Routing and forwarding configuration for multiple network cards under CENTOS7

Centos7 the previous version with Iptable Firewall set up the route forwarding, Centos7 later version can not use iptable firewall to set up router forwarding, but to use Firewall-cmd to set

First enter Firewall-cmd--list-all to view the current firewall configuration

Assume interface Interfaces:eno1 ens1 ens3 three X

Configure the Extranet interface first:

Then enter Firewall-cmd--list-all--zone=external View the extranet interface to see if Masquerade is yes

Then enter Firewall-cmd--change-interface=eno1--zone=external Here I set the eno1 into an external network interface WAN

Then enter Firewall-cmd--list-all--zone=external to see if the extranet interface is INTERFACES:ENO1

Then enter the Firewall-cmd--change-interface=eno1--zone=external--permanent set to the permanent external network interface WAN

Then enter Firewall-cmd--comlpete-reload to restart the firewall

Then enter Firewall-cmd--list-all--zone=external to see if the external interface is ENO1

Then configure the intranet interface to configure the remaining two NICs into the intranet interface LAN:

Input Firewall-cmd--change-interface=ens1--zone=internal

Input Firewall-cmd--change-interface=ens3--zone=internal

The ens1 and ENS3 are configured as an intranet interface, but this is only temporary configuration, but also need to be added to permanently modify the intranet interface LAN, as when setting up an extranet

Input Firewall-cmd--change-interface=ens1--zone=internal--permanent

Input Firewall-cmd--change-interface=ens1--zone=internal--permanent

At this time ens1 and ENS3 will be configured as a permanent intranet, in case we still check the intranet interface configuration is successful

Input Firewall-cmd--list-all View, but this is not the intranet interface, is not configured firewall interface

So we must also set the default interface area

Enter Firewall-cmd--set-default-zone=internal then set the area to intranet interface LAN

Reboot the firewall Firewall-cmd--complete-reload

Then, when you enter Firewall-cmd--list-all, the information for the internal interface is displayed.

Now I add the local DNS service to the intranet interface to allow it to pass through the firewall

Input Firewall-cmd--zone=internal--add-service=dns--permanent

Then restart the firewall Firewall-cmd--complete-reload

Then, when you enter Firewall-cmd--list-all, the DNS is displayed in the service at this point (you won't see DNS until you type this line of code before you add it)

The configuration is complete here!

Routing and forwarding configuration for multiple network cards under CENTOS7