Most Linux desktops and servers have no reason for enabling IP Forwarding. Typically we would only want to enable this setting on servers that act as VPN server, Proxies, or load balancers. There are a few reasons for enabling this setting on desktops. For instance you may be required to enable this setting to do penetration testing.

Regardless of your reasons, this guide will help to identify the files that need to be edited and commands that need to be run in order to enable IPv4 Forwarding. Although IPv6 existing, IPv4 is still the most common version to be enabled and this guide will therefore focus on IPv4 Forwarding.

 

The things you will need before starting:

  • A basic understating of Linux command line.
  • Access to a Linux Desktop or Server
  • Access to the root account or an account with sudo access.
  • Basic knowledge of text editing software such as Vi, Vim, Nano, Pico, Gedit, etc.

Check if IPv4 Forwarding is enabled:

Before starting to change settings it's a good idea to check if it's already enabled.

$ sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 0 (the value of 0 means disabled)

or

$ cat /proc/sys/net/ipv4/ip_forward

0 (the value of 0 means disabled)

Steps:

  1. Log in as either root or a user with sudo access.
  2. Open a text editor (this may be completed while opening the document or before).
    Example (note that if you are logged in as root you may omit the "sudo" command):
    sudo nano
    sudo pico
    sudo gedit
  3. Find the location of the sysctl.conf file.
    I use vim the most frequently, so my command will look like this:
    $ sudo vi /etc/sysctl.conf
  4. Identify the line
    This value is not enabled.
    #net.ipv4.ip_forward=1
    Uncomment the line to enable the feature.
    net.ipv4.ip_forward=1
  5. Save the file with your changes.
  6. Active the changes made immediately (you can reboot or type these commands).
    Debian-based Linux distributions can use this command
    $ sudo /etc/init.d/procps restart
    RedHat-based Linux distributions can use
    $ service network restart
    Alternatively you can use this command
    $ sysctl -p /etc/sysctl.conf
  7. Check if the setting has been enabled successfully$ sysctl net.ipv4.ip_forward
    net.ipv4.ip_forward = 1 (the value of 1 means disabled)
    or
    $ cat /proc/sys/net/ipv4/ip_forward
    1 (the value of 1 means disabled)

 

Temporarily enabling IPv4 Forwarding:

Sometimes enabling this feature does not need to be permanent. the primary purpose of this guide was to enable the permanent setting. If you wish to temporarily enable this setting you can enter one of the following commands.

$ sudo sysctl -w net.ipv4.ip_forward=1

or

$ sudo echo 1 > cat /proc/sys/net/ipv4/ip_forward

Then check to see if the settign has been enabled.

$ sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 0 (the value of 0 means disabled)

or

$ cat /proc/sys/net/ipv4/ip_forward

0 (the value of 0 means disabled)

 

With a little inginuity and this guide you should be prepared to enable this setting on nearly any Linux desktop or server.