0

I'm looking for a thorough tutorial on how to configure:
Modem (77.77.7.76) -> Centos 7 -> 192.168.1.0 -> DHCP -> 100 host

Please look at my configuration.
Two network interfaces:

enp0f0
enp0f1

On both cards I set static IP.

enp0f0

77.77.7.76
255.255.255.0
77.77.7.75

enp0f1

192.168.1.0
255.255.255.0
192.168.1.0

Centos 7 runs the Internet without problem.

My configuration:

nano /etc/sysctl.conf
net.ipv4.ip_forward=1

systemctl start firewalld

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o enp0f0 -j MASQUERADE -s 192.168.1.0/24

systemctl restart firewalld

yum install dhcp

nano /etc/dhcp/dhcpd.conf

# Configuring subnet and iprange 
subnet 192.168.1.0 netmask 255.255.255.0 { 
range 192.168.1.10 192.168.1.210;
# Specify DNS server ip and additional DNS server ip 
option domain-name-servers 8.8.8.8, 8.8.4.4;
# Specify Domain Name option domain-name „centos.org”;
# Default Gateway 
option routers 192.168.1.2; 
option broadcast-address 192.168.1.255;
# Specify Default and Max lease time 
default-lease-time 600; 
max-lease-time 7200; 
}

systemctl restart dhcpd
systemctl enable dhcpd

My zone setings.

firewall-cmd --list-all-zones
work
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


drop
  target: DROP
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


internal (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0f1
  sources: 
  services: dhcp dhcpv6-client dns http mdns nfs samba-client ssh tftp
  ports: 53/udp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


external (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0f0
  sources: 
  services: ssh
  ports: 
  protocols: 
  masquerade: yes
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


home
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


dmz
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 53/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 


block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

What am I doing wrong? What am I missing?

Thanks!

PS. Welcome!

Thank you for the tips to follow. I'm a new user. I will become better :-)

I have not changed anything in the zone. It is default. Tomorrow I will work with the zones. The ISP assigns an IP address. Ip is static. The enp0f0 interface is set. The Internet works. I also think that firewalls settings. Thanks for the suggestion from NethServer 7. I want to enable Samba and Dansguardian services.
Yes. NethServer 7 it is ugly as hell ;-) Demo also has bugs.

ManOnTheMoon
  • 9
  • 4
  • 1
    Welcome to Server Fault! Requests for Howto's are not welcome. Please read our [guide to writing good questions](http://meta.serverfault.com/a/3609/37681) and improve your post to an [on-topic](http://serverfault.com/help/on-topic) question that contains sufficient details/errors/configuration-settings about **your setup** to provide you with a good solution. Also please use the formatting options to typeset your post. – HBruijn Aug 03 '17 at 12:24
  • I think, the issue is with your firewalls settings. What zones do you use / interface and can you modify your post with more explaining the network infrastructure? The CentOS receives IP via DHCP? Put your enp0f0 into external zone and enp0f1 to internal. This way firewalld will do your routings automatically with one easy step. But if all fails, use NethServer 7. CentOS based server exactly for these kind of jobs. It is ugly like hell, but it get's the job done. I've replaced my CentOS 7 firewall server with this. – Bert Aug 03 '17 at 14:40
  • Thanks! Router in CentOS works ;-) I had some bugs in DHCP. But most of all, errors in the setting of the zones. Now I have another problem. I would like to filter the content. Just like Dansguardian does. Dansguardian is no longer supported. Is there any alernate on Centos? Simple to configure? Alternatively ... Nethserver web filters content? – ManOnTheMoon Aug 14 '17 at 22:38

0 Answers0