我有一台 centos 机器,我正在尝试使用安装一些依赖项yum。当我这样做时,我不断收到一条消息,指出无法解析主机。有人告诉我,之前使用该机器的人在其上部署了非常严格的防火墙。我尝试了 service iptables stop,但仍然遇到这个问题。还有哪些其他防火墙可能阻止我与其他主机通信?
防火墙的设置方式是我只能通过给定实验室中的特定计算机 ssh 进入计算机。
错误:
sudo yum install perl-XML-Simple
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.mirror.ndchost.com
* extras: centosmirror.quintex.com
* updates: centos.aol.com
http://centos.mirror.ndchost.com/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
http://centosmirror.quintex.com/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centosmirror.quintex.com'"
Trying other mirror.
http://mirror.beyondhosting.net/CentOS/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.beyondhosting.net'"
Trying other mirror.
http://mirror.compevo.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.compevo.com'"
Trying other mirror.
http://mirror.kentdigital.net/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.kentdigital.net'"
Trying other mirror.
http://mirror.wiredtree.com/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.wiredtree.com'"
Trying other mirror.
http://mirrors.adams.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.adams.net'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.rit.edu/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.rit.edu'"
Trying other mirror.
http://mirrors.sonic.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.sonic.net'"
Trying other mirror.
http://mirrors.syringanetworks.net/centos/6.5/extras/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.syringanetworks.net'"
Trying other mirror.
http://centos.aol.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.aol.com'"
Trying other mirror.
http://centos.eecs.wsu.edu/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.eecs.wsu.edu'"
Trying other mirror.
http://centos.host-engine.com/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.host-engine.com'"
Trying other mirror.
http://mirror.cisp.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cisp.com'"
Trying other mirror.
http://mirror.linux.duke.edu/pub/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.linux.duke.edu'"
Trying other mirror.
http://mirror.tocici.com/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.tocici.com'"
Trying other mirror.
http://mirrors.liquidweb.com/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.liquidweb.com'"
Trying other mirror.
http://mirrors.seas.harvard.edu/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.seas.harvard.edu'"
Trying other mirror.
ftp://ftp.wallawalla.edu/pub/mirrors/centos/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'ftp.wallawalla.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package perl-XML-Simple.noarch 0:2.18-6.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================================================================================
Installing:
perl-XML-Simple noarch 2.18-6.el6 base 72 k
Transaction Summary
======================================================================================================================================================================================================================================
Install 1 Package(s)
Total download size: 72 k
Installed size: 155 k
Is this ok [y/N]: y
Downloading Packages:
http://centos.mirror.ndchost.com/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'centos.mirror.ndchost.com'"
Trying other mirror.
http://mirror.cs.vt.edu/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.cs.vt.edu'"
Trying other mirror.
http://mirror.pac-12.org/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.pac-12.org'"
Trying other mirror.
http://mirror.rackspace.com/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.rackspace.com'"
Trying other mirror.
http://mirror.raystedman.net/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.raystedman.net'"
Trying other mirror.
http://mirror.solarvps.com/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.solarvps.com'"
Trying other mirror.
http://mirror.team-cymru.org/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.team-cymru.org'"
Trying other mirror.
http://mirrors.easynews.com//linux/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.easynews.com'"
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirrors.usc.edu'"
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/6.5/os/x86_64/Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nandomedia.com'"
Trying other mirror.
Error Downloading Packages:
perl-XML-Simple-2.18-6.el6.noarch: failure: Packages/perl-XML-Simple-2.18-6.el6.noarch.rpm from base: [Errno 256] No more mirrors to try.
这是防火墙打开时 iptables 的输出。但是当使用 yum 时我已经完成了service iptables stop
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
8 560 ACCEPT all -- * * 128.46.76.110 0.0.0.0/0
0 0 ACCEPT all -- * * 128.0.0.0/8 0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.0/8 127.0.0.0/8
5 480 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7 420 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 18 packets, 1788 bytes)
pkts bytes target prot opt in out source destination
当防火墙关闭时,它是:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
/etc/resolv.conf
# Generated by NetworkManager
search ecn.xxx.purdue.edu
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
答案1
没有OUTPUT适当的防火墙规则,并且默认OUTPUT策略是“接受”,因此没有任何东西可以阻止 DNS 查询的发出。
此外,在接受所有传出连接的传入响应以及与传出连接相关的任何其他消息的规则之前,没有INPUT防火墙规则专门阻止 DNS 响应传入。state RELATED,ESTABLISHED
FORWARD仅当该系统充当路由器或虚拟化主机时,这些规则才适用。仅当 VM 的 IP 地址位于 192.168.122.0/24 网络中时,才允许在此主机上运行的任何虚拟机进行传出连接。除此之外,虚拟机的 DNS 连接似乎没有特殊限制。
问题似乎是系统此时没有配置 DNS 名称服务器。您可以通过在与传出网络接口相对应的文件DNS1=<nameserver IP address>中添加一行来解决此问题/etc/sysconfig/network-scripts/ifcfg-*,或者按照 jofel 在他的评论中建议的那样直接向文件nameserver <nameserver IP address>中添加一行/etc/resolv.conf。
如果您将名称服务器地址添加到ifcfg-*文件中,您可能需要禁用并重新启用网络接口才能使更改生效,或者只是重新启动。如果直接编辑/etc/resolv.conf,更改将在保存文件后立即生效。