Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to achieve IP forwarding on the Linux system". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to achieve IP forwarding on the Linux system".

Hello, everyone. Today we will learn to use iptables to achieve IP forwarding (packet forwarding) from one network interface to another on Linux. The concept of IP forwarding is to have a Linux machine send data from one network to another like a router. Therefore, it can be used as a router or proxy server to share a connected Internet or network connection with multiple client machines.

These are some simple steps to enable IP forwarding or network packet forwarding.

1. Enable IPv4 forwarding

First, we need to enable IPv4 forwarding on our Linux operating system. To do this, we need to use sudo mode to execute the following command under shell or terminal.

The code is as follows:

$sudo-s

# echo 1 > / proc/sys/net/ipv4/ip_forward

Note: the above command enables ip forwarding immediately, but only temporarily until the next restart. To enable it permanently, we need to open the / etc/sysctl.conf file using our usual text editor.

The code is as follows:

# nano / etc/sysctl.conf

Then, add net.ipv4.ip_forward = 1 to the file, or delete the comment on that line, save and exit the file.

The code is as follows:

Net.ipv4.ip_forward = 1

Run the following command to enable changes.

The code is as follows:

# sysctl-p / etc/sysctl.conf

two。 Configure Iptables Firewall

We need to allow specific (or all) packets to pass through our router. Before that, we need to know the interface name of the network device that connects to our Linux. We can get the interface name by running the following command at the terminal or shell.

The code is as follows:

# ifconfig-a

Here, in our machine, eth3 is the interface of the network card connected to the Internet or network, and wlan2 is the interface through which we want to forward packets from eth3 using iptables. To achieve forwarding, we need to run the following command.

The code is as follows:

# iptables-A FORWARD-I wlan2-o eth3-j ACCEPT

Note: please replace wlan2 and eth3 with the available device names on your Linux machine.

Now, since netfilter/iptables is a stateless firewall, we need to get iptables to allow established connections through. To do this, we need to run the following command.

# iptables-A FORWARD-I eth3-o wlan2-m state-- state ESTABLISHED,RELATED-j ACCEPT

3. Configure NAT

Then, finally, we need to change the source address of the packet sent to the Internet to eth3 by executing the following command.

# iptables-t nat-A POSTROUTING-o eth3-j MASQUERADE

Summary

Finally, we successfully configured packet forwarding from one interface to another on our Linux machine with iptables as the firewall. This article teaches you to connect your private interface to the Internet without bridging the interface, but to route packets coming in from one interface to another.

Thank you for reading, the above is the content of "how to achieve IP forwarding on the Linux system". After the study of this article, I believe you have a deeper understanding of how to achieve IP forwarding on the Linux system, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.