I need to forward an interface and I wonder why it is disabled by default.
Will there be security issues or side effects when I enable it?
Asked
Active
Viewed 2,257 times
1 Answers
5
ip_forward is only useful on multihomed systems (i.e. more than one network interface) and makes routing of network packets between those interfaces possible. By enabling ip_forward your box essentially becomes a router.
Routing is an optional network function and as such disabled by default.
As for the downside/possible risks: when one of those interfaces is facing a public subnet (WAN/internet or possible hostile LAN), routing makes attacks possible. That's why you need to address those potential security issues with a firewall.
There is an excellent answer at What is kernel ip forwarding? with more information on the subject.
Edward
- 2,509