If I start up the internet interface using the old style commands.
# ifconfig eno1 192.168.1.6 netmask 255.255.255.0
# route add default gateway 192.168.1.1
then everything works perfectly as it should, I can ssh to the machine from the internet, and from the local LAN.
However if I use network manager to initiate the connection - by rebooting.
Then the network comes up and the routes appear to be set correctly, as does the IP adresse. However, I cannot ssh to the machine from the local lan, but I can ssh from the internet, I am using keys as authentication..
Thus, if I from a machine (IP 192.168.1.130) issue the following commands.
# ssh 192.168.1.6
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.6 port 22
# curl 192.168.1.6
curl: (56) Recv failure: Connection reset by peer
but if I use the official hostname, and go out, and in through the router, something else happens.
#ssh <internet hostname>
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Wed Dec 30 15:30:09 2020 from 192.168.1.1
setterm: terminal xterm-256color does not support --blength
and ends with a prompt on the server.
It is not isolated to ssh, all services have the same connection reset..
I presume it has something to do with the firewall configuration, however the firewall configuration is not changed, when I manually override the network manager configuration with manual configuration, and the connection reset problems goes away..
I have tried running firewalld in debug mode, nothing is registered.. TCP dump indicates a connection reset from the server 192.168.1.6, as the applications are indicating.
But I know there is some *magic* that connects the network manager to the firewall but I cannot figure out what the magic is.
How simple this was in the days of scripts, and even simpler to debug, without this extra magic
Anyhow..
The public zone is defined to have acces to the services I allow, and the eno1 interface is defined as a part of the public zone.
ifcfg-eno1 configuration is :
TYPE=Ethernet
DEVICE=eno1
NAME=eno1
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=e6e788ad-8b08-4ac2-b712-474ec484d639
IPADDR=192.168.1.6
NETMASK=255.255.255.255
PREFIX=32
GATEWAY=192.168.1.1
# firewall-cmd --get-active-zones
docker
interfaces: docker0
libvirt
interfaces: virbr0
public
interfaces: eno1
trusted
sources: 192.168.1.2/24
# nmcli con show
NAME UUID TYPE DEVICE
eno1 e6e788ad-8b08-4ac2-b712-474ec484d639 ethernet eno1
# nmcli dev status
DEVICE TYPE STATE CONNECTION
eno1 ethernet connected eno1
docker0 bridge connected (externally) docker0
virbr0 bridge connected (externally) virbr0
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 04:d4:c4:f3:4a:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.6/32 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 fe80::9d30:4ac9:72b6:3b47/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Any ideas what is wrong ? The system is a new installation of centos 8. Minimal system changes to support docker, database, and network services.
