On Fri, 2015-04-10 at 16:47 -0500, Greg Ennis wrote:
On 04/04/2015 04:47 PM, Gregory P. Ennis wrote:
Everyone,
This morning I did a manual yum update on our a mail server to 7.1 without any incident or problems. A new kernel was installed, and I rebooted after the update.
When I rebooted the machine I could not gain ssh access to it from an external ip address. I was able to ssh to this mail server through a different machine on the local network.
At first I thought the problem was related to the firewall. I stopped firewalld, and fail2ban, and clear all firewall rules without being able to gain access.
I disabled firewalld, and fail2ban. I enabled iptables and started it without a problem, but I could still not gain access. I removed all entries in the host.allow and host.deny files, and this did not make a difference either.
On one of the various reboots I tried to use the previous kernel before today's update, but there was no success.
I can scan the mail server and reach it without a problem from the internal network but I am not able to reach it from outside the local network. I have the mail server behind a Centso 5.11 machine that is the gateway router for the internal network, and the mail server is nat addressed with it's external ip address to the internal machine. I have had this configuration set up for over 7 years. I tweaked the Gateway router to nat address the mail server's ip address to a different machine inside the network and everything worked perfectly like it should, and then re-adjusted the gateway router again back to the mail server and am not able to gain access from outside the local network.
"traceroute" does not get to the mail server from outside the local network, but works fine inside the local network.
Bottom line, this does not look like a host.deny, host.allow problem, nor does it look like a firewalld or iptables problem. And it does not appear to be a problem with the gateway server.
Is there another feature of CentOs 7.1 that I need to evaluate? Has anyone else had this problem after the 7.1 update?
Thank you for your help!!!!
Greg Ennis
Greg, do you have access to a console for that machine .. the mechanism in RHEL (and therefore CentOS) to accept licenses changed from 7.0 to 7.1 .. before it was all firstboot, now it is a combination of firstboot and initial-setup.
What may be happening is that you may need to be on the console and accept the license on the first reboot after the update.
We tried to turn this off for CLI only installs, but in some combinations of software, you may still get the acceptance screen and have to complete it.
We know this is suboptimal, but it is exactly the same is in RHEL .. we may try to remove these from CLI only machines in the future.
Johnny,
It is about 30 miles away from my location today. I did take a look at the console when the problem first started, but could not log in because of the 7.1 problem related to multiple users on the log in screen without the ability to scroll through the users. I switched to a terminal interface to try to solve the problem, and did not try to log in via the gui.
I'll take a look latter tonight to see if that will make a difference.
Thanks,
Greg
Johnny,
When I got to the machine, I still could not log in via the gui because of the known bug with the 7.1 login screen's inability to scroll multiple users. After logging in via a terminal interface and running 'initial-setup' I found that you were correct about not having the license agreed to. However, after agreeing to the license, it did not change any of the problems I have had with the second nic card. For now, I have just turned off the nic card and have routed everything on the network through the main card. I have a couple of other ideas I am going to try when I get the time.
When I converted to 7.1 from 7.0 I just did a yum update from a remote connection, and was never prompted to accept the new license agreement.
Greg