Internet Connection Sharing on CentOS 7

By | December 21, 2014

In this post, we will see how to enable Internet Connection Sharing on CentOS 7.  With this we can share an internet connection available on one system, to other systems in the LAN. Just for the record, I am doing this in VirtualBox.

So I have a CentOS 7 machine with 2 physical NICs. And the OS is recognizing both NICs as ‘eno16777736′ and  ‘eno33554976′ respectively.

1) ‘eno16777736′ is running with an IP address  ‘192.168.76.133/24’ and connects to the Internet; And

2) ‘eno33554976′  is running with an IP address ‘172.16.1.254/24’ connects to the internal LAN. This interface will eventually act as the gateway for other systems in the LAN to connect to Internet.

To start off, lets enable IP forwarding first. This can be done and and verified with the commands below.

[root@localhost]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@localhost]# cat /etc/sysctl.conf 
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@localhost]# sysctl -p
net.ipv4.ip_forward = 1

Now, we will call on the firewalld service to check the zones where both these NICs are listening to:

[root@localhost]# firewall-cmd --get-zone-of-interface=eno16777736
public
[root@localhost]# firewall-cmd --get-zone-of-interface=eno33554976
public

As you can see both the NICs are in the ‘public’ zone. ‘eno16777736‘ connects to Internet, so the public zone is fine there. But ‘eno33554976‘ connects to our internal LAN, so we will change the zone to Internal for it and verify the same.

[root@localhost ~]# firewall-cmd --zone=internal --change-interface=eno33554976
success
[root@localhost ~]# firewall-cmd --permanent --zone=internal --change-interface=eno33554976
success
[root@localhost ~]# firewall-cmd --get-zone-of-interface=eno33554976
internal

Now, Lets enable Masquerading on our Public Zone.

[root@localhost ~]# firewall-cmd --zone=public --add-masquerade
success
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-masquerade
success
[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default, active)
 interfaces: eno16777736
 sources: 
 services: dhcpv6-client ssh
 ports: 
 masquerade: yes
 forward-ports: 
 icmp-blocks: 
 rich rules:

That’s It..!!! We are done…!!!! Now lets test from a system in our LAN, whether we are able to connect to internet or not.

In the image below, you can see that our system in the LAN is up with an IP address of 172.16.1.1/24, gateway (Default Route) is 172.16.1.254 and for name resolution DNS is pointing to 8.8.8.8

Screenshot-2

The image below shows that we are able to connect to internet from the system’s web browser.

Screenshot

That’s great…. So our basic ICS setup is running successfully.

With respect to the firewalld service, great information is available on the fedora project wiki. Please click on this url to read it. https://fedoraproject.org/wiki/FirewallD

 

4 thoughts on “Internet Connection Sharing on CentOS 7

  1. Roberto Aparicio

    Excelent ! Thanks a lot, I was having trouble getting this to work on centos 7. Your post is very straight forward. Keep up the good work !

    Reply
  2. Jon

    Best post on internet regarding ICS on Cento 7. You saved my day. Deeply appreciated!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.