CentOS 6.8 dropping all connections

Issues related to configuring your network
Post Reply
alfie13
Posts: 5
Joined: 2018/06/05 04:49:03

CentOS 6.8 dropping all connections

Post by alfie13 » 2018/06/05 04:51:55

Hi,

I have a CentOS 6.8 (Final) server (on Production). How can I allow the incoming connections from a different private subnet? Currently, it is accessible on the same network (10.0.6.x). Below is my IPTABLES, but currently it is not working as expected.

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.6.104/32 -i bond0 -j ACCEPT
-A INPUT -s 192.168.6.1/32 -i bond0 -j ACCEPT
-A INPUT -i bond0 -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 21 -m comment --comment "ftp" -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -m comment --comment "ssh" -j ACCEPT
-A INPUT -s 10.8.0.0/24 -i eth0 -j ACCEPT
-A INPUT -s 10.10.200.0/24 -j ACCEPT
-A INPUT -s 10.23.101.0/24 -j ACCEPT
-A INPUT -s 10.8.0.0/24 -j ACCEPT
-A INPUT -s 10.0.6.0/24 -i eth0 -j ACCEPT
-A INPUT -s 10.10.100.0/24 -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 192.168.6.104/32 -o bond0 -j ACCEPT
-A OUTPUT -d 192.168.6.1/32 -o bond0 -j ACCEPT
-A OUTPUT -o bond0 -j DROP
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW -m owner --uid-owner root -m comment --comment "root" -j ACCEPT
-A OUTPUT -s 10.0.6.0/24 -o eth0 -j ACCEPT
-A OUTPUT -s 10.10.100.0/24 -o eth0 -j ACCEPT


Can you please help?

Regards,

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 6.8 dropping all connections

Post by TrevorH » 2018/06/05 08:34:28

-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.6.104/32 -i bond0 -j ACCEPT
-A INPUT -s 192.168.6.1/32 -i bond0 -j ACCEPT
-A INPUT -i bond0 -j DROP
So you allow anything from localhost and from those two specified ip addresses and then DROP everything else. At that point, all the rest of your INPUT rules are ignored.

You have the same sort of problem in the OUTPUT chain too.

Also, you need to yum update as 6.8 is ancient and missing important fixes. RHEL 6.10 is in beta upstream and 6.9 is the current version.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

alfie13
Posts: 5
Joined: 2018/06/05 04:49:03

Re: CentOS 6.8 dropping all connections

Post by alfie13 » 2018/06/05 08:53:09

Hi TrevorH,

bond0 is a different interface. We should access this server under this 10.0.6.X subnet range which is configured in eth0 interface. Is it affecting the remaining rules even though we dropped the connection coming from bond0 (192.168.6.x)?

Also, are there any files that control the traffic of incoming and outgoing connections?

Regards,

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 6.8 dropping all connections

Post by TrevorH » 2018/06/05 10:43:52

If you specify an interface then those rules should only apply to that interface.

What ip address are you coming from and via what interface for the things you have problems with?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: CentOS 6.8 dropping all connections

Post by tunk » 2018/06/05 11:16:36

Does it work if you (temporarely) switch off the firewall?
If not, could it be a problem with your router setup?

alfie13
Posts: 5
Joined: 2018/06/05 04:49:03

Re: CentOS 6.8 dropping all connections

Post by alfie13 » 2018/06/06 00:38:42

Hi TrevorH,

Please see my update below:

What ip address are you coming from and via what interface for the things you have problems with?
- I tried to access the server using 10.10.100.0/24, 10.10.200.0/24, 10.8.0.0/24 and 10.23.101.0/24. The interface that is having the issue is eth0 (10.0.6.0/24).

Hi Tunk,

Does it work if you (temporarely) switch off the firewall?
- I already did this but I got the same issue.
If not, could it be a problem with your router setup?
- I don't think so. Since this is the only server that I can't access when I'm on the 10.10.100.0/24, 10.10.200.0/24, 10.8.0.0/24 and 10.23.101.0/24 subnet range. So this server is blocking the traffic.

Regards,

alfie13
Posts: 5
Joined: 2018/06/05 04:49:03

Re: CentOS 6.8 dropping all connections

Post by alfie13 » 2018/06/06 07:34:09

Hi Again,

I tried to flush the iptables, but after that, every connection on this server got disconnected. Before I flush it, here are things that I did:

1. iptables -save > iptable.rule

I tried to restore it using iptables-restore > iptable.rule, but still failing. Anything I missed?

Regards,

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: CentOS 6.8 dropping all connections

Post by tunk » 2018/06/06 10:15:29

Is there a typo in iptables-restore, or should it have been: iptables-restore < iptable.rule
It works on the subnet, but does not work from other subnets when the firewall is off:
To me this suggests that the problem lies outside the server.
I have no experience with enterprise routers, but I got the impression that they are very configurable:
Could there be some setting on the router port that blocks it?

alfie13
Posts: 5
Joined: 2018/06/05 04:49:03

Re: CentOS 6.8 dropping all connections

Post by alfie13 » 2018/06/08 00:37:44

Hi Guys,

I already resolved the issue. I just added a gateway on my interface eth0 and restarted the network service.

Thanks all!

Post Reply