Enabling Routing on Centos 7 with firewalld

by Lima | Posted on

I put together a simple script to enable routing on a Centos 7 box with a dual NIC configuration.  It has two prompts, one for the wan adapter name and one for the lan adapter name.  These can be retrieved via ifconfig. My ifconfig output:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@nuuk scripts]# ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::223:24ff:fe72:f6c5 prefixlen 64 scopeid 0x20 ether 00:23:24:72:f6:c5 txqueuelen 1000 (Ethernet)
RX packets 8281759 bytes 5042396048 (4.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16950142 bytes 22811149959 (21.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xf7c00000-f7c20000

enp0s20u3u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 71.230.194.57 netmask 255.255.255.0 broadcast 71.230.194.255
inet6 2001:558:6027:19:3dd5:283b:c9cd:5fdc prefixlen 128 scopeid 0x0
inet6 fe80::43a5:d170:98a8:32fd prefixlen 64 scopeid 0x20 ether 00:24:27:fe:3f:77 txqueuelen 1000 (Ethernet)
RX packets 12669955 bytes 16833625289 (15.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5602853 bytes 654417477 (624.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 197776 bytes 48982538 (46.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 197776 bytes 48982538 (46.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp0s20u3u1 is my upstream adapter and eno1 is coupled to my local LAN network.  If you have not done so already, enable the firewalld service.

…and my simple script:

1
2
3
4
5
6
7
8
9
10
11
12
13
# fullname="USER INPUT"
read -p "Enter WAN NIC (Upstream): " wannic
# user="USER INPUT"
read -p "Enter LAN NIC (Downstream): " lannic

echo $wannic $lannic

cp /scripts/sysctl.conf /etc/sysctl.conf
firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o $wannic -j MASQUERADE
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i $lannic -o $wannic -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i $wannic -o $lannic -m state --state RELATED,ESTABLISHED -j ACCEPT
systemctl restart firewalld
vnstat --create -i $wannic

Some notes – change the working directory as to which the script resides in; this script is configured to live in /scripts/. The cp command copies the sysctl.conf from /scripts/ to /etc/. This is unnecessary as you can simply add net.ipv4.ip_forward=1 to /etc/sysctl.conf or create the file with that line. Reboot the system or restart the service to enable IP forwarding. I created this script because sometimes I periodically swap out different USB lan adapters and need to reconfigure the IP forwarding configuration.

Post Views: 3,856
Lima

About the author

Lima is the visual nautical indicator for "stop instantly."

Comments

  2. Pingback: Ultimate Custom Home Router – Vassox
  3. Pingback: Installing NMTUI / Network Manager on Centos / RHEL – Vassox
  4. Pingback: Enable IP Forwarding / Routing on Ubuntu 18.04+ – Vassox
  5. Pingback: pomoshh-psihologa-online

Leave a Reply