Network Unreachable error on new RHEL 6.3 installation

Latest response

I installed RHEL 6.3 on a new server.  On "firstboot" it was unable to connect to Red Hat to register for updates.

 

Further testing shows that most applications cannot reach the Inet (Firefox, Curl, etc) but the problem is NOT network connectivity.  For example, when I try something like curl XXXXX.ca:80 (my test HTTP server) I get an error:

-->> Failed to connect to xxx.xxx.xxx.xxx: Network is unreachable <<-- although I can connect properly to this same server if I give its local (192.168...) IP address.  Even ping won't work if the address is not on the internal LAN.

 

This looks like a hardware firewall problem so I plugged in my laptop on the same cable, set the IP to the same as the server, and can go anywhere I want.  This is expected since the boundary firewall does not restrict outgoing connections to anywhere.
 

My guess is that RHEL by default sets up a software firewall and that it has the wrong rules but so far I haven't found anything in the documentation and a search of the RH knowledge base comes up blank, as does a wider Google search.  "iptables" isn't listed on the process list.

 

I have checked all the config files that I know are network related without success.

 

NetworkManager is running but from the documentation doesn't seem to affect any of this.

 

Does anyone have any ideas what I set up wrong?  If there is a software firewall, then how do I disable it and what is its name?  In this environment it is not required.

 

 

Regards

 

John

jo
Log in to join the conversation

Responses

Jamie Bainbridge's picture Red Hat Guru 7257 points
30 November 2012 10:52 PM

You can see if the software firewall is running with "service iptables status". Turn it off and on with "service iptables stop" and "service iptables start". To stop the firewall starting at boot, run "chkconfig iptables off".

 

If I understand correctly, you can access via IP address but not via hostname.example.com? This indicates more a DNS issue than a local firewall issue. You can view your current DNS server with "cat /etc/resolv.conf" though different tools and system calls will use these DNS servers (and the hosts file, /etc/hosts) in different ways.

jo Active Contributor 120 points
4 December 2012 1:43 AM

Thanks Jamie, much appreciated.  The firewall was running and I have now turned it off.  Unfortunately that didn't resolve the problem.

 

There is no internal DNS here, we rely upon the Internet DNS servers.  This function is working properly.  Here is a summary of what I get:

 

command:  curl 192.168.1.12:80  - returns test server home page as expected

 

command:  curl iliffe.ca:80 - returns   "curl: (7) Failed to connect to 206.248.138.118: Network is unreachable"

  Note that the address resolution is correct so the Inet DNS must have been reached

 

command:  curl rac.ca:80 - returns "curl: (7) Failed to connect to 70.38.64.47: Network is unreachable"

   rac.ca is NOT one of our servers and is not hosted here so not on the 192.168.xxx.xxx network

 

command:  curl 206.248.138.118:80  returns same message.  This is the external (Internet) address of our test server.

 

I checked and the expected responses appear on al of these variations when issued from this workstation AND our main server command line.

 

I also did a quick check using "services" of what is running that DOESN'T show up on the running process list

(ps -ef) and there seem to be a lot of default processes, some of which I have never seen on a UNIX machine before.  Is there some way to determine what I can dop out of this list without crashing the system and getting unbootable?  Reading the MAN pages suggests that many are not required - dnsmasq for example.

 

Thanks again.

 

John

 

 

RJ Active Contributor 212 points
4 December 2012 2:12 AM

To try to nail it down a bit, can you post the contents of /etc/resolv.conf?  Is there a "Gateway" statement in your /etc/sysconfig/network-scripts/ifcfg-ethx file(s)?  What does a "netstat -rn" show?

Ranjith Rajaram's picture Red Hat Guru 2170 points
4 December 2012 5:12 AM

 

Since you are able to reach the local lan but not the external network, route configuration needs to be verified

 

Can you check the default route settings

 

route -n

jo Active Contributor 120 points
4 December 2012 5:08 PM

Thank you for the suggestions.  IT WORKS NOW, AT LEAST BASED ON PRELIMINARY TESTS, but see notes below because I think there may be something wrong, or at least misleading, in the RHEL6 graphic installer.

 

The result of route -n is:

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
 

I have no idea what 169.254.0.0 is; it came with the installation so far as I know.  The DNS static addresses are 206.248.154.22 and .170

 

The result of netstat -rn is the same.

 

For comparison, route -n on the current server (RHEL5) is:

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

 

I can't find a file in /etc that contains this configuration but I suspect the missing last line, wgich is the address of the router, is what's missing.

 

For /etc/sysconfig/network-scripts/ifcfg-eth0, the content is:

 

DEVICE="eth0"
BOOTPROTO=none
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE="Ethernet"
UUID="be94de20-47e0-441a-ab6b-454a17ae89ed"
HWADDR=50:46:5D:06:BA:DB
IPADDR=192.168.1.8
PREFIX=24
DNS1=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

No GATEWAY statement. 

 

for /etc/sysconfig/network-scripts/ifcfg-lo

 

DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
 

I don't think a GATEWAY statement would be needed on the loopback socket (?).

 

I noticed that these are both significantly different than the RHEL files on the other server.  Fpr one thing, there is no NETMASK statement in the RHEL6 version.

 

I added BOTH GATEWAY and NETMASK statements and guess what IT WORKS!

 

***Thanks for everything***.

 

John

 

 

 

RJ Active Contributor 212 points
4 December 2012 8:11 PM

The 169.254.0.0 route is the magic of zeroconf.   If you add "NOZEROCONF=yes" to /etc/sysconfig/network it should go away.

 

The routes shown on the RHEL5 box provide the information needed to fix you up.  The last line in the RHEL5 table shows your default route should be via the gateway at 192.168.1.1.  To configure that on the new machine, you already have the "DEFROUTE=yes" on eth0, so just add "GATEWAY=192.168.1.1" and see if that doesn't fix it.

 

DNS worked because the requests were being relayed by your gateway system because of the DNS1 directive.

jo Active Contributor 120 points
4 December 2012 8:53 PM

I just want to say **thank you** to all the folks who responded to this post.   Problem resolved.

 

Every time I install something new I get an education!

 

Regards,

 

John

David Powles's picture Red Hat 25369 points
5 December 2012 8:32 AM

Glad we could help out, John!

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.