On 18/02/2020 11:00, Nicolas Kovacs wrote:
Hi,
I'm running CentOS 7 on all my servers, in three different contexts :
1. simple local server 2. public facing server 3. router/gateway/firewall
I'm currently in the process of moving my KISS-style network-scripts-style configurations to something more orthodox based on NetworkManager.
Scenarios (1) and (2) caused no problems, but (3) is giving me some headache. Let me take an example.
The router in my office is a PC Engines routerboard running CentOS 7. It has three NICs, and I use two of these.
WAN-facing NIC :
# /etc/sysconfig/network-scripts/ifcfg-enp1s0 DEVICE=enp1s0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.1 NETMASK=255.255.255.0
LAN-facing NIC :
DEVICE=enp2s0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.2.1 NETMASK=255.255.255.0
Third NIC is disabled :
# /etc/sysconfig/network-scripts/ifcfg-enp3s0 DEVICE=enp3s0 TYPE=Ethernet ONBOOT=no
Gateway information :
# /etc/sysconfig/network GATEWAY=192.168.1.254
The router is running Dnsmasq :
# /etc/resolv.conf nameserver 127.0.0.1
Packet forwarding is enabled and handled through the firewall script. No need to go into the details for that.
This setup works perfectly as is. Now I'd like to move it to a NetworkManager-based configuration, and I have a couple questions about that.
I'm using NetworkManager TUI (nmtui) to configure my connections. I'm defining two profiles WAN (enp1s0) and LAN (enp2s0). With NetworkManager I have to configure gateway and DNS information on a per-interface basis.
Which interface should have the gateway information ?
In a similar manner, which interface should have the DNS server
information ?
Cheers from the sunny South of France,
Niki
NM is actually pretty cool, to me it made all the stuff much easier. NM also cover & takes care of source/policy based routing. Also, if you go back to devel guys they listen and are happy to enhance NM including some suggestions. Development of NM is well active & solid in my option and it'll keep getting better I believe.
With a system with many ifaces note NM has something called "priorities" with which you have controll over things like resolv.conf.
connection.autoconnect-priority; ipv4.dns-priority
Moving from what you had over to NM should be simple.
enp1s0 should have ipv4.gateway value enp2s0 should have it empty.
If you use firewalld then it also plays a role in linux router, with more complex setup you might need --direct but.. if you have been using it already with "network" then it will need no extra changes with NM. Kernel params also is good to have sussed out.