{"id":348,"date":"2016-11-12T06:14:46","date_gmt":"2016-11-12T06:14:46","guid":{"rendered":"http:\/\/shijuvarghese.com\/?p=348"},"modified":"2018-03-19T05:47:17","modified_gmt":"2018-03-19T05:47:17","slug":"making-a-centos-7-linux-host-as-a-router","status":"publish","type":"post","link":"http:\/\/shijuvarghese.com\/?p=348","title":{"rendered":"Configuring CentOS 7 linux host to function as a router"},"content":{"rendered":"<p>Linux has the provision to work as a router connecting two networks.<\/p>\n<p>In this example we have two NICs in the host.<\/p>\n<p><strong>]# <em>ifconfig<\/em><\/strong><br \/>\n&#8230;&#8230; ens32: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500<br \/>\n&#8230;&#8230; inet 20.10.0.16 netmask 255.255.240.0 broadcast 10.10.15.255<br \/>\n&#8230;&#8230; inet6 fe80::20c:29ff:fe6c:6584 prefixlen 64 scopeid 0x20&lt;link&gt;<br \/>\n&#8230;&#8230; ether 00:0c:29:6c:65:84 txqueuelen 1000 (Ethernet)<br \/>\n&#8230;&#8230; RX packets 682114 bytes 365768764 (348.8 MiB)<br \/>\n&#8230;&#8230; RX errors 0 dropped 1369 overruns 0 frame 0<br \/>\n&#8230;&#8230; TX packets 273180 bytes 27270276 (26.0 MiB)<br \/>\n&#8230;&#8230; TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br \/>\n&#8230;&#8230;<br \/>\n&#8230;&#8230; ens34: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500<br \/>\n&#8230;&#8230; inet 20.246.32.71 netmask 255.255.252.0 broadcast 10.246.35.255<br \/>\n&#8230;&#8230; inet6 fe80::20c:29ff:fe6c:658e prefixlen 64 scopeid 0x20&lt;link&gt;<br \/>\n&#8230;&#8230; ether 00:0c:29:6c:65:8e txqueuelen 1000 (Ethernet)<br \/>\n&#8230;&#8230; RX packets 819253 bytes 84669138 (80.7 MiB)<br \/>\n&#8230;&#8230; RX errors 0 dropped 0 overruns 0 frame 0<br \/>\n&#8230;&#8230; TX packets 394951 bytes 43114846 (41.1 MiB)<br \/>\n&#8230;&#8230; TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<\/p>\n<p>We will use ens32 to connect to our local LAN and ens34 for external network<\/p>\n<p>Note: From the localhost, we should be able to access both the networks<\/p>\n<p>List the default zone and the services allowed to access<br \/>\n<strong>]#<\/strong> <em><strong>firewall-cmd &#8211;list-all<\/strong><\/em><\/p>\n<p>Check which interface is connected to external zone<br \/>\n<strong>]# <em>firewall-cmd &#8211;list-all &#8211;zone=external<\/em><\/strong><\/p>\n<p>Make ens34 part of external zone<br \/>\n<strong>]# <em>firewall-cmd &#8211;change-interface=ens34 &#8211;zone=external<\/em><\/strong><br \/>\n<strong>]#<\/strong> <em><strong>firewall-cmd &#8211;change-interface=ens34 &#8211;zone=external &#8211;permanent<\/strong><\/em><\/p>\n<p>Reload firewalld configuration<br \/>\n<strong>]#<\/strong> <em><strong>firewall-cmd &#8211;complete-reload<\/strong><\/em><\/p>\n<p>Make ens32 part of internal zone<br \/>\n<strong>]#<\/strong> <em><strong>firewall-cmd &#8211;change-interface=ens32 &#8211;zone=internal &#8211;permanent<\/strong><\/em><\/p>\n<p><strong>]#<\/strong> <em><strong>firewall-cmd &#8211;zone=internal &#8211;add-service=http<\/strong><\/em><\/p>\n<p><strong>*** Testing ***<\/strong><\/p>\n<p>In a host inside the local LAN add a route to make &#8220;20.246.32.71&#8221; as the route to &#8220;20.10.0.16\/255.255.240.0&#8221; and try to access a site hosted in a server in the external LAN.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Linux has the provision to work as a router connecting two networks. In this example we have two NICs in the host. ]# ifconfig &#8230;&#8230; <a class=\"mh-excerpt-more\" href=\"http:\/\/shijuvarghese.com\/?p=348\" title=\"Configuring CentOS 7 linux host to function as a router\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":254,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,3,14],"tags":[],"class_list":["post-348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-firewall","category-linux","category-security"],"_links":{"self":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=348"}],"version-history":[{"count":5,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/348\/revisions"}],"predecessor-version":[{"id":523,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/348\/revisions\/523"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/media\/254"}],"wp:attachment":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}