Can't ping outside my network
-
Not sure this is in the right spot in the forum but here goes.
I did a fresh install of CentOS 7 and I am having a network issue. I can ping to anything on my network but nothing outside the network. Before I installed the OS I had everything working: FOG, imaging, etc, but was having a partitioning issue. I had this issue before but it was the chrome repo that was blocking it, I did not download chrome this time so is not the issue. I also checked my firewall and we are not behind a proxy so those are not an issue, that I have found.
Here are a few outputs:
ifconfig[root@localhost fogadmin]# ifconfig enp30s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.1.40 netmask 255.255.0.0 broadcast 10.10.255.255 inet6 fe80::6ab5:99ff:fee4:d0c9 prefixlen 64 scopeid 0x20<link> ether 68:b5:99:e4:d0:c9 txqueuelen 1000 (Ethernet) RX packets 231188 bytes 28702240 (27.3 MiB) RX errors 0 dropped 12546 overruns 0 frame 0 TX packets 45057 bytes 8715232 (8.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:2d:42:e8 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip route
[root@localhost fogadmin]# ip route default via 10.10.1.1 dev enp30s0 proto static metric 100 10.10.0.0/16 dev enp30s0 proto kernel scope link src 10.10.1.40 metric 100 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
ip addr show
[root@localhost fogadmin]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp30s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 68:b5:99:e4:d0:c9 brd ff:ff:ff:ff:ff:ff inet 10.10.1.40/16 brd 10.10.255.255 scope global enp30s0 valid_lft forever preferred_lft forever inet6 fe80::6ab5:99ff:fee4:d0c9/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500 link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff
cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server
[root@localhost fogadmin]# cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server HWADDR=68:B5:99:E4:D0:C9 TYPE=Ethernet BOOTPROTO=none DNS1=10.10.1.59 DNS2=10.10.1.60 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no NAME="FOG Server" UUID=fc88fc47-ea38-4633-9024-0217c467f7a1 ONBOOT=yes IPADDR=10.10.1.40 PREFIX=16 GATEWAY=10.10.1.1
cat /etc/resolv.conf
[root@localhost fogadmin]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 10.10.1.59 nameserver 10.10.1.60
Let me know if i missed anything @Wayne-Workman, @Tom Elliott, @JBob, @george1421.
They have been helping me so maybe they remember something I forgot that might be useful.Thanks guys in advance!
-
This file looks suspiciously named: /etc/sysconfig/network-scripts/ifcfg-FOG_Server one might think this should be titled ifcfg-enp30s0 to match the name of your ethernet adapter.
On the networking side. I would have to ask what happens if you try to do a traceroute to something outside your network.
traceroute 8.8.8.8
This will tell you where your data packets are going and get hungup.Is it safe to assume you have direct internet access between the fog server and the internet or do you use a proxy server to get onto the internet?
-
@george1421 NO PROXY
[root@localhost fogadmin]# traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 google-public-dns-a.google.com (8.8.8.8) 12.036 ms 12.286 ms 13.102 ms
-
@ManofValor I would venture to guess the issue with pinging outside isn’t that you cannot do so, but rather the packets coming back are being blocked from returning, displaying like you can’t get out.
Only DNS and maybe simplistic port (web 80/webs 443) traffic are allowed to return.
This allows your DNS traffic to pass back and forth without a problem. It even would allow updates and simple data traffic to leave and return with minimal issues.
My guess is ACL’s are too stringent on the network. Most firewalls allow everything OUT, but only allow specificities IN when requested directly. Natted traffic should be allowed to receive on whatever it’s being requested.
For example.
Some external system trying to access internal port 21 would be blocked. Some internal system requesting outgoing port 21 normally can receive along the same stream though. In your case, it seems, anything as it comes in regardless of if its requested state (internal or being requested externally) is being blocked.
I don’t know the full extent of your network though and I can only give you guesses based on what we’ve seen thus far.
I totally believe that you’re NOT behind a proxy, just the symptoms as described seems to point to such a thing.
-
@ManofValor I think Tom’s guess is right, It makes sense.
To be honest, there appears to be absolutely nothing wrong with any of the network configuration on your FOG server.
We can test to see if Tom’s guess is right or not. If this CentOS 7 was installed with a GUI, it came with Firefox. Use firefox to try to visit our forums. If you can, Tom is right - and it also means that only ports 53, 80, and 443 are allowed into your network. IF this is the case, you’ll need your boss to loosen the straps so you can get your FOG server going - after that, he can tighten em down again. Or he can create rules that allow the FOG server full access to the internet. If it were up to me, I wouldn’t have a firewall that prevents work from being done. Do you guys have a demilitarized zone the fog server can be placed in temporarily so it can be installed and configured?