What is kernel ip forwarding?
Solution 1
"IP forwarding" is a synonym for "routing." It is called "kernel IP forwarding" because it is a feature of the Linux kernel.
A router has multiple network interfaces. If traffic comes in on one interface that matches a subnet of another network interface, a router then forwards that traffic to the other network interface.
So, let's say you have two NICs, one (NIC 1) is at address 192.168.2.1/24, and the other (NIC 2) is 192.168.3.1/24. If forwarding is enabled, and a packet comes in on NIC 1 with a "destination address" of 192.168.3.8, the router will resend that packet out of the NIC 2.
It's common for routers functioning as gateways to the Internet to have a default route whereby any traffic that doesn't match any NICs will go through the default route's NIC. So in the above example, if you have an internet connection on NIC 2, you'd set NIC 2 as your default route and then any traffic coming in from NIC 1 that isn't destined for something on 192.168.2.0/24 will go through NIC 2. Hopefully there's other routers past NIC 2 that can further route it (in the case of the Internet, the next hop would be your ISP's router, and then their providers upstream router, etc.)
Enabling ip_forward tells your Linux system to do this. For it to be meaningful, you need two network interfaces (any 2 or more of wired NIC cards, Wifi cards or chipsets, PPP links over a 56k modem or serial, etc.).
When doing routing, security is important and that's where Linux's packet filter, iptables, gets involved. So you will need an iptables configuration consistent with your needs.
Note that enabling forwarding with iptables disabled and/or without taking firewalling and security into account could leave you open to vulnerabilites if one of the NICs is facing the Internet or a subnet you don't have control over.
Solution 2
When enabled, "IP forwarding" allows a Linux machine to receive incoming packets and forward them. A Linux machine acting as an ordinary host would not need to have IP forwarding enabled, because it just generates and receives IP traffic for its own purposes (i.e., the purposes of its user).
However, there are cases when IP forwarding is useful: 1. We want our machine to act as a router, receiving packets from other hosts and routing them toward their destination. 2. We are bad guys and we want to impersonate another machine in a so called "man-in-the-middle-attack". In this case, we want to intercept and see all the traffic directed to the victim, but we want also to forward this traffic to her, so that she does not "sense" our presence.
Related videos on Youtube
03 : 06
19 : 35
02 : 07
04 : 13
04 : 48
pranjal
“The best thing about a boolean is even if you are wrong, you are only off by a bit.” (Anonymous)
Updated on September 18, 2022Comments
-
pranjal over 1 year
I have seen on many blogs, using this command to enable IP forwarding while using many network security/sniffing tools on linux
echo 1 > /proc/sys/net/ipv4/ip_forwardCan anyone explain me in layman terms, what essentially does this command do? Does it turn your system into router?
-
Admin over 8 yearspython file to enable and disable portforwarding gist.github.com/addminuse/7747903cd420b15f17e0
-
-
LawrenceC almost 10 yearsRight, you'll want to do NAT if NIC 2 is a private IP. Linux can do NAT as well andiptablesis the way to set it up. -
GutenYe almost 10 yearsDoes it need a NAT for data going from NIC 2 to NIC 1?
-
Sreeraj over 9 yearsIn simple words, will it be right if I say that enabling IP forwarding means enabling the machine to pass a packet from one of its NIC to another of its NIC? Also, would it be true if I say enabling IP forwarding is not really required on a machine with a single IP/NIC ?
-
LawrenceC over 9 years@Sree: Yes, but it won't do NAT - you need
iptablesfor that. If you don't want to route/forward packets, don't enable forwarding. It's unlikely a single IP/NIC system needs it enabled unless you are doing something weird with VPNs. -
bobo about 9 years@ultrasawblade In the case of IP forwarding enabled and having internet connection on NIC 2 and also as the default route, if it receives a packet destined for 192.168.2.2 from NIC 1, what will the router do?
-
LawrenceC almost 9 yearsYour NIC can actually receive all traffic on the subnet by design - if you have it connected to a hub, not a switch. It won't forward it out of the default gateway since it has a direct connection to that network 192.168.2.0/24 already. So I believe it will drop it.
-
t7e over 3 yearsWhy "IP forwarding" is not enabled by default in Linux distros?
-
Alan Evangelista almost 3 years@t7e I think it is enabled by default in most Linux distributions nowadays. It's enabled by default in my Ubuntu 20 -
Alan Evangelista almost 3 yearsIMHO "IP forwarding" is an ambiguous term because it may be interpreted as forwarding IP addresses (e.g. the source IP address) or IP packets. It means only the latter. "IP packet forwarding" or "IP packet routing" would be better names.
