If you would like to turn a Linux machine into a router or a VPN server you will need to enable the IP Forwarding (aka routing) functionality as a first step. This functionality requires you to have at least 2 Ethernet interfaces connected to different networks or subnets.
To check if IP Forwarding has been enabled, we will need to check the contents of the file /proc/sys/net/ipv4/ip_forward
in the proc filesystem.
1 2 |
# cat /proc/sys/net/ipv4/ip_forward 0 |
The output of ‘0’ above indicates that routing is disabled. The possible values are ‘0’ and ‘1’ and ‘1’ means that the functionality is enabled.
To enable IP Forwarding on the fly, we will just need to modify the value with the echo command.
1 |
# echo 1 > /proc/sys/net/ipv4/ip_forward |
The above change will only last till the next reboot. To make the changes permanent, edit the file /etc/sysctl.conf
and set the parameter ‘net.ipv4.ip_forward
‘ to ‘1’.
1 |
net.ipv4.ip_forward = 1 |
If you are using iptables for packet filtering, you may also need to modify the built-in FORWARD chain according to your network, else the forwarded packets could be dropped by the firewall rules.