Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
As part of a security upgrade Centos has changed the automatic activation of the network adapters for remote access. We are currently stuck on 6.2. The hardware does not like version 6.9 but we know that 6.2 works and we're trying to rescue files. We're trying to learn!
How do we activate the NICs at bootup? We've read the FAQ and made the changes and they don't work.
I have installed 6.2 x86_64 and as expected the machine is available from the outside world but I can't ssh into it. I HAVE read the FAQ and changed BOOTPROTO=static and ONBOOT=yes but no joy. I added ifup eth0 to rc.local and that doesn't work.
so we can see what the result of your settings looks like.
Second, you might try setting
Code:
NM_CONTROLLED=no
since you are setting the network manually and do not want Network Manager to over-ride your settings. If you try this, re-do the ifconcif command and we will see what (if anything) changed.
Third, did you verify that the sshd service is running?
so we can see what the result of your settings looks like.
Second, you might try setting
Code:
NM_CONTROLLED=no
since you are setting the network manually and do not want Network Manager to over-ride your settings. If you try this, re-do the ifconcif command and we will see what (if anything) changed.
Third, did you verify that the sshd service is running?
Thank you for your reply.
For obvious reasons I don't want to reveal the actual public IP's.
I did not select Network Manager during setup. But I changed it in ifcfg-eth0 and it made no difference. If I issue ifup eth0 it comes alive through ssh. Yes, I checked that ssh was running.
This is a known security feature of Centos. By default ssh access is OFF.
Yes, I have checked that ssh is running. The server is accessible from the outside world.
No, but I have a life. Son (over 21 but does not drive) is in a play and needs transport, coworker from the job I had last year had his wife die of cancer (they have 8 kids, NO IDEA how he will survive this), and I am actively looking for my next gainfull employment. Busy.
I take it that the ifconfig commands were run AFTER you brought up the interface.
The only think I see that is glaringly obvious is that your broadcast address and network masks do not match. They should be complimentary bit patterns, and that is not what I see there. That, however, should NOT stop the interface from coming up.
Check the dmesg report for anything on etc/ETC. You might also check the /var/log/messages file for anything eth related just after boot. If you need to, you can bounce network to have new messages to examine.
I would correct the network mask/broadcast address issue, but I think it is the log review that is more likley to give you the information needed here.
No, but I have a life. Son (over 21 but does not drive) is in a play and needs transport, coworker from the job I had last year had his wife die of cancer (they have 8 kids, NO IDEA how he will survive this), and I am actively looking for my next gainfull employment. Busy.
I take it that the ifconfig commands were run AFTER you brought up the interface.
The only think I see that is glaringly obvious is that your broadcast address and network masks do not match. They should be complimentary bit patterns, and that is not what I see there. That, however, should NOT stop the interface from coming up.
Check the dmesg report for anything on etc/ETC. You might also check the /var/log/messages file for anything eth related just after boot. If you need to, you can bounce network to have new messages to examine.
I would correct the network mask/broadcast address issue, but I think it is the log review that is more likley to give you the information needed here.
You need not explain about having a life. I understand having a daughter with cancer. But thank you nonetheless. Your help is appreciated. I didn't think you'd be the only one offering help, hence my question. My apologies.
The broadcast address is correct. I have deliberately obscured the IP addresses because of hacker's that read here. THIS IS A SECURITY FEATURE OF CENTOS 6.X and above. They don't initialize ssh and require that you do so from the CLI. In have done what is in their FAQ but they do nothing but mock me for not knowing the answers. ipconfig was run before initializing the adapters. More accurately they adapter ARE initialized at boot-up. The servers are accessible from the outside world. Mail, web, FTP, etc. TYou just cannot SSH into the machine. I have IPKVM and can reach these two boxes that have newer versions of Centos. If I may suggest with no intention of trying to offend you, it seems that you are looking for a setup error. Although may exist I've installed Centos many, many times. This is a new security feature of 6.x and 7.x. ONBOOT=yes IS enabled.
What is a security feature? Its been awhile since I installed CentOS 6.x and 7.x but selecting the default i.e. with NetworkManager and the default firewall rules ssh was running and accessible from the network. As far as I know this seems to be a "feature" when trying to configure a static IP without using NetworkManager. Granted I have a router/dynamic IP address.
