How to configure Linux as a Router

Learn how to configure Linux as a router with this comprehensive guide. Follow step-by-step instructions to turn your Linux system into a functional router, enabling network traffic management and improved connectivity. #centlinux #linux #networking

What is a Router?

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. We can transform a Linux machine into a Virtual Router, if we have two interfaces on the Linux machine, and each interface is connected to a different network.

A router is a networking device that forwards data packets between computer networks. It performs the traffic directing functions on the Internet, ensuring that data sent from one network reaches the correct destination on another network. Here are some key functions and features of a router:

1. Network Segmentation: Routers connect different networks and segment traffic to improve efficiency and security.
2. Path Selection: Determines the best path for data packets to travel across interconnected networks, based on factors like distance, cost, and traffic load.
3. Packet Forwarding: Forwards data packets from the source to the destination by examining their IP addresses and using routing tables.
4. Traffic Management: Manages network traffic to prevent congestion and optimize the performance of data transmission.
5. Network Address Translation (NAT): Allows multiple devices on a local network to share a single public IP address, conserving IP addresses and providing a layer of security.
6. Firewall and Security: Many routers include built-in firewalls and security features to protect the network from unauthorized access and cyber threats.
7. Quality of Service (QoS): Prioritizes certain types of traffic to ensure that critical applications receive the necessary bandwidth.
8. Wireless Connectivity: Wireless routers provide Wi-Fi connectivity, enabling wireless devices to connect to the network.

Routers are essential components of modern networking, used in homes, businesses, and data centers to connect devices, manage network traffic, and ensure secure and efficient communication between networks.

Linux Server Specification

The interface connected to our local network is called Private interface. Whereas, the interface connected to the outer world is called Public interface.

In this post, we will setup a CentOS 7 machine as a Virtual Router.

We have configured a Linux virtual machine with following specification.

• Operating System – CentOS 7
• Hostname – ipaserver.example.com
• Private Interface – eno16777728
• Public Interface – eno33554968

Recommended Training: Introduction to Computer Networking – Beginner Crash Course from Rick Crisci

Configure Private Interface of Linux Network

Connect to the ipaserver.example.com and configure network interfaces.

Check status of network devices.

nmcli device status

Output:

DEVICE       TYPE      STATE         CONNECTION
eno16777728  ethernet  disconnected  --
eno33554968  ethernet  disconnected  --
lo           loopback  unmanaged     --

Configure Private Interface with necessary settings for the Router setup.

nmcli connection add con-name prv0 ifname eno16777728 type ethernet autoconnect yes ip4 192.168.113.10/24 gw4 192.168.113.10
nmcli connection modify prv0 ipv4.method manual ipv4.dns 192.168.113.10 ipv6.method ignore
nmcli connection modify prv0 ipv4.never-default yes
nmcli connection modify prv0 connection.zone internal
nmcli connection down prv0 ; nmcli connection up prv0

Output:

Connection 'prv0' (0f5bebd6-e737-48ba-a34e-0c272a365982) successfully added.

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

TP-Link Archer BE6500 Dual-Band Wi-Fi 7 Router (Archer BE400) | Dual 2.5 Gbps Ports USB 3.0 | Covers up to 2,400 Sq. ft and 90 Devices | Quad-core CPU| HomeShield, Private IoT for Network Security

(153)

19% Off $179.99 $144.99 (as of May 27, 2025 17:24 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

𝐅𝐮𝐭𝐮𝐫𝐞-𝐑𝐞𝐚𝐝𝐲 𝐖𝐢-𝐅𝐢 𝟕 – Designed with the latest Wi-Fi 7 technology, featuring Multi-Link Operation (MLO), Multi-RUs, and 4K-QAM. Achieve optimized performance on latest WiFi 7 laptops and devices, like the iPhone 16 Pro, and Samsung Galaxy S24 Ultra…. read more

Configure Public Interface of Linux Network

Check status of network devices.

nmcli device status

Output:

DEVICE       TYPE      STATE         CONNECTION
eno16777728  ethernet  connected     prv0
eno33554968  ethernet  disconnected  --
lo           loopback  unmanaged     --

Configure Public Interface with necessary settings for the Router setup.

nmcli connection add con-name pub0 ifname eno33554968 type ethernet autoconnect yes ip4 192.168.116.50/24 gw4 192.168.116.2
nmcli connection modify pub0 ipv4.method manual ipv4.dns 192.168.116.2 ipv6.method ignore
nmcli connection modify pub0 connection.zone external
nmcli connection down pub0 ; nmcli connection up pub0

Output:

Connection 'pub0' (0f4bebd6-e717-49ca-a33e-0c272a336982) successfully added.

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

Configure Linux Firewall

Set internal zone as the default zone of the firewall.

firewall-cmd --set-default-zone=internal

Check status of Internal zone of Linux Firewall.

firewall-cmd --list-all

Output:

internal (default, active)
  interfaces: eno16777728
  sources:
  services: dhcpv6-client ipp-client mdns samba-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Check status of External zone.

firewall-cmd --list-all --zone=external

Output:

external (active)
  interfaces: eno33554968
  sources:
  services: ssh
  ports:
  masquerade: yes
  forward-ports:
  icmp-blocks:
  rich rules:

Both interfaces are in their relevant zones.

Make sure that the IP Forwarding is enabled in Kernel settings.

sysctl -a | grep ip_forward

Output:

net.ipv4.ip_forward = 1

Test Router Configuration

Connect to a client machine client2.example.com in your private network and set the default gateway as follows.

nmcli c a con-name eno16777728 ifname eno16777728 autoconnect yes type ethernet ip4 192.168.113.11/24 gw4 192.168.113.10

Use the tracepath command to check the network path in used now.

tracepath 8.8.8.8

Output:

 1:  192.168.113.11                                        0.075ms pmtu 1500
 1:  192.168.113.10                                        0.403ms
 1:  192.168.113.10                                        0.178ms
 2:  192.168.116.2                                         0.328ms
 3:  no reply
 4:  no reply

It shows that our Red Hat Enterprise Linux (RHEL) 7 machine has been successfully configured as a Virtual Router.

Red Hat Enterprise Linux 10 Handbook: A Comprehensive Guide to Mastering RHEL 10 Administration, Automation, and Emerging Technologies

$9.99 (as of May 28, 2025 17:27 GMT +00:00 – More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Conclusion: How to Configure Linux as a Router

Configuring Linux as a router is a powerful way to manage and direct network traffic, offering flexibility and control over your network setup. By following this guide, you should now have a Linux-based router up and running, enhancing your network’s performance and security.

Need a dependable Linux system administrator? I specialize in managing, optimizing, and securing Linux servers to keep your operations running flawlessly. Check out my services on Fiverr!

Happy routing!