[SOLVED] Unable to access network, i.e. Internet, beyond router

[levron]

My CentOS 6 server is wired to a remote switch located 1 hop down from the router and shared by 2 Windows PCs. I can ssh and remote desktop via tightvnc from my Windows box to my new install but cannot get out of my local network to the Internet. If I connect the CentOS directly into the router I can no longer ssh, vnc into it, or ping it from my Windows box and cannot access the Internet from it. I have tried both static and DHCP IP addressing but both give me the same results. Below is my getinfo.sh network data followed by /sbin/ifconfig, ip route, iptables-save, /etc/resolv.conf, and unsuccessful ping results to my dsl modem and gateway for your perusal. Looking for suggestions to resolve this and any help would be much appreciated.


getinfo.sh network

Information for network problems.
[code]
== BEGIN uname -rmi ==
2.6.32-71.el6.i686 i686 i386
== END uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
centos-release-6-0.el6.centos.5.i686
== END rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS Linux release 6.0 (Final)
== END cat /etc/redhat-release ==

== BEGIN getenforce ==
Enforcing
== END getenforce ==

== BEGIN free -m ==
total used free shared buffers cached
Mem: 3894 683 3210 0 51 359
-/+ buffers/cache: 272 3621
Swap: 6079 0 6079
== END free -m ==

== BEGIN lspci ==
00:00.0 RAM memory: nVidia Corporation MCP61 Memory Controller (rev a1)
00:01.0 ISA bridge: nVidia Corporation MCP61 LPC Bridge (rev a2)
00:01.1 SMBus: nVidia Corporation MCP61 SMBus (rev a2)
00:01.2 RAM memory: nVidia Corporation MCP61 Memory Controller (rev a2)
00:02.0 USB Controller: nVidia Corporation MCP61 USB Controller (rev a3)
00:02.1 USB Controller: nVidia Corporation MCP61 USB Controller (rev a3)
00:04.0 PCI bridge: nVidia Corporation MCP61 PCI bridge (rev a1)
00:05.0 Audio device: nVidia Corporation MCP61 High Definition Audio (rev a2)
00:06.0 IDE interface: nVidia Corporation MCP61 IDE (rev a2)
00:07.0 Bridge: nVidia Corporation MCP61 Ethernet (rev a2)
00:08.0 IDE interface: nVidia Corporation MCP61 SATA Controller (rev a2)
00:08.1 IDE interface: nVidia Corporation MCP61 SATA Controller (rev a2)
00:09.0 PCI bridge: nVidia Corporation MCP61 PCI Express bridge (rev a2)
00:0b.0 PCI bridge: nVidia Corporation MCP61 PCI Express bridge (rev a2)
00:0c.0 PCI bridge: nVidia Corporation MCP61 PCI Express bridge (rev a2)
00:0d.0 VGA compatible controller: nVidia Corporation C61 [GeForce 7025 / nForce 630a] (rev a2)
00:18.0 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor HyperTransport Configuration
00:18.1 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Address Map
00:18.2 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor DRAM Controller
00:18.3 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Miscellaneous Control
00:18.4 Host bridge: Advanced Micro Devices [AMD] Family 10h Processor Link Control
== END lspci ==

== BEGIN lspci -n ==
00:00.0 0500: 10de:03ea (rev a1)
00:01.0 0601: 10de:03e1 (rev a2)
00:01.1 0c05: 10de:03eb (rev a2)
00:01.2 0500: 10de:03f5 (rev a2)
00:02.0 0c03: 10de:03f1 (rev a3)
00:02.1 0c03: 10de:03f2 (rev a3)
00:04.0 0604: 10de:03f3 (rev a1)
00:05.0 0403: 10de:03f0 (rev a2)
00:06.0 0101: 10de:03ec (rev a2)
00:07.0 0680: 10de:03ef (rev a2)
00:08.0 0101: 10de:03f6 (rev a2)
00:08.1 0101: 10de:03f6 (rev a2)
00:09.0 0604: 10de:03e8 (rev a2)
00:0b.0 0604: 10de:03e9 (rev a2)
00:0c.0 0604: 10de:03e9 (rev a2)
00:0d.0 0300: 10de:03d6 (rev a2)
00:18.0 0600: 1022:1200
00:18.1 0600: 1022:1201
00:18.2 0600: 1022:1202
00:18.3 0600: 1022:1203
00:18.4 0600: 1022:1204
== END lspci -n ==

== BEGIN lsusb ==
Bus 002 Device 003: ID 04d9:1603 Holtek Semiconductor, Inc.
Bus 002 Device 002: ID 045e:0040 Microsoft Corp. Wheel Mouse Optical
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
== END lsusb ==

