Firewall de rede no CentOS, o host não pode ser resolvido?

Question

Firewall de rede no CentOS, o host não pode ser resolvido?

#1 resposta do (1 votos)

0

Eu tenho uma máquina centos e estou tentando instalar algumas dependências usando yum . Quando faço isso, recebo uma mensagem dizendo que o host não pode ser resolvido. Foi-me dito que a pessoa anterior que usou a máquina implantou um firewall muito restritivo nela. Eu tentei o serviço iptables parar, mas ainda estou tendo esse problema. Que outros firewalls poderiam estar me impedindo de se comunicar com outros hosts?

O firewall é configurado de uma forma que eu só posso ssh na máquina através de uma máquina específica em um determinado laboratório.

Erro:

sudo yum install perl-XML-Simple
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: centos.mirror.ndchost.com
 * extras: centosmirror.quintex.com
 * updates: centos.aol.com
http://centos.mirror.ndchost.com/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
http://centosmirror.quintex.com/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centosmirror.quintex.com'"
Trying other mirror.
http://mirror.beyondhosting.net/CentOS/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.beyondhosting.net'"
Trying other mirror.
http://mirror.compevo.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.compevo.com'"
Trying other mirror.
http://mirror.kentdigital.net/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.kentdigital.net'"
Trying other mirror.
http://mirror.wiredtree.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.wiredtree.com'"
Trying other mirror.
http://mirrors.adams.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.adams.net'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.rit.edu/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.rit.edu'"
Trying other mirror.
http://mirrors.sonic.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sonic.net'"
Trying other mirror.
http://mirrors.syringanetworks.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.syringanetworks.net'"
Trying other mirror.
http://centos.aol.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.aol.com'"
Trying other mirror.
http://centos.eecs.wsu.edu/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.eecs.wsu.edu'"
Trying other mirror.
http://centos.host-engine.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.host-engine.com'"
Trying other mirror.
http://mirror.cisp.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cisp.com'"
Trying other mirror.
http://mirror.linux.duke.edu/pub/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.linux.duke.edu'"
Trying other mirror.
http://mirror.tocici.com/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.tocici.com'"
Trying other mirror.
http://mirrors.liquidweb.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.liquidweb.com'"
Trying other mirror.
http://mirrors.seas.harvard.edu/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.seas.harvard.edu'"
Trying other mirror.
ftp://ftp.wallawalla.edu/pub/mirrors/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.wallawalla.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package perl-XML-Simple.noarch 0:2.18-6.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================================
 Package                                                       Arch                                                 Version                                                  Repository                                          Size
======================================================================================================================================================================================================================================
Installing:
 perl-XML-Simple                                               noarch                                               2.18-6.el6                                               base                                                72 k

Transaction Summary
======================================================================================================================================================================================================================================
Install       1 Package(s)

Total download size: 72 k
Installed size: 155 k
Is this ok [y/N]: y
Downloading Packages:
http://centos.mirror.ndchost.com/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.


Error Downloading Packages:
  perl-XML-Simple-2.18-6.el6.noarch: failure: Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm from base: [Errno 256] No more mirrors to try.

Esta é a saída do iptables quando o firewall está ligado. Mas ao usar o yum eu tinha feito service iptables stop

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
    8   560 ACCEPT     all  --  *      *       128.46.76.110        0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       128.0.0.0/8          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       127.0.0.0/8          127.0.0.0/8         
    5   480 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    7   420 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 18 packets, 1788 bytes)
 pkts bytes target     prot opt in     out     source               destination

Quando o firewall estava desligado, era:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

/etc/resolv.conf

# Generated by NetworkManager
search ecn.xxx.purdue.edu

# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com

networking iptables firewall centos

por AndroidDev93 03.12.2014 / 16:23

1 resposta

Tags networking iptables firewall centos

definições de termos não encontradas ajuda do arquivo / etc / sudoers ao dar acesso a todos os comandos no UNIX

score 1 · Answer 1

Não há regras de OUTPUT de firewall e a política OUTPUT padrão é ACCEPT, por isso nada impede que uma consulta DNS seja exibida.

Além disso, não há regras de INPUT de firewall que bloqueiem especificamente as respostas de DNS antes da regra state RELATED,ESTABLISHED que aceitará as respostas recebidas para todas as conexões de saída e quaisquer outras mensagens relacionadas às conexões de saída. / p>

As regras FORWARD seriam aplicáveis somente se esse sistema estivesse agindo como um roteador ou um host de virtualização. Quaisquer máquinas virtuais em execução neste host terão permissão para conexões de saída somente se o endereço IP da VM estiver na rede 192.168.122.0/24. Além disso, parece não haver restrições específicas para conectividade de DNS para VMs.

O problema parece ser que o sistema não tem servidores de nomes DNS configurados neste momento. Você poderia corrigir isso adicionando uma linha DNS1=<nameserver IP address> no arquivo /etc/sysconfig/network-scripts/ifcfg-* correspondente à sua interface de rede de saída ou adicionando diretamente um arquivo nameserver <nameserver IP address> line to /etc/resolv.conf , como sugerido por jofel em seu comentário.

Se você adicionar o (s) endereço (s) do servidor de nomes ao arquivo ifcfg-* , provavelmente será necessário desativar & reative sua interface de rede para que a alteração entre em vigor ou apenas reinicialize. Se você editar /etc/resolv.conf diretamente, a alteração entrará em vigor assim que você salvar o arquivo.