Network is broken somehow

General support questions
Post Reply
FaisalAsif
Posts: 2
Joined: 2019/07/18 08:14:22

Network is broken somehow

Post by FaisalAsif » 2019/07/18 09:04:28

well it all started from the night before when i wanted to update mysql and i typed

Code: Select all

[root@log]# yum update  maria*
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#7 - "Failed connect to mirrorlist.centos.org:80; Operation now in progress"

 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: base/7/x86_64
It was very strange because just the night before i had updated multiple libraries and everything worked perfectly ok

so i tried downloading the file itself

Code: Select all

[root@~]# wget https://Mysql.com/predownload.html?spV=true&f=Marialinux-x64-10.3.1.tar.gz
[1] 617
[root@~]# --2019-07-17 13:36:02--  https://mysql.com/predownload.html?spV=true&f=Marialinux-x64-10.3.1.tar.gz
Resolving mysql.com (mysql.com)... 50.135.104.99
Connecting to mysql.com (mysql.com)|50.135.104.99|:443... failed: Connection timed out.
Retrying.

--2019-07-17 13:38:15--  (try: 2)  https://mysql.com/predownload.html?spV=true&f=Marialinux-x64-10.3.1.tar.gz
Connecting to mysql.com (mysql.com)|50.135.104.99|:443... failed: Connection timed out.
Retrying.

wget doesnt seem to get the file and it retries infinitely

then i tried to ping the host, the host name does resolve but ping has a 100% loss

then i tried curl to access the page .. same result it holds indefinitely and doesnt get the page

then i tried Ping again this time the host did resolve but it brought down my BIND DNS on looking at the logs i found out the following

all outgoing messages in my postfix Mail Queue are stuck because my server cannot talk to the outgoing relay hosts

but strangely enough all websites hosted are working perfectly ok, and all pages are getting served on remote client requests.

when i check the status of my network i get this

Code: Select all


[root@ ~]# systemctl status network.service -l
● network.service - LSB: Bring up/down networking
   Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
   Active: active (exited) since Wed 2019-07-17 15:26:19 MST; 8s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 6889 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
  Process: 7058 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)

Jul 17 15:26:19 s.secureserver.net systemd[1]: Starting LSB: Bring up/down networking...
Jul 17 15:26:19 s.secureserver.net network[7058]: Bringing up loopback interface:  [  OK  ]
Jul 17 15:26:19 s.secureserver.net network[7058]: Bringing up interface eth0:  Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Jul 17 15:26:19 s.secureserver.net network[7058]: [  OK  ]
Jul 17 15:26:19 s.secureserver.net systemd[1]: Started LSB: Bring up/down networking.


My ifconfig returns this

Code: Select all

[root@s7 scaled]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.217.4.24  netmask 255.255.252.0  broadcast 10.217.7.255
        inet6 fe80::f816:3eff:febd:3756  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:bd:37:56  txqueuelen 1000  (Ethernet)
        RX packets 4616708  bytes 323450910 (308.4 MiB)
        RX errors 0  dropped 795  overruns 0  frame 0
        TX packets 2610097  bytes 5708069119 (5.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 64.22.15.137  netmask 255.255.255.255  broadcast 64.22.15.137
        ether fa:16:3e:bb:37:66  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 157020  bytes 22856473 (21.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 157020  bytes 22856473 (21.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


can some one help

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Network is broken somehow

Post by TrevorH » 2019/07/18 13:56:39

What's the output from iptables-save run as root?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

FaisalAsif
Posts: 2
Joined: 2019/07/18 08:14:22

Re: Network is broken somehow

Post by FaisalAsif » 2019/07/18 17:20:39

[root@s ed]# iptables-save
# Generated by iptables-save v1.4.21 on Thu Jul 18 10:10:09 2019
*nat
:PREROUTING ACCEPT [114669:14012150]
:INPUT ACCEPT [51196:3363386]
:OUTPUT ACCEPT [62027:4691789]
:POSTROUTING ACCEPT [62027:4691789]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eth0 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Thu Jul 18 10:10:09 2019
# Generated by iptables-save v1.4.21 on Thu Jul 18 10:10:09 2019
*mangle
:PREROUTING ACCEPT [1853800:104283377]
:INPUT ACCEPT [1803507:94513295]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1359666:3149727227]
:POSTROUTING ACCEPT [1359666:3149727227]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Thu Jul 18 10:10:09 2019
# Generated by iptables-save v1.4.21 on Thu Jul 18 10:10:09 2019
*security
:INPUT ACCEPT [4382380:242541912]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3346703:7364131102]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Thu Jul 18 10:10:09 2019
# Generated by iptables-save v1.4.21 on Thu Jul 18 10:10:09 2019
*raw
:PREROUTING ACCEPT [1853800:104283377]
:OUTPUT ACCEPT [1359666:3149727227]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Thu Jul 18 10:10:09 2019
# Generated by iptables-save v1.4.21 on Thu Jul 18 10:10:09 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1359666:3149727227]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth0 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eth0 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eth0 -g IN_public
-A INPUT_ZONES -g IN_public
-A INPUT_direct -p tcp -m multiport --dports 22 -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable
-A INPUT_direct -p tcp -m multiport --dports 10000 -m set --match-set fail2ban-w ebmin-auth src -j REJECT --reject-with icmp-port-unreachable
-A INPUT_direct -p tcp -m multiport --dports 21,20,990,989 -m set --match-set fa il2ban-proftpd src -j REJECT --reject-with icmp-port-unreachable
-A INPUT_direct -p tcp -m multiport --dports 25,465,587 -m set --match-set fail2 ban-postfix src -j REJECT --reject-with icmp-port-unreachable
-A INPUT_direct -p tcp -m multiport --dports 110,995,143,993,587,465,4190 -m set --match-set fail2ban-dovecot src -j REJECT --reject-with icmp-port-unreachable
-A INPUT_direct -p tcp -m multiport --dports 25,465,587,220,993,110,995 -m set - -match-set fail2ban-postfix-sasl src -j REJECT --reject-with icmp-port-unreachab le
-A INPUT_direct -p tcp -m multiport --dports 22,115 -m set --match-set fail2ban- ssh-ddos src -j REJECT --reject-with icmp-port-unreachable
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 465 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 110 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 995 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 143 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 993 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 587 -m conntrack --ctstate NEW -j ACCEP T
-A IN_public_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 2222 -m conntrack --ctstate NEW -j ACCE PT
-A IN_public_allow -p tcp -m tcp --dport 10000:10100 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 20000 -m conntrack --ctstate NEW -j ACC EPT
-A IN_public_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW - j ACCEPT
-A IN_public_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Thu Jul 18 10:10:09 2019

Post Reply