wikiv3:gatewayct7
Table of Contents
Gateway CentOS 7
Cenário:
| Internet | Externa | Interna | Clientes |
|---|---|---|---|
| eth3 DHCP | ens11 203.0.113.254/24 | ens9 192.0.2.254/24 | ens14 128.66.2.254/23 |
| - | ens13 2001:0db8::/64 | ens10 198.51.100.254/24 | - |
| - | - | ens12 128.66.0.254/24 | - |
Listando as interfaces:
[root@gw ~]# nmcli connection show NOME UUID TIPO DISPOSITIVO Conexão cabeada 1 8cd8cfeb-c989-32bf-8302-f5edab528371 802-3-ethernet ens14 ens10 3bc620e9-52a5-3ef1-8f58-0576b98973df 802-3-ethernet ens10 ens11 289f48b4-e17f-3f18-89ec-0c2e649caf77 802-3-ethernet ens11 ens12 4c2437c1-12ac-35a5-80bb-56217a2c4a94 802-3-ethernet ens12 ens13 30a42295-9c83-3231-909a-d4b891d71240 802-3-ethernet ens13 ens9 409bedf3-9032-338b-a306-e0d9dbdab0fb 802-3-ethernet ens9 eth3 e7fac6cf-3788-404c-b7c0-e909a83cd072 802-3-ethernet eth3
Remover as configurações existentes:
[root@gw ~]# nmcli connect del 8cd8cfeb-c989-32bf-8302-f5edab528371 A conexão "Conexão cabeada 1" (8cd8cfeb-c989-32bf-8302-f5edab528371) foi excluída com sucesso. [root@gw ~]# nmcli connect del 3bc620e9-52a5-3ef1-8f58-0576b98973df A conexão "ens10" (3bc620e9-52a5-3ef1-8f58-0576b98973df) foi excluída com sucesso. [root@gw ~]# nmcli connect del 289f48b4-e17f-3f18-89ec-0c2e649caf77 A conexão "ens11" (289f48b4-e17f-3f18-89ec-0c2e649caf77) foi excluída com sucesso. [root@gw ~]# nmcli connect del 4c2437c1-12ac-35a5-80bb-56217a2c4a94 A conexão "ens12" (4c2437c1-12ac-35a5-80bb-56217a2c4a94) foi excluída com sucesso. [root@gw ~]# nmcli connect del 30a42295-9c83-3231-909a-d4b891d71240 A conexão "ens13" (30a42295-9c83-3231-909a-d4b891d71240) foi excluída com sucesso. [root@gw ~]# nmcli connect del 409bedf3-9032-338b-a306-e0d9dbdab0fb A conexão "ens9" (409bedf3-9032-338b-a306-e0d9dbdab0fb) foi excluída com sucesso.
Configuramdo IP:
[root@gw ~]# nmcli connection add type ethernet con-name eth3 ifname eth3 A conexão "eth3" (59b7e80c-ea4a-4bc4-b47c-fda730681f4b) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens9 ifname ens9 autoconnect yes save yes ip4 192.0.2.254/24 A conexão "ens9" (4eb26508-e668-4cb1-9052-e3def6ef834a) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens10 ifname ens10 autoconnect yes save yes ip4 198.51.100.254/24 A conexão "ens10" (313aa129-30e3-484a-a709-2a130450151d) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens11 ifname ens11 autoconnect yes save yes ip4 203.0.113.254/24 A conexão "ens11" (fba553e9-8e24-4035-bf68-1a01fad2423a) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens12 ifname ens12 autoconnect yes save yes ip4 128.66.0.254/24 A conexão "ens12" (0ba8336e-ce78-4764-892a-7121f1d778c4) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens13 ifname ens13 autoconnect yes save yes ip6 2001:0db8::/64 A conexão "ens13" (9a51b6ee-7606-4489-9aad-7d232343f139) foi adicionada com sucesso. [root@gw ~]# nmcli con add type ethernet con-name ens14 ifname ens14 autoconnect yes save yes ip4 128.66.2.254/23 A conexão "ens14" (3e75b79b-729c-4897-9505-33b47aba13e2) foi adicionada com sucesso.
