Topic: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

I'm not so good in linux but could you tell me why I can't turn on forwarding using this simple command? Instead of this I have to setup all interfaces by itself in iptables FORWARD chain.

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

If you didn't have packet filtering (i.e. netfilter) in you kernel, setting /proc/sys/net/ipv4/ip_forward to 1 would be enough. You have to add rules to the FORWARD chain because the FORWARD default policy is most probably set to DROP. So if you really know what you are doing, just change the default policy and flush the chain to remove existing rules with a DROP target.

iptables -P FORWARD ACCEPT; iptables -F FORWARD

In my opinion you should know anyway what enters the forward chain, so DROP as default policy is a sensible choice.

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

I'm using router in lan only environment so I don't have to worry about forwarding I guess smile anyway thank you very much for explaining this problem. I'm starting to play with netfilter in general so I thought that removing firewall is enough to disable all chain rules and policys, but it seems it's more complicated issue.

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

it seams it doesn't work anyway...

root@openwrt:~# iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
root@openwrt:~# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
root@openwrt:~# iptables -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@openwrt:~# cat /proc/sys/net/ipv4/ip_forward
1

it looks like forwarding is enabled but when I ping wan interface from wlan client associated with router it doesn't get any respond

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

What does route -n show?
What are the settings for the wlan, lan, wifi devices?

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

here is my config

root@openwrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 vlan1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
root@openwrt:~# nvram show|grep wan_
size: 1738 bytes (31030 left)
wan_gateway=83.116.98.65
wan_netmask=255.255.255.0
wan_dns=194.204.152.34
wan_proto=static
wan_ipaddr=192.168.1.3
wan_ifname=vlan1
wan_hostname=openwrt
root@openwrt:~# nvram show|grep lan_
size: 1738 bytes (31030 left)
lan_netmask=255.255.255.0
lan_ifnames=vlan0
lan_ipaddr=192.168.2.1
lan_proto=static
lan_ifname=vlan0
root@openwrt:~# nvram show|grep wifi_
size: 1738 bytes (31030 left)
wifi_netmask=255.255.255.0
wifi_proto=static
wifi_ipaddr=192.168.0.1
wifi_ifname=eth1

wan interface is not connected to anything at the moment (i mean hardware connection)

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

I know all rules you've to add, i add the same problem smile

I'll give you all rules in 1 hour, when i'm home smile

Re: why echo 1 > /proc/sys/net/ipv4/ip_forward doesn't work?

Is there anyone who could tell me what I do wrong?