diff --git a/cmd/run.go b/cmd/run.go
index 56d3035..cfd46c6 100644
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -105,14 +105,14 @@ func Run(log *logrus.Logger, param *config.Params) (err error) {
 	return nil
 }
 
-func readConfig(cfgFile string) (params *config.Params, entries []string, err error) {
+func readConfig(cfgFile string) (params *config.Params, includes []string, err error) {
 	merger := config.NewMerger(cfgFile)
-	sections, entries, err := merger.Merge()
+	sections, includes, err := merger.Merge()
 	if err != nil {
 		return nil, nil, err
 	}
 	if params, err = config.New(sections); err != nil {
 		return nil, nil, err
 	}
-	return params, entries, nil
+	return params, includes, nil
 }
diff --git a/control/control_plane_core.go b/control/control_plane_core.go
index 7b5ec26..86ee86b 100644
--- a/control/control_plane_core.go
+++ b/control/control_plane_core.go
@@ -226,6 +226,10 @@ tryRuleAddAgain:
 }
 
 func (c *ControlPlaneCore) bindLan(ifname string) error {
+	err := CheckIpforward(ifname)
+	if err != nil {
+		return err
+	}
 	c.log.Infof("Bind to LAN: %v", ifname)
 	link, err := netlink.LinkByName(ifname)
 	if err != nil {
diff --git a/control/tproxy_utils.go b/control/tproxy_utils.go
index a49c2ed..6521ffd 100644
--- a/control/tproxy_utils.go
+++ b/control/tproxy_utils.go
@@ -6,6 +6,7 @@
 package control
 
 import (
+	"bytes"
 	"encoding/binary"
 	"fmt"
 	"github.com/v2rayA/dae/common"
@@ -13,6 +14,7 @@ import (
 	internal "github.com/v2rayA/dae/pkg/ebpf_internal"
 	"golang.org/x/sys/unix"
 	"net/netip"
+	"os"
 	"syscall"
 )
 
@@ -60,3 +62,25 @@ func RetrieveOriginalDest(oob []byte) netip.AddrPort {
 	}
 	return netip.AddrPort{}
 }
+
+func checkIpforward(ifname string, ipversion consts.IpVersionStr) error {
+	path := fmt.Sprintf("/proc/sys/net/ipv%v/conf/%v/forwarding", ipversion, ifname)
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return err
+	}
+	if bytes.Equal(bytes.TrimSpace(b), []byte("1")) {
+		return nil
+	}
+	return fmt.Errorf("ipforward on %v is off: %v", ifname, path)
+}
+
+func CheckIpforward(ifname string) error {
+	if err := checkIpforward(ifname, consts.IpVersionStr_4); err != nil {
+		return err
+	}
+	if err := checkIpforward(ifname, consts.IpVersionStr_6); err != nil {
+		return err
+	}
+	return nil
+}