It may be necessary to configure IP forwarding on a Linux system in certain scenarios. If the Linux server is acting as a firewall, router, or NAT device, it will need to be capable of forwarding packets that are meant for other destinations (other than itself).

Conversely, IP forwarding should usually be turned off if you're not using one of the aforementioned configurations. You typically don't want your system wasting bandwidth or resources to forward packets elsewhere, unless it's been designed to do that job.

In this guide, we'll go through the step by step instructions to enable or disable IP forwarding through command line examples. You can apply these commands to any major Linux distro, including popular choices like Ubuntu and Red Hat.

In this tutorial you will learn:
  • How to check the current IP forwarding status
  • How to enable or disable IP forwarding
  • Common troubleshooting steps for IP forwarding
Checking the status of IP forwarding and enabling the setting
Checking the status of IP forwarding and enabling the setting
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software N/A
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

Check current IP forwarding status

Most systems will be able to use the sysctl command, which can apply kernel variables. Therefore, you can use the following sysctl command to check whether IP forwarding is enabled or disabled.

# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

In the example above, the net.ipv4.ip_forward kernel setting is 0. That means it's off. If it were set to 1, that would mean it's enabled.

This setting can also be viewed inside the /proc/sys/net/ipv4/ip_forward file on systems with systemd or any other init system.

# cat /proc/sys/net/ipv4/ip_forward
0

SUBSCRIBE TO NEWSLETTER
Subscribe to our NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


Enable or disable IP forwarding

You can use the following sysctl command to enable or disable IP forwarding on your system.

# sysctl -w net.ipv4.ip_forward=0
OR
# sysctl -w net.ipv4.ip_forward=1

You can also change the setting inside /proc/sys/net/ipv4/ip_forward to turn the setting on or off.

# echo 0 > /proc/sys/net/ipv4/ip_forward
OR
# echo 1 > /proc/sys/net/ipv4/ip_forward

Using either method above will not make the change persistent. To make sure the new setting survives a reboot, you need to edit the /etc/sysctl.conf file.

# sudo nano /etc/sysctl.conf

Add one of the following lines to the bottom of the file, depending on whether you'd like IP forwarding to be off or on, respectively. Then, save your changes to this file. The setting will be permanent across reboots.

net.ipv4.ip_forward = 0
OR
net.ipv4.ip_forward = 1

After editing the file, you can run the following command to make the changes take effect right away.

# sysctl -p


Troubleshooting

Note that the sysctl command if the service isn't currently running. Check the status of sysctl with this command.

$ systemctl status sysctl

The service should say that it's active. If not, start the service with this command:

$ sudo systemctl start sysctl

On non-systemd Linux installs, checking the status of sysctl will be different. For example, OpenRC uses this command:

# rc-service sysctl status

If you have successfully enabled IP forwarding (verified by checking the kernel variable after reboot), but you're still not receiving traffic on destination systems, check the FORWARD rules of iptables.

# iptables -L -v -n
...       
Chain FORWARD (policy ACCEPT 667 packets, 16724 bytes)
 pkts bytes target     prot opt in     out     source               destination

Your FORWARD chain should either be set to ACCEPT, or have rules listed that allow certain connections. You can see if traffic is reaching the FORWARD chain of iptables by checking the amount of packets and bytes that have hit the chain. If there aren't any, then you may have some higher rules in your chain that are blocking traffic.

Closing Thoughts

In this guide, we saw how to enable or disable IP forwarding in Linux systems by editing the kernel variable. The methods here covered systems that use systemd or some other init system. We also learned how to make the changes persistent, and common troubleshooting steps in case IP forwarding still isn't working after the change.

FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.