IP Forwarding = when and why is this required?

networking linux

I have searched a lot with google. It is only documented how to enable IP Forwarding in the linux kernel but not WHEN and WHY I have to enable it. I would be thankful for advice.

When and why do I have to enable it? (For example when I install a bridge?, or when using iptables? or when using route add ?)

(Good links are appreciated, but I was not able to found one. )

Thank you very much!

Jan


Solution 1:

IP forwarding should be enabled when you want the system to act as a router, that is transfer IP packets from one network to another.

In the simplest case, consider a server with two physical ethernet ports which is meant to connect to two different networks (say your internal network and the outside world as provided by a DSL modem). If you just connect and configure those two interfaces, the system can communicate on either network. However, packets from one network cannot travel to the other network, because forwarding is not enabled.

Consider the specific example of 'route add'. If you have two network interfaces, you will add a minimum of two routes, one for each interface. When the kernel considers where to send a network packet, it will pick the most specific applicable route and then send it along to that interface.

However, if forwarding is turned off, the kernel will first check to see which interface the packet came from. If it didn't come from the same interface, the kernel will discard it.

EDIT: First note that you can use a router without having two physical network interfaces. For example if you are using VLANs, your server can transfer IP packets between vlans but only have one physical network interface. This is called a one-armed router. However for the simplest case yes you can say that if you only have one physical network interface then you don't need to enable IP forwarding.

IP forwarding involves transferring packets between network interfaces (real or virtual) so I think that if you had two interfaces on the same network, you would have to enable ip forwarding to allow packets to move between the interfaces. However since the interfaces are already on the same network, it doesn't seem to make a lot of sense to transfer packets between them.

Solution 2:

According to Wikipedia...

IP forwarding also known as Internet routing is a process used to determine which path a packet or datagram can be sent. The process uses routing information to make decisions and is designed to send a packet over multiple networks. Generally, networks are separated from each other by routers.

It is required when you want the system to use as a router. Check the link below to know the exact use of the IP forwarding. http://www.linuxjournal.com/content/linux-advanced-routing-tutorial?

Related

Vagrant box most similar to Amazon EC2 instances
Understanding the nginx proxy_cache_path directive
Is anyone using GPS for time sync?
Assign multiple IPs to 1 Entry in hosts file
What is a Storage Area Network, and which benefits does it have over different storage solutions?
How do ulimit -n and /proc/sys/fs/file-max differ?
Using ctrl-arrow keys with PuTTY and screen
How does logrotate exactly handle "daily"?
What tools are available on Windows to simulate/emulate network issues?
Get notification from supervisord when a job exits
Difference between ServerName and ServerAlias [duplicate]
What risks are there with mixing SSD models in RAID?