How to make a Linux Host act as a Router

Let's say we have 3 hosts (A, B and C), and two networks ( and

  • Host A is connected to network via interface eth0 and has IP
  • Host C is connected network via interface eth0 and has IP
  • Host B is connected to both networks via interfaces eth0 and eth1 and has one ip for each network - and

Now let's say that we want to enable host A to talk to host C. This is by default not possible as they are not members of the same network. If we try to ping C from A, we would get a Network is unreachable error.

Luckily, we have host B which is connected to both networks, and we can configure A and C to use B as a gateway:

# host A
ip route add via 

# host C
ip route add via

Doing this is just half of the solution though. The problem now is that even though two networks are connected via host B, host B won't forward packets between it's eth0 and eth1 by default. is a security consideration in Linux NetworkingLinux Networking
This note serves as a link to connect Linux Networking related notes.

Get started on the topic by checking one of these out:

[[How to make a Linux Host act as a Router]]

Some of the useful ne...
, because allowing packet forwarding from one interface to another can accidentally expose your private network to the public.

In order to allow packet forwarding like this, you need to manually enable it. Whether a host can forward packets between interfaces is governed by the file /proc/sys/net/ipv4/ip_forward:

cat /proc/sys/net/ipv4/ip_forward
#> 0

Having 0 in there means forwarding is not enabled. you can enable it by simply doing echo 1 > /proc/sys/net/ipv4/ip_forward. From this point on, host A will be able to ping host C by using host B as a Network RouterNetwork Router
A router helps connect two networks together. It can be thought of as another host with many network ports. Since it connects to two networks, it will be assigned two IPs - one on each network.


Last thing to note is that the change above won't persist across restarts. In order to persist it, you need to set the value net.ipv4.ip_forward in /etc/sysctl.conf to 1.

Status: #💡