I put together a simple script to enable routing on a Centos 7 box with a dual NIC configuration. It has two prompts, one for the wan adapter name and one for the lan adapter name. These can be retrieved via ifconfig. My ifconfig output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | [root@nuuk scripts]# ifconfig eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::223:24ff:fe72:f6c5 prefixlen 64 scopeid 0x20 ether 00:23:24:72:f6:c5 txqueuelen 1000 (Ethernet) RX packets 8281759 bytes 5042396048 (4.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16950142 bytes 22811149959 (21.2 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xf7c00000-f7c20000 enp0s20u3u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 71.230.194.57 netmask 255.255.255.0 broadcast 71.230.194.255 inet6 2001:558:6027:19:3dd5:283b:c9cd:5fdc prefixlen 128 scopeid 0x0 inet6 fe80::43a5:d170:98a8:32fd prefixlen 64 scopeid 0x20 ether 00:24:27:fe:3f:77 txqueuelen 1000 (Ethernet) RX packets 12669955 bytes 16833625289 (15.6 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5602853 bytes 654417477 (624.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 197776 bytes 48982538 (46.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 197776 bytes 48982538 (46.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
enp0s20u3u1 is my upstream adapter and eno1 is coupled to my local LAN network. If you have not done so already, enable the firewalld service.
…and my simple script:
1 2 3 4 5 6 7 8 9 10 11 12 13 | # fullname="USER INPUT" read -p "Enter WAN NIC (Upstream): " wannic # user="USER INPUT" read -p "Enter LAN NIC (Downstream): " lannic echo $wannic $lannic cp /scripts/sysctl.conf /etc/sysctl.conf firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o $wannic -j MASQUERADE firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i $lannic -o $wannic -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i $wannic -o $lannic -m state --state RELATED,ESTABLISHED -j ACCEPT systemctl restart firewalld vnstat --create -i $wannic |
Some notes – change the working directory as to which the script resides in; this script is configured to live in /scripts/. The cp command copies the sysctl.conf from /scripts/ to /etc/. This is unnecessary as you can simply add net.ipv4.ip_forward=1 to /etc/sysctl.conf or create the file with that line. Reboot the system or restart the service to enable IP forwarding. I created this script because sometimes I periodically swap out different USB lan adapters and need to reconfigure the IP forwarding configuration.
Comments