Internet Connection Sharing on CentOS 7

By | December 21, 2014

In this post, we will see how to enable Internet Connection Sharing on CentOS 7.  With this we can share an internet connection available on one system, to other systems in the LAN. Just for the record, I am doing this in VirtualBox.

So I have a CentOS 7 machine with 2 physical NICs. And the OS is recognizing both NICs as ‘eno16777736′ and  ‘eno33554976′ respectively.

1) ‘eno16777736′ is running with an IP address  ‘’ and connects to the Internet; And

2) ‘eno33554976′  is running with an IP address ‘’ connects to the internal LAN. This interface will eventually act as the gateway for other systems in the LAN to connect to Internet.

To start off, lets enable IP forwarding first. This can be done and and verified with the commands below.

[root@localhost]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@localhost]# cat /etc/sysctl.conf 
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@localhost]# sysctl -p
net.ipv4.ip_forward = 1

Now, we will call on the firewalld service to check the zones where both these NICs are listening to:

[root@localhost]# firewall-cmd --get-zone-of-interface=eno16777736
[root@localhost]# firewall-cmd --get-zone-of-interface=eno33554976

As you can see both the NICs are in the ‘public’ zone. ‘eno16777736‘ connects to Internet, so the public zone is fine there. But ‘eno33554976‘ connects to our internal LAN, so we will change the zone to Internal for it and verify the same.

[root@localhost ~]# firewall-cmd --zone=internal --change-interface=eno33554976
[root@localhost ~]# firewall-cmd --permanent --zone=internal --change-interface=eno33554976
[root@localhost ~]# firewall-cmd --get-zone-of-interface=eno33554976

Now, Lets enable Masquerading on our Public Zone.

[root@localhost ~]# firewall-cmd --zone=public --add-masquerade
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-masquerade
[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default, active)
 interfaces: eno16777736
 services: dhcpv6-client ssh
 masquerade: yes
 rich rules:

That’s It..!!! We are done…!!!! Now lets test from a system in our LAN, whether we are able to connect to internet or not.

In the image below, you can see that our system in the LAN is up with an IP address of, gateway (Default Route) is and for name resolution DNS is pointing to


The image below shows that we are able to connect to internet from the system’s web browser.


That’s great…. So our basic ICS setup is running successfully.

With respect to the firewalld service, great information is available on the fedora project wiki. Please click on this url to read it.


5 thoughts on “Internet Connection Sharing on CentOS 7

  1. Roberto Aparicio

    Excelent ! Thanks a lot, I was having trouble getting this to work on centos 7. Your post is very straight forward. Keep up the good work !

  2. Jon

    Best post on internet regarding ICS on Cento 7. You saved my day. Deeply appreciated!

  3. Gjorgi

    This was so helpful. A missing point: after all the changes done to the firewall, you’d like to run firewall-cmd –reload for changes to take effect.
    Keep up the good work!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.