Creating a basic router with CentOS7

I’m working on a work project and this is the start of my config for a router. I started with a fresh CentOS7 install.

Here we are assuming eth0 is our “public” interface while eth1 is our “private” interface.

1) Install pre-reqs

yum install epel-release
yum install iptables-services
yum install dhcp
yum remove firewalld
systemctl start iptables
systemctl enable iptables

2) set the internal ip address

In my instance the public interface will be on DHCP, so we’re only editing the “private” interface here. Though this process can also be used on the external interface.
vi /etc/sysconfig/network-scripts/ifcfg-eth1

...
BOOTPROTO="static"
IPADDR=10.254.254.0
PREFIX=24
ONBOOT=yes
...
systemctl restart network

3) Now we need to enable IP Forwarding

Check that ip forwarding is not already enabled
sysctl net.ipv4.ip_forward
will likely display

net.ipv4.ip_forward = 0

which means its disabled
Lets go ahead and enable it without needing a reboot

sysctl -w net.ipv4.ip_forward=1

And lets make it persist across reboots

vi /etc/sysctl.conf

add the following

net.ipv4.ip_forward = 1

reload

sysctl -p /etc/sysctl.conf

restart networking

systemctl restart network

4) Configure iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
service iptables save

5) Configure and Enable DHCP Server

vi /etc/dhcp/dhcpd.conf
option domain-name "test.lan";
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 3600;
max-lease-time 28800;
authoritative;
subnet 10.254.254.0 netmask 255.255.255.0 {
    option routers               10.254.254.0;
    option subnet-mask         255.255.255.0;
    option domain-search       "test.lan";
    option domain-name-servers  208.67.222.222, 208.67.220.220;
    range 10.254.254.10 10.254.254.254;
}

Start and enable the DHCP server.

systemctl start dhcpd
systemctl enable dhcpd

Nice guide here, man!

Question - have you had any trouble with package management in CentOS 7? Like downloading new packages or updates? I ran into some weird issues with this a year or two ago with a handful of servers due to the sudden end-of-life/support for non-CentOS Stream flavors. Or at least, that’s what I thought was the cause. I ended up just moving everything to either Alma Linux or Debian.

Honestly its been a minute since I’ve used Cent, the only reason I went this route was because the hardware we are testing on (at work) wouldn’t install Ubuntu but its just our first round of testing for a very specific issue we need a resolution to.