fix: enable ip forwarding

[wolf31o2]

Summary by cubic

Enable IPv4 IP forwarding at startup in bin/entrypoint so NAT/MASQUERADE and forwarded traffic work as expected. Fixes routing failures when NAT rules are present but forwarding is disabled.

^{Written for commit c91061d. Summary will update automatically on new commits.}

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Optimized network initialization sequence to ensure packet forwarding is properly enabled during system startup, improving network stability and reliability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This change adds a step to the entrypoint script that enables IP forwarding by writing a value to the kernel's IP forwarding configuration file. The new step is positioned after the /dev/net/tun device initialization and before NAT-related logic, ensuring packet forwarding is configured at the correct point in the startup sequence. No modifications to error handling or other control flow logic are included.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Specific areas requiring attention during review:
  • Verify the placement of the IP forwarding step is correct relative to NAT rule configuration and the /dev/net/tun device check
  • Confirm the syntax and target path for writing to /proc/sys/net/ipv4/ip_forward are accurate
  • Validate that unconditional enabling of IP forwarding aligns with the intended behavior and security posture

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: enabling IP forwarding in the entrypoint script. It is concise, directly related to the code modifications, and would be understood by teammates reviewing the pull request history.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/enable-ip-forwarding

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

bin/entrypoint (1)

19-21: Handle potential failure when enabling IPv4 forwarding

The placement and behavior look correct, but if writing to /proc/sys/net/ipv4/ip_forward fails (missing capabilities, read-only sysctl), the script silently continues and forwarding/NAT will be broken in a non-obvious way.

Consider at least logging a warning (or exiting) on failure:

-# Enable IP forwarding
-echo 1 > /proc/sys/net/ipv4/ip_forward
+# Enable IP forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward || \
+  echo "WARN: Failed to enable IPv4 forwarding (net.ipv4.ip_forward)" >&2

This keeps behavior the same on success while making misconfiguration easier to diagnose.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b71d2b and c91061d.

📒 Files selected for processing (1)

• bin/entrypoint (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: cubic · AI code reviewer