WAN dan LAN CentOS Server Sebagai Router

WAN (interface enp0s3) – 192.168.8.144/24
LAN (interface enp0s8) – 192.168.1.1/24

1. Configure WAN dan LAN interface (dhcp atau static ip) :

/etc/sysconfig/network-scripts/ifcfg-enp0s3 (WAN)
/etc/sysconfig/network-scripts/ifcfg-enp0s8 (LAN)

root#ifconfig

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 192.168.8.144  netmask 255.255.255.0  broadcast 192.168.8.255        inet6 fe80::6125:cdb7:ecea:e290  prefixlen 64  scopeid 0x20<link>        inet6 fd78:c5f8:6fe7:e400:1716:1834:9a2a:cdf6  prefixlen 64  scopeid 0x0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255        inet6 fe80::dc9e:30bf:bcc5:6bfe  prefixlen 64  scopeid 0x20<link>        ether 08:00:27:cf:ca:e7  txqueuelen 1000  (Ethernet)        RX packets 18  bytes 1620 (1.5 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 36  bytes 2922 (2.8 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2. Aktifkan (Enable) IP Forward feature  :

sysctl -w net.ipv4.ip_forward=1
ATAU
echo 1 > /proc/sys/net/ipv4/ip_forward

Pastikan IP Forward telah diaktifkan ?

sysctl net.ipv4.ip_forward 
ATAU
cat /proc/sys/net/ipv4/ip_forward

3. Tambah configuration untuk firewall (bagi kes ini menggunakan tool firewall firewalld – alternatif kepada iptables) : 

firewall-cmd –change-interface=enp0s3 –zone=external –permanent
firewall-cmd –set-default-zone=internal
firewall-cmd –complete-reload

4. Restart service firewall dan network supaya setting terbaru dikemaskini: 

systemctl restart network && systemctl restart firewalld

ATAU

Service network restart
Service firewalld restart
Pastikan servis IP Forward dan firewalld aktif / berjalan ?

Firewalld status : 

[root@server ~]# service firewalld status Redirecting to /bin/systemctl status firewalld.servicefirewalld.service – firewalld – dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)Active: active (running) since Sun 2023-06-04 10:46:27 BST; 31s ago

5. Test connection : 

[root]#ping google.com -I 192.168.1.1

[root@server ~]# ping google.com -I 192.168.1.1 PING google.com (216.58.221.206) from 192.168.1.1 : 56(84) bytes of data.64 bytes from kul08s10-in-f14.1e100.net (216.58.221.206): icmp_seq=1 ttl=55 time=39.9 ms64 bytes from kul08s10-in-f14.1e100.net (216.58.221.206): icmp_seq=2 ttl=55 time=54.6 ms

Ping status dari internal (LAN) ke google.com (WAN) berjaya !

f