How To: CentOS 7 Router

I have had to create a few CentOS 7 minimal router systems over the past few weeks for my research environments and decided to document the process. CentOS 7 makes use of systemd and firewalld which is a change from previous versions which were openrc and iptables based. The process of creating a minimal router system is fairly straight forward and can be completed in a very short amount of time after the initial installation with minimal dependencies.

In order to create a router the system will need multiple network interface cards assigned to it. In this article we will focus on a system with two network interfaces. Once will be considered the public interface and the other will be the private interface. Network Address Translation (NAT) will be used in order to pass traffic from the public interface through the router to the systems located on the private LAN.

First install CentOS 7 to the system from the minimal installation media. You can set the hostname and address information during installation or wait until after and edit the configuration files manually. Once the installation is complete perform the following actions:

Change the hostname:

Change the IP address of the first network interface:
(Note: your network interface may be named something different than eth0)

Add the following information to the file:

Change the IP address of the second network interface:

Add the following information to the file:

Run the following command to restart the networking service:

Now the firewall service has to be configured to support NAT:

First create the following file to allow IP forwarding:

In the file add the following line:

Then run the following command to activate IP forwarding:

Now we need to create a firewall rule to allow IP masquerading between the public and private interfaces:

Now assign eth0 to the external firewall zone:

Set the default zone to the internal zone:

Reload the firewall service:

Now restart the networking and firewall services:

Verify that the firewall settings persisted through the reload:

That’s it! Now test to see if it works by connecting a system to the private side of the router. Then assign it an IP address and subnet mask on the private LAN, and set the default gateway to the private interface on the router. DNS should be set to the same DNS server that the router is using unless you are running a private DNS server on your LAN.