Discover Centmin Mod today
Register Now

Can't ssh out from CentOS7

Discussion in 'System Administration' started by GASTAN, Dec 16, 2019.

  1. GASTAN

    GASTAN Member

    83
    11
    8
    Jun 28, 2017
    Ratings:
    +16
    Local Time:
    7:47 PM
    Hi

    This just regular CentOS7 install (without centmin) but I have weird problem
    From what I gather outgoing traffic should be open by default and it's not simple to block in on firewalld.
    But somehow I cannot ssh out of my machine (to make backup)

    iptables -L looks like this:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    INPUT_direct  all  --  anywhere             anywhere
    INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
    INPUT_ZONES  all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere             ctstate INVALID
    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    FORWARD_direct  all  --  anywhere             anywhere
    FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
    FORWARD_IN_ZONES  all  --  anywhere             anywhere
    FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
    FORWARD_OUT_ZONES  all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere             ctstate INVALID
    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    OUTPUT_direct  all  --  anywhere             anywhere
    
    Chain FORWARD_IN_ZONES (1 references)
    target     prot opt source               destination
    FWDI_public  all  --  anywhere             anywhere            [goto]
    FWDI_public  all  --  anywhere             anywhere            [goto]
    
    Chain FORWARD_IN_ZONES_SOURCE (1 references)
    target     prot opt source               destination
    
    Chain FORWARD_OUT_ZONES (1 references)
    target     prot opt source               destination
    FWDO_public  all  --  anywhere             anywhere            [goto]
    FWDO_public  all  --  anywhere             anywhere            [goto]
    
    Chain FORWARD_OUT_ZONES_SOURCE (1 references)
    target     prot opt source               destination
    
    Chain FORWARD_direct (1 references)
    target     prot opt source               destination
    
    Chain FWDI_public (2 references)
    target     prot opt source               destination
    FWDI_public_log  all  --  anywhere             anywhere
    FWDI_public_deny  all  --  anywhere             anywhere
    FWDI_public_allow  all  --  anywhere             anywhere
    ACCEPT     icmp --  anywhere             anywhere
    
    Chain FWDI_public_allow (1 references)
    target     prot opt source               destination
    
    Chain FWDI_public_deny (1 references)
    target     prot opt source               destination
    
    Chain FWDI_public_log (1 references)
    target     prot opt source               destination
    
    Chain FWDO_public (2 references)
    target     prot opt source               destination
    FWDO_public_log  all  --  anywhere             anywhere
    FWDO_public_deny  all  --  anywhere             anywhere
    FWDO_public_allow  all  --  anywhere             anywhere
    
    Chain FWDO_public_allow (1 references)
    target     prot opt source               destination
    
    Chain FWDO_public_deny (1 references)
    target     prot opt source               destination
    
    Chain FWDO_public_log (1 references)
    target     prot opt source               destination
    
    Chain INPUT_ZONES (1 references)
    target     prot opt source               destination
    IN_public  all  --  anywhere             anywhere            [goto]
    IN_public  all  --  anywhere             anywhere            [goto]
    
    Chain INPUT_ZONES_SOURCE (1 references)
    target     prot opt source               destination
    
    Chain INPUT_direct (1 references)
    target     prot opt source               destination
    
    Chain IN_public (2 references)
    target     prot opt source               destination
    IN_public_log  all  --  anywhere             anywhere
    IN_public_deny  all  --  anywhere             anywhere
    IN_public_allow  all  --  anywhere             anywhere
    ACCEPT     icmp --  anywhere             anywhere
    
    Chain IN_public_allow (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW,UNTRACKED
    
    
    any ideas, what could be the problem?
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,417
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,692
    Local Time:
    3:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    sure it ain't the destination side not blocking it inbound wise ?
     
  3. GASTAN

    GASTAN Member

    83
    11
    8
    Jun 28, 2017
    Ratings:
    +16
    Local Time:
    7:47 PM
    yeah, it was the companys firewall.
    thank you. just needed to make sure it's not on my side