Question

How to enable ip masquerading/forwarding on CentOS 7

  • Posted on August 29, 2014
  • dheerajAsked by dheeraj

I want to enable IP masquerading/forwarding on CentOS 7, but when I specify net.ipv4.conf.default.forwarding=1 in /etc/sysctl.conf, it doesn’t work.

Can any one help with this problem?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

To enable IP forwarding, uncomment this line in /etc/sysctl.conf

$ cat /etc/sysctl.conf | grep ip_forward
#net.ipv4.ip_forward=1

What? I google searched and this was the first result. I wanted to add a comment here on my “opinion” of how to implement this.

Why? So when reading the file /etc/sysctl.conf, it seems we have a few options (none are wrong because they all work) listed out. One area not mentioned, which in my opinion, I like more, is where it says:

To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.

How? So after running sudo -s I then ran echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/100-sysctl.conf. Why did I choose to name the file 100-sysctl.conf? Because there was a file in there that was 99-sysctl.conf

Verify You can run sudo sysctl -a | grep ip_forward or without sudo sysctl -a | grep ip_forward to verify it’s there. I would suggest doing a sudo reboot now and then running this sysctl command to verify the setting sticks after reboot.

Future State : Started a gist for this that covers ipv6 too : https://gist.github.com/josephdrane/cd6cf46d32c3932c9fb663b4cac105a6 Would love to have contributors on there or stars if you found this useful! Thanks!

/usr/lib/… path usually for packages,daemon,services that you install or exist when you installed your os . Relevant config also may exist in /etc/…

/etc/… path is the place where you as a administrator should be configuring

for ip forwarding you should not be touching any file on /usr/lib/… same goes for firewalld, systemd for them /etc/firewalld/… or /etc/systemd/…

you can directly edit the good ol /etc/sysctl.conf or preferably /etc/sysctl.d/99-sysctl.conf

the 99-sysctl.conf is symbolic link to the /etc/sysctl.conf

upon reboot or sysctl -p allows the systemd-sysctl service read the link/nonlink files if they exist if not read sysctl.conf and make necessary entry in /usr/lib/… and/or load your defined or other variables that there exist and ofcourse giving you ip forwarding for this scenario.

in simple al custom goes in /etc/

you should not be editing /usr/lib/sysctl.d/50-default.conf

you can edit /etc/sysctl.conf or /etc/sysctl.d/ 99-sysctl.conf or /etc/sysctl.d/<numberdigits and nameappropriatelyaccordingtoyourpurpose>.conf

t the last one is user created it dont have to be a linked file. systemd-sysctl will load the values