Operating as a router allows a linux machine to accept packets on one interface and transmit them on another. This is the nature of a router. The process of accepting and transmitting IP packets is known as forwarding. IP forwarding is a requirement for many of the networking techniques identified here. Stateless NAT and firewalling, transparent proxying and masquerading all require the support of IP forwarding in order to function correctly.
net/ipv4/ip_forward toggles the IP
forwarding functionality on a linux box. Note that setting this sysctl
alters other routing-related sysctl entries, so it is wise to set this
first, and then alter other entries.
Frequently, an administrator will forget this simple and crucial detail
when configuring a new machine to operate as a router only to be
frustrated at the simple error.
net/ipv4/conf/$DEV/forward defaults to
the value of
net/ipv4/ip_forward, but can be
independently modified. In order to allow forwarding of packets between
two interfaces while prohibiting such behaviour on a third interface,
this sysctl can be employed.