How to enable ip masquerading/forwarding on CentOS 7

August 29, 2014 74.7k views

I want to enable IP masquerading/forwarding on CentOS 7, but when I specify net.ipv4.conf.default.forwarding=1 in /etc/sysctl.conf, it doesn’t work.

Can any one help with this problem?

1 comment
  • Another variant for Centos 6 will work on Centos 7.

    /sbin/sysctl -w net.ipv4.ip_forward=1

    But temporary.

    You should add:

    net.ipv4.ip_forward = 1

    into file



    /sbin/sysctl -p

    or reboot

    it work!

3 Answers

To enable IP forwarding, uncomment this line in /etc/sysctl.conf

$ cat /etc/sysctl.conf | grep ip_forward
  • only for centos 6
    in my installation of Centos 7:

    cat /etc/sysctl.conf

    System default settings live in /usr/lib/sysctl.d/00-system.conf.

    To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file

    For more information, see sysctl.conf(5) and sysctl.d(5).

    so, you should add into the file


/usr/lib/.... path usually for packages,daemon,services that you install or exist when you installed your os . Relevant config also may exist in /etc/..

/etc/.. path is the place where you as a administrator should be configuring

for ip forwarding you should not be touching any file on /usr/lib/…
same goes for firewalld, systemd for them /etc/firewalld/.. or /etc/systemd/…

you can directly edit the good ol /etc/sysctl.conf or preferably /etc/sysctl.d/99-sysctl.conf

the 99-sysctl.conf is symbolic link to the /etc/sysctl.conf

upon reboot or sysctl -p allows the systemd-sysctl service read the link/nonlink files if they exist if not read sysctl.conf and make necessary entry in /usr/lib/.. and/or load your defined or other variables that there exist and ofcourse giving you ip forwarding for this scenario.

in simple al custom goes in /etc/

you should not be editing /usr/lib/sysctl.d/50-default.conf

you can edit /etc/sysctl.conf
or /etc/sysctl.d/ 99-sysctl.conf
or /etc/sysctl.d/<numberdigits and nameappropriatelyaccordingtoyourpurpose>.conf

the last one is user created it dont have to be a linked file. systemd-sysctl will load the values

I google searched and this was the first result. I wanted to add a comment here on my “opinion” of how to implement this.

So when reading the file /etc/sysctl.conf, it seems we have a few options (none are wrong because they all work) listed out. One area not mentioned, which in my opinion, I like more, is where it says:

To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.

So after running sudo -s I then ran echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/100-sysctl.conf.
Why did I choose to name the file 100-sysctl.conf? Because there was a file in there that was 99-sysctl.conf

You can run sudo sysctl -a | grep ip_forward or without sudo sysctl -a | grep ip_forward to verify it’s there. I would suggest doing a sudo reboot now and then running this sysctl command to verify the setting sticks after reboot.

Future State : Started a gist for this that covers ipv6 too :
Would love to have contributors on there or stars if you found this useful! Thanks!

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!