By default any modern Linux distributions will have IP Forwarding disabled. This is normally a good idea, as most people will not need IP Forwarding, but if we are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain dial-in server then we will need to enable forwarding. This can be done in several ways that I will present bellow.

Check if IP Forwarding is enabled

We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:
Using sysctl:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

cat /proc/sys/net/ipv4/ip_forward

As we can see in both the above examples this was disabled (as show by the value 0).

Enable IP Forwarding on the fly

As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1


echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service:

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service:

/etc/init.d/ restart

Easy Way

Debian based distributions might use the setting:

set it to yes and restart the network service.
Also RedHat distributions might set this using:


and again restart the network service.

Checking :

Any method you have used once you have completed this you can check it out using the same method shown above:

sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
cat /proc/sys/net/ipv4/ip_forward

If the result is 1 then the Linux system will start forwarding IP packets


Remote Backup

Data backup is a critical component of a web hosting service, and there are a plenty of off-the-shelf solutions available on the market that automates remote data backup. However, for smaller web hosts with a couple of servers, it may be suffice to backup its data between servers using the traditional Linux tar and ssh commands; and allow cron job to transfer a tarball to a remote server.

The procedure described below explains the steps necessary to perform the remote backup task. For description purpose, we use “local” machine to denote a machine that a user is logged on to perform the backup, “remote” machine to denote a machine that will be used to store the backup of the local machine data. It is assumed that we’re making a backup between two Linux boxes.

A. Create a trusted host environment between local and remote machines.
To be able to execute a command using ssh without being prompted for a password, you’ll need to generate a ssh key that will be used to create a trusted environment between servers. For the purpose of this illustration, we’ll assume that a user called “scott” will perform the backup.

1. Login to a local machine as a user named “scott”. This user can be anyone with a permission to read and create backup of a local content.

2. Generate private/public key pair using the “ssh-keygen” command.
% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/scott/.ssh/id_rsa):

The command prompts for a file name, and pass-phrase. Take the default answers by pressing “Enter” key three times.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/scott/.ssh/id_rsa.
Your public key has been saved in /home/scott/.ssh/

The command above creates 2 files in the .ssh directory inside the user’s home directory. The ~scott/.ssh/id_rsa is the private key, and ~scott/.ssh/ is the public key. The private key should not be shared with anyone, so make it read-only for yourself (default).

% chmod 600 ~scott/.ssh/id_rsa

3. Copy public key on the remote server.
In order to create a trusted environment, we need to place the local machine’s public key in the remote machine. We’ll add public key entry in the remote machine in the ~scott/.ssh/authorized_keys2. In case .ssh directory may not exists in the remote machine, perform the following to create the directory. Replace hostname inside curly braces with actual hostname.

% ssh {remote-host} “mkdir .ssh; chmod 600 .ssh”
% scp ~scott/.ssh/ {remote-host}:~scott/.ssh/{local-host}.pub
% ssh {remote-host} cat ~scott/.ssh/{local-host}.pub >> ~scott/.ssh/authorized_keys2

Enter password when prompted. You should be able to execute a commmand on a remote machine without supplying a password. Test the setup by performing the following:

% ssh {remote-host} ls

If command executed without password, the setup is good and we can proceed to the next step. If password is prompted, go back to step 2 above.

B. Perform a remote backup

To perform a remote backup, you may perform following tar/ssh command to execute it. For our illustration, let’s make a backup of users’ home directories located in /home partition.

% (cd /home; tar cfz – .) |ssh {remote-host} dd of=/backup/filename.tgz obs=1024

Save it to any filename you desire (replace the filename), and use reasonable block size (i.e. 1KB).

C. Automate backup with Cron.

To automate a backup process, you’ll have to create a backup script.

day=$(/bin/date ‘+%a’) # Day of week (Mon..Sun)
(cd /home; tar cfz – .) |ssh {remote-host} dd of=/backup/filename.$day.tgz obs=1024

Save the file as /usr/local/bin/backup.bash, make it executable and create a cron entry.

% chmod +x /usr/local/bin/backup.bash
% crontab -e
0 2 * * * /usr/local/bin/backup.bash

The backup will execute every night at 2 am. To learn more about crontab, please read
Crontab manpage.

Useful links :


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s