If the servers are accessible from the outside world it would seem like eth0 is active and then so should ssh if it is running so not sure why it does not work unless you enable it. Have you checked the logs to see if there is a ssh error?
The broadcast address is correct. I have deliberately obscured the IP addresses because of hacker's that read here. THIS IS A SECURITY FEATURE OF CENTOS 6.X and above. They don't initialize ssh and require that you do so from the CLI.
This is not really correct. You may have to enable automatic start on the service, but you do NOT have to start it at the command line. In my last job I installed hundreds of RHEL and CentOS machines at v6 and v7 and I know.
I did not say that your broadcast address was wrong, or that your network mask was wrong, I said that they do not match. I was able to determine this from the non-obfuscated portions of your ifconfig -a output. The broadcast address should be the highest address in your subnet addressable range. See this page also for a discussion: https://www.lifewire.com/internet-pr...subnets-818378
Finally, if the interface is not coming up, then that is NOT due to any security on SSH (sshd) in any case. In no way can SSH stop the interface from initializing. There is something else going on, which is why I recommended checking those logs.
I ALSO have installed and selected Network Configuration which has the option to make the NIC available. By default - a security feature - it is off. Ever though I have turned it ON I cannot reach the box via SSH. I have others servers behind a $15k firewall running Centos 5.9 that work right after installation. As explained in the FAQ I have quoted twice they turn off SSH. I have tried every version up to 6.9 and the same thing. I cannot get the NIC's - I use both - to become available via SSH. There is no error in any log. Our firewall is also a router in drop-in mode. As you know during setup yoou simply enter the static IP, the subnet (/23), it sets the broadcast address, and it turns on ONBOOT=yes.
This is not really correct. You may have to enable automatic start on the service, but you do NOT have to start it at the command line. In my last job I installed hundreds of RHEL and CentOS machines at v6 and v7 and I know.
I did not say that your broadcast address was wrong, or that your network mask was wrong, I said that they do not match. I was able to determine this from the non-obfuscated portions of your ifconfig -a output. The broadcast address should be the highest address in your subnet addressable range. See this page also for a discussion: https://www.lifewire.com/internet-pr...subnets-818378
Finally, if the interface is not coming up, then that is NOT due to any security on SSH (sshd) in any case. In no way can SSH stop the interface from initializing. There is something else going on, which is why I recommended checking those logs.
I hope that this helps.
Please check your PM's.
If I can run ifup eth0 and the port becomes available via SSH - BUT - available over the internet it isn't the port. So what's different? I can reach any server behind the firewall on the public IP or the private IP except on this machine with v6. My broadcast IP is the last IP.. I have numerous servers so I am not completely in the dark. But I don't have your experience.
This is not really correct. You may have to enable automatic start on the service, but you do NOT have to start it at the command line. In my last job I installed hundreds of RHEL and CentOS machines at v6 and v7 and I know.
I did not say that your broadcast address was wrong, or that your network mask was wrong, I said that they do not match. I was able to determine this from the non-obfuscated portions of your ifconfig -a output. The broadcast address should be the highest address in your subnet addressable range. See this page also for a discussion: https://www.lifewire.com/internet-pr...subnets-818378
Finally, if the interface is not coming up, then that is NOT due to any security on SSH (sshd) in any case. In no way can SSH stop the interface from initializing. There is something else going on, which is why I recommended checking those logs.
I hope that this helps.
Please check your PM's.
If I can run ifup eth0 and the port becomes available via SSH - BUT - available over the internet it isn't the port. So what's different? I can reach any server behind the firewall on the public IP or the private IP except on this machine with v6. My broadcast IP is the last IP.. I have numerous servers so I am not completely in the dark. But I don't have your experience.
There is nothing in the linked FAQ that states ssh is turned off as a security feature. As stated even if ssh is not enabled during installation it is easily configured via the CLI or the services GUI to automatically start at boot.
The default ssh configuration is set to listen on all interfaces on port 22 and the default firewall rules allows incoming ssh connections. Besides checking the logs, if you can login via ssh on the computer itself that would prove ssh is working and that you have a firewall or other networking problem. You can also verify that the firewall is configured to allow ssh incoming connections.
