Centos Use As Router
Home Lab: CentOS 6.3 as a firewall and Router. For devices on our new isolated subnet, we simply use the router's interface as our default gateway, which is 10.0.0.1. For example, I'll give my protected VM an IP address of 10.0.0.2, a subnet mask of 255.255.255.0, and a default gateway of 10.0.0.1. CentOS 7 makes use of systemd and firewalld which is a change from previous versions which were openrc and iptables based. The process of creating a minimal router system is fairly straight forward and can be completed in a very short amount of time after the initial installation with minimal dependencies.
Motivation:
I want to use my linux server instead of the average wireless router for several reasons
- I want to learn how to set up a more complete server on linux
- I don't want to have a modem, connected to a router, connected to a network switch
- I am sick and tired of having to unplug my router every 10 days because it just hangs
- I am sick and tired of buying routers only to realize they are missing something crucial, like port forwarding or static ip addressing (dhcp)
Set up:
Ultimately, the connection will come into a modem, and straight into my server through eth0, then eth1 will output to a network switch which all other client computers will connect to via ethernet cables (forget wireless for the moment). Currently, however, I am in an office building, and I have the connection coming into a modem, which goes into a router, which goes into a network switch, which then goes into eth0 as specified above.
Current Tutorials:
I looked at some tutorials (Ubuntu tutorial is the best one), and I have looked at some of the router questions here (ie. this one), but they all gloss over several key concepts, like:
- What is
eth1's relation toeth0? In/etc/network/interfacesdo I have to telleth1to useeth0as thenetwork(generally it is the actual physical router address)? - Do I have to do anything to instruct
eth1to take the internet that comes intoeth0and pass it onto whoever wants it in the network switch?
Current Approach:
Here is my /etc/network/interfaces file on the server:
And ifconfig tells me that both NICs are working fine:
And here is what route -n returns on the server:
Then on the client I have
But it is not being assigned an ip address.
EDIT: Here is the isc-dhcp-server configuration file located at /etc/dhcp3/dhcpd.con which I copied mostly from this site.
Centos Use As Router Table
EDIT: Output of sudo iptables -L
Question:
What crucial steps/components am I missing in this setup?
2 Answers
I have to go like Jack the ripper due several missing things that you have:
If you client will use DHCP to get the IP's you need a DHCP server.
iface eth0 inet dhcp
In the clients this indicates that they will get their IP's from a DHCP server, if you didn't setup a DHCP server, either you should use fixed IP's or install a DHCP server.
You lack of DNS servers configured in the clients. Either due the lack of DHCP server, or you may want to use a local DNS server for all your network.
You didn't offered the
iptablesrules (the output ofsudo iptables -L) but I could guess that you didn't activated the Masquerade rules, nor IP forwarding as described.The IP address of
eth1is not recommended. Any IP ended in0are typically the network itself, and most routers/firewall just get confused when these are used. Change it to192.168.7.1and you will mostly fine.Your
broadcastvalue in theeth1interface is not correct. Is sending packages to nowhere. The correct value (taking into account other values of the interface) is192.168.7.255.Your options in the DHCP server are vicious. The ARP packages to your router will never reach. This is what you should have:
Follow these and most likely you will have your router working.
Braiam answered my question, but I thought it would be helpful to put a thorough walkthrough here. Please update this if I have made any mistakes.
First make sure you have two ethernet cards (NICs) and update the /etc/network/interfaces file as such (do not mistake this for the /etc/networks file).
To find your gateway, broadcast and network, follow these instructions.
Next, go into the client and edit the /etc/network/interface (again, not/etc/networks) file for static ip first, to make sure that at least the NIC card is working.
Change the values to match up with the above values. If it works, great, then use the instructions here but follow them exactly, as there are several dhcp files so don't mistake the folder /etc/dhcp with /etc/dhcp3 and so on.