[uylug-varios] Problema raro de conexion entre dos maquinas
Cristian Menghi
cristian at menghi.biz
Fri Apr 29 18:10:37 PDT 2016
Pegale una mirada a
https://wiki.postgresql.org/wiki/SEPostgreSQL_SELinux_Overview
Slds
---
Cristian Menghi @movil
El 29 abr. 2016 7:49 p. m., "Dante Castiglione M." <dac.maldonado at gmail.com>
escribió:
> Si, habia reiniciado.
> Hice los cambios sugeridos en ambos archivos hosts pero sigue igual.
>
>
>
> ---------------------------------------------
>
> *SouthX*
> https://southx.io
> BigData
>
> *Digicoins*
> https://digicoins.cash <https://southx.io/>
> Bitcoin
>
> Dante Castiglione Maldonado
> dac.maldonado at gmail.com
>
> ---------------------------------------------
>
>
> On 29 April 2016 at 17:03, Enrique Verdes <emverdes at ieee.org> wrote:
>
>> si no reiniciaste hace setenforce 0 en línea de comandos. Hacé lo mismo
>> en el cliente, por las dudas.
>>
>> En cuanto a archivos hosts dejalos así
>>
>> este es el del clliente
>>
>> 192.168.1.43 mdw.southx.io
>> fe80::1a4f:32ff:feca:297d mdw.southx.io
>> 127.0.0.1 localhost localhost.localdomain
>> localhost4 localhost4.localdomain4
>> ::1 localhost localhost.localdomain
>> localhost6 localhost6.localdomain6
>>
>> y este es el del server
>>
>> 192.168.1.43 mdw.southx.io
>> fe80::1a4f:32ff:feca:297d mdw.southx.io
>> 192.168.1.42 fatima.southx.io
>> 127.0.0.1 localhost localhost.localdomain
>> localhost4 localhost4.localdomain4
>> ::1 localhost localhost.localdomain
>> localhost6 localhost6.localdomain6
>>
>> por alguna razón cuando configurás la red te asocia el nombre dns de la
>> máquina también con 127.0.0.1 y a mime ha hecho cosas raras eso. De todas
>> formas, no debería ser el problema porque estás haciendo el telnet por IP.
>>
>> Hacé el setenforce 0 y revisá.
>>
>> Saludos,
>>
>> 2016-04-29 16:09 GMT-03:00 Dante Castiglione M. <dac.maldonado at gmail.com>
>> :
>>
>>> (aclaro que reinicie el server luego de deshabilitar selinux y antes de
>>> volver a probar)
>>>
>>>
>>>
>>> ---------------------------------------------
>>>
>>> *SouthX*
>>> https://southx.io
>>> BigData
>>>
>>> *Digicoins*
>>> https://digicoins.cash <https://southx.io/>
>>> Bitcoin
>>>
>>> Dante Castiglione Maldonado
>>> dac.maldonado at gmail.com
>>>
>>> ---------------------------------------------
>>>
>>>
>>> On 29 April 2016 at 15:50, Dante Castiglione M. <dac.maldonado at gmail.com
>>> > wrote:
>>>
>>>>
>>>> Que raro... Como parte del procedimiento de instalacion de la DB lo
>>>> habia desabilitado, pero ahora ante tu pregunta lo revise y esta habilitado
>>>> de nuevo... Quizas lo hice en el cliente.
>>>>
>>>> [usuario at server ~]# sestatus
>>>> SELinux status: enabled
>>>> SELinuxfs mount: /sys/fs/selinux
>>>> SELinux root directory: /etc/selinux
>>>> Loaded policy name: targeted
>>>> Current mode: enforcing
>>>> Mode from config file: enforcing
>>>> Policy MLS status: enabled
>>>> Policy deny_unknown status: allowed
>>>> Max kernel policy version: 28
>>>>
>>>>
>>>> [usuario at server ~]# cat /etc/selinux/config
>>>>
>>>> # This file controls the state of SELinux on the system.
>>>> # SELINUX= can take one of these three values:
>>>> # enforcing - SELinux security policy is enforced.
>>>> # permissive - SELinux prints warnings instead of enforcing.
>>>> # disabled - No SELinux policy is loaded.
