LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-12-2011, 10:35 AM   #1
Jan-Ivar
Member
 
Registered: Jul 2011
Posts: 32

Rep: Reputation: Disabled
Firewall trouble in CentOs


I've set up my server with CentOS 5.6 and the installation seems to be successful. But when I run the command "yum update" I get errors. I have set the firewall in CentOS to allow all traffic, but this does not help. I have also tried to turn on the firewall and set it to allow all traffic, but this does not help either. Is there anyone who has had similar problems that can come with some good advice? I use PuTTY to communicate with the server, so I have contact with the servers on my local network.

Jan Ivar
 
Old 07-12-2011, 10:37 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,397

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
you could start by telling us what the errors are. We aren't psychic. And seeing as you mentioned firewalls, you shoudl show us the rulebase you've created to hopefully enable all traffic.
 
Old 07-12-2011, 10:59 AM   #3
Jan-Ivar
Member
 
Registered: Jul 2011
Posts: 32

Original Poster
Rep: Reputation: Disabled
this is what comes up when I run the command yum update

[root@localhost ~]# yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?releas...h=i386&repo=os error was
[Errno 4] IOError: <urlopen error (-3, 'Midlertidig feil i navneoppslag')>
Error: Cannot find a valid baseurl for repo: base
[root@localhost ~]#

system-config-securitylevel
so it appears in the firewall

devices we trust:[*] eth0 t
MASQUERADE Devices:[*] eth0

[*] SSH[*] Telnet[*] FTP
allow incoming:[*] WWW (HTTP)[*] Samba[*] E-post (SMTP)
[*] Sikker WWW (HTTPS)[*] NFS4
other ports _________________________

I do not know what else you would know

Last edited by Jan-Ivar; 07-12-2011 at 11:00 AM.
 
Old 07-12-2011, 11:29 AM   #4
Jan-Ivar
Member
 
Registered: Jul 2011
Posts: 32

Original Poster
Rep: Reputation: Disabled
Maybe this could help, this is the iptable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:t elnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n etbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:m icrosoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n fs
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
 
Old 07-12-2011, 01:39 PM   #5
sandwormusmc
Member
 
Registered: Nov 2006
Distribution: Fedora 15 x86_64
Posts: 75

Rep: Reputation: 24
Quote:
Originally Posted by Jan-Ivar View Post
Maybe this could help, this is the iptable
This doesn't seem to be an iptables issue ... try turning off iptables with a "service iptables stop" as root, then try the update command again. I'm 99.9% sure it will still happen. IP Tables does not block outbound connections by default for anything (you can see this by looking at the OUTPUT chain, which has no rules).

Also, what does 'Midlertidig feil i navneoppslag' mean? It looks like a connection error but would be helpful if you translate to English for us non-Nordic types.

Can you open a web browser (or wget if CLI only) and view http://mirrorlist.centos.org/?releas...h=i386&repo=os from the Linux system? If not, you have a network issue that needs to be fixed first ...
 
Old 07-12-2011, 08:32 PM   #6
Jan-Ivar
Member
 
Registered: Jul 2011
Posts: 32

Original Poster
Rep: Reputation: Disabled
Midlertidig feil i navneoppslag = Temporary failure in name resolution

[root@localhost ~]# wget http://mirrorlist.centos.org/?releas...h=i386&repo=os
[1] 12980
[2] 12981
[root@localhost ~]# --2011-07-13 03:31:05-- http://mirrorlist.centos.org/?release=5
Resolving mirrorlist.centos.org... failed: Midlertidig feil i navneoppslag.
wget: unable to resolve host address `mirrorlist.centos.org'

Last edited by Jan-Ivar; 07-12-2011 at 08:33 PM.
 
Old 07-12-2011, 08:36 PM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Well, it says 'Temporary ..', so try to check/connect in different ways eg ping, nslookup, wget (as above).
It may well be back up by now
 
Old 07-13-2011, 08:27 AM   #8
sandwormusmc
Member
 
Registered: Nov 2006
Distribution: Fedora 15 x86_64
Posts: 75

Rep: Reputation: 24
Quote:
Originally Posted by Jan-Ivar View Post
Midlertidig feil i navneoppslag = Temporary failure in name resolution

[root@localhost ~]# wget http://mirrorlist.centos.org/?releas...h=i386&repo=os
[1] 12980
[2] 12981
[root@localhost ~]# --2011-07-13 03:31:05-- http://mirrorlist.centos.org/?release=5
Resolving mirrorlist.centos.org... failed: Midlertidig feil i navneoppslag.
wget: unable to resolve host address `mirrorlist.centos.org'
Try a traceroute and nslookup of that address ... seems like you are having issues getting to mirrorlist.centos.org, maybe through no fault of your own (temporarily down).

Also, be careful when you have ampersands (&) in URLs, the shell will put half of the command in the background, so you need to enclose the URL in single quotes (') to make sure wget parses the URL correctly.
 
Old 07-13-2011, 11:07 AM   #9
brian-ocs
LQ Newbie
 
Registered: Jul 2011
Location: San Diego, CA
Distribution: CentOS 6, Linux Mint Debian Edition
Posts: 18

Rep: Reputation: 1
Jan-Ivar,

The last line of the error suggests that there may be an issue with your repository definitions:
Quote:
Error: Cannot find a valid baseurl for repo: base
Can you post the contents of any files in the /yum/repos.d/ directory?

If you can reach the URL by other means, this is most likely the issue.

__________
www.OneCourseSource.com

Last edited by brian-ocs; 07-13-2011 at 02:30 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CentOS 5.3 Firewall/Protection dstu Linux - Security 5 10-29-2009 09:56 PM
Centos Firewall...needed if already behind a firewall? JohnRock Linux - Networking 7 05-22-2009 02:49 PM
CentOS Firewall issue. vasco.debian Linux - Security 4 02-23-2009 11:48 PM
centos - firewall up - ftp no permissions sir-lancealot! Linux - Security 7 08-31-2006 04:40 PM
CentOS 4.3 Outside of Firewall msound Linux - Security 1 08-22-2006 07:58 PM


All times are GMT -5. The time now is 09:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration