Chapter 18. Managing the default gateway setting

The default gateway is a router that forwards network packets when no other route matches the destination of a packet. In a local network, the default gateway is typically the host that is one hop closer to the internet.

18.1. Setting the default gateway on an existing connection using nmcli

In most situations, administrators set the default gateway when they create a connection as explained in, for example, Configuring a static Ethernet connection using nmcli.

This section describes how to set or update the default gateway on a previously created connection using the nmcli utility.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, user must have root permissions.

Procedure

  1. Set the IP address of the default gateway.

    For example, to set the IPv4 address of the default gateway on the example connection to 192.0.2.1: 

    $ sudo nmcli connection modify example ipv4.gateway "192.0.2.1"

    For example, to set the IPv6 address of the default gateway on the example connection to 2001:db8:1::1: 

    $ sudo nmcli connection modify example ipv6.gateway "2001:db8:1::1"

  2. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    $ sudo nmcli connection up example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  3. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    $ ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    $ ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

18.2. Setting the default gateway on an existing connection using the nmcli interactive mode

In most situations, administrators set the default gateway when they create a connection as explained in, for example, Configuring a dynamic Ethernet connection using the nmcli interactive editor.

This section describes how to set or update the default gateway on a previously created connection using the interactive mode of the nmcli utility.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the user must have root permissions.

Procedure

  1. Open the nmcli interactive mode for the required connection. For example, to open the nmcli interactive mode for the example connection: 

    $ sudo nmcli connection edit example

  2. Set the default gateway.

    For example, to set the IPv4 address of the default gateway on the example connection to 192.0.2.1: 

    nmcli> set ipv4.gateway 192.0.2.1

    For example, to set the IPv6 address of the default gateway on the example connection to 2001:db8:1::1: 

    nmcli> set ipv6.gateway 2001:db8:1::1

  3. Optionally, verify that the default gateway was set correctly: 

    nmcli> print
...
ipv4.gateway:                           192.0.2.1
...
ipv6.gateway:                           2001:db8:1::1
...

  4. Save the configuration: 

    nmcli> save persistent

  5. Restart the network connection for changes to take effect: 

    nmcli> activate example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  6. Leave the nmcli interactive mode: 

    nmcli> quit

  7. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    $ ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    $ ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

18.3. Setting the default gateway on an existing connection using nm-connection-editor

In most situations, administrators set the default gateway when they create a connection. This section describes how to set or update the default gateway on a previously created connection using the nm-connection-editor application.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.

Procedure

  1. Open a terminal, and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Select the connection to modify, and click the gear wheel icon to edit the existing connection.

  3. Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to 192.0.2.1:

    1. Open the IPv4 Settings tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in nm connection editor ipv4

  4. Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to 2001:db8:1::1:

    1. Open the IPv6 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in nm connection editor ipv6

  5. Click OK.
  6. Click Save.

  7. Restart the network connection for changes to take effect. For example, to restart the example connection using the command line: 

    $ sudo nmcli connection up example
    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  8. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    $ ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    $ ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

18.4. Setting the default gateway on an existing connection using control-center

In most situations, administrators set the default gateway when they create a connection. This section describes how to set or update the default gateway on a previously created connection using the control-center application.

Prerequisites

  • At least one static IP address must be configured on the connection on which the default gateway will be set.
  • The network configuration of the connection is open in the control-center application.

Procedure

  1. Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to 192.0.2.1:

    1. Open the IPv4 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in control center ipv4

  2. Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to 2001:db8:1::1:

    1. Open the IPv6 tab.

    2. Enter the address in the gateway field next to the IP range the gateway’s address is within:

      set default gw in control center ipv6

  3. Click Apply.

  4. Back in the Network window, disable and re-enable the connection by switching the button for the connection to Off and back to On for changes to take effect.

    Warning

    All connections currently using this network connection are temporarily interrupted during the restart.

  5. Optionally, verify that the route is active.

    To display the IPv4 default gateway: 

    $ ip -4 route
default via 192.0.2.1 dev example proto static metric 100

    To display the IPv6 default gateway: 

    $ ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium

Additional resources

18.5. Setting the default gateway on an existing connection using System Roles

You can use the networking RHEL System Role to set the default gateway.

Important

When you run a play that uses the networking RHEL System Role, the System Role overrides an existing connection profile with the same name if the settings do not match the ones specified in the play. Therefore, always specify the whole configuration of the network connection profile in the play, even if, for example, the IP configuration already exists. Otherwise, the role resets these values to their defaults.

Depending on whether it already exists, the procedure creates or updates the enp1s0 connection profile with the following settings:

  • A static IPv4 address - 198.51.100.20 with a /24 subnet mask
  • A static IPv6 address - 2001:db8:1::1 with a /64 subnet mask
  • An IPv4 default gateway - 198.51.100.254
  • An IPv6 default gateway - 2001:db8:1::fffe
  • An IPv4 DNS server - 198.51.100.200
  • An IPv6 DNS server - 2001:db8:1::ffbb
  • A DNS search domain - example.com

Prerequisites

  • The ansible and rhel-system-roles packages are installed on the control node.
  • If you use a different remote user than root when you run the playbook, this user has appropriate sudo permissions on the managed node.

Procedure

  1. If the host on which you want to execute the instructions in the playbook is not yet inventoried, add the IP or name of this host to the /etc/ansible/hosts Ansible inventory file: 

    node.example.com

  2. Create the ~/ethernet-connection.yml playbook with the following content: 

    ---
- name: Configure an Ethernet connection with static IP and default gateway
  hosts: node.example.com
  become: true
  tasks:
  - include_role:
      name: linux-system-roles.network

    vars:
      network_connections:
        - name: enp1s0
          type: ethernet
          autoconnect: yes
          ip:
            address:
              - 198.51.100.20/24
              - 2001:db8:1::1/64
            gateway4: 198.51.100.254
            gateway6: 2001:db8:1::fffe
            dns:
              - 198.51.100.200
              - 2001:db8:1::ffbb
            dns_search:
              - example.com
          state: up

  3. Run the playbook:

    • To connect as root user to the managed host, enter: 

      # ansible-playbook -u root ~/ethernet-connection.yml

    • To connect as a user to the managed host, enter: 

      # ansible-playbook -u user_name --ask-become-pass ~/ethernet-connection.yml

      The --ask-become-pass option makes sure that the ansible-playbook command prompts for the sudo password of the user defined in the -u user_name option.

    If you do not specify the -u user_name option, ansible-playbook connects to the managed host as the user that is currently logged in to the control node.

Additional resources

  • For details about the parameters used in network_connections and for additional information about the network System Role, see the /usr/share/ansible/roles/rhel-system-roles.network/README.md file.
  • For details about the ansible-playbook command, see the ansible-playbook(1) man page.

18.6. Setting the default gateway on an existing connection when using the legacy network scripts

This procedure describes how to configure a default gateway when you use the legacy network scripts. The example sets the default gateway to 192.0.2.1 that is reachable via the enp1s0 interface.

Prerequisites

  • The NetworkManager package is not installed, or the NetworkManager service is disabled.
  • The network-scripts package is installed.

Procedure

  1. Set the GATEWAY parameter in the /etc/sysconfig/network-scripts/ifcfg-enp1s0 file to 192.0.2.1: 

    GATEWAY=192.0.2.1

  2. Add the default entry in the /etc/sysconfig/network-scripts/route-enp0s1 file: 

    default via 192.0.2.1

  3. Restart the network: 

    # systemctl restart network

18.7. How NetworkManager manages multiple default gateways

In certain situations, for example for fallback reasons, you set multiple default gateways on a host. However, to avoid asynchronous routing issues, each default gateway of the same protocol requires a separate metric value. Note that RHEL only uses the connection to the default gateway that has the lowest metric set.