>>>> SELINUX=enforcing
>>>> # SELINUXTYPE= can take one of three two values:
>>>> # targeted - Targeted processes are protected,
>>>> # minimum - Modification of targeted policy. Only selected
>>>> processes are protected.
>>>> # mls - Multi Level Security protection.
>>>> SELINUXTYPE=targeted
>>>>
>>>>
>>>> ahora lo deshabilite
>>>>
>>>> [usuario at server ~]# cat /etc/selinux/config
>>>>
>>>> # This file controls the state of SELinux on the system.
>>>> # SELINUX= can take one of these three values:
>>>> # enforcing - SELinux security policy is enforced.
>>>> # permissive - SELinux prints warnings instead of enforcing.
>>>> # disabled - No SELinux policy is loaded.
>>>> #SELINUX=enforcing
>>>> SELINUX=disabled
>>>> # SELINUXTYPE= can take one of three two values:
>>>> # targeted - Targeted processes are protected,
>>>> # minimum - Modification of targeted policy. Only selected
>>>> processes are protected.
>>>> # mls - Multi Level Security protection.
>>>> SELINUXTYPE=targeted
>>>>
>>>>
>>>> no cambia nada
>>>>
>>>> [usuario at cliente ~]$ psql -h 192.168.1.43 -U dbuser dbname
>>>> psql: could not connect to server: No route to host
>>>> Is the server running on host "192.168.1.43" and accepting
>>>> TCP/IP connections on port 5432?
>>>>
>>>> [usuario at cliente ~]$ telnet 192.168.1.43 5432
>>>> Trying 192.168.1.43...
>>>> telnet: connect to address 192.168.1.43: No route to host
>>>>
>>>>
>>>> sera que no esta bien mi archivo hosts ?
>>>>
>>>> este es el del clliente
>>>>
>>>> 192.168.1.43 mdw.southx.io
>>>> fe80::1a4f:32ff:feca:297d mdw.southx.io
>>>> 127.0.0.1 localhost localhost.localdomain
>>>> localhost4 localhost4.localdomain4
>>>> ::1 localhost localhost.localdomain
>>>> localhost6 localhost6.localdomain6
>>>> 127.0.0.1 cliente.southx.io
>>>> ::1 cliente.southx.io
>>>>
>>>> y este es el del server
>>>>
>>>> 127.0.0.1 mdw.southx.io
>>>> ::1 mdw.southx.io
>>>> 192.168.1.43 mdw.southx.io
>>>> fe80::1a4f:32ff:feca:297d mdw.southx.io
>>>> 127.0.0.1 sdw1.southx.io
>>>> ::1 sdw1.southx.io
>>>> 127.0.0.1 sdw2.southx.io
>>>> ::1 sdw2.southx.io
>>>> 192.168.1.42 fatima.southx.io
>>>> 127.0.0.1 localhost localhost.localdomain
>>>> localhost4 localhost4.localdomain4
>>>> ::1 localhost localhost.localdomain
>>>> localhost6 localhost6.localdomain6
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------
>>>>
>>>> *SouthX*
>>>> https://southx.io
>>>> BigData
>>>>
>>>> *Digicoins*
>>>> https://digicoins.cash <https://southx.io/>
>>>> Bitcoin
>>>>
>>>> Dante Castiglione Maldonado
>>>> dac.maldonado at gmail.com
>>>>
>>>> ---------------------------------------------
>>>>
>>>>
>>>> On 29 April 2016 at 15:42, Enrique Verdes <emverdes at ieee.org> wrote:
>>>>
>>>>> Mandá la salida del comando sestatus
>>>>>
>>>>>
>>>>>
>>>>> 2016-04-29 15:19 GMT-03:00 Kenneth Irving <ken at fq.edu.uy>:
>>>>>
>>>>>> ¿No será alguna restricción de SELinux?
>>>>>>
>>>>>> saludos
>>>>>>
>>>>>> Kenneth
>>>>>>
>>>>>>
>>>>>> On Fri, 29 Apr 2016, Dante Castiglione M. wrote:
>>>>>>
>>>>>>
>>>>>>> Muchas gracias por sus amables respuestas.
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>> 1. telnet
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>> Hice el telnet correctamente desde el CentOS cliente, el resultado
>>>>>>> no cambia
>>>>>>>
>>>>>>> [usuario at cliente ~]$ telnet 192.168.1.43 5432
>>>>>>> Trying 192.168.1.43...
