Chapter 18. Managing the default gateway setting
The default gateway is a router that forwards network packets when no other route matches the destination of a packet. In a local network, the default gateway is typically the host that is one hop closer to the internet.
18.1. Setting the default gateway on an existing connection using nmcli
In most situations, administrators set the default gateway when they create a connection as explained in, for example, Section 8.1, “Configuring a static Ethernet connection using nmcli”.
This section describes how to set or update the default gateway on a previously created connection using the nmcli
utility.
Prerequisites
- At least one static IP address must be configured on the connection on which the default gateway will be set.
-
If the user is logged in on a physical console, user permissions are sufficient. Otherwise, user must have
root
permissions.
Procedure
Set the IP address of the default gateway.
For example, to set the IPv4 address of the default gateway on the
example
connection to192.0.2.1
:$
sudo nmcli connection modify example ipv4.gateway "192.0.2.1"
For example, to set the IPv6 address of the default gateway on the
example
connection to2001:db8:1::1
:$
sudo nmcli connection modify example ipv6.gateway "2001:db8:1::1"
Restart the network connection for changes to take effect. For example, to restart the
example
connection using the command line:$
sudo nmcli connection up example
WarningAll connections currently using this network connection are temporarily interrupted during the restart.
Optionally, verify that the route is active.
To display the IPv4 default gateway:
$
ip -4 route
default via 192.0.2.1 dev example proto static metric 100To display the IPv6 default gateway:
$
ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium
Additional resources
18.2. Setting the default gateway on an existing connection using the nmcli interactive mode
In most situations, administrators set the default gateway when they create a connection as explained in, for example, Section 8.5, “Configuring a dynamic Ethernet connection using the nmcli interactive editor”.
This section describes how to set or update the default gateway on a previously created connection using the interactive mode of the nmcli
utility.
Prerequisites
- At least one static IP address must be configured on the connection on which the default gateway will be set.
-
If the user is logged in on a physical console, user permissions are sufficient. Otherwise, the user must have
root
permissions.
Procedure
Open the
nmcli
interactive mode for the required connection. For example, to open thenmcli
interactive mode for the example connection:$
sudo nmcli connection edit example
Set the default gateway.
For example, to set the IPv4 address of the default gateway on the
example
connection to192.0.2.1
:nmcli>
set ipv4.gateway 192.0.2.1
For example, to set the IPv6 address of the default gateway on the
example
connection to2001:db8:1::1
:nmcli>
set ipv6.gateway 2001:db8:1::1
Optionally, verify that the default gateway was set correctly:
nmcli>
print
... ipv4.gateway: 192.0.2.1 ... ipv6.gateway: 2001:db8:1::1 ...Save the configuration:
nmcli>
save persistent
Restart the network connection for changes to take effect:
nmcli>
activate example
WarningAll connections currently using this network connection are temporarily interrupted during the restart.
Leave the
nmcli
interactive mode:nmcli>
quit
Optionally, verify that the route is active.
To display the IPv4 default gateway:
$
ip -4 route
default via 192.0.2.1 dev example proto static metric 100To display the IPv6 default gateway:
$
ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium
18.3. Setting the default gateway on an existing connection using nm-connection-editor
In most situations, administrators set the default gateway when they create a connection. This section describes how to set or update the default gateway on a previously created connection using the nm-connection-editor
application.
Prerequisites
- At least one static IP address must be configured on the connection on which the default gateway will be set.
Procedure
Open a terminal, and enter
nm-connection-editor
:$
nm-connection-editor
- Select the connection to modify, and click the gear wheel icon to edit the existing connection.
Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to
192.0.2.1
:-
Open the
IPv4 Settings
tab. Enter the address in the
gateway
field next to the IP range the gateway’s address is within:
-
Open the
Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to
2001:db8:1::1
:-
Open the
IPv6
tab. Enter the address in the
gateway
field next to the IP range the gateway’s address is within:
-
Open the
- Click .
- Click .
Restart the network connection for changes to take effect. For example, to restart the
example
connection using the command line:$
sudo nmcli connection up example
WarningAll connections currently using this network connection are temporarily interrupted during the restart.
Optionally, verify that the route is active.
To display the IPv4 default gateway:
$
ip -4 route
default via 192.0.2.1 dev example proto static metric 100To display the IPv6 default gateway:
$
ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium
Additional resources
18.4. Setting the default gateway on an existing connection using control-center
In most situations, administrators set the default gateway when they create a connection. This section describes how to set or update the default gateway on a previously created connection using the control-center
application.
Prerequisites
- At least one static IP address must be configured on the connection on which the default gateway will be set.
-
The network configuration of the connection is open in the
control-center
application.
