Every now and again the nameservers in /etc/resolv.conf on my CentOS-6.5 server are commented out. I used to think this was the fault of NetworkManager, but I've stopped running that on the server (using the network service instead) and the nameserver removal still occurs.
I'm baffled by the motivation for this, as I can't think of any situation where it would be of advantage to have no nameservers listed.
The DHCP client does similar things.
-----Ursprüngliche Nachricht----- Von: centos-bounces@centos.org [mailto:centos-bounces@centos.org] Im Auftrag von Timothy Murphy Gesendet: Donnerstag, 9. Januar 2014 13:28 An: centos@centos.org Betreff: [CentOS] Who deletes/edits my resolv.com ?
Every now and again the nameservers in /etc/resolv.conf on my CentOS-6.5 server are commented out. I used to think this was the fault of NetworkManager, but I've stopped running that on the server (using the network service instead) and the nameserver removal still occurs.
I'm baffled by the motivation for this, as I can't think of any situation where it would be of advantage to have no nameservers listed.
On Thu, 9 Jan 2014 13:26:48 +0100 Thomas Göttgens tgoettgens@gmail.com wrote:
The DHCP client does similar things.
When using DHCP add the line
PEERDNS=no
in /etc/sysconfig/network-scripts/ifcfg-<iface> It keeps your resolv.conf as it is.
Brgds
Benjamin Hackl wrote:
When using DHCP add the line
PEERDNS=no
in /etc/sysconfig/network-scripts/ifcfg-<iface> It keeps your resolv.conf as it is.
Thanks for that.
I don't know if this was a sheer fluke, but when I added that from my laptop the connection to my server was immediately broken, and after some study I found why: IPforwarding was turned off on my server, [root@alfred ~]# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 I had to run [root@alfred ~]# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1
Who changes this setting, and why?? I sometimes feel there are little men inside my server either with evil minds or else very pedantic intentions.
On 1/9/2014 3:46 PM, Timothy Murphy wrote:
IPforwarding was turned off on my server, [root@alfred ~]# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 I had to run [root@alfred ~]# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1
Who changes this setting, and why?? I sometimes feel there are little men inside my server either with evil minds or else very pedantic intentions.
note you need to put sysctl settings in /etc/sysctl.conf, or they won't persist on reboot.
John R Pierce wrote:
IPforwarding was turned off on my server, [root@alfred ~]# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
Who changes this setting, and why?? I sometimes feel there are little men inside my server either with evil minds or else very pedantic intentions.
note you need to put sysctl settings in /etc/sysctl.conf, or they won't persist on reboot.
Yes, thanks, I had done that. But I hadn't actually re-booted after adding PEERDNS=no to ifcfg-eth1. It seems the mere change triggered the kernel to turn forwarding off.
Incidentally, I am running shorewall on this server with IP_FORWARDING=On . I'm surprised this does not turn on kernel forwarding.
On Fri, 10 Jan 2014 11:46:23 +0100 Timothy Murphy gayleard@alice.it wrote:
Incidentally, I am running shorewall on this server with IP_FORWARDING=On . I'm surprised this does not turn on kernel forwarding.
When running shorewall make sure that iptables and ip6tables is set to off.
chkconfig iptables off chkconfig ip6tables off
Verify: chkconfig --list iptables chkconfig --list ip6tables
There is no need to change the forwarding settings. Shorewall will do that for you.
Benjamin Hackl wrote:
When running shorewall make sure that iptables and ip6tables is set to off.
chkconfig iptables off chkconfig ip6tables off
I must admit I didn't realize iptables should be off.
Suppose you modify /etc/shorewall/rules and re-start shorewall; is that effective without iptables running (if only briefly)?
I read in http://www.shorewall.net/standalone.htm "Once you have Shorewall running to your satisfaction, you should totally disable your existing firewall" which seems to leave the position slightly ambiguous.
There is no need to change the forwarding settings. Shorewall will do that for you.
In my case (editing ipconfig-eth1) forwarding was stopped although I hadn't re-booted. Presumably I would have had to re-start shorewall to re-install forwarding? In any case I have edited /etc/sysctl.conf now to make sure it is on.
I notice that on stopping iptables I get the message [tim@alfred shorewall]$ sudo service iptables stop iptables: Flushing firewall rules: [ OK ] Does this mean shorewall has to be re-started?
-
Benjamin Hackl -
John R Pierce -
Thomas Göttgens -
Timothy Murphy