On Fri, 2015-04-10 at 16:47 -0500, Greg Ennis wrote: > On 04/04/2015 04:47 PM, Gregory P. Ennis wrote: > > Everyone, > > > > This morning I did a manual yum update on our a mail server to 7.1 > > without any incident or problems. A new kernel was installed, and I > > rebooted after the update. > > > > When I rebooted the machine I could not gain ssh access to it from an > > external ip address. I was able to ssh to this mail server through a > > different machine on the local network. > > > > At first I thought the problem was related to the firewall. I stopped > > firewalld, and fail2ban, and clear all firewall rules without being able > > to gain access. > > > > I disabled firewalld, and fail2ban. I enabled iptables and started it > > without a problem, but I could still not gain access. I removed all > > entries in the host.allow and host.deny files, and this did not make a > > difference either. > > > > On one of the various reboots I tried to use the previous kernel before > > today's update, but there was no success. > > > > I can scan the mail server and reach it without a problem from the > > internal network but I am not able to reach it from outside the local > > network. I have the mail server behind a Centso 5.11 machine that is > > the gateway router for the internal network, and the mail server is nat > > addressed with it's external ip address to the internal machine. I have > > had this configuration set up for over 7 years. I tweaked the Gateway > > router to nat address the mail server's ip address to a different > > machine inside the network and everything worked perfectly like it > > should, and then re-adjusted the gateway router again back to the mail > > server and am not able to gain access from outside the local network. > > > > "traceroute" does not get to the mail server from outside the local > > network, but works fine inside the local network. > > > > Bottom line, this does not look like a host.deny, host.allow problem, > > nor does it look like a firewalld or iptables problem. And it does not > > appear to be a problem with the gateway server. > > > > Is there another feature of CentOs 7.1 that I need to evaluate? Has > > anyone else had this problem after the 7.1 update? > > > > Thank you for your help!!!! > > > > Greg Ennis > > Greg, do you have access to a console for that machine .. the mechanism > in RHEL (and therefore CentOS) to accept licenses changed from 7.0 to > 7.1 .. before it was all firstboot, now it is a combination of firstboot > and initial-setup. > > What may be happening is that you may need to be on the console and > accept the license on the first reboot after the update. > > We tried to turn this off for CLI only installs, but in some > combinations of software, you may still get the acceptance screen and > have to complete it. > > We know this is suboptimal, but it is exactly the same is in RHEL .. we > may try to remove these from CLI only machines in the future. > > ---------------------------------------------------------------- > > Johnny, > > It is about 30 miles away from my location today. I did take a look at > the console when the problem first started, but could not log in because > of the 7.1 problem related to multiple users on the log in screen > without the ability to scroll through the users. I switched to a > terminal interface to try to solve the problem, and did not try to log > in via the gui. > > I'll take a look latter tonight to see if that will make a difference. > > Thanks, > > Greg > > Johnny, When I got to the machine, I still could not log in via the gui because of the known bug with the 7.1 login screen's inability to scroll multiple users. After logging in via a terminal interface and running 'initial-setup' I found that you were correct about not having the license agreed to. However, after agreeing to the license, it did not change any of the problems I have had with the second nic card. For now, I have just turned off the nic card and have routed everything on the network through the main card. I have a couple of other ideas I am going to try when I get the time. When I converted to 7.1 from 7.0 I just did a yum update from a remote connection, and was never prompted to accept the new license agreement. Greg