On Sat, 2015-04-04 at 16:47 -0500, Gregory P. Ennis wrote: > Everyone, > > This morning I did a manual yum update on our a mail server to 7.1 > without any incident or problems. A new kernel was installed, and I > rebooted after the update. > > When I rebooted the machine I could not gain ssh access to it from an > external ip address. I was able to ssh to this mail server through a > different machine on the local network. > > At first I thought the problem was related to the firewall. I stopped > firewalld, and fail2ban, and clear all firewall rules without being able > to gain access. > > I disabled firewalld, and fail2ban. I enabled iptables and started it > without a problem, but I could still not gain access. I removed all > entries in the host.allow and host.deny files, and this did not make a > difference either. > > On one of the various reboots I tried to use the previous kernel before > today's update, but there was no success. > > I can scan the mail server and reach it without a problem from the > internal network but I am not able to reach it from outside the local > network. I have the mail server behind a Centso 5.11 machine that is > the gateway router for the internal network, and the mail server is nat > addressed with it's external ip address to the internal machine. I have > had this configuration set up for over 7 years. I tweaked the Gateway > router to nat address the mail server's ip address to a different > machine inside the network and everything worked perfectly like it > should, and then re-adjusted the gateway router again back to the mail > server and am not able to gain access from outside the local network. > > "traceroute" does not get to the mail server from outside the local > network, but works fine inside the local network. > > Bottom line, this does not look like a host.deny, host.allow problem, > nor does it look like a firewalld or iptables problem. And it does not > appear to be a problem with the gateway server. > > Is there another feature of CentOs 7.1 that I need to evaluate? Has > anyone else had this problem after the 7.1 update? > > Thank you for your help!!!! > > Greg Ennis > ----------------------------------------------------------------------- I am still having difficulty with this problem. Everything worked perfectly until the upgrade from 7.0 to 7.1. I attempted to use wireshark and tcpdump to analyze the packets but I do not have sufficient experience with these tools to be helpful yet. The mail server works fine with local network access, but intermittently blocks access from eternal ip addresses. Is there a way to back down 7.1 to 7.0. When I get to the mail server by using one of the local machines to ssh in to the mail server, I am able to perform any outbound function from the mail server. Greg