In this tutorial we will learn how to share our Internet Connection from a CentOS computer, to others computers that reside on the same local network by enabling the IPv4 forwarding feature.
In this example, our server has 2 network cards that are configured and working already, one for the Internet, and one for the Local Network. We will NOT use DHCP in this example for the sake of simplicity of understanding. You can review how to setup a DHCP Service in one of our other tutorial. The same applies for seting up and using our own nameservers, which is why we use a static ip configuration along the tutorial with public accessible dns servers.
Topology used in this tutorial:
SERVER Configuration (Static IPs Configuration) NIC#1 (eth0) Internet IP: 220.127.116.11 NIC#2 (eth1) Local IP: 192.168.1.1 DNS #1: 18.104.22.168 DNS #2: 22.214.171.124 CLIENT ABC Configuration (Static IP Configuration) IP: 192.168.1.2 (Between 192.168.1.2 to 192.168.1.254 for each client) Submask: 255.255.255.0 Gateway: 192.168.1.1 DNS #1: 126.96.36.199 DNS #2: 188.8.131.52
The firewall need to known that we desire to use IP Forwarding (iptables). Type the following commands to insert the necessary rules for that purpose:
/sbin/iptables -P INPUT ACCEPT /sbin/iptables -F INPUT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -F OUTPUT /sbin/iptables -P FORWARD DROP /sbin/iptables -F FORWARD /sbin/iptables -t nat -F /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE /sbin/iptables-save > /etc/sysconfig/iptables /sbin/service iptables restart
By default, CentOS disable IP Forwarding, so to enable it you need to edit the file /etc/sysctl.conf and find the line for `net.ipv4.ip_forward` with your favorite text editor such as `nano` or `vi`:
nano /etc/sysctl.conf (then within the file, at the line of `net.ipv4.ip_forward`, make it look like this) net.ipv4.ip_forward = 1
Once this is done, you might want to activate IP Forwarding on the fly to prevent the need of rebooting, run this command:
echo 1 > /proc/sys/net/ipv4/ip_forward
Even if in some case it is unnecessary to restart the network service, we will restart it to make sure all libraries and possible third parties program get reloaded which could possibly by tied to the network service. Run this command:
/sbin/service network restart
Now that the server configuration is completed and that it should work, now we can proceed and configure our client. Simply use the setting provided in the Topology section above as a example, and repeat as needed for your whole local network.