Nftables Router Tutorial: Difference between revisions

From Alteeve Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 10: Line 10:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat /proc/sys/net/ipv4/ip_forward
sysctl net.ipv4.conf.all.forwarding
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
0
net.ipv4.conf.all.forwarding = 0
</syntaxhighlight>
</syntaxhighlight>


This shows that it's disabled. To enable it, write "<span class="code">1</span>" to that virtual file
This shows that it's disabled. To enable it, and make sure it's set when the system reboots, edit (or create) the file "<span class="code">/etc/sysctl.d/99-custom.conf</span>" and add (or update) the lines;


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
echo 1 > /proc/sys/net/ipv4/ip_forward
# Added for router function support
cat /proc/sys/net/ipv4/ip_forward
net.ipv4.conf.all.forwarding = 1
</syntaxhighlight>
 
Now reload the config;
 
<syntaxhighlight lang="bash">
sysctl --system
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
1
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/50-redhat.conf ...
* Applying /etc/sysctl.d/99-custom.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.yama.ptrace_scope = 0
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
...<snip>...
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlp58s0.rp_filter = 1
net.ipv4.conf.all.forwarding = 1
</syntaxhighlight>
</syntaxhighlight>
Now we can verify that forwarding is enabled;
<syntaxhighlight lang="bash">
sysctl net.ipv4.conf.all.forwarding
</syntaxhighlight>
<syntaxhighlight lang="text">
net.ipv4.conf.all.forwarding = 1
</syntaxhighlight>
Now <span class="code">ip_forward</span> is enabled!
= Configuring nftables =





Revision as of 01:31, 28 March 2024

 AN!Wiki :: How To :: Nftables Router Tutorial

Warning: This is incomplete and untrustworthy! Do not expect anything to be useful or accurate before this warning is removed.

This tutorial is meant to show how to use nftables to build a router suitable for a home or boat.

Setup

Make sure that ip_forward is enabled in the kernel.

sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 0

This shows that it's disabled. To enable it, and make sure it's set when the system reboots, edit (or create) the file "/etc/sysctl.d/99-custom.conf" and add (or update) the lines;

# Added for router function support
net.ipv4.conf.all.forwarding = 1

Now reload the config;

sysctl --system
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/50-redhat.conf ...
* Applying /etc/sysctl.d/99-custom.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.yama.ptrace_scope = 0
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
...<snip>...
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlp58s0.rp_filter = 1
net.ipv4.conf.all.forwarding = 1

Now we can verify that forwarding is enabled;

sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 1

Now ip_forward is enabled!

Configuring nftables

References

 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support
Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.