On 18/02/2020 11:00, Nicolas Kovacs wrote: > Hi, > > I'm running CentOS 7 on all my servers, in three different contexts : > > 1. simple local server > 2. public facing server > 3. router/gateway/firewall > > I'm currently in the process of moving my KISS-style > network-scripts-style configurations to something more orthodox based > on NetworkManager. > > Scenarios (1) and (2) caused no problems, but (3) is giving me some > headache. Let me take an example. > > The router in my office is a PC Engines routerboard running CentOS 7. > It has three NICs, and I use two of these. > > WAN-facing NIC : > > # /etc/sysconfig/network-scripts/ifcfg-enp1s0 > DEVICE=enp1s0 > TYPE=Ethernet > ONBOOT=yes > BOOTPROTO=static > IPADDR=192.168.1.1 > NETMASK=255.255.255.0 > > LAN-facing NIC : > > DEVICE=enp2s0 > TYPE=Ethernet > ONBOOT=yes > BOOTPROTO=static > IPADDR=192.168.2.1 > NETMASK=255.255.255.0 > > Third NIC is disabled : > > # /etc/sysconfig/network-scripts/ifcfg-enp3s0 > DEVICE=enp3s0 > TYPE=Ethernet > ONBOOT=no > > Gateway information : > > # /etc/sysconfig/network > GATEWAY=192.168.1.254 > > The router is running Dnsmasq : > > # /etc/resolv.conf > nameserver 127.0.0.1 > > Packet forwarding is enabled and handled through the firewall script. > No need to go into the details for that. > > This setup works perfectly as is. Now I'd like to move it to a > NetworkManager-based configuration, and I have a couple questions > about that. > > I'm using NetworkManager TUI (nmtui) to configure my connections. I'm > defining two profiles WAN (enp1s0) and LAN (enp2s0). With > NetworkManager I have to configure gateway and DNS information on a > per-interface basis. > > 1. Which interface should have the gateway information ? > > 2. In a similar manner, which interface should have the DNS server > information ? > > Cheers from the sunny South of France, > > Niki > NM is actually pretty cool, to me it made all the stuff much easier. NM also cover & takes care of source/policy based routing. Also, if you go back to devel guys they listen and are happy to enhance NM including some suggestions. Development of NM is well active & solid in my option and it'll keep getting better I believe. With a system with many ifaces note NM has something called "priorities" with which you have controll over things like resolv.conf. connection.autoconnect-priority; ipv4.dns-priority Moving from what you had over to NM should be simple. enp1s0 should have ipv4.gateway value enp2s0 should have it empty. If you use firewalld then it also plays a role in linux router, with more complex setup you might need --direct but.. if you have been using it already with "network" then it will need no extra changes with NM. Kernel params also is good to have sussed out.