[root@gw ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e9:b8:88 brd ff:ff:ff:ff:ff:ff inet 192.0.2.254/24 brd 192.0.2.255 scope global ens9 valid_lft forever preferred_lft forever inet6 fe80::7e6d:3e1:1a2d:8595/64 scope link valid_lft forever preferred_lft forever 3: ens10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:ff:de:a1 brd ff:ff:ff:ff:ff:ff inet 198.51.100.254/24 brd 198.51.100.255 scope global ens10 valid_lft forever preferred_lft forever inet6 fe80::ad39:2e67:eff3:b8a5/64 scope link valid_lft forever preferred_lft forever 4: ens11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:75:60:99 brd ff:ff:ff:ff:ff:ff inet 203.0.113.254/24 brd 203.0.113.255 scope global ens11 valid_lft forever preferred_lft forever inet6 fe80::fccc:4f47:c25f:d537/64 scope link valid_lft forever preferred_lft forever 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:f4:20:29 brd ff:ff:ff:ff:ff:ff inet 192.168.122.200/24 brd 192.168.122.255 scope global eth3 valid_lft forever preferred_lft forever inet6 fe80::2fa8:61ca:60ac:d8bd/64 scope link valid_lft forever preferred_lft forever 6: ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:3e:65:84 brd ff:ff:ff:ff:ff:ff inet 128.66.0.254/24 brd 128.66.0.255 scope global ens12 valid_lft forever preferred_lft forever inet6 fe80::fa22:b41f:6d30:bf98/64 scope link valid_lft forever preferred_lft forever 7: ens13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:d5:a2:1c brd ff:ff:ff:ff:ff:ff inet6 2001:db8::/64 scope global valid_lft forever preferred_lft forever inet6 fe80::816b:fbff:3f23:6f92/64 scope link valid_lft forever preferred_lft forever 8: ens14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:00:c1:15 brd ff:ff:ff:ff:ff:ff inet 128.66.2.254/23 brd 128.66.3.255 scope global ens14 valid_lft forever preferred_lft forever inet6 fe80::c622:2781:e52a:f3c5/64 scope link valid_lft forever preferred_lft forever
Associando as interfaces as respectivas zonas:
[root@gw ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens10 ens11 ens12 ens13 ens14 ens9 eth3 sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
[root@gw ~]# firewall-cmd --get-default-zone public
[root@gw ~]# firewall-cmd --zone=public --change-interface=eth3 --permanent The interface is under control of NetworkManager, setting zone to 'public'. success [root@gw ~]# firewall-cmd --zone=external --change-interface=ens11 --permanent The interface is under control of NetworkManager, setting zone to 'external'. success [root@gw ~]# firewall-cmd --zone=external --change-interface=ens13 --permanent The interface is under control of NetworkManager, setting zone to 'external'. success [root@gw ~]# firewall-cmd --zone=internal --change-interface=ens9 --permanent The interface is under control of NetworkManager, setting zone to 'internal'. success [root@gw ~]# firewall-cmd --zone=internal --change-interface=ens10 --permanent The interface is under control of NetworkManager, setting zone to 'internal'. success [root@gw ~]# firewall-cmd --zone=internal --change-interface=ens12 --permanent The interface is under control of NetworkManager, setting zone to 'internal'. success [root@gw ~]# firewall-cmd --permanent --new-zone=client success [root@gw ~]# firewall-cmd --zone=client --change-interface=ens14 --permanent The interface is under control of NetworkManager, setting zone to 'client'. success [root@gw ~]# firewall-cmd --permanent --zone=public --add-masquerade success [root@gw ~]# firewall-cmd --reload success
# nmcli c m eth3 connection.zone public
wikiv3/gatewayct7.txt · Last modified: by 127.0.0.1