Centos – Setting up routing in CentOS 6.4 as a router/DHCP server with two nics

centosdhcp-servernicrouting

I am stumped about how to setup centOS 6.4 to route packets.

|Local Network| -eth0- |CentOS 6.4 box| -eth1- |Internet|

The centOS box has a dhcp server running. Currently it is handing out IP address on 192.168.3.0/24 but I don't think DNS is working correctly either. I have two boxes 192.168.3.5 and 192.168.3.6 that can ping each other all day but nslookup raid_array will not work. Here is my setup right now.

I want all 192.168.3.0/24 traffic to forward over eth0. Any traffic headed for the internet should be masqueraded as the 172.16.0.72 over eth1. Where does DNS fit into this?

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
TYPE=ETHERNET
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.3.1
NETMASK=255.255.255.0

/etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth0
TYPE=ETHERNET
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=192.16.0.72
GATEWAY=172.16.0.1

/etc/sysconfig/network

NETWORKING=yes
GATEWAY=192.168.3.1
NOZEROCONF=true

route -n

Destination     Gateway    Genmask       Flags    Metric  Ref   Use   Iface
192.168.3.0     0.0.0.0   255.255.255.0   U           0    0     0     eth0
0.0.0.0       172.16.0.1  0.0.0.0         UG          0    0     0     eth1

iptables

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Best Answer

You will also need to add this to your /etc/sysctl.conf:

net.ipv4.ip_forward = 1

and then run:

sysctl -p /etc/sysctl.conf

The default behavior for Red Hat is not to forward packets, but just to be an end point.

You are also going to want to accept traffic going through the box (or it won't work very well as a router)

iptables -A FORWARD -i eth1 -j ACCEPT

You'll also want to add postrouting masquerade rules for the traffic.

BTW, in your ifcfg-eth1 file, change the device name to eth1, otherwise you may have problems.

DNS is there to provide domain name <=> ip addressing, you might need to have your own DNS server if you have servers inside the 192.168.3.X network, so you do not have to remember IP addresses, though you will want to configure those machines with static IPs or set up DHCP to always assign them the same IP. If however you do not have a need for internal DNS, use the ones your ISP provides, or Google's (8.8.8.8).

Related Topic