CentOSのネットワークファイアウォール、ホストが確認できませんか?

tag-icon tag-icon networking centos iptables firewall
CentOSのネットワークファイアウォール、ホストが確認できませんか?

Centosマシンがありますyum。これにより、ホストを確認できないというメッセージが表示され続けます。私はそのマシンを使用していた以前の人がそれに対して非常に厳しいファイアウォールを持っていたと聞きました。 service iptables stopを試しましたが、まだこの問題があります。他のホストとの通信を妨げる他のファイアウォールは何ですか?

ファイアウォールは、特定のラボの特定のコンピュータを介してのみコンピュータにSSHで接続できるように設定されています。

間違い:

sudo yum install perl-XML-Simple
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: centos.mirror.ndchost.com
 * extras: centosmirror.quintex.com
 * updates: centos.aol.com
http://centos.mirror.ndchost.com/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
http://centosmirror.quintex.com/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centosmirror.quintex.com'"
Trying other mirror.
http://mirror.beyondhosting.net/CentOS/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.beyondhosting.net'"
Trying other mirror.
http://mirror.compevo.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.compevo.com'"
Trying other mirror.
http://mirror.kentdigital.net/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.kentdigital.net'"
Trying other mirror.
http://mirror.wiredtree.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.wiredtree.com'"
Trying other mirror.
http://mirrors.adams.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.adams.net'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.rit.edu/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.rit.edu'"
Trying other mirror.
http://mirrors.sonic.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sonic.net'"
Trying other mirror.
http://mirrors.syringanetworks.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.syringanetworks.net'"
Trying other mirror.
http://centos.aol.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.aol.com'"
Trying other mirror.
http://centos.eecs.wsu.edu/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.eecs.wsu.edu'"
Trying other mirror.
http://centos.host-engine.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.host-engine.com'"
Trying other mirror.
http://mirror.cisp.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cisp.com'"
Trying other mirror.
http://mirror.linux.duke.edu/pub/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.linux.duke.edu'"
Trying other mirror.
http://mirror.tocici.com/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.tocici.com'"
Trying other mirror.
http://mirrors.liquidweb.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.liquidweb.com'"
Trying other mirror.
http://mirrors.seas.harvard.edu/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.seas.harvard.edu'"
Trying other mirror.
ftp://ftp.wallawalla.edu/pub/mirrors/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.wallawalla.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package perl-XML-Simple.noarch 0:2.18-6.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================================================================================
 Package                                                       Arch                                                 Version                                                  Repository                                          Size
======================================================================================================================================================================================================================================
Installing:
 perl-XML-Simple                                               noarch                                               2.18-6.el6                                               base                                                72 k

Transaction Summary
======================================================================================================================================================================================================================================
Install       1 Package(s)

Total download size: 72 k
Installed size: 155 k
Is this ok [y/N]: y
Downloading Packages:
http://centos.mirror.ndchost.com/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.


Error Downloading Packages:
  perl-XML-Simple-2.18-6.el6.noarch: failure: Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm from base: [Errno 256] No more mirrors to try.

ファイアウォールがオンのときのiptablesの出力。しかし、yumを使用したときに私はやりました。service iptables stop

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
    8   560 ACCEPT     all  --  *      *       128.46.76.110        0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       128.0.0.0/8          0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       127.0.0.0/8          127.0.0.0/8         
    5   480 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    7   420 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 18 packets, 1788 bytes)
 pkts bytes target     prot opt in     out     source               destination

ファイアウォールがオフの場合は、次のようになります。

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

/etc/resolv.conf

# Generated by NetworkManager
search ecn.xxx.purdue.edu

# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com

ベストアンサー1

ファイアウォールルールはなく、OUTPUTデフォルトOUTPUTポリシーは受け入れられているため、DNSクエリが実行されるのを防ぐ方法はありません。

また、すべての発信接続と発信接続に関連するその他のメッセージに対する着信応答を許可するルールよりも前に、INPUTDNS 応答の着信を特にブロックするファイアウォール規則はありません。state RELATED,ESTABLISHED

FORWARDこれらの規則は、システムがルーターまたは仮想化ホストとして機能する場合にのみ適用されます。このホストで実行されているすべての仮想マシンからの接続は、VMのIPアドレスが192.168.122.0/24ネットワークにある場合にのみ許可されます。それ以外は、仮想マシンへのDNS接続に特別な制限がないようです。

問題は、現在システムにDNSネームサーバーが構成されていないことです。発信ネットワークインターフェイスに対応するファイルにDNS1=<nameserver IP address>行を追加するか、/etc/sysconfig/network-scripts/ifcfg-*jofelが彼のコメントで提案したようにファイルに直接行を追加することでこの問題を解決できます。nameserver <nameserver IP address>/etc/resolv.conf

ファイルにネームサーバーアドレスを追加する場合は、変更を有効にするためにifcfg-*ネットワークインターフェイスを無効にして再度有効にするか、再起動する必要があります。直接編集する場合は、/etc/resolv.confファイルを保存した直後に変更が適用されます。

おすすめ記事