Can't ping outside my network



  • Not sure this is in the right spot in the forum but here goes.
    I did a fresh install of CentOS 7 and I am having a network issue. I can ping to anything on my network but nothing outside the network. Before I installed the OS I had everything working: FOG, imaging, etc, but was having a partitioning issue. I had this issue before but it was the chrome repo that was blocking it, I did not download chrome this time so is not the issue. I also checked my firewall and we are not behind a proxy so those are not an issue, that I have found.
    Here are a few outputs:
    ifconfig

    [root@localhost fogadmin]# ifconfig
    enp30s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.10.1.40  netmask 255.255.0.0  broadcast 10.10.255.255
            inet6 fe80::6ab5:99ff:fee4:d0c9  prefixlen 64  scopeid 0x20<link>
            ether 68:b5:99:e4:d0:c9  txqueuelen 1000  (Ethernet)
            RX packets 231188  bytes 28702240 (27.3 MiB)
            RX errors 0  dropped 12546  overruns 0  frame 0
            TX packets 45057  bytes 8715232 (8.3 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
            device interrupt 19  
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 0  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
            ether 52:54:00:2d:42:e8  txqueuelen 0  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    ip route

    [root@localhost fogadmin]# ip route
    default via 10.10.1.1 dev enp30s0  proto static  metric 100 
    10.10.0.0/16 dev enp30s0  proto kernel  scope link  src 10.10.1.40  metric 100 
    192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
    

    ip addr show

    [root@localhost fogadmin]# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: enp30s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 68:b5:99:e4:d0:c9 brd ff:ff:ff:ff:ff:ff
        inet 10.10.1.40/16 brd 10.10.255.255 scope global enp30s0
           valid_lft forever preferred_lft forever
        inet6 fe80::6ab5:99ff:fee4:d0c9/64 scope link 
           valid_lft forever preferred_lft forever
    3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
        link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff
        inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
           valid_lft forever preferred_lft forever
    4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
        link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff
    
    

    cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server

    [root@localhost fogadmin]# cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server
    HWADDR=68:B5:99:E4:D0:C9
    TYPE=Ethernet
    BOOTPROTO=none
    DNS1=10.10.1.59
    DNS2=10.10.1.60
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=no
    IPV6INIT=no
    IPV6_AUTOCONF=yes
    IPV6_DEFROUTE=yes
    IPV6_PEERDNS=yes
    IPV6_PEERROUTES=yes
    IPV6_FAILURE_FATAL=no
    NAME="FOG Server"
    UUID=fc88fc47-ea38-4633-9024-0217c467f7a1
    ONBOOT=yes
    IPADDR=10.10.1.40
    PREFIX=16
    GATEWAY=10.10.1.1
    
    

    cat /etc/resolv.conf

    [root@localhost fogadmin]# cat /etc/resolv.conf
    # Generated by NetworkManager
    nameserver 10.10.1.59
    nameserver 10.10.1.60
    
    

    Let me know if i missed anything @Wayne-Workman, @Tom Elliott, @JBob, @george1421.
    They have been helping me so maybe they remember something I forgot that might be useful.

    Thanks guys in advance!


  • Moderator

    @ManofValor I think Tom’s guess is right, It makes sense.

    To be honest, there appears to be absolutely nothing wrong with any of the network configuration on your FOG server.

    We can test to see if Tom’s guess is right or not. If this CentOS 7 was installed with a GUI, it came with Firefox. Use firefox to try to visit our forums. If you can, Tom is right - and it also means that only ports 53, 80, and 443 are allowed into your network. IF this is the case, you’ll need your boss to loosen the straps so you can get your FOG server going - after that, he can tighten em down again. Or he can create rules that allow the FOG server full access to the internet. If it were up to me, I wouldn’t have a firewall that prevents work from being done. Do you guys have a demilitarized zone the fog server can be placed in temporarily so it can be installed and configured?


  • Senior Developer

    @ManofValor I would venture to guess the issue with pinging outside isn’t that you cannot do so, but rather the packets coming back are being blocked from returning, displaying like you can’t get out.

    Only DNS and maybe simplistic port (web 80/webs 443) traffic are allowed to return.

    This allows your DNS traffic to pass back and forth without a problem. It even would allow updates and simple data traffic to leave and return with minimal issues.

    My guess is ACL’s are too stringent on the network. Most firewalls allow everything OUT, but only allow specificities IN when requested directly. Natted traffic should be allowed to receive on whatever it’s being requested.

    For example.

    Some external system trying to access internal port 21 would be blocked. Some internal system requesting outgoing port 21 normally can receive along the same stream though. In your case, it seems, anything as it comes in regardless of if its requested state (internal or being requested externally) is being blocked.

    I don’t know the full extent of your network though and I can only give you guesses based on what we’ve seen thus far.

    I totally believe that you’re NOT behind a proxy, just the symptoms as described seems to point to such a thing.



  • @george1421 NO PROXY

    [root@localhost fogadmin]# traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
     1  * * *
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  * * *
     8  * * *
     9  google-public-dns-a.google.com (8.8.8.8)  12.036 ms  12.286 ms  13.102 ms
    
    

  • Moderator

    This file looks suspiciously named: /etc/sysconfig/network-scripts/ifcfg-FOG_Server one might think this should be titled ifcfg-enp30s0 to match the name of your ethernet adapter.

    On the networking side. I would have to ask what happens if you try to do a traceroute to something outside your network.

    traceroute 8.8.8.8 This will tell you where your data packets are going and get hungup.

    Is it safe to assume you have direct internet access between the fog server and the internet or do you use a proxy server to get onto the internet?


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.