If I can run ifup eth0 and the port becomes available via SSH - BUT - available over the internet it isn't the port. So what's different? I can reach any server behind the firewall on the public IP or the private IP except on this machine with v6. My broadcast IP is the last IP.. I have numerous servers so I am not completely in the dark. But I don't have your experience.
Looks like I can't PM you.
1. bringing up an interface would NOT start a service, just bring up the interface. This leads me to believe that sshd is up and listening, but the problem is in your networking.
2. Can you check the networking BEFORE you bring up that interface, and make sure that the other interfaces are up? If you can, also see if sshd is listening on port 22 already. This should verify or disprove my suspicions.
3. Bcast xx.xx.xx.255 is a proper broadcast address map for a network with network mask MASK: 255.255.255.0!
Your specification of
Quote:
Bcast:xx.xx.xx.255 Mask:255.255.254.0
may be misleading me, but looks wrong.
4. I have many PM from others, but none from anyone since April. I have no idea why you might be unable to PM.
It is drawn by conclusion. I've done this BOTH WAYS. By clicking on the Configure Networking and manually. The items tat need to be specifically set - hence a security feature as discussed elsewhere - are turning on ONBOOT=yes and changing BOOTPROTO=static
People feel like LESS when those that NO MORE...
Quote:
2. Why does my Ethernet not work unless I log in and explicitly enable it?
.. and why are the interface names all "messed up" compared to prior practice? This violates the Unix rule of "not breaking expectations".
Upstream has changed the default configuration to use NetworkManager and interfaces are (somewhat inexplicably in the case of Ethernet) not enabled by default. This can be worked around at install time where, after the installer asks for your language and keyboard and Basic or other storage devices, it runs "Examining Devices" then it presents a screen "Please name this computer..." On this screen is a button labeled "Configure Networking". Clicking that button will launch NetworkManager. Select the Ethernet connection which is probably listed as "System eth0" and edit the settings. If you select the check box by "Connect Automatically" networking will start on boot in the future. You can also make this change with NetworkManager (System; Preferences; Network Connections or right click on the little network icon in the notification area and Edit Connections...) after the installation is complete.
If you are not using NetworkManager, the same result can be obtained by editing the configuration file for the network interface ( normally /etc/sysconfig/network-scripts/ifcfg-eth0 ) and changing: ONBOOT=no to ONBOOT=yes Some setups seem to also require the addition of a line: BOOTPROTO=dhcp where a DHCP setup is in play; Static IP setups would take: BOOTPROTO=static of course
The ONBOOT edit may be performed (as root) and assuming the relevant device is eth0:
# cd /etc/sysconfig/network-scripts/
# sed -i -e 's@^ONBOOT="no@ONBOOT="yes@' ifcfg-eth0
As to "breaking expectations": The foregoing example uses a 'traditionally' named network device of: eth0 Other device names are also possible, including for example: em1 or p3p1 and such. Like it or not, this change in approach in interface naming is the future path for Linux. It was previewed in in the upstream's "testing distribution". See also the materials at: Dell's writeup and a blog post from an insider there.
As a reference I installed 6.9 in a virtual machine using the netinstall ISO. I setup a static IP address during the install process and selected desktop installation.
After first boot configuration was complete ssh and NetworkManager was running. I modified the /etc/sysconfig/ifcfg-eth0 and since bootproto=static was already configured all I changed was:
NM_CONTROLLED=no
and added nameservers. I don't know why the original DNS entry added during the install was not added to the /etc/resolv.conf on first reboot.
DNS1=XX.XX.XX.XX
DNS2=XX.XX.XX.XX
I disabled networkmanager service from automatically starting and rebooted the VM (again). Since ssh was automatically configured to start by the install process and the firewall allowed ssh traffic those were the only changes. I could login from another computer successfully on my LAN.
CentOS 6 does not use persistent naming so ethernet adapters are still eth0 etc. Explicitly enabling eth0 is automatically performed by the network service.
My only proof is..
Code:
ssh user@192.168.0.30
user@192.168.0.30's password:
Last login: Mon May 8 11:19:44 2017 from 192.168.0.215
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
