[TriLUG] New CentOS 7 system headaches (ping & dnsmasq)
Brian via TriLUG
trilug at trilug.org
Mon Dec 19 18:13:31 EST 2016
That's what happens when you're trying to fix things at 2:30 AM on three
cups of coffee..
It was an errant firewall rule. In the midst of this rebuild, I took
the opportunity to change from a 192.168.x.0 subnet to a 10.x.y.0
subnet. A search-and-replace on the iptables-restore input file created
a rule that effectively dropped everything except SSH.
Thanks for the sanity check!
-B
On 12/19/2016 04:34 PM, Matt Flyer wrote:
> First thing I would do is try to nail it down to being a firewall
> issue.
> You said that firewalld is disabled. Be sure to look at the active
> process list to confirm. Then set IPtables to accept by default and
> flush it - to clear out everything and make it permissive and then see
> if you can ping.
>
> If you still can't ping, try running a traceroute, though it should be
> one hop on the LAN segment, just to see if it is somehow trying to
> route to the gateway.
>
> Also, double check your interfaces by pulling up an ifconfig in a
> terminal prompt and verify that it didn't do anything odd like create
> multiple gateways (I am assuming here you're running multiple LAN
> segments on the same machine from your description) because sometimes
> the auto configuration tools assume you have a simple setup.
>
> On Mon, 2016-12-19 at 16:22 -0500, Brian via TriLUG wrote:
>> Here's some salient info:
>>
>> SELinux is disabled
>> firewalld is disabled in favor of iptables-services (for the time
>> being)
>>
>> There is a rule to ACCEPT all inbound traffic from the private
>> (10.55.46.0/24) interface. From iptables-save output:
>>
>> -A INPUT -j my_firewall
>> -A my_firewall -i enp7s0 -j ACCEPT
>>
>> dnsmasq is running and listening. From netstat output:
>>
>> tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3624/dnsmasq
>> udp 0 0 0.0.0.0:53 0.0.0.0:* 3624/dnsmasq
>> udp 0 0 0.0.0.0:67 0.0.0.0:* 3624/dnsmasq
>>
>> There is also a firewall rule allowing all ICMP packets.
>>
>> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j
>> ACCEPT
>>
>> Here are the symptoms:
>> - I can't ping in or out on the internal interface:
>> blueman$ ping 10.55.46.80
>> PING 10.55.46.80 (10.55.46.80) 56(84) bytes of data.
>> ^C
>> --- 10.55.46.80 ping statistics ---
>> 3 packets transmitted, 0 received, 100% packet loss, time 1999ms
>>
>> undecidedgames$ ping 10.55.46.125
>> PING 10.55.46.125 (10.55.46.125) 56(84) bytes of data.
>> ^C
>> --- 10.55.46.125 ping statistics ---
>> 2 packets transmitted, 0 received, 100% packet loss, time 999ms
>>
>
>
More information about the TriLUG
mailing list