• Not sure this is in the right spot in the forum but here goes.
    I did a fresh install of CentOS 7 and I am having a network issue. I can ping to anything on my network but nothing outside the network. Before I installed the OS I had everything working: FOG, imaging, etc, but was having a partitioning issue. I had this issue before but it was the chrome repo that was blocking it, I did not download chrome this time so is not the issue. I also checked my firewall and we are not behind a proxy so those are not an issue, that I have found.
    Here are a few outputs:

    [root@localhost fogadmin]# ifconfig
    enp30s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet  netmask  broadcast
            inet6 fe80::6ab5:99ff:fee4:d0c9  prefixlen 64  scopeid 0x20<link>
            ether 68:b5:99:e4:d0:c9  txqueuelen 1000  (Ethernet)
            RX packets 231188  bytes 28702240 (27.3 MiB)
            RX errors 0  dropped 12546  overruns 0  frame 0
            TX packets 45057  bytes 8715232 (8.3 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
            device interrupt 19  
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet  netmask
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 0  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet  netmask  broadcast
            ether 52:54:00:2d:42:e8  txqueuelen 0  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    ip route

    [root@localhost fogadmin]# ip route
    default via dev enp30s0  proto static  metric 100 dev enp30s0  proto kernel  scope link  src  metric 100 dev virbr0  proto kernel  scope link  src 

    ip addr show

    [root@localhost fogadmin]# ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: enp30s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 68:b5:99:e4:d0:c9 brd ff:ff:ff:ff:ff:ff
        inet brd scope global enp30s0
           valid_lft forever preferred_lft forever
        inet6 fe80::6ab5:99ff:fee4:d0c9/64 scope link 
           valid_lft forever preferred_lft forever
    3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
        link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff
        inet brd scope global virbr0
           valid_lft forever preferred_lft forever
    4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
        link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff

    cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server

    [root@localhost fogadmin]# cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server
    NAME="FOG Server"

    cat /etc/resolv.conf

    [root@localhost fogadmin]# cat /etc/resolv.conf
    # Generated by NetworkManager

    Let me know if i missed anything @Wayne-Workman, @Tom Elliott, @JBob, @george1421.
    They have been helping me so maybe they remember something I forgot that might be useful.

    Thanks guys in advance!

  • @ManofValor I think Tom’s guess is right, It makes sense.

    To be honest, there appears to be absolutely nothing wrong with any of the network configuration on your FOG server.

    We can test to see if Tom’s guess is right or not. If this CentOS 7 was installed with a GUI, it came with Firefox. Use firefox to try to visit our forums. If you can, Tom is right - and it also means that only ports 53, 80, and 443 are allowed into your network. IF this is the case, you’ll need your boss to loosen the straps so you can get your FOG server going - after that, he can tighten em down again. Or he can create rules that allow the FOG server full access to the internet. If it were up to me, I wouldn’t have a firewall that prevents work from being done. Do you guys have a demilitarized zone the fog server can be placed in temporarily so it can be installed and configured?

  • @ManofValor I would venture to guess the issue with pinging outside isn’t that you cannot do so, but rather the packets coming back are being blocked from returning, displaying like you can’t get out.

    Only DNS and maybe simplistic port (web 80/webs 443) traffic are allowed to return.

    This allows your DNS traffic to pass back and forth without a problem. It even would allow updates and simple data traffic to leave and return with minimal issues.

    My guess is ACL’s are too stringent on the network. Most firewalls allow everything OUT, but only allow specificities IN when requested directly. Natted traffic should be allowed to receive on whatever it’s being requested.

    For example.

    Some external system trying to access internal port 21 would be blocked. Some internal system requesting outgoing port 21 normally can receive along the same stream though. In your case, it seems, anything as it comes in regardless of if its requested state (internal or being requested externally) is being blocked.

    I don’t know the full extent of your network though and I can only give you guesses based on what we’ve seen thus far.

    I totally believe that you’re NOT behind a proxy, just the symptoms as described seems to point to such a thing.

  • @george1421 NO PROXY

    [root@localhost fogadmin]# traceroute
    traceroute to (, 30 hops max, 60 byte packets
     1  * * *
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  * * *
     8  * * *
     9  google-public-dns-a.google.com (  12.036 ms  12.286 ms  13.102 ms
  • Moderator

    This file looks suspiciously named: /etc/sysconfig/network-scripts/ifcfg-FOG_Server one might think this should be titled ifcfg-enp30s0 to match the name of your ethernet adapter.

    On the networking side. I would have to ask what happens if you try to do a traceroute to something outside your network.

    traceroute This will tell you where your data packets are going and get hungup.

    Is it safe to assume you have direct internet access between the fog server and the internet or do you use a proxy server to get onto the internet?