Procedure
Set the IPv4 default gateway. For example, to set the IPv4 address of the default gateway on the connection to
192.0.2.1
:-
Open the
IPv4
tab. Enter the address in the
gateway
field next to the IP range the gateway’s address is within:
-
Open the
Set the IPv6 default gateway. For example, to set the IPv6 address of the default gateway on the connection to
2001:db8:1::1
:-
Open the
IPv6
tab. Enter the address in the
gateway
field next to the IP range the gateway’s address is within:
-
Open the
- Click .
Back in the
Network
window, disable and re-enable the connection by switching the button for the connection to and back to for changes to take effect.WarningAll connections currently using this network connection are temporarily interrupted during the restart.
Optionally, verify that the route is active.
To display the IPv4 default gateway:
$
ip -4 route
default via 192.0.2.1 dev example proto static metric 100To display the IPv6 default gateway:
$
ip -6 route
default via 2001:db8:1::1 dev example proto static metric 100 pref medium
Additional resources
18.5. Setting the default gateway on an existing connection using System Roles
You can use the networking
RHEL System Role to set the default gateway.
When you run a play that uses the networking
RHEL System Role, the System Role overrides an existing connection profile with the same name if the settings do not match the ones specified in the play. Therefore, always specify the whole configuration of the network connection profile in the play, even if, for example, the IP configuration already exists. Otherwise, the role resets these values to their defaults.
Depending on whether it already exists, the procedure creates or updates the enp1s0
connection profile with the following settings:
-
A static IPv4 address -
198.51.100.20
with a/24
subnet mask -
A static IPv6 address -
2001:db8:1::1
with a/64
subnet mask -
An IPv4 default gateway -
198.51.100.254
-
An IPv6 default gateway -
2001:db8:1::fffe
-
An IPv4 DNS server -
198.51.100.200
-
An IPv6 DNS server -
2001:db8:1::ffbb
-
A DNS search domain -
example.com
Prerequisites
-
The
ansible
andrhel-system-roles
packages are installed on the control node. -
If you use a different remote user than
root
when you run the playbook, this user has appropriatesudo
permissions on the managed node.
Procedure
If the host on which you want to execute the instructions in the playbook is not yet inventoried, add the IP or name of this host to the
/etc/ansible/hosts
Ansible inventory file:node.example.com
Create the
~/ethernet-connection.yml
playbook with the following content:--- - name: Configure an Ethernet connection with static IP and default gateway hosts: node.example.com become: true tasks: - include_role: name: linux-system-roles.network vars: network_connections: - name: enp1s0 type: ethernet autoconnect: yes ip: address: - 198.51.100.20/24 - 2001:db8:1::1/64 gateway4: 198.51.100.254 gateway6: 2001:db8:1::fffe dns: - 198.51.100.200 - 2001:db8:1::ffbb dns_search: - example.com state: up
Run the playbook:
To connect as
root
user to the managed host, enter:#
ansible-playbook -u root ~/ethernet-connection.yml
To connect as a user to the managed host, enter:
#
ansible-playbook -u user_name --ask-become-pass ~/ethernet-connection.yml
The
--ask-become-pass
option makes sure that theansible-playbook
command prompts for thesudo
password of the user defined in the-u user_name
option.
If you do not specify the
-u user_name
option,ansible-playbook
connects to the managed host as the user that is currently logged in to the control node.
Additional resources
-
For details about the parameters used in
network_connections
and for additional information about thenetwork
System Role, see the/usr/share/ansible/roles/rhel-system-roles.network/README.md
file. -
For details about the
ansible-playbook
command, see theansible-playbook(1)
man page.
18.6. Setting the default gateway on an existing connection when using the legacy network scripts
This procedure describes how to configure a default gateway when you use the legacy network scripts. The example sets the default gateway to 192.0.2.1
that is reachable via the enp1s0
interface.
Prerequisites
-
The
NetworkManager
package is not installed, or theNetworkManager
service is disabled. -
The
network-scripts
package is installed.
Procedure
Set the
GATEWAY
parameter in the/etc/sysconfig/network-scripts/ifcfg-enp1s0
file to192.0.2.1
:GATEWAY=192.0.2.1
Add the
default
entry in the/etc/sysconfig/network-scripts/route-enp0s1
file:default via 192.0.2.1
Restart the network:
# systemctl restart network
18.7. How NetworkManager manages multiple default gateways
In certain situations, for example for fallback reasons, you set multiple default gateways on a host. However, to avoid asynchronous routing issues, each default gateway of the same protocol requires a separate metric value. Note that RHEL only uses the connection to the default gateway that has the lowest metric set.
