In this post, we will see how to enable Internet Connection Sharing on CentOS 7. With this we can share an internet connection available on one system, to other systems in the LAN. Just for the record, I am doing this in VirtualBox.
So I have a CentOS 7 machine with 2 physical NICs. And the OS is recognizing both NICs as ‘eno16777736′ and ‘eno33554976′ respectively.
1) ‘eno16777736′ is running with an IP address ‘192.168.76.133/24’ and connects to the Internet; And
2) ‘eno33554976′ is running with an IP address ‘172.16.1.254/24’ connects to the internal LAN. This interface will eventually act as the gateway for other systems in the LAN to connect to Internet.
To start off, lets enable IP forwarding first. This can be done and and verified with the commands below.
[root@localhost]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf [root@localhost]# cat /etc/sysctl.conf # System default settings live in /usr/lib/sysctl.d/00-system.conf. # To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward=1 [root@localhost]# sysctl -p net.ipv4.ip_forward = 1
Now, we will call on the firewalld service to check the zones where both these NICs are listening to:
[root@localhost]# firewall-cmd --get-zone-of-interface=eno16777736 public [root@localhost]# firewall-cmd --get-zone-of-interface=eno33554976 public
As you can see both the NICs are in the ‘public’ zone. ‘eno16777736‘ connects to Internet, so the public zone is fine there. But ‘eno33554976‘ connects to our internal LAN, so we will change the zone to Internal for it and verify the same.
[root@localhost ~]# firewall-cmd --zone=internal --change-interface=eno33554976 success [root@localhost ~]# firewall-cmd --permanent --zone=internal --change-interface=eno33554976 success [root@localhost ~]# firewall-cmd --get-zone-of-interface=eno33554976 internal
Now, Lets enable Masquerading on our Public Zone.
[root@localhost ~]# firewall-cmd --zone=public --add-masquerade success [root@localhost ~]# firewall-cmd --permanent --zone=public --add-masquerade success [root@localhost ~]# firewall-cmd --zone=public --list-all public (default, active) interfaces: eno16777736 sources: services: dhcpv6-client ssh ports: masquerade: yes forward-ports: icmp-blocks: rich rules:
That’s It..!!! We are done…!!!! Now lets test from a system in our LAN, whether we are able to connect to internet or not.
In the image below, you can see that our system in the LAN is up with an IP address of 172.16.1.1/24, gateway (Default Route) is 172.16.1.254 and for name resolution DNS is pointing to 220.127.116.11
The image below shows that we are able to connect to internet from the system’s web browser.
That’s great…. So our basic ICS setup is running successfully.
With respect to the firewalld service, great information is available on the fedora project wiki. Please click on this url to read it. https://fedoraproject.org/wiki/FirewallD