Route internet traffic through a specific interface in Linux Servers – CentOS / RHEL

I have a server with multiple network interfaces. Out of that two of them were connected to two different networks. My requirement is to route the internet traffic through the second interface. The Server is running with CentOS 7 operating system. The second interface is connected to a network with higher internet bandwidth and the first interface is connected to a network with lower bandwidth. So I have to make the second interface as the primary/default interface.

The details of the network interfaces are given below.

Details of first interface:

Interface name -> eno2

IP Address:  192.168.0.208

Gateway 192.168.0.1

Internet Provider : ISP01

Details of second interface:

Interface name -> eno3

IP Address:  172.31.0.208

Gateway 172.31.0.1

Internet Provider : ISP02

The diagrammatic view of the server and network connections are given below.

internet_routing

Problem statement:

The internet traffic is going through the first interface. I want to change it to the second interface.

How to check the route of the internet traffic ?

This can be checked by using the traceroute command. Execute the following commands and check hops. If it is going through the gateway of the first network, means traffic is routed through the first interface. If it is going through the gateway of the second network, means that the traffic is routed through the second interface.

traceroute google.com

When I executed this command, I got the following output that proves that the traffic was going through the first interface. 192.168.0.1 is the gateway of the first interface. You can see the details in the below screenshot.

traceroute_02

How to list the default traffic routes ?

To list the existing routes in the system, type the following command in the terminal.

ip route list

This will list all the routes and that shows the default routes also. The following screenshot shows the details of the routes in my system.

iproute_list01

In the above image, you can see two default routes. The first one has a priority of 102 and second one with priority 103. So based on the priority, the traffic goes through the first interface (gateway 192.168.0.1, ISP-01).

How to change the default / primary route ?

In my case there were two default routes. So making one interface as the default or primary route will solve the problem.

This can be enabled by configuring the DEFROUTE parameter in the network interface settings. The network interface configurations are present in the following directory.

/etc/sysconfig/network-scripts

In this directory, you can see files that starts with ifcfg-. In my case, the two files that I have to deal with are ifcfg-eno2 and ifcfg-eno3.

In this file, there will be a parameter DEFROUTE. If it is configured with value “yes” means that interface is a default route. If the value is “no” means it is not a default interface.

So make DEFROUTE=no in the first interface (ifcfg-eno2) and DEFROUTE=yes in the second interface (ifcfg-eno3).

Restart the network after making these changes. The command is shared below.

service network restart

Now check the route list and see the default route/s. The command is given below.

ip route list

The screenshot from my system is shared below.

iproute_list02

Now you can see that the second interface (gateway 172.31.0.1 & ISP-02) became the default interface and the first interface got removed from the default list. It is present in the available interfaces, but not the default interface.

Now let us test the internet traffic through traceroute command. As per our configuration, the traffic should go through the second interface. The command is given below.

traceroute google.com

The screenshot from my system is given below.

traceroute_01

As per the screenshot, the traffic is going as expected based on our configuration. It is going through the second interface.

The steps for Ubuntu and other operating systems are also similar. Here I have explained based on CentOS & RHEL operating systems.

Hope this article helps someone. 🙂

 

 

 

 

SELinux modes – Simple explanation

Everyone who uses linux might be familiar with SELinux. The full form of SELinux is Security-Enhanced Linux. It is a kernel level security module that enhances the access level security policies.

In this post I will be quickly explaining about the various modes in SELinux.

There are three modes in SELinux

  • Enforcing
  • Permissive
  • Disabled

In CentOS and RHEL systems , the SELinux configurations are controlled using the configuration file /etc/sysconfig/selinux.

The changes made to this file needs a system reboot. We can disable the SELinux permanently only with a system reboot. But we can set the SELinux into permissive mode without reboot. This can be easily performed by issuing a setenforce command. The details are explained in my another blog post.

Here we can set SELinux to any of the modes mentioned above.

In the Enforcing mode, SELinux is completely active and it will allow access only using the SELinux policies. User can configure the policies to enable access to their application.

In the Permissive mode, the SELinux will be monitoring and logging all the activities that would have been denied if it is in the enforcing state. The SELinux will not block any activities in this state.

In the Disabled mode, SELinux will be completely disabled.