[CentOS] Access Problem after update to CentOS 7.1

Fri Apr 10 11:33:27 UTC 2015
Johnny Hughes <johnny at centos.org>

On 04/04/2015 04:47 PM, Gregory P. Ennis wrote:
> Everyone,
> 
> This morning I did a manual yum update on our a mail server to 7.1
> without any incident or problems.  A new kernel was installed, and I
> rebooted after the update.  
> 
> When I rebooted the machine I could not gain ssh access to it from an
> external ip address.  I was able to ssh to this mail server through a
> different machine on the local network.  
> 
> At first I thought the problem was related to the firewall.  I stopped
> firewalld, and fail2ban, and clear all firewall rules without being able
> to gain access.
> 
> I disabled firewalld, and fail2ban.  I enabled iptables and started it
> without a problem, but I could still not gain access.  I removed all
> entries in the host.allow and host.deny files, and this did not make a
> difference either.  
> 
> On one of the various reboots I tried to use the previous kernel before
> today's update, but there was no success.
> 
> I can scan the mail server and reach it without a problem from the
> internal network but I am not able to reach it from outside the local
> network.  I have the mail server behind a Centso 5.11 machine that is
> the gateway router for the internal network, and the mail server is nat
> addressed with it's external ip address to the internal machine.  I have
> had this configuration set up for over 7 years.  I tweaked the Gateway
> router to nat address the mail server's ip address to a different
> machine inside the network and everything worked perfectly like it
> should, and then re-adjusted the gateway router again back to the mail
> server and am not able to gain access from outside the local network.
> 
> "traceroute" does not get to the mail server from outside the local
> network, but works fine inside the local network.
> 
> Bottom line, this does not look like a host.deny, host.allow problem,
> nor does it look like a firewalld or iptables problem.  And it does not
> appear to be a problem with the gateway server.  
> 
> Is there another feature of CentOs 7.1 that I need to evaluate?  Has
> anyone else had this problem after the 7.1 update?
> 
> Thank you for your help!!!!
> 
> Greg Ennis

Greg, do you have access to a console for that machine .. the mechanism
in RHEL (and therefore CentOS) to accept licenses changed from 7.0 to
7.1 .. before it was all firstboot, now it is a combination of firstboot
and initial-setup.

What may be happening is that you may need to be on the console and
accept the license on the first reboot after the update.

We tried to turn this off for CLI only installs, but in some
combinations of software, you may still get the acceptance screen and
have to complete it.

We know this is suboptimal, but it is exactly the same is in RHEL .. we
may try to remove these from CLI only machines in the future.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150410/3d5db6b3/attachment-0005.sig>