loss internet connectivity after Open SSL update

General support questions
User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/26 10:13:51

de3jay wrote:
2022/07/26 09:19:23
1. i noticed from other articles that you should not have more than one ifcfg-ens33xx in /etc/sysconfig/network-scripts location
Indeed. Both NetworkManager.service and network.service do use all /etc/sysconfig/network-scripts/ifcfg-* files.
Renaming ifcfg-xx into off-ifcfg-xx would "hide" the file from them, but having backups elsewhere is better.
de3jay wrote:
2022/07/26 09:19:23
reason y i need this IP, is because this is what is configured in our firewall that i allowed to have access to internet. when we check the traffic, we can only see the transmit request but there is no received.
Is that traffic leaving with 192.168.102.205 or with 192.168.102.201 source address?

There are DHCP and firewall managed by some team? If they do decide to change what address they hand to you with DHCP, then they should update their firewall rules correspondingly. That is their job. You should not "hack around", but request service.
de3jay wrote:
2022/07/26 09:19:23
i tried to put back again to
BOOTPROTO=none
IPADDR=192.168.102.201
DNS1=8.8.8.8
Good connectivity requires:
* Subnet, where local machines are
* Host address of this machine within the subnet
* Host address of the local machine that can forward traffic to other subnets (aka router, gateway)
* Address(es) of name resolver (DNS) servers

Judging by the earlier DHCP data the subnet is 192.168.102.0/24. In file that would be PREFIX=24, because one can calculate network and broadcast addresses from host address (192.168.102.201) and prefix (24).

I have no idea what the gateway in your subnet is.
The DHCP should have offered a DNS too. If your site has local DNS, then that is probably more efficient than Google's 8.8.8.8.

What does your current config give with: ip ro ?
de3jay wrote:
2022/07/26 09:19:23
3. rebooted my server and this is how it looks (pls see image below)
The NetworkManager.servise shows "disabled", like it should not start at boot. However, you have it running.
I would make that more explicit with: sudo systemctl enable NetworkManager.service

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/27 02:37:29

jlehtone wrote:
2022/07/26 10:13:51
de3jay wrote:
2022/07/26 09:19:23
1. i noticed from other articles that you should not have more than one ifcfg-ens33xx in /etc/sysconfig/network-scripts location
Indeed. Both NetworkManager.service and network.service do use all /etc/sysconfig/network-scripts/ifcfg-* files.
Renaming ifcfg-xx into off-ifcfg-xx would "hide" the file from them, but having backups elsewhere is better.
de3jay wrote:
2022/07/26 09:19:23
reason y i need this IP, is because this is what is configured in our firewall that i allowed to have access to internet. when we check the traffic, we can only see the transmit request but there is no received.
Is that traffic leaving with 192.168.102.205 or with 192.168.102.201 source address? - the traffic should be leaving originally from ".201", as this was the original IP of the server when we restored from VM Backup.

There are DHCP and firewall managed by some team? If they do decide to change what address they hand to you with DHCP, then they should update their firewall rules correspondingly. That is their job. You should not "hack around", but request service.

we dont have a DHCP, but rather this is the built in BOOTPROTO=dhcp from the OS itself. as for the firewall, the configured rule is set to the servers original IP, which is 192.168.102.201
de3jay wrote:
2022/07/26 09:19:23
i tried to put back again to
BOOTPROTO=none
IPADDR=192.168.102.201
DNS1=8.8.8.8
Good connectivity requires:
* Subnet, where local machines are
* Host address of this machine within the subnet
* Host address of the local machine that can forward traffic to other subnets (aka router, gateway)
* Address(es) of name resolver (DNS) servers

Judging by the earlier DHCP data the subnet is 192.168.102.0/24. In file that would be PREFIX=24, because one can calculate network and broadcast addresses from host address (192.168.102.201) and prefix (24). - noted, i have set it up like this

I have no idea what the gateway in your subnet is.
The DHCP should have offered a DNS too. If your site has local DNS, then that is probably more efficient than Google's 8.8.8.8.

What does your current config give with: ip ro ?

default via 192.168.102.1 dev ens33
169.254.0.0/16 dev ens33 scope link metric 1002
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.20
1
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.20
1 metric 100

- configured based on ifcfg-ens33
HWADDR=00:0C:29:EC:49:C2
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DNS1=192.168.101.103
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_DNS_PRIORITY=100
NAME=ens33
UUID=d2db7803-a636-491c-8fe6-9c311b52daf5
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.102.201
PREFIX=24
GATEWAY=192.168.102.1
PREFIX=24
SUBNET=255.255.255.0
de3jay wrote:
2022/07/26 09:19:23
3. rebooted my server and this is how it looks (pls see image below)
The NetworkManager.servise shows "disabled", like it should not start at boot. However, you have it running.
I would make that more explicit with: sudo systemctl enable NetworkManager.service
- i have enabled the service, thanks for the tip :)

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/27 07:19:00

de3jay wrote:
2022/07/27 02:37:29
jlehtone wrote:
2022/07/26 10:13:51
Is that traffic leaving with 192.168.102.205 or with 192.168.102.201 source address?
- the traffic should be leaving originally from ".201", as this was the original IP of the server when we restored from VM Backup.
I did not ask what should. I did ask what is the address in the packets that do not receive reply.
de3jay wrote:
2022/07/27 02:37:29
we dont have a DHCP, but rather this is the built in BOOTPROTO=dhcp from the OS itself.
No. The BOOTPROTO=dhcp tells system to act as DHCP client, to request config from DHCP server of the subnet. You got reply, so your subnet does have a DHCP server and it is not this machine.
The nmcli -f DHCP4 c s ens33 would have shown values received from DHCP server when you had BOOTPROTO=dhcp.
That includes "dhcp_server_identifier", the address of the DHCP server.

