I'm not so good in linux but could you tell me why I can't turn on forwarding using this simple command? Instead of this I have to setup all interfaces by itself in iptables FORWARD chain.
Topic: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?
The content of this topic has been archived on 29 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
If you didn't have packet filtering (i.e. netfilter) in you kernel, setting /proc/sys/net/ipv4/ip_forward to 1 would be enough. You have to add rules to the FORWARD chain because the FORWARD default policy is most probably set to DROP. So if you really know what you are doing, just change the default policy and flush the chain to remove existing rules with a DROP target.
iptables -P FORWARD ACCEPT; iptables -F FORWARD
In my opinion you should know anyway what enters the forward chain, so DROP as default policy is a sensible choice.
I'm using router in lan only environment so I don't have to worry about forwarding I guess anyway thank you very much for explaining this problem. I'm starting to play with netfilter in general so I thought that removing firewall is enough to disable all chain rules and policys, but it seems it's more complicated issue.
it seams it doesn't work anyway...
root@openwrt:~# iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target prot opt source destination
root@openwrt:~# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
root@openwrt:~# iptables -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@openwrt:~# cat /proc/sys/net/ipv4/ip_forward
1
it looks like forwarding is enabled but when I ping wan interface from wlan client associated with router it doesn't get any respond
What does route -n show?
What are the settings for the wlan, lan, wifi devices?
here is my config
root@openwrt:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
root@openwrt:~# nvram show|grep wan_
size: 1738 bytes (31030 left)
wan_gateway=83.116.98.65
wan_netmask=255.255.255.0
wan_dns=194.204.152.34
wan_proto=static
wan_ipaddr=192.168.1.3
wan_ifname=vlan1
wan_hostname=openwrt
root@openwrt:~# nvram show|grep lan_
size: 1738 bytes (31030 left)
lan_netmask=255.255.255.0
lan_ifnames=vlan0
lan_ipaddr=192.168.2.1
lan_proto=static
lan_ifname=vlan0
root@openwrt:~# nvram show|grep wifi_
size: 1738 bytes (31030 left)
wifi_netmask=255.255.255.0
wifi_proto=static
wifi_ipaddr=192.168.0.1
wifi_ifname=eth1
wan interface is not connected to anything at the moment (i mean hardware connection)
I know all rules you've to add, i add the same problem
I'll give you all rules in 1 hour, when i'm home
Is there anyone who could tell me what I do wrong?
The discussion might have continued from here.