It has been quite a while since I needed to create a CentOS based NAT router and with all the changes in network configuration with CentOS and RHEL 7 it took me a while. Normally most I deal with is either core router or NSX based (DLR or ESG). So I decided to do a little writeup...I used the CentOS 7 minimal installation to start as I want to also reduce the attach pattern.
If required change the hostname:
If you don't know your interface config you can run:
If necessary make changes to the network configurations, they can be found in /etc/sysconfig/network-scripts/ifcfg-INTERFACENAME. Always ensure that ONBOOT is set to YES. If any configuration changes were made ensure to restart eh network.
systemctl restart network
Please note which Interface is going to be used as the public and which as the private interface. In my case I will use ens192 as the private interface and ens224 as the public interface.
Next we need to enable IP Forwarding in the kernel:
and add the following line:
activate the change:
sysctl -p /etc/sysctl.d/ip_forward.conf
Next step is to configure the firewall to allow IP masquerading between the public and private interfaces (ens224 is the public interface and 10.73.0.0/24 is the private network I will allow):
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o ens224 -j MASQUERADE -s 10.73.0.0/24
Assign the interface to the external firewall zone:
firewall-cmd --change-interface=ens224 --zone=external --permanent
Default zone should be internal:
Restart all networking and firewall services:
systemctl restart network && systemctl restart firewalld
Verify the firewall settings:
firewall-cmd --list-all --zone=external