Nicolas Kovacs
2020-Feb-18 11:00 UTC
[CentOS] From network-scripts to NetworkManager on a router : questions
Hi, I'm running CentOS 7 on all my servers, in three different contexts : 1. simple local server 2. public facing server 3. router/gateway/firewall I'm currently in the process of moving my KISS-style network-scripts-style configurations to something more orthodox based on NetworkManager. Scenarios (1) and (2) caused no problems, but (3) is giving me some headache. Let me take an example. The router in my office is a PC Engines routerboard running CentOS 7. It has three NICs, and I use two of these. WAN-facing NIC : # /etc/sysconfig/network-scripts/ifcfg-enp1s0 DEVICE=enp1s0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.1 NETMASK=255.255.255.0 LAN-facing NIC : DEVICE=enp2s0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.2.1 NETMASK=255.255.255.0 Third NIC is disabled : # /etc/sysconfig/network-scripts/ifcfg-enp3s0 DEVICE=enp3s0 TYPE=Ethernet ONBOOT=no Gateway information : # /etc/sysconfig/network GATEWAY=192.168.1.254 The router is running Dnsmasq : # /etc/resolv.conf nameserver 127.0.0.1 Packet forwarding is enabled and handled through the firewall script. No need to go into the details for that. This setup works perfectly as is. Now I'd like to move it to a NetworkManager-based configuration, and I have a couple questions about that. I'm using NetworkManager TUI (nmtui) to configure my connections. I'm defining two profiles WAN (enp1s0) and LAN (enp2s0). With NetworkManager I have to configure gateway and DNS information on a per-interface basis. 1. Which interface should have the gateway information ? 2. In a similar manner, which interface should have the DNS server information ? Cheers from the sunny South of France, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
Anand Buddhdev
2020-Feb-18 11:28 UTC
[CentOS] From network-scripts to NetworkManager on a router : questions
On 18/02/2020 12:00, Nicolas Kovacs wrote: Hi Nicolas,> I'm using NetworkManager TUI (nmtui) to configure my connections. I'm > defining two profiles WAN (enp1s0) and LAN (enp2s0). With NetworkManager > I have to configure gateway and DNS information on a per-interface basis. > > 1. Which interface should have the gateway information ?The WAN interface.> 2. In a similar manner, which interface should have the DNS server > information ?Neither. The DNS configuration should not normally be bound to a specific interface, so don't configure it with any interface. If you do, and that interface goes down, your DNS config also disappears. Regards, Anand
Nicolas Kovacs
2020-Feb-18 15:37 UTC
[CentOS] From network-scripts to NetworkManager on a router : questions
Le 18/02/2020 ? 12:28, Anand Buddhdev a ?crit?:> Neither. The DNS configuration should not normally be bound to a > specific interface, so don't configure it with any interface. If you do, > and that interface goes down, your DNS config also disappears.I would like to do that very much, only NetworkManager makes you jump through burning loops to do so. With network-scripts, it was just a matter of editing resolv.conf with nameserver and search domain directives. I can't do that anymore, because /etc/resolv.conf gets squashed by NetworkManager. If I don't fill in DNS information for the interfaces, then all I get is an empty "#Generated by NetworkManager" line. On the other hand, using nmtui, the only place where I can actually fill in DNS information is in the interface-specific dialogs. After googling around for this problem, it looks like I'm not the only one scratching my head. Any suggestions ? Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
lejeczek
2020-Feb-18 16:13 UTC
[CentOS] From network-scripts to NetworkManager on a router : questions
On 18/02/2020 11:00, Nicolas Kovacs wrote:> Hi, > > I'm running CentOS 7 on all my servers, in three different contexts : > > ? 1. simple local server > ? 2. public facing server > ? 3. router/gateway/firewall > > I'm currently in the process of moving my KISS-style > network-scripts-style configurations to something more orthodox based > on NetworkManager. > > Scenarios (1) and (2) caused no problems, but (3) is giving me some > headache. Let me take an example. > > The router in my office is a PC Engines routerboard running CentOS 7. > It has three NICs, and I use two of these. > > WAN-facing NIC : > > # /etc/sysconfig/network-scripts/ifcfg-enp1s0 > DEVICE=enp1s0 > TYPE=Ethernet > ONBOOT=yes > BOOTPROTO=static > IPADDR=192.168.1.1 > NETMASK=255.255.255.0 > > LAN-facing NIC : > > DEVICE=enp2s0 > TYPE=Ethernet > ONBOOT=yes > BOOTPROTO=static > IPADDR=192.168.2.1 > NETMASK=255.255.255.0 > > Third NIC is disabled : > > # /etc/sysconfig/network-scripts/ifcfg-enp3s0 > DEVICE=enp3s0 > TYPE=Ethernet > ONBOOT=no > > Gateway information : > > # /etc/sysconfig/network > GATEWAY=192.168.1.254 > > The router is running Dnsmasq : > > # /etc/resolv.conf > nameserver 127.0.0.1 > > Packet forwarding is enabled and handled through the firewall script. > No need to go into the details for that. > > This setup works perfectly as is. Now I'd like to move it to a > NetworkManager-based configuration, and I have a couple questions > about that. > > I'm using NetworkManager TUI (nmtui) to configure my connections. I'm > defining two profiles WAN (enp1s0) and LAN (enp2s0). With > NetworkManager I have to configure gateway and DNS information on a > per-interface basis. > > 1. Which interface should have the gateway information ? > > 2. In a similar manner, which interface should have the DNS server > information ? > > Cheers from the sunny South of France, > > Niki >NM is actually pretty cool, to me it made all the stuff much easier. NM also cover & takes care of source/policy based routing. Also, if you go back to devel guys they listen and are happy to enhance NM including some suggestions. Development of NM is well active & solid in my option and it'll keep getting better I believe. With a system with many ifaces note NM has something called "priorities" with which you have controll over things like resolv.conf. connection.autoconnect-priority; ipv4.dns-priority Moving from what you had over to NM should be simple. enp1s0 should have ipv4.gateway value enp2s0 should have it empty. If you use firewalld then it also plays a role in linux router, with more complex setup you might need --direct but.. if you have been using it already with "network" then it will need no extra changes with NM. Kernel params also is good to have sussed out.