====== Gateway CentOS 7 ======
==== Cenário: ====
^Internet^Externa^Interna^Clientes^
|eth3 DHCP|ens11 203.0.113.254/24|ens9 192.0.2.254/24|ens14 128.66.2.254/23|
|-|ens13 2001:0db8::/64|ens10 198.51.100.254/24|-|
|-|-|ens12 128.66.0.254/24|-|
==== Listando as interfaces: ====
[root@gw ~]# nmcli connection show
NOME UUID TIPO DISPOSITIVO
Conexão cabeada 1 8cd8cfeb-c989-32bf-8302-f5edab528371 802-3-ethernet ens14
ens10 3bc620e9-52a5-3ef1-8f58-0576b98973df 802-3-ethernet ens10
ens11 289f48b4-e17f-3f18-89ec-0c2e649caf77 802-3-ethernet ens11
ens12 4c2437c1-12ac-35a5-80bb-56217a2c4a94 802-3-ethernet ens12
ens13 30a42295-9c83-3231-909a-d4b891d71240 802-3-ethernet ens13
ens9 409bedf3-9032-338b-a306-e0d9dbdab0fb 802-3-ethernet ens9
eth3 e7fac6cf-3788-404c-b7c0-e909a83cd072 802-3-ethernet eth3
==== Remover as configurações existentes: ====
[root@gw ~]# nmcli connect del 8cd8cfeb-c989-32bf-8302-f5edab528371
A conexão "Conexão cabeada 1" (8cd8cfeb-c989-32bf-8302-f5edab528371) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 3bc620e9-52a5-3ef1-8f58-0576b98973df
A conexão "ens10" (3bc620e9-52a5-3ef1-8f58-0576b98973df) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 289f48b4-e17f-3f18-89ec-0c2e649caf77
A conexão "ens11" (289f48b4-e17f-3f18-89ec-0c2e649caf77) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 4c2437c1-12ac-35a5-80bb-56217a2c4a94
A conexão "ens12" (4c2437c1-12ac-35a5-80bb-56217a2c4a94) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 30a42295-9c83-3231-909a-d4b891d71240
A conexão "ens13" (30a42295-9c83-3231-909a-d4b891d71240) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 409bedf3-9032-338b-a306-e0d9dbdab0fb
A conexão "ens9" (409bedf3-9032-338b-a306-e0d9dbdab0fb) foi excluída com sucesso.
==== Configuramdo IP: ====
[root@gw ~]# nmcli connection add type ethernet con-name eth3 ifname eth3
A conexão "eth3" (59b7e80c-ea4a-4bc4-b47c-fda730681f4b) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens9 ifname ens9 autoconnect yes save yes ip4 192.0.2.254/24
A conexão "ens9" (4eb26508-e668-4cb1-9052-e3def6ef834a) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens10 ifname ens10 autoconnect yes save yes ip4 198.51.100.254/24
A conexão "ens10" (313aa129-30e3-484a-a709-2a130450151d) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens11 ifname ens11 autoconnect yes save yes ip4 203.0.113.254/24
A conexão "ens11" (fba553e9-8e24-4035-bf68-1a01fad2423a) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens12 ifname ens12 autoconnect yes save yes ip4 128.66.0.254/24
A conexão "ens12" (0ba8336e-ce78-4764-892a-7121f1d778c4) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens13 ifname ens13 autoconnect yes save yes ip6 2001:0db8::/64
A conexão "ens13" (9a51b6ee-7606-4489-9aad-7d232343f139) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens14 ifname ens14 autoconnect yes save yes ip4 128.66.2.254/23
A conexão "ens14" (3e75b79b-729c-4897-9505-33b47aba13e2) foi adicionada com sucesso.
[root@gw ~]# ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens9: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e9:b8:88 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.254/24 brd 192.0.2.255 scope global ens9
valid_lft forever preferred_lft forever
inet6 fe80::7e6d:3e1:1a2d:8595/64 scope link
valid_lft forever preferred_lft forever
3: ens10: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:ff:de:a1 brd ff:ff:ff:ff:ff:ff
inet 198.51.100.254/24 brd 198.51.100.255 scope global ens10
valid_lft forever preferred_lft forever
inet6 fe80::ad39:2e67:eff3:b8a5/64 scope link
valid_lft forever preferred_lft forever
4: ens11: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:75:60:99 brd ff:ff:ff:ff:ff:ff
inet 203.0.113.254/24 brd 203.0.113.255 scope global ens11
valid_lft forever preferred_lft forever
inet6 fe80::fccc:4f47:c25f:d537/64 scope link
valid_lft forever preferred_lft forever
5: eth3: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:f4:20:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.200/24 brd 192.168.122.255 scope global eth3
valid_lft forever preferred_lft forever
inet6 fe80::2fa8:61ca:60ac:d8bd/64 scope link
valid_lft forever preferred_lft forever
6: ens12: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:3e:65:84 brd ff:ff:ff:ff:ff:ff
inet 128.66.0.254/24 brd 128.66.0.255 scope global ens12
valid_lft forever preferred_lft forever
inet6 fe80::fa22:b41f:6d30:bf98/64 scope link
valid_lft forever preferred_lft forever
7: ens13: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:d5:a2:1c brd ff:ff:ff:ff:ff:ff
inet6 2001:db8::/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::816b:fbff:3f23:6f92/64 scope link
valid_lft forever preferred_lft forever
8: ens14: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:00:c1:15 brd ff:ff:ff:ff:ff:ff
inet 128.66.2.254/23 brd 128.66.3.255 scope global ens14
valid_lft forever preferred_lft forever
inet6 fe80::c622:2781:e52a:f3c5/64 scope link
valid_lft forever preferred_lft forever
==== Associando as interfaces as respectivas zonas: ====
[root@gw ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens10 ens11 ens12 ens13 ens14 ens9 eth3
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@gw ~]# firewall-cmd --get-default-zone
public
[root@gw ~]# firewall-cmd --zone=public --change-interface=eth3 --permanent
The interface is under control of NetworkManager, setting zone to 'public'.
success
[root@gw ~]# firewall-cmd --zone=external --change-interface=ens11 --permanent
The interface is under control of NetworkManager, setting zone to 'external'.
success
[root@gw ~]# firewall-cmd --zone=external --change-interface=ens13 --permanent
The interface is under control of NetworkManager, setting zone to 'external'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens9 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens10 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens12 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --permanent --new-zone=client
success
[root@gw ~]# firewall-cmd --zone=client --change-interface=ens14 --permanent
The interface is under control of NetworkManager, setting zone to 'client'.
success
[root@gw ~]# firewall-cmd --permanent --zone=public --add-masquerade
success
[root@gw ~]# firewall-cmd --reload
success
# nmcli c m eth3 connection.zone public