Differences

This shows you the differences between two versions of the page.

--- networking:ip_forwarding [2025/05/21 09:02] – peter
+++ networking:ip_forwarding [2025/05/21 09:10] (current) – peter
@@ Line 82: / Line 82: @@
 ----
+==== Ensure persistency ====
 To make sure the new setting survives a reboot, edit the **/etc/sysctl.conf** file.
@@ Line 104: / Line 106: @@
-===== Make the changes take effect right away =====
+==== Make the changes take effect right away ====
 <code bash>
 sysctl -p
 </code>
+----
+===== Troubleshooting =====
+Check the status of sysctl with this command:
+<code bash>
+systemctl status sysctl
+</code>
+----
+The service should say that it is active. If not, start the service with this command:
+<code bash>
+sudo systemctl start sysctl
+</code>
+On non-systemd Linux installs, checking the status of sysctl will be different. Try:
+<code bash>
+rc-service sysctl status
+</code>
+----
+If IP forwarding is successfully enabled (verified by checking the kernel variable after reboot), but traffic is still not being received on destination systems, check the FORWARD rules of iptables.
+<code bash>
+iptables -L -v -n
+</code>
+returns:
+<code>
+...
+Chain FORWARD (policy ACCEPT 667 packets, 16724 bytes)
+ pkts bytes target     prot opt in     out     source               destination
+</code>
+<WRAP info>
+**NOTE:**  The FORWARD chain should either be set to ACCEPT, or have rules listed that allow certain connections.
+  * Check if traffic is reaching the FORWARD chain of iptables by checking the amount of packets and bytes that have hit the chain.
+  * If none, then there may be some higher rules in the chain that are blocking traffic.
+</WRAP>
 ----
@@ Line 119: / Line 171: @@
   * TAG:  Routing
   * TAG:  Security
+  * TAG:  Server
+----