>>>>>>> telnet: connect to address 192.168.1.43: No route to host
>>>>>>>
>>>>>>> Por si acaso lo repeti desde el cliente en Ubuntu, hace lo mismo
>>>>>>>
>>>>>>> usuario at cliente:~$ telnet 192.168.1.43 5432
>>>>>>> Trying 192.168.1.43...
>>>>>>> telnet: Unable to connect to remote host: No route to host
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>> 2. server
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>> ifconfig del server
>>>>>>>
>>>>>>> [usuario at server ~]# ifconfig
>>>>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>>>>> loop txqueuelen 0 (Local Loopback)
>>>>>>> RX packets 756 bytes 127594 (124.6 KiB)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 756 bytes 127594 (124.6 KiB)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>> p1p1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>>>> ether 20:47:47:3c:5b:bd txqueuelen 1000 (Ethernet)
>>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 0 bytes 0 (0.0 B)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>>>>> 192.168.122.255
>>>>>>> ether 52:54:00:a4:bc:6e txqueuelen 0 (Ethernet)
>>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 0 bytes 0 (0.0 B)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>> wlp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>> inet 192.168.1.43 netmask 255.255.255.0 broadcast
>>>>>>> 192.168.1.255
>>>>>>> inet6 fe80::1a4f:32ff:feca:297d prefixlen 64 scopeid
>>>>>>> 0x20<link>
>>>>>>> ether 18:4f:32:ca:29:7d txqueuelen 1000 (Ethernet)
>>>>>>> RX packets 12450 bytes 8049799 (7.6 MiB)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 7794 bytes 1254229 (1.1 MiB)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>>
>>>>>>> ip tables del server
>>>>>>>
>>>>>>> [usuario at server ~]# service iptables status
>>>>>>> Redirecting to /bin/systemctl status iptables.service
>>>>>>> ● iptables.service
>>>>>>> Loaded: not-found (Reason: No such file or directory)
>>>>>>> Active: inactive (dead)
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>> 3. cliente
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>> ifconfig del ciente
>>>>>>>
>>>>>>> [usuario at cliente ~]$ ifconfig
>>>>>>> enp9s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>>>> ether a4:ba:db:b7:0b:08 txqueuelen 1000 (Ethernet)
>>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 0 bytes 0 (0.0 B)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>> device interrupt 18
>>>>>>>
>>>>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>>>>> loop txqueuelen 0 (Local Loopback)
>>>>>>> RX packets 10 bytes 756 (756.0 B)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 10 bytes 756 (756.0 B)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>>>> inet 192.168.122.1 netmask 255.255.255.0 broadcast
>>>>>>> 192.168.122.255
>>>>>>> ether 52:54:00:53:ac:c9 txqueuelen 0 (Ethernet)
>>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>> TX packets 0 bytes 0 (0.0 B)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>
>>>>>>> wlp12s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>> inet 192.168.1.42 netmask 255.255.255.0 broadcast
>>>>>>> 192.168.1.255
>>>>>>> inet6 fe80::e60:76ff:fe2f:29d9 prefixlen 64 scopeid
>>>>>>> 0x20<link>
>>>>>>> ether 0c:60:76:2f:29:d9 txqueuelen 1000 (Ethernet)
>>>>>>> RX packets 18 bytes 2027 (1.9 KiB)
>>>>>>> RX errors 0 dropped 0 overruns 0 frame 20284
>>>>>>> TX packets 42 bytes 5704 (5.5 KiB)
>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>> device interrupt 17 base 0xc000
>>>>>>>
>>>>>>>
>>>>>>> iptables del cliente
>>>>>>>
>>>>>>> [usuario at cliente ~]# service iptables status
>>>>>>> Redirecting to /bin/systemctl status iptables.service
>>>>>>> ● iptables.service
>>>>>>> Loaded: not-found (Reason: No such file or directory)
>>>>>>> Active: inactive (dead)
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>> 4. netstat y nap
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>> netstat en el server, muestra el puerto 5432 abierto, no se si
>>>>>>> correctamente
>>>>>>>
>>>>>>> [usuario at server ~]# netstat -nltp | grep 5432
>>>>>>> tcp 0 0 0.0.0.0:5432 0.0.0.0:*
>>>>>>> LISTEN 6642/postgres
>>>>>>> tcp6 0 0 :::5432 :::*
>>>>>>> LISTEN 6642/postgres
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> nmap desde el cliente, aca parece haber algo raro porque ve otros
>>>>>>> puertos pero no el 5432
>>>>>>>
>>>>>>> [usuario at cliente ~]# nmap 192.168.1.43
>>>>>>>
>>>>>>> Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-29 14:48 UYT
>>>>>>> Nmap scan report for mdw.southx.io (192.168.1.43)
>>>>>>> Host is up (0.018s latency).
