How to properly configure your home network on CentOS/RHEL

by , , revisited on

We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

Here’s a quick recap on setting up your workstation for use at home.

You can find this useful in case you want to:

Firewall at home?

It is good to apply good security practices even between machines on a trusted, home network.

FirewallD, the default firewall for CentOS/RHEL, has a great concept of zones.

Surely, you can just assign a specific network interface to a zone. But this would be prone to errors.
Imagine what would happen if you assign your laptop’s Ethernet interface to a home zone, and then take it to an airport? Nothing good.

Thanks to the NetworkManager, you can assign specific network connection profile to thehome zone.

So the important gotcha is that while you can assign a specific firewall zone to a network interface, the latter can have multiple connections (profiles) defined for it in NetworkManager.

NetworkManager has its own setting for which the connection of the same interface is bound to which FirewallD zone. It’s nice to have when you have RHEL 8 on your laptop and roaming around between home and work.

NetworkManager connections are easily understood as different profiles (settings) for the same interface.

By default, you have 1:1 mapping between an interface and profile, that is you have one profile for each interface, and its name matches the name of the interface. E.g. eno1 interface and connection name eno1.

Let’s fix this a bit and have a connection name reflect its physical location.

Considering that you’re home now and using a wired network. Let’s rename the current connection profile eno1-home to eno1-home:

nmcli connection modify eno1 eno1-home

The interface name itself stays the same, eno1.

Then bind this profile to home FirewallD zone:

nmcli connection modify eno1-home home

From then on, you can assign various services to be allowed accessed over LAN, on this workstation.
For example, the AirPlay service:

sudo firewall-cmd --zone=home --add-service=airplay-server --permanent
sudo firewall-cmd --zone=home --add-service=mdns --permanent # not really needed as this is the default for home zone
sudo firewall-cmd --reload

Wake on LAN

nmcli c show eno1-home | grep wake
nmcli c modify eno1-home 802-3-ethernet.wake-on-lan magic

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: