solved: centos 7 router no internet access

General support questions
Post Reply
neuronetv
Posts: 89
Joined: 2012/01/08 21:53:07

solved: centos 7 router no internet access

Post by neuronetv » 2021/09/21 08:44:53

I have successfully built a centos 7 machine that acts as a router.
I used the instructions here:
https://linuxhint.com/centos7_router/#: ... hat's%20it.
all my lan machines can access the internet through it (through eth0). however the device itself cannot access the internet. if I ssh into the router I can't ping google and i can't download anything onto the router machine itself.
I figured I must have something wrong with my ethernet port configs but can't work out what the problem is.
here is ifcfg-eth0:

Code: Select all

BOOTPROTO=none
DEFROUTE=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.254
PREFIX=24
GATEWAY=<my-public-ip-address>
UUID=d634ce80-13c0-4b11-a782-643359d4cac6
HWADDR=b8:27:eb:d4:07:97
here is ifcfg-eth1

Code: Select all

TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
UUID=0173e06c-da2f-4cb7-9cbd-673cd5558eea
HWADDR=00:90:9a:9d:a6:c2
here is ifcfg-ppp0

Code: Select all

USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=yes
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth1
PROVIDER=DSLppp0
USER=<broadband-username>
PEERDNS=no
DEMAND=no
thanks for any ideas.
Last edited by neuronetv on 2021/09/21 15:41:56, edited 1 time in total.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos 7 router no internet access

Post by jlehtone » 2021/09/21 10:20:16

neuronetv wrote:
2021/09/21 08:44:53

Code: Select all

GATEWAY=<my-public-ip-address>
You did not follow the instructions. The instructions leave the "Gateway" empty. The "gateway" is the "default route". Gateway is the router that you send to, if you don't have more specific route that applies to the packet. Your machine gets the "gateway" info from ISP. Besides, your machine is not "the next router"; ISP has the next router.

Frankly, I don't like those instructions, or at least I disagree on many points.

IMHO, dnsmasq is simpler DHCP server than the dhcp. It can act as DNS server for your home subnet too.
(NetworkManager can be configured to start dnsmasq as caching resolver for the host -- better than the default glibc resolver, and that instance can be reconfigured to act as DHCP&DNS for the home subnet. Fancy, isn't it?)

FirewallD is not truly suitable for routing. It can be done, but none of those is really pretty. Alas, iptables.service requires more low-level knowledge.

FirewallD has concept of zone. Logically, "inside" and "outside" are different zones, since they should have different rules.

The instruction page uses one zone for everything. All outgoing packets are masqueraded. Access to DHCP is allowed from everywhere, including from ISP. Surely only the home network needs access to DHCP and only the outgoing (to ISP/Internet) traffic requires SNAT (which is what the masquerade does).
</rant>


First thing is to ensure that connection out is functional. Take down the eth0. Restart eth1/ppp. (I've never used ppp.) ip ro should show only routes towards ISP subnet, the /etc/resolv.conf should have name server given by ISP's DHCP, and "internet access" should be there.

It would probably be better, if the outbound connection is in firewalld zone "external". That zone has masquerade and enables ip_forwarding.
One has to set the zone with NetworkManager: nmcli con mod <name-or-UUID-of-connection> connection.zone external

neuronetv
Posts: 89
Joined: 2012/01/08 21:53:07

Re: centos 7 router no internet access

Post by neuronetv » 2021/09/21 11:51:54

thanks but if i take down eth0 I won't be able to ssh into the machine.
I've removed the gateway line from ifcfg-eth0 and restarted the machine but it made no difference.
I'm not running dhcl;d on this router.
I still don't see how I can get the machine itself to connect to the internet. does it need a route added? I find it puzzling that internet traffic can go 'through' it without any problem and yet I can't get anything on the machine itself.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos 7 router no internet access

Post by jlehtone » 2021/09/21 12:22:28

What do you get with:

Code: Select all

ip ro
nmcli d s
nmcli c s

neuronetv
Posts: 89
Joined: 2012/01/08 21:53:07

Re: centos 7 router no internet access

Post by neuronetv » 2021/09/21 15:40:49

I found the solution - it was surprisingly simple:
I put a couple of DNS entries into ifcfg-eth0, internet came on.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: solved: centos 7 router no internet access

Post by jlehtone » 2021/09/21 17:41:28

You can do that, but surely those DNS servers cannot be reached via the subnet that eth0 is on? When eth0 comes up, the name servers are added to /etc/resolv.conf, but they are usable only when eth1 and DSLppp0 are up. Not logical.

I would assume that the DSLppp0 connection (or eth1) would get IP address and name server(s) from ISP, when ppp activates. But, like I said, I don't know ppp.

Post Reply