fix(sysctl): enable net.ipv4.ip_forward for NAT bridges

waydroid (and libvirt with finicky guests) need the host to route between their NAT bridge and the upstream NIC. libvirtd usually enables this on demand but it doesn't persist, so the container has no internet on a fresh boot until something else flips the bit.
author: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-22 14:28:17 +0100
committer: sommerfeld <sommerfeld@sommerfeld.dev> 2026-05-22 14:28:17 +0100
commit: 7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879 (patch)
tree: 098367bcf9798fddfc1d08a49e89a7befc93f878 /etc/sysctl.d
parent: 1dfee96401c03666aa3eeec7a40fbc42ff05e1b3 (diff)
download: dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.tar.gz
dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.tar.bz2
dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf
index 3177c28..fc01611 100644
--- a/etc/sysctl.d/99-sysctl.conf
+++ b/etc/sysctl.d/99-sysctl.conf
@@ -30,3 +30,8 @@ net.ipv4.conf.default.send_redirects = 0
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv6.conf.all.accept_source_route = 0
 net.ipv4.conf.all.log_martians = 1
+
+# IP forwarding for NAT bridges (libvirt's virbr0, waydroid's waydroid0).
+# libvirtd and waydroid both rely on the host routing between their bridge
+# and the upstream NIC; without this they get no internet.
+net.ipv4.ip_forward = 1
author	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-22 14:28:17 +0100
committer	sommerfeld <sommerfeld@sommerfeld.dev>	2026-05-22 14:28:17 +0100
commit	7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879 (patch)
tree	098367bcf9798fddfc1d08a49e89a7befc93f878 /etc/sysctl.d
parent	1dfee96401c03666aa3eeec7a40fbc42ff05e1b3 (diff)
download	dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.tar.gz dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.tar.bz2 dotfiles-7412e0fe4e8fae4159f66ce5feb4a1c3fb25e879.zip