CentOS 7 DHCP Gateway Routing Issue: Troubleshooting and Fix for /32 Subnet Environments


5 views

When working with CentOS 7 minimal installations in cloud environments or VPS configurations, you might encounter a peculiar networking issue where DHCP-assigned gateways aren't properly configured, particularly when dealing with /32 subnet masks. This problem specifically manifests when:

# After DHCP assignment
ip route show
# Shows correct IP but missing default route

The culprit lies in CentOS 7's modified dhclient-script behavior. Compared to CentOS 6's version 4.1.1-P1, CentOS 7's dhclient 4.2.5 introduced two significant changes:

  1. A gateway reachability test via ping before adding routes
  2. Modified handling of /32 subnet configurations

The new dhclient-script contains this problematic logic:

# From /sbin/dhclient-script
if [ -n "${new_routers}" ]; then
    if ping -c 1 -w 1 ${new_routers%% *}; then
        # Add route logic
    else
        echo "Gateway not responding to ping" >&2
    fi
fi

This causes failures in environments where:

  • ICMP is blocked by firewalls
  • Cloud providers disable ping responses
  • Network security policies restrict ICMP

    • Option 1: Modify dhclient-script (Permanent Fix)

    Edit /sbin/dhclient-script and comment out the ping check:

    # Backup original
cp /sbin/dhclient-script /sbin/dhclient-script.bak

# Modify ping check section to:
if [ -n "${new_routers}" ]; then
    #if ping -c 1 -w 1 ${new_routers%% *}; then
        # Add route logic
    #fi
    /sbin/route add -host ${new_routers%% *} dev ${interface}
    /sbin/route add default gw ${new_routers%% *}
fi

    Option 2: Use CentOS 6's dhclient-script

    wget http://example.com/centos6-dhclient-script -O /sbin/dhclient-script
chmod +x /sbin/dhclient-script
service network restart

    For environments where modifying system scripts isn't desirable, consider static routing:

    # /etc/sysconfig/network-scripts/route-ens4
144.76.190.224/32 dev ens4
default via 144.76.190.224 dev ens4

# /etc/sysconfig/network-scripts/ifcfg-ens4
BOOTPROTO=none
IPADDR=144.76.190.238
NETMASK=255.255.255.255
GATEWAY=144.76.190.224

    After implementing any solution, verify with:

    ip route show
ping -c 1 8.8.8.8
curl --connect-timeout 5 http://example.com

    When configuring a CentOS 7 minimal installation with traditional network configuration (disabling NetworkManager), the system fails to set the default gateway received via DHCP when using a /32 subnet mask (255.255.255.255). While IP address, netmask, and DNS settings are properly applied, the routing table remains incomplete without the critical default route.

    This behavior differs from CentOS 6 and most other Linux distributions, which correctly handle this network configuration scenario. The root cause traces back to changes in the dhclient-script implementation between versions:

    # CentOS 6 uses:
dhclient-4.1.1-P1

# CentOS 7 uses: 
dhclient-4.2.5

    The /32 subnet configuration is particularly common in:

    • Cloud VPS environments
    • Isolated network segments
    • Container networking
    • VPN configurations

    Without proper gateway routing, the system loses all external network connectivity despite having a valid IP address assignment.

    Examining the /sbin/dhclient-script differences between versions reveals a problematic change:

    # In CentOS 7's dhclient-script:
# Added gateway ping test before route addition
if ! ping -c 2 -W 1 $new_routers; then
    echo "Gateway not responding to ping - not setting default route"
    return
fi

    This check fails when:

    1. Firewall rules block ICMP
    2. Gateway intentionally doesn't respond to ping
    3. Network latency exceeds 1 second

    Solution 1: Replace dhclient-script (Recommended)

    Copy a working version from CentOS 6:

    # Backup original
sudo cp /sbin/dhclient-script /sbin/dhclient-script.bak

# Get working version (example using curl)
sudo curl -o /sbin/dhclient-script https://example.com/path/to/centos6-dhclient-script

# Set permissions
sudo chmod 755 /sbin/dhclient-script
sudo chown root:root /sbin/dhclient-script

# Restart network
sudo systemctl restart network

    Solution 2: Manual Static Routes

    Add to /etc/rc.local for persistence:

    #!/bin/bash
# Add host route to gateway
/sbin/route add -host 144.76.190.224 dev ens4
# Add default route
/sbin/route add default gw 144.76.190.224
exit 0

    Create a custom DHCP client exit hook:

    # /etc/dhcp/dhclient-exit-hooks.d/fix_routes
#!/bin/bash

# Only execute for interface ens4
[ "$interface" != "ens4" ] && exit 0

# Add required routes
/sbin/route add -host $new_routers dev $interface
/sbin/route add default gw $new_routers

    After implementing any solution, verify with:

    # Check routing table
ip route show
route -n

# Test connectivity
ping -c 4 8.8.8.8
traceroute 8.8.8.8

# Check DHCP lease info
cat /var/lib/dhclient/dhclient--ens4.lease

    For systems requiring NetworkManager:

    # Alternative config for NM systems
nmcli connection modify ens4 ipv4.ignore-auto-routes no
nmcli connection modify ens4 ipv4.never-default no
nmcli connection up ens4