| |
Hello everyone, today we learn on Linux with iptables implement from one network interface to another interface IP forwarding (packet forwarding). IP forwarding concept is to make Linux machine as a router to send data from one network to another network. Therefore, it can act as a router or a proxy server, to achieve a connection or network Internet connection sharing to multiple client machines.
This is some of the simple steps to enable IP forwarding or network packet forwarding method.
1. Enable IPv4 Forwarding
First, we need to enable IPv4 forwarding on our Linux operating system. To do this, we need to use sudo mode execute the following command in the shell or terminal.
$ Sudo -s
# Echo 1> / proc / sys / net / ipv4 / ip_forward
Temporary IP Forwarding
Note: The above command can now enable ip forwarding, but only temporarily, until the next reboot. To permanently enabled, we need to use our favorite text editor to open /etc/sysctl.conf file.
# Nano /etc/sysctl.conf
Then, increase net.ipv4.ip_forward = 1 to the file, or delete a comment that line, save the file and exit.
net.ipv4.ip_forward = 1
Run the following command to enable the change.
# Sysctl -p /etc/sysctl.conf
Configuring Iptables Firewall
We need to allow specific (or all) of the data packets through our router. Prior to this, we need to know the name of the interface connected to our network of Linux devices. We can run the following command in the terminal or shell to obtain the interface name.
# Ifconfig -a
Here, in our machine, eth2 is connected to the Internet or a network card interfaces, wlan2 we want to use iptables to forward packets from eth2 interface. To achieve forwarding, we need to run the following command.
# Iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT
Note: Please use your Linux machine available to replace the device name wlan2 and eth2.
Now, thanks to netfilter / iptables is a stateless firewall, we need to allow established connections iptables through. To do this, we want to run the following command.
# Iptables -A FORWARD -i eth2 -o wlan2 -m state --state ESTABLISHED, RELATED -j ACCEPT
3. Configure NAT
Then, finally we need to modify the source address of the packet sent to the Internet for eth2 by executing the following command.
# Iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
to sum up
Finally, as we have in our iptables firewall on a Linux machine from a successful configuration of the interface to another data packet forwarding. This article will teach you your proprietary interface to connect to the Internet, without bridging interface, but the data packet routing from one interface to another interface comes in. It is that, if you have any questions, suggestions, feedback, please write to the following comment box, then we can improve or update our content. |
|
|
|