Chapter 3. Routing

3.1. IPv4 Forwarding

IPv4 forwarding connects two or more networks by sending packets which arrive on one interface to another interface. This makes it possible to let a Linux machine act as a router. For example, you can connect multiple networks, or your home network with the internet. Let's have a look at an example:

Figure 3-1. Router example

In dit example there are two networks, 192.168.1.0 and 192.168.2.0. Three hosts are connected to both network. One of these hosts is connected to both networks with interfaces. The interface on the 192.168.1.0 network has IP address 192.168.1.3, the interface on the 192.168.2.0 network has IP address 192.168.2.3. If the host acts as a router between both networks it forwards packets from the 192.168.1.0 network to the 192.168.2.0 network and vise versa. Routing of normal IPv4 TCP/IP packages can be enabled by enabling IPv4 forwarding.

IPv4 forwarding can be enabled or disabled under Slackware Linux by changing the IPV4_FORWARD variable in /etc/rc.d/rc.inet2. The default setting is as follows:


IPV4_FORWARD=1

This means that IPv4 forwarding is enabled. You can disable forwarding by changing the IPV4_FORWARD value to 0. This setting can be enabled by rebooting the computer. It is also possible to enable IPv4 forwarding on a running system with the following command (0 disables forwarding, 1 enables forwarding):


# echo 0 > /proc/sys/net/ipv4/ip_forward

Be cautious! By default there are no active packet filters. This means that anyone can access other networks. Traffic can be filtered and logged with the iptables kernel packet filter. Iptables can be administrated through the iptables command. NAT (Network Address Translation) is also a subset of iptables, and can be controlled and enabled through the iptables command. NAT makes it possible to "hide" a network behind one IP address. This allows you to use the internet on a complete network with only one IP address.