Nethserver 7 on centos 7 no access

virtualization
v7

(Jean-François Balam) #1

Hye!
I use Proxmox container to install nethserver on centos7
I installed centos 7 then installed nethserver 7 following the procedure of doc. No installation error, but when I want to access nethserver via the web interface https: // * monip *: 980 /, it loads a long time then I have the following message: This site is inaccessible
No error in the log file /var/log/nethser-install.log

Can someone advise me?


(Giacomo Sanchietti) #2

Check if the httpd daemon is running:

systemctl status httpd-admin

If the daemon is running, check the firewall configuration of both Proxmox and the VM itself.
The output of this commands can help:

db networks show
iptables -nvL

(Rosi Steiner) #3

Have you checked the network settings in Proxmox? The bridge you assigned to NS7 must also be reachable from the computer with the one you want to access. What is the IP of NS7 and how that of the access computer? Are both in the same subnet? If not, is a route set? Please check first.


(Jean-François Balam) #4

the daemon is running, the firewall is not active.
ns7 can’t ping to google :s


(Gabor) #5

If you are runnig ifconfig, do you see an ip address starting with 169…, or a valid configuration?
How many hops do you get when trying traceroute google.com?
Are you able to ping the server ip address from another machine? If no, then running a traceroute from that pc, how many hops do you get?
Another important tip to check is here:
Account provider refused connection

You might also want to check your server hardware: I happen to have a ProLiant DL360 G7 where i originally had proxmox running. Since NS7 needs NIC passthrough, this wont work with my hardware due to bios limitation. Hope your hardware does not have those.
Did you had time to run these?


(Juan Carlos Fernandez) #6

It happens the same to me
iptables -nvL shows a lot of work done by the nethserver-install

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   336 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 3061  491K Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   76  5544 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:"
   76  5544 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 ppp+_fwd   all  --  ppp+   *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   336 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
   79  6244 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   44  4844 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:"
   44  4844 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain Broadcast (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2958  485K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
   27   880 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type ANYCAST

Chain Reject (3 references)
 pkts bytes target     prot opt in     out     source               destination         
 3140  498K            all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3 code 4 /* Needed ICMP types */
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11 /* Needed ICMP types */
 3140  498K Broadcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 135,445 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  udp dpts:137:139 /* SMB */
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  udp spt:137 dpts:1024:65535 /* SMB */
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 135,139,445 /* SMB */
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1900 /* UPnP */
   35  1400 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 /* Late DNS Replies */

Chain dynamic (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:logdrop:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logflags (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:logreject:REJECT:"
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ppp+_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 sfilter    all  --  *      ppp+    0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID,NEW,ESTABLISHED,UNTRACKED
    0     0 tcpflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (8 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type BROADCAST
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 DROP       2    --  *      *       0.0.0.0/0            0.0.0.0/0           
   35  2100 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
   85  8288 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-unreachable
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain sfilter (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:sfilter:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain sha-lh-2c78009ffb6fd28eae84 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain sha-rh-22e07216cba0e75700c6 (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain tcpflags (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x29
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x3F/0x00
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x06/0x06
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x05/0x05
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x03/0x03
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp flags:0x19/0x09
    0     0 logflags   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto]  tcp spt:0 flags:0x17/0x02

I saved to iptable configurations and did a full flush using root

# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT

# iptables -t nat -F
# iptables -t mangle -F
# iptables -F
# iptables -X

And I was able to login Now, what can I do to login using the iptables rules