IP Forwarding i.e. setting linux box as router

October 8, 2010   Network, server services   3 Comments

IP forwarding enables linux box with two ethernet cards to act as a gateway forwarding IP packets from one LAN to another.

To set Linux as a router, you need to install 2 Ethernet card’s on the system.
eth0 –> Lan
eth1 –> Internet

# The Internal network interface (eth0 – LAN):

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:13:D4:B5:45:59
ONBOOT=yes

# The Internet network interface (eth1 – ISP):

# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:13:D4:B5:45:59
ONBOOT=yes
IPADDR=122.169.108.10
netmask= 255.255.255.0
network= 122.169.108.0
broadcast= 122.169.108.255
gateway= 122.169.108.1

DNS configuration

# more /etc/resolv.conf
nameserver 192.168.19.254
nameserver 59.144.127.16
nameserver 59.144.127.17

*************Configuration****************************

Enable ip Packet forwarding in kernel

1) Open linux kernel configuration file (you must be a root user or use su – command to become a root user), sysctl is used to modify kernel parameters at runtime.

# vi /etc/sysctl.conf

Add/modify following line:

net.ipv4.ip_forward = 1

or, run following command

# echo “1″ > /proc/sys/net/ipv4/ip_forward

# sysctl -p
To print & make changes done to sysctl.conf permanent.

# sysctl -a
Displays all parameters.

# sysctl -a | grep forward
This command is useful if net.ipv4.ip_forward =0 line is deleted or not present.
use sysctl -a | grep forward to search for this exact syntax for this parameter & make that entry in sysctl.conf file.

Restart network

# /etc/init.d/network restart

Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows

# iptables –table nat –append POSTROUTING –out-interface eth1 -j MASQUERADE
# iptables –append FORWARD –in-interface eth0 -j ACCEPT

# service iptables save
# iptables -L

Test it with ping or dig:

# ping google.com
# dig google.com

Check Routing Table

# netstat -nr

Suppose If your LAN computers (192.168.19.0) want to access the machine in 122.169.108.0 network, add route as follows on windows machines from command prompt:

route add 122.169.108.0 mask 255.255.255.0 192.168.19.7 metric 3

Possibly Related Posts:


  • http://www.myrouterip.com router ip address

    Great post, but this doesn’t appear to make use of my router ip address, any helpful hints?

  • Zykzt

    Can a linux gateway server be setted in a local network (another gateway equipment existed ) ?
    Thanks…

  • Pingback: ip forwarding, routing table