Setup Router Network

Install network utilities

Run this on the Router VM
dnf install -y \
    dnsutils nmap netcat iperf mtr tcpdump \
    iftop bmon nload speedtest-cli whois arp-scan

Setup systemd-networkd

The Fedora cloud image the VM is booted from is automatically setup for NetworkManager. For a router, this just gets in the way of things, so you should disable NetworkManager and setup static IP addresses via systemd-networkd.

First, create a static network config for the management interface (name eth0 by default, but it will be renamed to mgmt):

Run this on the Router VM
mac_address=$(ip link show "eth0" | awk '/ether/ {print $2}')
network=/etc/systemd/network/01-mgmt.network
link=/etc/systemd/network/01-mgmt.link

cat <<EOF > /etc/systemd/network/01-mgmt.network
[Match]
Name=mgmt

[Network]
Address=10.10.1.2/24
Gateway=10.10.1.1
DNS=1.1.1.1
DNS=1.0.0.1
EOF

cat <<EOF > /etc/systemd/network/01-mgmt.link
[Match]
MACAddress=${mac_address}

[Link]
Name=mgmt
EOF

echo -e "\n\n## Network: ${network}"
cat ${network}
echo -e "\n## Link: ${link}"
cat ${link}
Tip

Make sure to use the same Address as you assigned in the cloud-init settings for th VM (e.g., 10.10.1.2). Although this configuration is now divorced from cloud-init, using the same address will prevent conflict.

Enable systemd-networkd:

Run this on the Router VM
sudo systemctl enable systemd-networkd

Disable NetworkManager:

Run this on the Router VM
sudo systemctl stop NetworkManager
sudo systemctl mask NetworkManager

Disable cloud-init:

Run this on the Router VM
touch /etc/cloud/cloud-init.disabled
systemctl mask cloud-init

cloud-init was useful for first boot configuration, but now that its done its job, it needs to get out of the way.

Rename interfaces

List the detected network interfaces on the router VM:

Run this on the Router VM
ip link

The physical dual 10G Ethernet passed into the VM is recognized as two interfaces, enp1s0f0 and enp1s0f1, and will become the new router’s LAN and WAN ports respectively:

(stdout)
3: enp1s0f0:  mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether CA:FE:BA:BE:12:34 brd ff:ff:ff:ff:ff:ff
4: enp1s0f1:  mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether DE:AD:BE:EF:42:42 brd ff:ff:ff:ff:ff:ff

Let’s rename these interfaces so they are easier to identify:

Run this on the Router VM
## Define your interface mappings: existing_name=new_name,...
INTERFACES="enp1s0f0=lan,enp1s0f1=wan"

mkdir -p /etc/systemd/network

IFS=',' # Split INTERFACES by commas
for iface_map in $INTERFACES; do
    IFS='=' read -r interface name <<< "$iface_map"
    mac_address=$(ip link show "$interface" | awk '/ether/ {print $2}')
    if [[ -z "$mac_address" ]]; then
        echo "Error: Could not find MAC address for $interface"
        continue
    fi
    link_file="/etc/systemd/network/10-${name}.link"
    cat <<EOF | sudo tee "$link_file" > /dev/null
[Match]
MACAddress=${mac_address}

[Link]
Name=${name}
EOF
    echo "Created link file $link_file for interface $interface with MAC $mac_address"
done
Tip

Double check the INTERFACES mapping matches your existing network interface names.

Set static LAN address

Run this on the Router VM
LAN_NETWORK=192.168.10.1/24
GATEWAY=10.10.1.1   ## Temporary management gateway
DNS="1.1.1.1;1.0.0.1;"
cat <<EOF > /etc/NetworkManager/system-connections/lan.nmconnection
[connection]
id=lan
type=ethernet
interface-name=lan

[ipv4]
method=manual
address1=${LAN_NETWORK},${GATEWAY}
dns=${DNS}
EOF
chmod 600 /etc/NetworkManager/system-connections/lan.nmconnection

Set WAN for DHCP

Run this on the Router VM
cat <<EOF > /etc/NetworkManager/system-connections/wan.nmconnection
[connection]
id=wan
type=ethernet
interface-name=wan

[ipv4]
method=auto
EOF
chmod 600 /etc/NetworkManager/system-connections/wan.nmconnection

Reboot the Router VM

To see the changes, you will have to reboot the VM.

Run this on the Router VM
reboot

Once rebooted, log back in and check the interface names again:

Run this on the Router VM
ip link
(stdout)
3: lan:  mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether CA:FE:BA:BE:12:34 brd ff:ff:ff:ff:ff:ff
4: wan:  mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether DE:AD:BE:EF:42:42 brd ff:ff:ff:ff:ff:ff

Show the IP address of the LAN interface:

Run this on the Router VM
ip add show dev lan
(stdout)
...
    inet 192.168.10.1/24 brd 192.168.10.255 scope global
...