You say that you don't have DHCP server, but you have shown that there is one and it does not give the configuration that you expect.
Therefore, you have to contact your network support so that they either remove the DHCP server (if it should not be there) or fix its configuration so that you and others can safely use it.


Do you now have functional connection?


[edit]
de3jay wrote:
2022/07/27 02:37:29

Code: Select all

$ ip ro
default via 192.168.102.1 dev ens33                                  
169.254.0.0/16 dev ens33 scope link metric 1002                      
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.201
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.201 metric 100  
For some reason there are two rules for link-local 192.168.102.0/24 (but that is probably harmless).
Likewise, the zeroconf route 169.254.0.0/16 should not be a problem.
de3jay wrote:
2022/07/27 02:37:29

Code: Select all

IPADDR=192.168.102.201                                               
PREFIX=24                                                            
GATEWAY=192.168.102.1                                                
PREFIX=24                                                            
SUBNET=255.255.255.0
The file assigns values to variables. Having PREFIX twice is useless.
I don't think that variable SUBNET is used at all. In any case it should not be here.

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/27 08:48:05

thanks for your patience on me.. see my reply below
jlehtone wrote:
2022/07/27 07:19:00
de3jay wrote:
2022/07/27 02:37:29
jlehtone wrote:
2022/07/26 10:13:51
Is that traffic leaving with 192.168.102.205 or with 192.168.102.201 source address?
- the traffic should be leaving originally from ".201", as this was the original IP of the server when we restored from VM Backup.
I did not ask what should. I did ask what is the address in the packets that do not receive reply.

- i can ping our local gateway, which is 192.168.102.1, i can also ping our local dns(192.168.101.103).
de3jay wrote:
2022/07/27 02:37:29
we dont have a DHCP, but rather this is the built in BOOTPROTO=dhcp from the OS itself.
No. The BOOTPROTO=dhcp tells system to act as DHCP client, to request config from DHCP server of the subnet. You got reply, so your subnet does have a DHCP server and it is not this machine.
The nmcli -f DHCP4 c s ens33 would have shown values received from DHCP server when you had BOOTPROTO=dhcp.
That includes "dhcp_server_identifier", the address of the DHCP server.

You say that you don't have DHCP server, but you have shown that there is one and it does not give the configuration that you expect.
Therefore, you have to contact your network support so that they either remove the DHCP server (if it should not be there) or fix its configuration so that you and others can safely use it.

after running the command nmcli -f DHCP4 c s ens33, i saw that the dhcp_server_identifier is pointer to the ESXi host, so does it mean that it needs to modify something here? like freeing up the ip address that is being assigned to our server(.205) and set it to the original one?(.201)


Do you now have functional connection?


[edit]
de3jay wrote:
2022/07/27 02:37:29

Code: Select all

$ ip ro
default via 192.168.102.1 dev ens33                                  
169.254.0.0/16 dev ens33 scope link metric 1002                      
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.201
192.168.102.0/24 dev ens33 proto kernel scope link src 192.168.102.201 metric 100  
For some reason there are two rules for link-local 192.168.102.0/24 (but that is probably harmless).
Likewise, the zeroconf route 169.254.0.0/16 should not be a problem.
de3jay wrote:
2022/07/27 02:37:29

Code: Select all

IPADDR=192.168.102.201                                               
PREFIX=24                                                            
GATEWAY=192.168.102.1                                                
PREFIX=24                                                            
SUBNET=255.255.255.0
The file assigns values to variables. Having PREFIX twice is useless.
I don't think that variable SUBNET is used at all. In any case it should not be here.
noted, will remove SUBNET and the redundant PREFIX as well.
-we have a UAT server and a functional one, that can go thru internet, somehow i have copied the default config from there, but not working

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/27 09:37:28

this is the scenario...
we have restored a VM backup of our server, and it was placed on a different ESXi host, not the same ESXI host as where the original server is resided. 1. is this the reason why we got different ip when the BOOTPROTO is set to dhcp?
2. if my understanding is correct, each of our ESXi hosts, have their own DHCP server configured (im not sure of it though)
so when i use BOOTPROTO=dhcp, im getting .205 instead of .201, is it correct to say that we should have placed the restored VM backup on the same ESXi host in order to get the same IP address?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/27 10:30:56

1. Probably
2. I don't know ESXi

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: loss internet connectivity after Open SSL update

Post by TrevorH » 2022/07/27 13:36:05

DHCO servers use the MAC address of the network card to determine what ip to allocate to clients. If your VM clone had a different MAC address (which it would need) then it would get a different ip address from DHCP.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/28 05:47:54

hi @Trevorh you are correct, after we restore the VM, its able to have a new MAC address, so what we did is assign the original IP (.201), to this vm's mac address.. network configuration as now back to its original form.(as seen on the picture below)
ifcfg.jpg
ifcfg.jpg (40.44 KiB) Viewed 872 times
so now what only remains is my internet connectivity.. im still unable to run yum update, as i still get failed to resolve

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: loss internet connectivity after Open SSL update

Post by jlehtone » 2022/07/28 06:43:40

Run these:

Code: Select all

host www.centos.org 192.168.101.103
host www.centos.org 8.8.8.8
Do both return an answer?

de3jay
Posts: 13
Joined: 2022/07/21 03:27:38

Re: loss internet connectivity after Open SSL update

Post by de3jay » 2022/07/28 08:16:56

connection timed out: no servers could be reached..

Post Reply