[SOLVED] Firewall trouble in CentOs

Jan-Ivar · 07-12-2011, 10:35 AM

I've set up my server with CentOS 5.6 and the installation seems to be successful. But when I run the command "yum update" I get errors. I have set the firewall in CentOS to allow all traffic, but this does not help. I have also tried to turn on the firewall and set it to allow all traffic, but this does not help either. Is there anyone who has had similar problems that can come with some good advice? I use PuTTY to communicate with the server, so I have contact with the servers on my local network.

Jan Ivar

acid_kewpie · 07-12-2011, 10:37 AM

you could start by telling us what the errors are. We aren't psychic. And seeing as you mentioned firewalls, you shoudl show us the rulebase you've created to hopefully enable all traffic.

Jan-Ivar · 07-12-2011, 10:59 AM

this is what comes up when I run the command yum update

[root@localhost ~]# yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?releas...h=i386&repo=os error was
[Errno 4] IOError: <urlopen error (-3, 'Midlertidig feil i navneoppslag')>
Error: Cannot find a valid baseurl for repo: base
[root@localhost ~]#

system-config-securitylevel
so it appears in the firewall

devices we trust:[*] eth0 â ââ t â
â MASQUERADE Devices:[*] eth0 â
â â
â[*] SSH[*] Telnet[*] FTP â
â allow incoming:[*] WWW (HTTP)[*] Samba[*] E-post (SMTP) â
â[*] Sikker WWW (HTTPS)[*] NFS4 â
â other ports _________________________ â
â
I do not know what else you would know

Jan-Ivar · 07-12-2011, 11:29 AM

Maybe this could help, this is the iptable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:t elnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n etbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:m icrosoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n fs
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

sandwormusmc · 07-12-2011, 01:39 PM

Quote:

Originally Posted by Jan-Ivar

Maybe this could help, this is the iptable

This doesn't seem to be an iptables issue ... try turning off iptables with a "service iptables stop" as root, then try the update command again. I'm 99.9% sure it will still happen. IP Tables does not block outbound connections by default for anything (you can see this by looking at the OUTPUT chain, which has no rules).

Also, what does 'Midlertidig feil i navneoppslag' mean? It looks like a connection error but would be helpful if you translate to English for us non-Nordic types.

Can you open a web browser (or wget if CLI only) and view http://mirrorlist.centos.org/?releas...h=i386&repo=os from the Linux system? If not, you have a network issue that needs to be fixed first ...

Jan-Ivar · 07-12-2011, 08:32 PM

Midlertidig feil i navneoppslag = Temporary failure in name resolution

[root@localhost ~]# wget http://mirrorlist.centos.org/?releas...h=i386&repo=os
[1] 12980
[2] 12981
[root@localhost ~]# --2011-07-13 03:31:05-- http://mirrorlist.centos.org/?release=5
Resolving mirrorlist.centos.org... failed: Midlertidig feil i navneoppslag.
wget: unable to resolve host address `mirrorlist.centos.org'

chrism01 · 07-12-2011, 08:36 PM

Well, it says 'Temporary ..', so try to check/connect in different ways eg ping, nslookup, wget (as above).
It may well be back up by now

sandwormusmc · 07-13-2011, 08:27 AM

Quote:

Originally Posted by Jan-Ivar

Midlertidig feil i navneoppslag = Temporary failure in name resolution

[root@localhost ~]# wget http://mirrorlist.centos.org/?releas...h=i386&repo=os
[1] 12980
[2] 12981
[root@localhost ~]# --2011-07-13 03:31:05-- http://mirrorlist.centos.org/?release=5
Resolving mirrorlist.centos.org... failed: Midlertidig feil i navneoppslag.
wget: unable to resolve host address `mirrorlist.centos.org'

Try a traceroute and nslookup of that address ... seems like you are having issues getting to mirrorlist.centos.org, maybe through no fault of your own (temporarily down).

Also, be careful when you have ampersands (&) in URLs, the shell will put half of the command in the background, so you need to enclose the URL in single quotes (') to make sure wget parses the URL correctly.

brian-ocs · 07-13-2011, 11:07 AM

Jan-Ivar,

The last line of the error suggests that there may be an issue with your repository definitions:

Quote:

Error: Cannot find a valid baseurl for repo: base

Can you post the contents of any files in the /yum/repos.d/ directory?

If you can reach the URL by other means, this is most likely the issue.

__________
www.OneCourseSource.com