Configure traffic forwarding on Linux¶
Apply configuration¶
Note
This guide shows how to achieve traffic forwarding on Linux using
iptables with the default network interface eth0. Consult your
operating system documentation for more information.
-
Enable IPv4 traffic forwarding:
-
Find the default network interface for your device (other commands such as
ifconfigare available): -
Record the default network interface for use in subsequent commands. In this example,
eth0is used: -
Masquerade traffic to make it appear it is coming from the LAN rather than the TAN:
-
Accept forwarding requests from the
connectinterface to LAN: -
Accept forwarding requests subject to connection tracking:
Make configuration persistent¶
The routing configuration must be made persistent to avoid needing to manually re-apply it following a system reboot.
Once the configuration has been applied and tested, make it permanent as follows:
For sysctl, add the following entry to /etc/sysctl.conf (there may be an
existing entry you can uncomment):
For iptables, run the following commands to save the current rules:
If your iptables rules are not automatically restored when you reboot, cron
may be used to restore them. Add an entry to the root crontab, with
sudo crontab -e:
See man sysctl.conf and man iptables-save for more information.
For Ubuntu and Ubuntu-based distributions, the iptables-persistent package may
be installed. This is in addition to iptables-save:
On RedHat and derived-distributions, enable the iptables service:
For more information, see Saving Iptables Firewall Rules Permanently.