You can set the metric for both the IPv4 and IPv6 gateway of a connection using the following command:
# nmcli connection modify connection-name ipv4.route-metric value ipv6.route-metric value
Do not set the same metric value for the same protocol in multiple connection profiles to avoid routing issues.
If you set a default gateway without a metric value, NetworkManager automatically sets the metric value based on the interface type. For that, NetworkManager assigns the default value of this network type to the first connection that is activated, and sets an incremented value to each other connection of the same type in the order they are activated. For example, if two Ethernet connections with a default gateway exist, NetworkManager sets a metric of 100
on the route to the default gateway of the connection that you activate first. For the second connection, NetworkManager sets 101
.
The following is an overview of frequently-used network types and their default metrics:
Connection type | Default metric value |
---|---|
VPN | 50 |
Ethernet | 100 |
MACsec | 125 |
InfiniBand | 150 |
Bond | 300 |
Team | 350 |
VLAN | 400 |
Bridge | 425 |
TUN | 450 |
Wi-Fi | 600 |
IP tunnel | 675 |
Additional resources
- For details about policy-based routing, see Chapter 20, Configuring policy-based routing to define alternative routes.
- For details about Multipath TCP, see Chapter 25, Getting started with Multipath TCP.
18.8. Configuring NetworkManager to avoid using a specific profile to provide a default gateway
You can configure that NetworkManager never uses a specific profile to provide the default gateway. Follow this procedure for connection profiles that are not connected to the default gateway.
Prerequisites
- The NetworkManager connection profile for the connection that is not connected to the default gateway exists.
Procedure
If the connection uses a dynamic IP configuration, configure that NetworkManager does not use the connection as the default route for IPv4 and IPv6 connections:
#
nmcli connection modify connection_name ipv4.never-default yes ipv6.never-default yes
Note that setting
ipv4.never-default
andipv6.never-default
toyes
, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.Activate the connection:
#
nmcli connection up connection_name
Verification steps
-
Use the
ip -4 route
andip -6 route
commands to verify that RHEL does not use the network interface for the default route for the IPv4 and IPv6 protocol.
18.9. Fixing unexpected routing behavior due to multiple default gateways
There are only a few scenarios, such as when using multipath TCP, in which you require multiple default gateways on a host. In most cases, you configure only a single default gateway to avoid unexpected routing behavior or asynchronous routing issues.
To route traffic to different internet providers, use policy-based routing instead of multiple default gateways.
Prerequisites
- The host uses NetworkManager to manage network connections, which is the default.
- The host has multiple network interfaces.
- The host has multiple default gateways configured.
Procedure
Display the routing table:
For IPv4, enter:
#
ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101 default via 198.51.100.1 dev enp7s0 proto static metric 102 ...For IPv6, enter:
#
ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium default via 2001:db8:2::1 dev enp7s0 proto static metric 102 pref medium ...
Entries starting with
default
indicate a default route. Note the interface names of these entries displayed next todev
.Use the following commands to display the NetworkManager connections that use the interfaces you identified in the previous step:
#
nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp1s0
GENERAL.CONNECTION: Corporate-LAN IP4.GATEWAY: 192.168.122.1 IP6.GATEWAY: 2001:db8:1::1 #nmcli -f GENERAL.CONNECTION,IP4.GATEWAY,IP6.GATEWAY device show enp7s0
GENERAL.CONNECTION: Internet-Provider IP4.GATEWAY: 198.51.100.1 IP6.GATEWAY: 2001:db8:2::1In these examples, the profiles named
Corporate-LAN
andInternet-Provider
have the default gateways set. Because, in a local network, the default gateway is typically the host that is one hop closer to the internet, the rest of this procedure assumes that the default gateways in theCorporate-LAN
are incorrect.Configure that NetworkManager does not use the
Corporate-LAN
connection as the default route for IPv4 and IPv6 connections:#
nmcli connection modify Corporate-LAN ipv4.never-default yes ipv6.never-default yes
Note that setting
ipv4.never-default
andipv6.never-default
toyes
, automatically removes the default gateway’s IP address for the corresponding protocol from the connection profile.Activate the
Corporate-LAN
connection:#
nmcli connection up Corporate-LAN
Verification steps
Display the IPv4 and IPv6 routing tables and verify that only one default gateway is available for each protocol:
For IPv4, enter:
#
ip -4 route
default via 192.0.2.1 dev enp1s0 proto static metric 101 ...For IPv6, enter:
#
ip -6 route
default via 2001:db8:1::1 dev enp1s0 proto static metric 101 pref medium ...
Additional resources
- For details about policy-based routing, see Chapter 20, Configuring policy-based routing to define alternative routes.
- For details about Multipath TCP, see Chapter 25, Getting started with Multipath TCP.