It is not necessary now a day to create a router from this kind of operating system. But a lot of time we do it for experimenting or sometimes we do this to forward packet through the operating system for some particular reasons.
Here I would love to show how to create a router just to learn that it is quite possible to create a router using this operating system and we can get benefits from this too.
For creating a router using centos/ RHEL 7, we need at least two network interfaces. Also we need to know some basics about firewalld. We will use firewalld service instead of iptables.
As we are going to have two interfaces from there we will use one interface to connect with the internal network and another for external network. Let us presume that one interface name is enp0s3 and another is enp0s5.
Here we will use enp0s3 as internal network interface and enp0s5 will be used as external network interface. Let’s start with configuring the network interfaces.
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet
NAME=enp0s3
BOOTPROTO=static
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=(internal network IP)
PREFIX=(internal network prefix)
GATEWAY=( internal network gateway)
Once this is done, we can start configuring the other interface for external network.
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s5
TYPE=Ethernet
NAME=enp0s5
BOOTPROTO=static
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=(external network IP)
PREFIX=( external network prefix)
GATEWAY=( external network gateway)
After this we are ready to make this work. Here we have to work on some firewall rules. Let’s start by putting the interfaces to different zones.
# firewall-cmd –new-zone=external –permanent
# firewall-cmd –new-zone=internal –permanent
# firewall-cmd –change-interface=enp0s5 –zone=external –permanent
# firewall-cmd –change-interface=enp0s3 –zone=internal –permanent
On this stage we need to configure IP forwarding. This has two ways, temporary and permanent. First we will see how we can configure the temporary IP forwarding. But we have to provide firewall rules in both the cases. Run the below command for IP forwarding.
#sysctl -w net.ipv4.ip_forward=1
Now if we want to make this permanent then we have to edit a file. Run the below command to open and edit the file /etc/sysctl.conf.
#vi /etc/sysctl.conf
Find out the below line.
net.ipv4.ip_forward = 0
put 1 on place of 0. Then save and exit the file.
net.ipv4.ip_forward = 1
on this stage we can restart the network service.
#systemctl restart network
Now we can put the rules to firewalld service and start NAT for IPs to communicate with different networks.
Before that, let’s make the internal zone our default zone. for that we need to run the below command on terminal.
#firewall-cmd –set-default-zone=internal
Now we will do that NAT within two different networks.
#firewall-cmd –permanent –direct –passthrough ipv4 -t nat -I POSTROUTING -o enp0s5 -j MASQUERADE -s (private Network IP Address/Prefix )
Finally we need to reload the firewall service.
#firewall-cmd – reload
Once that is done we have to connect a client computer with a private IP and we should ping a public IP. If we get the reply our router is ready to use.
