from IBM which pulls the details from server and match the system configuration and alerts if it found  any inconsistency in configurations.

So let us first see how to check IP Forwarding is enabled or disabled in linux before deciding what state you want it to be.

How to check IP forwarding is enabled or disabled in linux ?

Please refer to below output .You can use either of it see the output returned value is showing 1 which means it is not in disabled state. It means system is not security compliant and you need to make it disabled.

[[email protected] ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

How to Disable IP Forwarding in linux ?

As mentioned earlier IPv4 policy in RHEL kernel keeps IP Forwarding disabled to prevent server or system works like edge router.

To disable IP Forwarding you can change value 1 from 0 in kernel using below method.Just to remember you need to have admin or super user privilege for changing kernel parameters.

[[email protected] ~]#sysctl -w net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0
You can validate running below command
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
0

Please make sure return value you can see is Zero.Hold on this will be effective for current session only.So what you need to do to make persistent across reboots.Add these parameter value in kernel file like below.

[[email protected] ~]#cp -p /etc/sysctl.conf /etc/sysctl.conf.$date
[[email protected] ~]#vi /etc/sysctl.conf
and change this to Zero and save the file.
net.ipv4.ip_forward = 0
Also pass this parameter value to have immediate effect and add value to sysctl will 
make sure it is consistent across reboot.
[[email protected] ~]#sysctl -p /etc/sysctl.conf

Finally validate using above mentioned commands.That’s it about how to disable IP forwarding in linux.

How to Enable IP Forwarding in linux ?

How to enable IP Forwarding in linux would be almost same if you revert whatever is mentioned above about how to disable IP forwarding in linux. Steps will be similar like below

1.Use step mentioned how to check IP forwarding is enabled or disabled in linux.You can use either of them or both.Below example shows return value 1 which means it is enabled.

[[email protected] ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

2. Save the kernel file before making change you will have golden copy if you need to revert for any reason.

[[email protected] ~]#cp -p /etc/sysctl.conf /etc/sysctl.conf.$date

3. Use process mentioned in process how to disable IP forwarding in linux but just change value from zero to 1.

[[email protected] ~]#sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

You can validate running below command

[[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward
1

Please make sure return value you can see is 1.Hold on this will be effective for current session only.So what you need to make it persistent across reboots.Add these parameter value in kernel file like below.

[[email protected] ~]#vi /etc/sysctl.conf
and change this to Zero and save the file.
net.ipv4.ip_forward = 1

Also pass this parameter value to have immediate effect and add value to sysctl will make sure it is consistent across reboot.

[[email protected] ~]#sysctl -p /etc/sysctl.con

Finally validate using above mentioned commands.That’s it about how to enable IP forwarding in linux.

So we have already went through what is IP forwarding in linux,how to disable IP forwarding in linux and how to enable IP forwarding in linux or how to enable/disable ip forwarding in linux that’s all we expected to cover in this post.All about IP forwarding in linux.

Thank you very much for going through post.I hope you will find this helpful.If it is request you to share wherever possible as much as you can including your friends and your fellow system administrators.

Raj Rai

Raj Rai is an experienced IT Infrastructure Professional with more than 15 years of experience in IT Infrastructure Management. Raj Raj have keen interest in sharing his real world experience in his spare time as his social responsibility for IT infrastructure field. This is his contribution for IT infrastructure management sector for either newbie or even experienced professionals in unix linux cloud network and storage administration field.

Leave a Reply