Last week I set up a Satellite server in my home lab so I could test out deploying systems via kickstart. I wanted to kickstart the VM’s using DCHP and PXE but I didnt want the DHCP server running on my single flat internal network (I know, I know I just haven’t had time to implement a couple more networks). I decided I’d set up a new isolated virtual network that I could use as my “deploy” network. My current network uses the 192.168.1.x so I decided I’d use a 192.168.100.x range. I created a new network on my hypervisor using VLAN ID 100, which is only only configured as a tagged VLAN on my lab switch. This ensures any traffic on the new virtual network can’t be seen by any of my existing traffic.
The next issue I had was, how could I route the traffic from the new 192.168.100.x network to the rest of my internal network and the Internet. Linux to the rescue. There are piles of router and security distros out there to accomplish this but I wanted something stock and simple. I decided to go with a minimal CentOS 6.x install. Red Hat or Fedora would also work for these instructions.
First thing we need to do is set up the interfaces on the VM. I have the NIC’s configured as follows:
eth0 – 102.168.1.136
eth1 – 192.168.100.1
Once the network interfaces are set up, all that needs to be done is enable routing on the VM. As root
add the following line to /etc/sysctl.conf:
net.ipv4.conf.default.forwarding=1
Then enable masquerading in iptables:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Save the iptables config:
service iptables save
You can now restart networking and iptables to make sure everything works:
service network restart && service iptables restart
That should be it. You now can configre any client on your deploy network to use 192.168.100.1 as a gateway. The clients will use the new Linux router to get to the 192.168.1.x network and the internet from there. Enabling DHCP on my Satellite server interface on the 192.168.100.x network will also not impact anything on my 192.168.1.x network.
This blog post is my own and is not endorsed or supported by my employer, Red Hat.