Nftables Router Tutorial

From Alteeve Wiki
Revision as of 01:31, 28 March 2024 by Digimer (talk | contribs)
Jump to navigation Jump to search

 Alteeve Wiki :: How To :: Nftables Router Tutorial

Warning: This is incomplete and untrustworthy! Do not expect anything to be useful or accurate before this warning is removed.

This tutorial is meant to show how to use nftables to build a router suitable for a home or boat.

Setup

Make sure that ip_forward is enabled in the kernel. 

sysctl net.ipv4.conf.all.forwarding

net.ipv4.conf.all.forwarding = 0

This shows that it's disabled. To enable it, and make sure it's set when the system reboots, edit (or create) the file "/etc/sysctl.d/99-custom.conf" and add (or update) the lines; 

# Added for router function support
net.ipv4.conf.all.forwarding = 1

Now reload the config; 

sysctl --system

* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
* Applying /usr/lib/sysctl.d/50-default.conf ...
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/50-redhat.conf ...
* Applying /etc/sysctl.d/99-custom.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.yama.ptrace_scope = 0
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
...<snip>...
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.wlp58s0.rp_filter = 1
net.ipv4.conf.all.forwarding = 1

Now we can verify that forwarding is enabled; 

sysctl net.ipv4.conf.all.forwarding

net.ipv4.conf.all.forwarding = 1

Now ip_forward is enabled!

Configuring nftables

References

 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Alteeve Enterprise Support Community Support
© 2025 Alteeve. Intelligent Availability® is a registered trademark of Alteeve's Niche! Inc. 1997-2025
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.
Retrieved from ‘https://alteeve.com/w/index.php?title=Nftables_Router_Tutorial&oldid=7574