[CentOS] DNS or firewall problem
Thomas Dukes
tdukes at sc.rr.com
Tue Jul 6 22:50:44 UTC 2010
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Chan Chung
> Hang Christopher
> Sent: Tuesday, July 06, 2010 9:28 AM
> To: centos at centos.org
> Subject: Re: [CentOS] DNS or firewall problem
>
>
> >> Are you running a proxy for http? It would be rather
> surprising that
> >> internal machines can access the Internet without
> forwarding turned
> >> on otherwise. When you say internal machines cannot access your
> >> server, are they connecting to it via the local
> interface's ip or the
> >> Internet ip?
> >> Are the services bound to the local interface?
> >
> >
> > I did notice today there is a squid.conf file in my
> /etc/httpd/conf.d
> > directory. It appears it is configure for the local domain only. I
> > renamed it and restarted apache but that didn't work.
> >
> > The server has two nics, one for internet and one for the local
> > network, connected to a switch. eth0 is connected to the
> uplink port.
>
> Please pastebin the output of the following:
> Run as root:
> 'cat /etc/sysconfig/iptables'
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
> 'netstat -ntlp'
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:20000 0.0.0.0:*
LISTEN 3580/perl
tcp 0 0 127.0.0.1:2208 0.0.0.0:*
LISTEN 2960/hpiod
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN 3138/mysqld
tcp 0 0 127.0.0.1:3310 0.0.0.0:*
LISTEN 3049/clamd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 2667/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:*
LISTEN 3958/X
tcp 0 0 0.0.0.0:10000 0.0.0.0:*
LISTEN 3588/perl
tcp 0 0 192.168.1.101:53 0.0.0.0:*
LISTEN 2639/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 2639/named
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 2980/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN 3218/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 2639/named
tcp 0 0 0.0.0.0:766 0.0.0.0:*
LISTEN 2704/rpc.statd
tcp 0 0 0.0.0.0:3551 0.0.0.0:*
LISTEN 3032/apcupsd
tcp 0 0 127.0.0.1:2207 0.0.0.0:*
LISTEN 2965/python
tcp 0 0 :::80 :::*
LISTEN 5464/httpd
tcp 0 0 :::6000 :::*
LISTEN 3958/X
tcp 0 0 ::1:953 :::*
LISTEN 2639/named
tcp 0 0 :::443 :::*
LISTEN 5464/httpd
Not sure what all this means. Hope someone can.
Thanks!!
Eddie
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list