Cant connect to Centos7 server with working internet - Cant ping, ssh, etc

Question

Current Setup

I am working on a fresh install of centos 7 from a minimal iso file that was installed through a bootable usb.

The computer is an old apple machine that has run centos 7 before without problems.

The machine has 1 account, named 'mas'.

Problem

I can't access port 80 or 22 from outside the machine.

Situation

The machine doesn't seem to accept any incoming connections. Ping doesn't respond, ssh is left unanswered.
When sshing into server, [/var/log/messages,/var/log/audit/audit.log] are both left untouched, regardless of account.
Firewalld does have startup warnings, but they are all related to ipv6.
All connections to the local server through localhost connect without a problem
Selinux enforcing is not the problem - the behavior is the same when enforcing is permissive.

Example :

curl "localhost" -- Receive default Centos page.
ssh mas@localhost -- Continues to ask for password, works after.

The above behavior is the same for 127.0.0.1.

## Edits ##

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 10:9a:dd:49:14:28 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.106/24 brd 192.168.0.255 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::1408:ba9e:471c:e2c8/64 scope link 
       valid_lft forever preferred_lft forever


ip r
    default via 192.168.0.1 dev enp3s0 proto static metric 100 
    192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.106 metric 100 

iptables-save
    [blank]

telnet -nlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1056/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1334/master         
tcp6       0      0 :::22                   :::*                    LISTEN      1056/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1334/master         
udp        0      0 0.0.0.0:11000           0.0.0.0:*                           865/dhclient        
udp        0      0 0.0.0.0:68              0.0.0.0:*                           865/dhclient        
udp        0      0 127.0.0.1:323           0.0.0.0:*                           729/chronyd         
udp6       0      0 :::55079                :::*                                865/dhclient        
udp6       0      0 ::1:323                 :::*                                729/chronyd         
raw6       0      0 :::58                   :::*                    7           744/NetworkManager  
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     19789    1334/master          private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     19792    1334/master          private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     19795    1334/master          private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     19798    1334/master          private/defer
unix  2      [ ACC ]     STREAM     LISTENING     19801    1334/master          private/trace
unix  2      [ ACC ]     STREAM     LISTENING     19807    1334/master          public/flush
unix  2      [ ACC ]     STREAM     LISTENING     19804    1334/master          private/verify
unix  2      [ ACC ]     STREAM     LISTENING     19230    1334/master          private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     19233    1334/master          private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     19236    1334/master          private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     19239    1334/master          private/relay
unix  2      [ ACC ]     STREAM     LISTENING     19245    1334/master          private/error
unix  2      [ ACC ]     STREAM     LISTENING     19248    1334/master          private/retry
unix  2      [ ACC ]     STREAM     LISTENING     19251    1334/master          private/discard
unix  2      [ ACC ]     STREAM     LISTENING     11827    1/systemd            /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     19254    1334/master          private/local
unix  2      [ ACC ]     STREAM     LISTENING     19257    1334/master          private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     19260    1334/master          private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     19263    1334/master          private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     19266    1334/master          private/scache
unix  2      [ ACC ]     STREAM     LISTENING     12608    1/systemd            /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     19242    1334/master          public/showq
unix  2      [ ACC ]     STREAM     LISTENING     18006    744/NetworkManager   /var/run/NetworkManager/private-dhcp
unix  2      [ ACC ]     STREAM     LISTENING     12415    1/systemd            /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     19778    1334/master          public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     19782    1334/master          public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     19785    1334/master          public/qmgr
unix  2      [ ACC ]     SEQPACKET  LISTENING     12461    1/systemd            /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     7111     1/systemd            /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     14320    1/systemd            /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     14323    1/systemd            /var/run/pcscd/pcscd.comm

Edit2

firewall-cmd --state
running

firewall-cmd --list-all
drop (active)
  target: DROP
  icmp-block-inversion: no
  interfaces: enp3s0
  sources: 
  services: 
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

is the default gateway set properly ? Can you post output of : ip a, ip r, iptables-save ? You can change the relevant IP's if you like, just leave the logic of them intact. — bocian85, Sep 19 '17 at 21:30
those settings look OK, can you post netstat -nlp ? This will show listetning port and applications. If that will also look OK then i blame SELinux configuration. — bocian85, Sep 19 '17 at 22:00
Even though setting enforce to permissive doesn't change the situation? — DeadMansMarch, Sep 19 '17 at 22:02
If the services listen on 0.0.0.0 and not 127.0.0.1 then yes, that would be my guess, because I don't see anything else wrong here. Have you tried telnet 192.168.0.106 22 telnet 192.168.0.106 80 from another machine in 192.168.0.0/24 subnet ? — bocian85, Sep 19 '17 at 22:04
Is the internet working the other direction ? Does this machine have working network ? It may also be hardware related problem with networking (high packet loss, duplicate IP address / broken network cable/ faulty switch) — bocian85, Sep 19 '17 at 22:13
This machine has worked over the internet before, and I am sure that the machine has a working outward connection. The outputs of those commands were sent out over the network to my current computer. — DeadMansMarch, Sep 19 '17 at 22:24
Well then all you have left is some semanage voodoo, or a reboot ;) — bocian85, Sep 19 '17 at 22:31
Post the rules applied to it : firewall-cmd --list-all, and stop firewalld and test ssh/http again systemctl stop firewalld — krisFR, Sep 19 '17 at 23:11

krisFR · Accepted Answer · 2017-09-20T00:33:01.120

2

The default firewall on CentOS 7 is not iptables but firewalld.

iptables is disabled but firewalld is active.

You can disable firewalld completely :

systemctl stop firewalld
systemctl disable firewalld

Or you can add allow rules for your services :

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --reload

-- Edit for setting up firewalld

firewall-cmd --get-active-zones
firewall-cmd --get-zone-of-interface=enp3s0

You can define the zone editing /etc/sysconfig/network-scripts/ifcfg-enp3s0

ZONE=public

Associate the zone to your network interface :

firewall-cmd --zone=public --add-interface=enp3s0

edited Sep 20 '17 at 00:33

answered Sep 19 '17 at 23:50

krisFR

13,500

Both of those ports gave me an "already enabled" warning. – DeadMansMarch Sep 19 '17 at 23:53
Sorry but i don't understand where you are now : is it working with firewalld disabled ? – krisFR Sep 19 '17 at 23:56
Yes - working 100% with firewalld disabled, but with firewalld it doesn't. I had added the ports into firewalld before so assumed it wasn't a problem. I was wrong. – DeadMansMarch Sep 19 '17 at 23:59
I've done an edit about setting up firewalld – krisFR Sep 20 '17 at 00:06
It was set to zone=drop, it was literally killing all inward connections. Thanks! – DeadMansMarch Sep 20 '17 at 00:20
1

zone=drop is pretty much to give explanation ! you are welcome ! – krisFR Sep 20 '17 at 00:22

Cant connect to Centos7 server with working internet - Cant ping, ssh, etc

Current Setup

Problem

Situation

Edit2

1 Answers1