Things you need:
1. A Linux box
2. Two network adapters that connect to different networks that you wish to route.
How:
Enable IP Forwarding
By default all modern Linux distributions will have IP Forwarding disabled. Use the following methods to enable and configure IP Forwarding.
Check if IP Forwarding is enabled:
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:
sysctl net.ipv4.ip\_forward
net.ipv4.ip\_forward = 0
Using the /proc system:
cat /proc/sys/net/ipv4/ip\_forward
0
If the above output is ‘0’ IP Forwarding is not enabled.
To enable IP Forwarding on the fly:
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):
sysctl -w net.ipv4.ip\_forward=1
or
echo 1 > /proc/sys/net/ipv4/ip\_forward
The above setting is changed instantly; however the setting will not persist on rebooting the system.
To permanently enable IP Forwarding:
Add the following line to the file /etc/sysctl.conf
net.ipv4.ip_forward = 1
To enable the changes made in sysctl.conf, run the command:
sysctl -p /etc/sysctl.conf
Alternatively, On Red Hat based systems this is also enabled when restarting the network service:
service network restart
On Debian/Ubuntu systems this can be also done restarting the procps service:
/etc/init.d/procps.sh restart
After making the above changes, check if IP Forwarding is infact enabled:
Using sysctl:
sysctl net.ipv4.ip\_forward
net.ipv4.ip\_forward = 1
Using the /proc system:
cat /proc/sys/net/ipv4/ip\_forward
1
If the result is 1 then the Linux system will start forwarding IP packets even if they are not destined to a specific network interface.
Additionally configure iptables to forward packets from your internal network eth1 to your external network, eth0
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT