-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Chan Chung Hang Christopher Sent: Tuesday, July 06, 2010 9:28 AM To: centos@centos.org Subject: Re: [CentOS] DNS or firewall problem
Are you running a proxy for http? It would be rather
surprising that
internal machines can access the Internet without
forwarding turned
on otherwise. When you say internal machines cannot access your server, are they connecting to it via the local
interface's ip or the
Internet ip? Are the services bound to the local interface?
I did notice today there is a squid.conf file in my
/etc/httpd/conf.d
directory. It appears it is configure for the local domain only. I renamed it and restarted apache but that didn't work.
The server has two nics, one for internet and one for the local network, connected to a switch. eth0 is connected to the
uplink port.
Please pastebin the output of the following: Run as root: 'cat /etc/sysconfig/iptables'
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
'netstat -ntlp'
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 3580/perl tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2960/hpiod tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3138/mysqld tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 3049/clamd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2667/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 3958/X tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 3588/perl tcp 0 0 192.168.1.101:53 0.0.0.0:* LISTEN 2639/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2639/named tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2980/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3218/sendmail: acce tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2639/named tcp 0 0 0.0.0.0:766 0.0.0.0:* LISTEN 2704/rpc.statd tcp 0 0 0.0.0.0:3551 0.0.0.0:* LISTEN 3032/apcupsd tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2965/python tcp 0 0 :::80 :::* LISTEN 5464/httpd tcp 0 0 :::6000 :::* LISTEN 3958/X tcp 0 0 ::1:953 :::* LISTEN 2639/named tcp 0 0 :::443 :::* LISTEN 5464/httpd
Not sure what all this means. Hope someone can.
Thanks!!
Eddie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos