centos as a router between lan no nat

Issues related to configuring your network
Posts: 1
Joined: 2018/05/05 14:23:31

centos as a router between lan no nat

Postby fromageNana » 2018/05/05 15:12:12


For a lab, i would like to get a centOS 7 act as a router between 4 different lan but without nating...
A schematic is in the attachments section.

the router in the center, AD1, AD2 and nagios are vm running on 2 esxi server with vcenter and distributed switch.
There is 4 lan: -> management network -> AD1 server -> nagios server -> AD2 server

I did activate ipv4 routing with:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p

Since each lan is directlly connected to the router i should be able to ping each lan no ? (on a cisco router yes)
*Each machine has his gw set to the interface his lan of the centos router.

I saw people telling that we need nat with this command:
iptables -t nat -A POSTROUTING -o <outgoingInt> -j MASQUERADE
but for my lab, i don't need/want nating, just simple routing between lan.

My goal is to be able to reach each lan by the ip of the machine so without nating and having a default gateway to the gateway to have internet.

Thanks for your help and sorry for my english, french native speaker :D
Screenshot from 2018-05-05 16-30-23.png
Screenshot from 2018-05-05 16-30-23.png (60.21 KiB) Viewed 100 times

User avatar
Posts: 1917
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos as a router between lan no nat

Postby jlehtone » 2018/05/05 20:43:50

The -> AD1 server -> nagios server -> AD2 server

are practically identical and just like any "home LAN". The members of each of those LANs have just the default gateway (the router) for reaching anything but link-local network. Plain and simple, nothing special.

The is different. It has two members that act as routers: and
One of these routers is the gate to 200.200.[012]/24 networks.
The other router leads to everywhere else. That router ( should be the default gateway for every member of the 10.1.21/24, including the "CentOS router" (

The CentOS router knows how to reach all four link-local networks. You have set it to route. Have you set the firewall to allow the routing?

What about the rest of 10.1.21/24? They, including the, have to be told that is not the route to 200.200.[012]/24. If they had static routes (in addition to the default route), then they would know. That does not seem to be the task of the CentOS router. That router does not configure the members of 10.1.21/24. Somebody else does.

Your example has an additional oddity: 200.200.x.y are not private subnet ranges, are they? The 10.x.y.z is private. That makes no sense.