yum update caused weird network problems

derzok · #1 19th November 2007, 08:40 PM

So I installed Fedora Core 6 a while ago on my server. I have a decently static IP so I have a domain name for it. I recently did a

Code:

yum update

It took about an hour to download all the packages (a few hundred of them, actually). They all installed fine with no error messages. The only things to note were

Code:

Updating: pam [17/493]warning: /etc/pam.d/system-auth created as /etc/pam.d/system-auth.rpmnew
Updating: postfix [ 56/493]warning: /etc/postfix/main.cf created as /etc/postfix/main.cf.rpmnew
Updating: postfix [ 56/493]warning: /usr/lib/sasl2/smtpd.conf created as /usr/lib/sasl2/smtpd.conf.rpmnew
Updating: sendmail [116/493]warning: /etc/mail/sendmail.cf created as /etc/mail/sendmail.cf.rpmnew

None of those looked too crucial.

So now when I access my website via the url http://zoklet.net it won't load.

I assumed SELinux decided to **** with me again so I did a

Code:

setenforce 0

just to make sure. No luck. nmap says that all the ports are filtered. However when I run nmap on the box's lan IP it says all the necessary ports are open.

The server's local IP has not changed, my outside IP has not changed, and all the ports are still forwarded properly. I am thinking that it's got something to do with the upgrade, but I can't figure out what.

Bottom line:
The problem is that I can not access my server from inside OR outside the network using my IP address OR the domain name. My server address is http://69.135.212.19/ and nobody can see it. The ports are forwarded properly on all of my routers. Something is blocking my server. When I access the server with it's local IP: http://192.168.0.12/ it works fine.

Edit: I didn't look in the rules, but if there's a rule against posting IP addresses, I'll gladly remove mine.

stevea · #2 19th November 2007, 09:13 PM

So what does the network config look like at the moment. Look at "ip addr" and "ip route" and "cat /etc/resolv.conf"

derzok · #3 19th November 2007, 10:37 PM

Code:

[root@zoklet zok]# /sbin/ifconfig 
eth1      Link encap:Ethernet  HWaddr 00:E0:18:A2:6A:41  
          inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:18ff:fea2:6a41/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4817 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4001 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:524101 (511.8 KiB)  TX bytes:878481 (857.8 KiB)
          Interrupt:20 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2338 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2338 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2856472 (2.7 MiB)  TX bytes:2856472 (2.7 MiB)

[root@zoklet zok]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 65.24.7.3
nameserver 65.24.7.6

stevea · #4 19th November 2007, 11:47 PM

Not exactly what I asked for; ifconfig is deprecated, please learn "ip".

(repeat) "ip route" ?

Can you browse out ?
What does "iptables -L" report ?
What does "netstat -lntp" report ?
What does "nmap 127.0.0.1" report ?
--

FWIW I've got an FC6 server and I've had no recent problems. I assume you've tried re-booting.

derzok · #5 20th November 2007, 12:49 AM

The server is able to make outbound connections. I'm using it to run irssi right now. I also am able to browse the web with lynx. I assume other protocols work as well.

Code:

[root@zoklet ~]# ip route
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.12 
169.254.0.0/16 dev eth1  scope link 
default via 192.168.0.1 dev eth1

[root@zoklet ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

[root@zoklet ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      2511/hpiod          
tcp        0      0 192.168.0.12:2401           0.0.0.0:*                   LISTEN      2554/xinetd         
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      2666/mysqld         
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      2789/smbd           
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2292/portmap        
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      2567/vsftpd         
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2528/cupsd          
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      2789/smbd           
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      2516/python         
tcp        0      0 0.0.0.0:799                 0.0.0.0:*                   LISTEN      2313/rpc.statd      
tcp        0      0 :::993                      :::*                        LISTEN      2696/dovecot        
tcp        0      0 :::995                      :::*                        LISTEN      2696/dovecot        
tcp        0      0 :::110                      :::*                        LISTEN      2696/dovecot        
tcp        0      0 :::143                      :::*                        LISTEN      2696/dovecot        
tcp        0      0 :::80                       :::*                        LISTEN      2726/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      2542/sshd           
tcp        0      0 :::443                      :::*                        LISTEN      2726/httpd

[root@zoklet ~]# nmap 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-11-19 19:49 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1666 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
110/tcp  open  pop3
111/tcp  open  rpcbind
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
631/tcp  open  ipp
799/tcp  open  controlit
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.114 seconds

Also tried rebooting the server, router, and modem - still no luck.

stevea · #6 20th November 2007, 08:23 AM

Quote:

tcp 0 0 :::80 :::* LISTEN 2726/httpd

Well that looks good. Do you get a connection when you browse to http://127.0.0.1 or http://192.168.0.12 ?
If these both work then it points the finger at your router (or whatever sits between your system and the public IP).

You could try running wireshark while making an external connection - to see what packets appear.

best wishes

hiberphoptik · #7 20th November 2007, 08:29 AM

seems obvious but i didnt see you mention it above... check the linux's firewall config and make sure the firewall is off, then if it works you know it was the firewall, turn it back on and open the proper ports in the firewall

the router cant forward to the server if the server's software firewall (IP Tables) is blocking

might not be the firewall but i find that 9 times out of 10 its the firewall and 9 times out of 10 people say "the firewall is disabled" but then when they finally double check it... its enabled and blocking

derzok · #8 20th November 2007, 01:22 PM

What is the linux firewall executable called and how can I disable it from command line? The only info I found online told me how to access it through KDE's menus, but that doesn't help if you don't have a monitor, mouse, or keyboard.

Edit: I just ran "service --status-all" and found:

Code:

hpssd (pid 2516) is running...
httpd (pid 2780 2776 2775 2774 2773 2772 2771 2770 2726) is running...
Firewall is stopped.
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Particularly, the line that says "firewall is stopped" - still no luck. I'll be able to set up another server on the network in just a few hours - I will see what happens when I set that machine as the dmz. If it works, then we can eliminate the router/modem. I don't know why I didn't try that immediately.

derzok · #9 20th November 2007, 02:04 PM

Update: I just installed apache on a windows machine and set it as my router's DMZ. The apache test page showed when I went to both my IP and to my domain name. It's definitely a problem with the server, not the router or modem.

Edit: Oddly enough, when I switched DMZ back to my linux machine, it worked fine. I can now access my server from both the IP and domain name - though I'm not sure why... Thanks for all your help you guys! I wish we knew what happened :P