How to configure RHEL as a router in the middle of a network?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux
  • Multiple network subnets

Issue

  • How to configure RHEL as a router in the middle of a network?
  • Can I use my RHEL server as the gateway for its attached subnets?

Resolution

These instructions are for a plain forwarding IP router with no NAT (Network Address Translation).

If you wish to configure a NAT router, see How to configure Linux as router for sharing internet in RHEL?

Enable IP forwarding

In /etc/sysctl.conf set the following, then apply with the sysctl -p command:

net.ipv4.ip_forward = 1

Disable Receive Offloading

If network interfaces have any receive offloading, check it with:

ethtool -k ethX

If any receive offloading such as Large Receive Offload is enabled, turn it off with:

ethtool -K ethX rx off lro off gro off

These settings can be made permanent as described at: How to make NIC ethtool settings persistent (apply automatically at boot)

Disable Reverse Path Filtering

In /etc/sysctl.conf set the following, then apply with the sysctl -p command:

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

You may also need to check existing interface settings with:

sysctl -a | egrep "\.rp_filter"

and disable any existing RP Filter on interfaces with:

for TUNABLE in $(sysctl -a | awk '/\.rp_filter/{print $1}'); do sysctl -w "$TUNABLE=0"; done

Ensure Routing Makes Sense

The RHEL system needs either a default gateway, or a gateway to configured to forward relevant traffic to.

The RHEL system will route traffic for attached subnets.

The rest of the network needs to know those attached subnets are reached via the RHEL system's IP addresses.

Root Cause

Receive offloading must be disabled as the NIC will combine smaller MTU-sized packets into larger packets, which the system will then try to forward, only to find the large packet is bigger than the outgoing MTU so the outgoing forwarded packet will be dropped.

The rest of the settings are requirements to have IP routing working as expected.

SBR
Product(s)
Components
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.