Centos6.5 Implementation of Gateway Router
Recently, due to the aging of the company's routers, the Internet was interrupted for a period of time, and the network was disconnected for the first half of the hour. This is a headache for me. In the spirit of saving costs for the company, I decided to build a centos gateway route by myself, so I searched for it on the Internet and finally completed the gateway route. I didn't see a complete document about centos gateway routing on the Internet, so I decided to share my experience in deploying gateway routing.
My environment is like this:
The Internet fixed IP address is 180.159.110.130 (company website and email), 180.159.110.127 (VPN)
The eth0 Internet port IP address of the gateway route is 180.159.110.130, the network port IP address of eth1 is 192.168.200.1, and the network behavior Management and Control Device of panabit is connected to eth1, and then connected to the layer-3 switch, the IP address corresponding to the eth1 port of the layer-3 Switch and centos gateway route is 192.168.200.254. The Intranet IP address of Email is 192.168.255.12, and the Intranet IP address of VPN is 192.168.255.127.
System: Minimize centos6.5
NIC: eth0 goes through the Internet, and eth1 goes through the Intranet
The topology is as follows:
The deployment steps are as follows:
1. Configure the eth0 Nic. The information is as follows:
DEVICE = eth0
HWADDR = 14: DD: A9: E4: CF: 32
TYPE = Ethernet
UUID = d60cfc7d-d34b-4e87-bce6-9fa216b8aee6
ONBOOT = yes
NM_CONTROLLED = no
BOOTPROTO = static
IPADDR = 180.159.110.130
NETMASK = 255.255.255.0
GATEWAY = 180.159.110.225
Configure the eth0: 1 interface. The information is as follows:
DEVICE = eth0: 1
HWADDR = 14: DD: A9: E4: CF: 32
TYPE = Ethernet
UUID = d60cfc7d-d34b-4e87-bce6-9fa216b8aee6
ONBOOT = yes
NM_CONTROLLED = no
BOOTPROTO = static
IPADDR = 180.159.110.127
NETMASK = 255.255.255.0
GATEWAY = 180.159.110.225
2. Configure the eth1 NIC with the following information:
DEVICE = eth1
HWADDR = 00: E0: 4C: 81: 23: 11
TYPE = Ethernet
UUID = 01b13968-0049-4778-b2ae-ae18b81b8722
ONBOOT = yes
NM_CONTROLLED = no
BOOTPROTO = static
IPADDR = 192.168.200.1
NETMASK = 255.255.255.0
3. Add a route:
Edit the/etc/sysconfig/network-scripts/route-eth1 file with the following content:
192.168.0.0/16 via 192.168.200.254
Indicates that all Intranet hosts in the 192.168.0.0 CIDR block are routed to the gateway through 192.168.200.254. Because I have many CIDR blocks on the Intranet, the 16-bit mask is used.
View route table:
The Internet address is drawn by the red line.
4. Enable forwarding and NAT for Intranet/Internet routing and NAT Translation:
Modify the/etc/sysctl. conf file to make the package forwarding function automatically take effect when the system starts:
# Controls IP packet forwarding
Net. ipv4.ip _ forward = 1
5. Configure iptables:
Edit the/etc/sysconfig/iptables file:
6. Set iptables to boot
Chkconfig iptables on
Reboot
At this point, centos serves as a gateway route, and other firewall policies can be added separately.