Table of Contents

Gateway CentOS 7

Cenário:

InternetExternaInternaClientes
eth3 DHCPens11 203.0.113.254/24ens9 192.0.2.254/24ens14 128.66.2.254/23
-ens13 2001:0db8::/64ens10 198.51.100.254/24-
--ens12 128.66.0.254/24-

Listando as interfaces:

[root@gw ~]# nmcli connection show
NOME               UUID                                  TIPO            DISPOSITIVO 
Conexão cabeada 1  8cd8cfeb-c989-32bf-8302-f5edab528371  802-3-ethernet  ens14       
ens10              3bc620e9-52a5-3ef1-8f58-0576b98973df  802-3-ethernet  ens10       
ens11              289f48b4-e17f-3f18-89ec-0c2e649caf77  802-3-ethernet  ens11       
ens12              4c2437c1-12ac-35a5-80bb-56217a2c4a94  802-3-ethernet  ens12       
ens13              30a42295-9c83-3231-909a-d4b891d71240  802-3-ethernet  ens13       
ens9               409bedf3-9032-338b-a306-e0d9dbdab0fb  802-3-ethernet  ens9        
eth3               e7fac6cf-3788-404c-b7c0-e909a83cd072  802-3-ethernet  eth3

Remover as configurações existentes:

[root@gw ~]# nmcli connect del 8cd8cfeb-c989-32bf-8302-f5edab528371
A conexão "Conexão cabeada 1" (8cd8cfeb-c989-32bf-8302-f5edab528371) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 3bc620e9-52a5-3ef1-8f58-0576b98973df
A conexão "ens10" (3bc620e9-52a5-3ef1-8f58-0576b98973df) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 289f48b4-e17f-3f18-89ec-0c2e649caf77
A conexão "ens11" (289f48b4-e17f-3f18-89ec-0c2e649caf77) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 4c2437c1-12ac-35a5-80bb-56217a2c4a94
A conexão "ens12" (4c2437c1-12ac-35a5-80bb-56217a2c4a94) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 30a42295-9c83-3231-909a-d4b891d71240
A conexão "ens13" (30a42295-9c83-3231-909a-d4b891d71240) foi excluída com sucesso.
[root@gw ~]# nmcli connect del 409bedf3-9032-338b-a306-e0d9dbdab0fb
A conexão "ens9" (409bedf3-9032-338b-a306-e0d9dbdab0fb) foi excluída com sucesso.

Configuramdo IP:

[root@gw ~]# nmcli connection add type ethernet con-name eth3 ifname eth3
A conexão "eth3" (59b7e80c-ea4a-4bc4-b47c-fda730681f4b) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens9 ifname ens9 autoconnect yes save yes ip4 192.0.2.254/24
A conexão "ens9" (4eb26508-e668-4cb1-9052-e3def6ef834a) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens10 ifname ens10 autoconnect yes save yes ip4 198.51.100.254/24
A conexão "ens10" (313aa129-30e3-484a-a709-2a130450151d) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens11 ifname ens11 autoconnect yes save yes ip4 203.0.113.254/24
A conexão "ens11" (fba553e9-8e24-4035-bf68-1a01fad2423a) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens12 ifname ens12 autoconnect yes save yes ip4 128.66.0.254/24
A conexão "ens12" (0ba8336e-ce78-4764-892a-7121f1d778c4) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens13 ifname ens13 autoconnect yes save yes ip6 2001:0db8::/64
A conexão "ens13" (9a51b6ee-7606-4489-9aad-7d232343f139) foi adicionada com sucesso.
[root@gw ~]# nmcli con add type ethernet con-name ens14 ifname ens14 autoconnect yes save yes ip4 128.66.2.254/23
A conexão "ens14" (3e75b79b-729c-4897-9505-33b47aba13e2) foi adicionada com sucesso.
[root@gw ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e9:b8:88 brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.254/24 brd 192.0.2.255 scope global ens9
       valid_lft forever preferred_lft forever
    inet6 fe80::7e6d:3e1:1a2d:8595/64 scope link 
       valid_lft forever preferred_lft forever
3: ens10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:ff:de:a1 brd ff:ff:ff:ff:ff:ff
    inet 198.51.100.254/24 brd 198.51.100.255 scope global ens10
       valid_lft forever preferred_lft forever
    inet6 fe80::ad39:2e67:eff3:b8a5/64 scope link 
       valid_lft forever preferred_lft forever
4: ens11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:75:60:99 brd ff:ff:ff:ff:ff:ff
    inet 203.0.113.254/24 brd 203.0.113.255 scope global ens11
       valid_lft forever preferred_lft forever
    inet6 fe80::fccc:4f47:c25f:d537/64 scope link 
       valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:f4:20:29 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.200/24 brd 192.168.122.255 scope global eth3
       valid_lft forever preferred_lft forever
    inet6 fe80::2fa8:61ca:60ac:d8bd/64 scope link 
       valid_lft forever preferred_lft forever
6: ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:3e:65:84 brd ff:ff:ff:ff:ff:ff
    inet 128.66.0.254/24 brd 128.66.0.255 scope global ens12
       valid_lft forever preferred_lft forever
    inet6 fe80::fa22:b41f:6d30:bf98/64 scope link 
       valid_lft forever preferred_lft forever
7: ens13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:d5:a2:1c brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8::/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::816b:fbff:3f23:6f92/64 scope link 
       valid_lft forever preferred_lft forever
8: ens14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:00:c1:15 brd ff:ff:ff:ff:ff:ff
    inet 128.66.2.254/23 brd 128.66.3.255 scope global ens14
       valid_lft forever preferred_lft forever
    inet6 fe80::c622:2781:e52a:f3c5/64 scope link 
       valid_lft forever preferred_lft forever

Associando as interfaces as respectivas zonas:

[root@gw ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens10 ens11 ens12 ens13 ens14 ens9 eth3
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules: 
[root@gw ~]# firewall-cmd --get-default-zone
public
[root@gw ~]# firewall-cmd --zone=public --change-interface=eth3 --permanent       
The interface is under control of NetworkManager, setting zone to 'public'.
success
[root@gw ~]# firewall-cmd --zone=external --change-interface=ens11 --permanent
The interface is under control of NetworkManager, setting zone to 'external'.
success
[root@gw ~]# firewall-cmd --zone=external --change-interface=ens13 --permanent
The interface is under control of NetworkManager, setting zone to 'external'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens9 --permanent         
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens10 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --zone=internal --change-interface=ens12 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@gw ~]# firewall-cmd --permanent --new-zone=client
success
[root@gw ~]# firewall-cmd --zone=client --change-interface=ens14 --permanent
The interface is under control of NetworkManager, setting zone to 'client'.
success                                                                         
[root@gw ~]# firewall-cmd --permanent --zone=public --add-masquerade                                                            
success                                                                                                                         
[root@gw ~]# firewall-cmd --reload                                                                                              
success 
# nmcli c m eth3 connection.zone public