I’m working on a work project and this is the start of my config for a router. I started with a fresh CentOS7 install.
Here we are assuming eth0 is our “public” interface while eth1 is our “private” interface.
1) Install pre-reqs
yum install epel-release
yum install iptables-services
yum install dhcp
yum remove firewalld
systemctl start iptables
systemctl enable iptables
2) set the internal ip address
In my instance the public interface will be on DHCP, so we’re only editing the “private” interface here. Though this process can also be used on the external interface.
vi /etc/sysconfig/network-scripts/ifcfg-eth1
...
BOOTPROTO="static"
IPADDR=10.254.254.0
PREFIX=24
ONBOOT=yes
...
systemctl restart network
3) Now we need to enable IP Forwarding
Check that ip forwarding is not already enabled
sysctl net.ipv4.ip_forward
will likely display
net.ipv4.ip_forward = 0
which means its disabled
Lets go ahead and enable it without needing a reboot
sysctl -w net.ipv4.ip_forward=1
And lets make it persist across reboots
vi /etc/sysctl.conf
add the following
net.ipv4.ip_forward = 1
reload
sysctl -p /etc/sysctl.conf
restart networking
systemctl restart network
4) Configure iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
service iptables save
5) Configure and Enable DHCP Server
vi /etc/dhcp/dhcpd.conf
option domain-name "test.lan";
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 3600;
max-lease-time 28800;
authoritative;
subnet 10.254.254.0 netmask 255.255.255.0 {
option routers 10.254.254.0;
option subnet-mask 255.255.255.0;
option domain-search "test.lan";
option domain-name-servers 208.67.222.222, 208.67.220.220;
range 10.254.254.10 10.254.254.254;
}
Start and enable the DHCP server.
systemctl start dhcpd
systemctl enable dhcpd