[CentOS] Access Problem after update to CentOS 7.1

Thu Apr 9 22:50:12 UTC 2015
Gregory P. Ennis <PoMec at PoMec.Net>

On Sat, 2015-04-04 at 16:47 -0500, Gregory P. Ennis wrote:
> Everyone,
> This morning I did a manual yum update on our a mail server to 7.1
> without any incident or problems.  A new kernel was installed, and I
> rebooted after the update.  
> When I rebooted the machine I could not gain ssh access to it from an
> external ip address.  I was able to ssh to this mail server through a
> different machine on the local network.  
> At first I thought the problem was related to the firewall.  I stopped
> firewalld, and fail2ban, and clear all firewall rules without being able
> to gain access.
> I disabled firewalld, and fail2ban.  I enabled iptables and started it
> without a problem, but I could still not gain access.  I removed all
> entries in the host.allow and host.deny files, and this did not make a
> difference either.  
> On one of the various reboots I tried to use the previous kernel before
> today's update, but there was no success.
> I can scan the mail server and reach it without a problem from the
> internal network but I am not able to reach it from outside the local
> network.  I have the mail server behind a Centso 5.11 machine that is
> the gateway router for the internal network, and the mail server is nat
> addressed with it's external ip address to the internal machine.  I have
> had this configuration set up for over 7 years.  I tweaked the Gateway
> router to nat address the mail server's ip address to a different
> machine inside the network and everything worked perfectly like it
> should, and then re-adjusted the gateway router again back to the mail
> server and am not able to gain access from outside the local network.
> "traceroute" does not get to the mail server from outside the local
> network, but works fine inside the local network.
> Bottom line, this does not look like a host.deny, host.allow problem,
> nor does it look like a firewalld or iptables problem.  And it does not
> appear to be a problem with the gateway server.  
> Is there another feature of CentOs 7.1 that I need to evaluate?  Has
> anyone else had this problem after the 7.1 update?
> Thank you for your help!!!!
> Greg Ennis


I am still having difficulty with this problem.  Everything worked
perfectly until the upgrade from 7.0 to 7.1.    I attempted to use
wireshark and tcpdump to analyze the packets but I do not have
sufficient experience with these tools to be helpful yet.

The mail server works fine with local network access, but intermittently
blocks access from eternal ip addresses.  Is there a way to back down
7.1 to 7.0.  When I get to the mail server by using one of the local
machines to ssh in to the mail server, I am able to perform any outbound
function from the mail server.