[TriLUG] New CentOS 7 system headaches (ping & dnsmasq)

Brian via TriLUG trilug at trilug.org
Mon Dec 19 16:22:19 EST 2016 

Hi y'all,

Thinking my server/router had been compromised over the weekend, I 
rebuilt it with CentOS 7.  It was due, anyway; it was still running 
CentOS 5...

Anyhow, I'm still tinkering, but there are two issues that I just can't 
seem to figure out at the moment.  Here's some salient info:

SELinux is disabled
firewalld is disabled in favor of iptables-services (for the time being)

There is a rule to ACCEPT all inbound traffic from the private 
(10.55.46.0/24) interface.  From iptables-save output:

	-A INPUT -j my_firewall
	-A my_firewall -i enp7s0 -j ACCEPT

dnsmasq is running and listening.  From netstat output:

	tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3624/dnsmasq
         udp 0 0 0.0.0.0:53 0.0.0.0:* 3624/dnsmasq
	udp 0 0 0.0.0.0:67 0.0.0.0:* 3624/dnsmasq

There is also a firewall rule allowing all ICMP packets.

	-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

Here are the symptoms:
- I can't ping in or out on the internal interface:
blueman$ ping 10.55.46.80
PING 10.55.46.80 (10.55.46.80) 56(84) bytes of data.
^C
--- 10.55.46.80 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

undecidedgames$ ping 10.55.46.125
PING 10.55.46.125 (10.55.46.125) 56(84) bytes of data.
^C
--- 10.55.46.125 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

(yes the addresses are correct)

- Hosts on the network get no response from dnsmasq:
blueman$ dig @10.55.46.80 undecidedgames.net A

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @10.55.46.80 +trace 
undecidedgames.net A
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

- But on the server, dnsmasq answers:
undecidedgames$ dig @localhost undecidedgames.net A
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> @localhost undecidedgames.net A
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57084
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;undecidedgames.net.            IN      A

;; ANSWER SECTION:
undecidedgames.net.     0       IN      A       10.55.46.80

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Dec 19 16:16:21 EST 2016
;; MSG SIZE  rcvd: 52


So far, everything else seems to be working.  DHCP works.  httpd works.

Oh, well, I take that back; webmin stopped working (browser never 
connects, though it did work for a while)

I'm not really sure where to start troubleshooting these...all tips and 
pointers will be greatly appreciated!

Thanks,
-Brian

More information about the TriLUG mailing list