3.5. Configuring a Gateway

Configure the machine hosting installer to act as a gateway so traffic from the private provisioning network routes to a network interface with external connectivity.

Procedure 3.8. Configuring a Gateway

  1. Log into the machine hosting the installer as the root user.
  2. Edit /etc/sysctl.conf and change the value of net.ipv4.ip_forward to 1:
    net.ipv4.ip_forward = 1
  3. Load the new value:
    # sysctl -p
  4. Enable IP masquerading:
    # iptables -t nat -I POSTROUTING 1 -o [if_name] -j MASQUERADE
    # iptables -I FORWARD 1 ! -s [XX.XX.XX.XX/XX] -j DROP
    # iptables -I FORWARD 1 -d [XX.XX.XX.XX/XX] -j ACCEPT
    # iptables -I FORWARD 1 -s [XX.XX.XX.XX/XX] -j ACCEPT
    # -A INPUT -i [if_name] -j ACCEPT
    • [if_name]: The name of the network interface to which to forward network traffic. You must specify the name of the network interface that will not be used for the private provisioning network.
    • [XX.XX.XX.XX/XX]: The network address of the private provisioning network that the installer defines. You must specify this address using CIDR notation. For example, XX.0.0.0/8, XX.XX.0.0/16, or XX.XX.XX.00/24.


      The default firewall rules reject ICMP forwarding, which can cause problems connecting the Red Hat's CDN. It is advisable to remove the following rules from your firewall if they exist:
      	-A INPUT -j REJECT --reject-with icmp-host-prohibited
      	-A FORWARD -j REJECT --reject-with icmp-host-prohibited
  5. Save the changes to the firewall:
    # iptables-save > /etc/sysconfig/iptables
  6. Restart networking:
    # systemctl restart network.service
The new firewall rules routes the traffic from the private provisioning network to a network interface with external network connectivity, which allows machines on that network to access resources on other networks.