>>>>>>> Not shown: 997 filtered ports
>>>>>>> PORT STATE SERVICE
>>>>>>> 22/tcp open ssh
>>>>>>> 139/tcp closed netbios-ssn
>>>>>>> 445/tcp closed microsoft-ds
>>>>>>> MAC Address: 18:4F:32:CA:29:7D (Unknown)
>>>>>>>
>>>>>>> Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>> No entiendo porque no lo ve si el nmap lo muestra abierto
>>>>>>> Podra ser porque esta con 0.0.0.0 y no especificamente con
>>>>>>> 192.168.1.43 ???
>>>>>>>
>>>>>>> Desde ya muchas gracias
>>>>>>>
>>>>>>> ------------------------------------
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------
>>>>>>>
>>>>>>> SouthX
>>>>>>> https://southx.io
>>>>>>> BigData
>>>>>>>
>>>>>>> Digicoins
>>>>>>> https://digicoins.cash
>>>>>>> Bitcoin
>>>>>>>
>>>>>>> Dante Castiglione Maldonado
>>>>>>> dac.maldonado at gmail.com
>>>>>>>
>>>>>>> ---------------------------------------------
>>>>>>>
>>>>>>>
>>>>>>> On 29 April 2016 at 11:08, Eduardo Trápani <etrapani at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> > Tengo dos maquinas en la wifi, las dos con CentOS 7
>>>>>>> > 192.168.1.43 (DB server) y 192.168.1.42 (DB client)
>>>>>>> >
>>>>>>> > ping responde bien en ambos sentidos
>>>>>>> > en ambas maquinas iptables service dice inactive (dead)
>>>>>>>
>>>>>>> ¿Podés pegar la salida de ifconfig en ambos equipos?
>>>>>>>
>>>>>>> Eduardo.
>>>>>>> _______________________________________________
>>>>>>> Uylug-varios mailing list
>>>>>>> Uylug-varios at listas.uylug.org.uy
>>>>>>>
>>>>>>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Uylug-varios mailing list
>>>>>> Uylug-varios at listas.uylug.org.uy
>>>>>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>>>>>
>>>>>> _______________________________________________
>>>>>> Uylug-varios mailing list
>>>>>> Uylug-varios at listas.uylug.org.uy
>>>>>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Enrique M. Verdes
>>>>> <https://uy.linkedin.com/pub/enrique-verdes/1/794/ba8>
>>>>>
>>>>> "As we enjoy great advantages from the inventions of others, we should
>>>>> be glad of an opportunity to serve others by any invention of ours; and
>>>>> this we should do freely and generously."
>>>>>
>>>>> Benjamin Franklin
>>>>>
>>>>> _______________________________________________
>>>>> Uylug-varios mailing list
>>>>> Uylug-varios at listas.uylug.org.uy
>>>>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Uylug-varios mailing list
>>> Uylug-varios at listas.uylug.org.uy
>>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>>
>>>
>>
>>
>> --
>> Enrique M. Verdes
>> <https://uy.linkedin.com/pub/enrique-verdes/1/794/ba8>
>>
>> "As we enjoy great advantages from the inventions of others, we should be
>> glad of an opportunity to serve others by any invention of ours; and this
>> we should do freely and generously."
>>
>> Benjamin Franklin
>>
>> _______________________________________________
>> Uylug-varios mailing list
>> Uylug-varios at listas.uylug.org.uy
>> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>>
>>
>
> _______________________________________________
> Uylug-varios mailing list
> Uylug-varios at listas.uylug.org.uy
> http://listas.uylug.org.uy/listinfo.cgi/uylug-varios-uylug.org.uy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.uylug.org.uy/pipermail/uylug-varios-uylug.org.uy/attachments/20160429/44759ec9/attachment-0001.htm>
More information about the Uylug-varios
mailing list