== BEGIN ifconfig -a ==
eth0 Link encap:Ethernet HWaddr 00:30:67:D8:56:51
inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:67ff:fed8:5651/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10797 errors:0 dropped:0 overruns:0 frame:0
TX packets:13900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:711075 (694.4 KiB) TX bytes:8683292 (8.2 MiB)
Interrupt:27

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)

virbr0 Link encap:Ethernet HWaddr 26:2D:1B:F2:7A:11
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:8784 (8.5 KiB)

== END ifconfig -a ==

== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
== END route -n ==

== BEGIN cat /etc/resolv.conf ==
# Generated by NetworkManager
nameserver 192.168.1.254
== END cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
netmasks: files
networks: files
netgroup: nisplus
== END grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
== END chkconfig --list | grep -Ei 'network|wpa' ==

[/code]








[root@***** *****]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:67:D8:56:51
inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:67ff:fed8:5651/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11241 errors:0 dropped:0 overruns:0 frame:0
TX packets:14001 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:756961 (739.2 KiB) TX bytes:8701202 (8.2 MiB)
Interrupt:27

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)

virbr0 Link encap:Ethernet HWaddr 26:2D:1B:F2:7A:11
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:8866 (8.6 KiB)

[root@***** *****]# ip route
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.106
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth0 scope link metric 1002
[root@***** *****]#


[root@***** *****]# iptables-save
# Generated by iptables-save v1.4.7 on Fri Nov 4 11:36:11 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14637:8493139]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Nov 4 11:36:11 2011
# Generated by iptables-save v1.4.7 on Fri Nov 4 11:36:11 2011
*nat
:PREROUTING ACCEPT [449:47641]
:POSTROUTING ACCEPT [14:1083]
:OUTPUT ACCEPT [25:2087]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Nov 4 11:36:11 2011
# Generated by iptables-save v1.4.7 on Fri Nov 4 11:36:11 2011
*mangle
:PREROUTING ACCEPT [11467:596844]
:INPUT ACCEPT [11391:594412]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14642:8495403]
:POSTROUTING ACCEPT [14731:8510062]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Nov 4 11:36:11 2011
[root@***** *****]#






[root@***** *****]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.254
[root@***** *****]#




[root@***** *****]# ping 192.168.1.254
connect: Network is unreachable
[root@***** *****]# ping 192.168.0.255
Do you want to ping broadcast? Then -b
[root@***** *****]# ping -b 192.168.0.255
WARNING: pinging broadcast address
PING 192.168.0.255 (192.168.0.255) 56(84) bytes of data.
^C
--- 192.168.0.255 ping statistics ---
39 packets transmitted, 0 received, 100% packet loss, time 38584ms

[levron]

Update: When my Linux server is connected directly to the router I am unable to ping it from 1 of my 4 Windows boxes. In other words, I can ssh and remote desktop from all but 1 windows box but am unable to ping the dsl modem or access the Internet from the Linux server.

[r_hartman]

Welcome to the CentOS fora.
[code]== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
== END route -n ==[/code]
You have not defined a gateway, hence you have no default route.

[levron]

Thanks r_hartman. I added the gateway as recommended and things appear to be improving as I can now ping Internet IPs and names successfully but I still can't browse with Firefox or get updates via yum.

[r_hartman]

Looks like something is blocking port 80 (and possibly port 443) traffic somewhere along the lines, then.
Without actual error messages, there's little I can offer.

[pschaff]

Is there a proxy configured on your network?

[levron]

I checked the firewall and added ports 80 & 443. No change in browsing/updates ability. When I run the GUI Add/Remove Software the errors I get are:
The package download failed Could not contact source 'base', so it will be disabled
The package download failed Could not contact source 'c6-media', so it will be disabled
The package download failed Could not contact source 'centosplus', so it will be disabled, etc

[root@***** ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5900
8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
2 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

[root@***** ~]#

[r_hartman]

Show us the output again of
[code]# route -n[/code]

[mmoryto]

What's about /etc/resolv.conf ? Do you have DNS servers configured properly?

[levron]

(under scores added for clarity)

== BEGIN route -n ==
Kernel IP routing table
Destination_______Gateway_______Genmask_______Flags_______Metric_______Ref_______Use_______Iface
192.168.0.0_______0.0.0.0________255.255.255.0___U__________0____________0________0_________eth0
192.168.122.0_____0.0.0.0________255.255.255.0___U__________0____________0________0_________virbr0
169.254.0.0_______0.0.0.0________255.255.0.0_____U__________1002_________0________0_________eth0
0.0.0.0___________192.168.0.250__0.0.0.0_________UG_________0____________0________0_________eth0
== END route -n ==



[root@***** ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.1.254
[root@***** ~]#