I'm working on a work project and this is the start of my config for a router. I started with a fresh CentOS7 install.
Here we are assuming eth0 is our “public” interface while eth1 is our “private” interface.
will likely display
which means its disabled
Lets go ahead and enable it without needing a reboot
And lets make it persist across reboots
add the following
reload
restart networking
Start and enable the DHCP server.
Here we are assuming eth0 is our “public” interface while eth1 is our “private” interface.
1) Install pre-reqs
Code:
yum install epel-release
yum install iptables-services
yum install dhcp
yum remove firewalld
systemctl start iptables
systemctl enable iptables
2) set the internal ip address
In my instance the public interface will be on DHCP, so we’re only editing the “private” interface here. Though this process can also be used on the external interface.vi /etc/sysconfig/network-scripts/ifcfg-eth1
Code:
...
BOOTPROTO="static"
IPADDR=10.254.254.0
PREFIX=24
ONBOOT=yes
...
systemctl restart network
3) Now we need to enable IP Forwarding
Check that ip forwarding is not already enabledsysctl net.ipv4.ip_forward
will likely display
Code:
net.ipv4.ip_forward = 0
Lets go ahead and enable it without needing a reboot
sysctl -w net.ipv4.ip_forward=1
And lets make it persist across reboots
vi /etc/sysctl.conf
add the following
Code:
net.ipv4.ip_forward = 1
sysctl -p /etc/sysctl.conf
restart networking
systemctl restart network
4) Configure iptables
Bash:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
service iptables save
5) Configure and Enable DHCP Server
vi /etc/dhcp/dhcpd.conf
Code:
option domain-name "test.lan";
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 3600;
max-lease-time 28800;
authoritative;
subnet 10.254.254.0 netmask 255.255.255.0 {
option routers 10.254.254.0;
option subnet-mask 255.255.255.0;
option domain-search "test.lan";
option domain-name-servers 208.67.222.222, 208.67.220.220;
range 10.254.254.10 10.254.254.254;
}
systemctl start dhcpd
systemctl enable dhcpd