You can set the metric for both the IPv4 and IPv6 gateway of a connection using the following command: 

# nmcli connection modify connection-name ipv4.route-metric value ipv6.route-metric value
Important

Do not set the same metric value for the same protocol in multiple connection profiles to avoid routing issues.

If you set a default gateway without a metric value, NetworkManager automatically sets the metric value based on the interface type. For that, NetworkManager assigns the default value of this network type to the first connection that is activated, and sets an incremented value to each other connection of the same type in the order they are activated. For example, if two Ethernet connections with a default gateway exist, NetworkManager sets a metric of 100 on the route to the default gateway of the connection that you activate first. For the second connection, NetworkManager sets 101.

The following is an overview of frequently-used network types and their default metrics:

Connection typeDefault metric value

VPN

50

Ethernet

100

MACsec

125

InfiniBand

150

Bond

300

Team

350

VLAN

400

Bridge

425

TUN

450

Wi-Fi

600

IP tunnel

675

Additional resources

18.8. Configuring NetworkManager to avoid using a specific profile to provide a default gateway

You can configure that NetworkManager never uses a specific profile to provide the default gateway. Follow this procedure for connection profiles that are not connected to the default gateway.

Prerequisites

  • The NetworkManager connection profile for the connection that is not connected to the default gateway exists.

Procedure

  1. If the connection uses a dynamic IP configuration, configure that NetworkManager does not use the connection as the default route for IPv4 and IPv6 connections: 

    # nmcli connection modify connection_name ipv4.never-default yes ipv6.never-default yes

    Note that setting ipv4.never-default and ipv6.never-default to yes, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.

  2. Activate the connection: 

    # nmcli connection up connection_name

Verification steps

  • Use the ip -4 route and ip -6 route commands to verify that RHEL does not use the network interface for the default route for the IPv4 and IPv6 protocol.

18.9. Fixing unexpected routing behavior due to multiple default gateways

There are only a few scenarios, such as when using multipath TCP, in which you require multiple default gateways on a host. In most cases, you configure only a single default gateway to avoid unexpected routing behavior or asynchronous routing issues.

Note

To route traffic to different internet providers, use policy-based routing instead of multiple default gateways.

Prerequisites

  • The host uses NetworkManager to manage network connections, which is the default.
  • The host has multiple network interfaces.
  • The host has multiple default gateways configured.

Procedure

  1. Display the routing table:

    • For IPv4, enter: 

      # ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101
default via 198.51.100.1 dev enp7s0 proto static metric 102
...

    • For IPv6, enter: 

      # ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium
default via 2001:db8:2::1 dev enp7s0 proto static metric 102 pref medium
...

    Entries starting with default indicate a default route. Note the interface names of these entries displayed next to dev.

  2. Use the following commands to display the NetworkManager connections that use the interfaces you identified in the previous step: 

    # nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp1s0
GENERAL.CONNECTION:      Corporate-LAN
IP4.GATEWAY:             192.168.122.1
IP6.GATEWAY:             2001:db8:1::1

# nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp7s0
GENERAL.CONNECTION:      Internet-Provider
IP4.GATEWAY:             198.51.100.1
IP6.GATEWAY:             2001:db8:2::1

    In these examples, the profiles named Corporate-LAN and Internet-Provider have the default gateways set. Because, in a local network, the default gateway is typically the host that is one hop closer to the internet, the rest of this procedure assumes that the default gateways in the Corporate-LAN are incorrect.

  3. Configure that NetworkManager does not use the Corporate-LAN connection as the default route for IPv4 and IPv6 connections: 

    # nmcli connection modify Corporate-LAN ipv4.never-default yes ipv6.never-default yes

    Note that setting ipv4.never-default and ipv6.never-default to yes, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.

  4. Activate the Corporate-LAN connection: 

    # nmcli connection up Corporate-LAN

Verification steps

  • Display the IPv4 and IPv6 routing tables and verify that only one default gateway is available for each protocol:

    • For IPv4, enter: 

      # ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101
...

    • For IPv6, enter: 

      # ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium
...

Additional resources