UFW, IPTABLES and IP FORWARDING

BY Default, UFW blocks IP Forwarding. To enable packet forwarding, two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

Then edit /etc/ufw/sysctl.conf and uncomment:

net/ipv4/ip_forward=1

#for IPv6 forwarding uncomment:

net/ipv6/conf/default/forwarding=1

To enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:

net.ipv4.ip_forward=1

# If you wish to enable IPv6 forwarding also uncomment:

net.ipv6.conf.default.forwarding=1

Execute the sysctl command to enable the new settings in the configuration file:

sudo sysctl -p

Create my-iptables-rules:

$ sudo vi /etc/network/if-up.d/my-iptables-rules

#!/bin/bash

FLAG="/tmp/my-iptables-settings"

if [ -f ${FLAG} ]; then

  echo "Already set my iptables rules. Skip it."

  exit 0

fi

#sample iptables rules

iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

touch ${FLAG}

exit 0

Reference:https://help.ubuntu.com/lts/serverguide/firewall.html

Written on November 23, 2016