Like most people, I’m accessing the internet using a cable modem and wireless router, which provides me with a single IP subnet. Unlike most people, I test OpenStack in my basement. To be able to run OpenStack, I’ll need at least one more subnet to work with. Therefore, I need a router.
We can easily build a router out of a physical or virtual Linux machine with two network interfaces. Essentially, we install the operating system (CentOS 7 in this example), configure the network (IP addresses and such), and then configure the firewall.
Below is a diagram of what we’re trying to create. The CentOS 7 machine will have its first NIC attached to the “External” facing network, which is the subnet that the wireless router provides me. The second NIC will be attached to an “Internal” network that I can use as a network for my OpenStack instances.
We’ll use the following configuration to setup the router:
Hostname: router NIC1 IP Address: 192.168.1.203 NIC1 Netmask: 255.255.255.0 NIC1 Gateway: 192.168.1.1 NIC1 DNS1: 192.168.1.253 NIC1 DNS2: 192.168.1.252 NIC2 IP Address: 192.168.2.254 NIC2 CIDR: 192.168.2.0/24
Getting the Script
Once you’ve built your CentOS 7 machine with it’s two NICs, you can download and execute the script. Run these commands from the CentOS 7 machine:
curl -O http://pastebin.com/raw/pnqkPNdK tr -d '\r' < pnqkPNdK > deploy-router.py chmod +x deploy-router.py
Now you can execute the script using our configuration information:
sudo ./deploy-router.py -n router -i 192.168.1.203 \ -m 255.255.255.0 -g 192.168.1.1 \ -d 192.168.1.253 -d2 192.168.1.252 \ -i2 192.168.2.254 -c 192.168.2.0/24
The script will configure both NICs and execute the firewall commands. When finished, the network and firewall services will be restarted, which may disconnect your ssh session. You can reconnect using the new NIC1 IP address. Note: sometimes the network restart doesn’t use the new IP addresses right away. If you remain connected to the old IP address after running the script, you can try restarting the network again using this command:
systemctl restart network.service
Adding a Route to Your Wireless Router
There’s one more step we need to cover. All of the devices on your “External” network are using your Wireless router as the default gateway. So, in order for these devices (including your laptop) to reach devices on our new “Internal” network, we need to tell our wireless router to forward any packets destined for the 192.168.2.0/24 network to our new router. To do this, we need to logon to the wireless router and add a route. This is typically in the advanced configuration settings of the wireless router.
For example, in the Verizon FIOS router, logon and select Advanced – Routing – New Route and fill out the form as shown below:
That should do the trick. You now have a functioning router and a new subnet.