Information About CentOS 7 Network Configuration

Asked 1 years ago, Updated 1 years ago, 91 views

I am building a server for CentOS 7.
This is what it looks like when you change the Ethernet configuration and ip addr to keep the IP address fixed.(Parts down) 

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdisc noise stateUNKNOWN
link/loopback 00:00:00:00:00brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
intet127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6::1/128 scope host
valid_lft forever preferred_lft forever
2—enp8s0f0:<BROADCAST, MULTICAST, UP, LOWER_UP>mtu1500qdisc mq state UP qlen 1000
link/ether00:---------------------brdff:ff:ff:ff:ff:ff:ff
inet "Configured IP"/32brd "Configured IP" scope global connection name
valid_lft forever preferred_lft forever
inet6 ------------------------------/64 scope link
valid_lft forever preferred_lft forever

Now temporarily set PasswordAuthentication to yes in sshd_config and 

firewall-cmd--add-port=22/tcp--zone=public--permanent

Run the 

firewall-cmd -- reload
systemctl restart NetworkManager
systemctl restart network
systemctl restart sshd

Then, try ssh from the outside, and Connection timed out.

The port is open.

 [--@-------~]$ ss-tln
State Recv-Q Send-Q Local Address: Port Peer Address: Port
LISTEN 0128*:22*:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0128:::22:::*
LISTEN0100::1:25:::*

Connect normally when accessed from within the same LAN as the server.
Does that mean this is a local address?

I want to connect with ssh from outside, but I don't know what to do.

I'm sorry for my lack of knowledge, but I appreciate your cooperation.

centos network

2022-09-30 20:46

2 Answers

IPv6 is not known (sorry) and is assumed to be IPv4.

Connect normally when accessed from within the same LAN as the server.

So I think you have assigned a private IP.
(By the way, it doesn't make much sense to hide private IPs),

·How (where) do you access from the outside (on the Internet side?)?
·Is there a firewall between the outside and the server?
·If so, do you allow ssh in the firewall?

[Additional]
[http://www.atmarkit.co.jp/aig/06network/privateip.html]
If the corresponding address is dumped here, it is a "private address."

CentOS 7 firewall is working.
However, port 22 is allowed to pass.

The firewall (F/W) mentioned here is
on the server host. It's not how it works, it's the physical equipment on the network.

I think it would be better to describe the structure more accurately.
For example, from my home to a server in a company (somewhere) with ssh
If you want to join, it should be roughly as follows:

[Home PC]--[Home Wireless Router]--[Company F/W]--[Covered Servers]


If the target server has a private address assigned to it,
Some kind of global IP
because you can't see the address space from inside your home. is required, and for VPS, a global IP is assigned, so
ssh username @global IP
allows you to connect.

If so, is it possible to set the global address?
Will it be static NAT or something?

If this is similar to the configuration example above, enterprise F/W to target servers
Assign the corresponding global IP and set the Enterprise F/W setting to static NAT
It is possible to do so.If this is the case, click
Target Servers
You can leave the configuration as it is.

2022-09-30 20:46

I think you want to ssh over the Internet to a server that operates with a private address.The correct answer is that there can be many ways to do this depending on your network configuration.

For example, a server is in your home or office, and you have a broadband router connecting to the Internet.A broadband router has a global IP on the WAN side (Internet side) and a private IP on the LAN side, and the server is on the LAN side.At this point, the port forwarding feature on the broadband router allows packets connected to Global IP #22 (SSH) to be forwarded to the LAN-side server #22.(Unless it's a very strange router, as far as I know, it has this feature.)

To achieve this, you need to know the address on the WAN side.It should be displayed somewhere on the router's management screen, so please check it out.The port forwarding function is also set from the router's management screen, but depending on the product, the terms "game server function" and "port forward function" can vary, so please look at the management screen first.

Also, in rare cases, some providers have private IP on the WAN side.Please note that in this case, port forwarding is not possible from outside.

2022-09-30 20:46

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

539 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

527 Unable to install versioned in Google Colab

504 No exact matches in call to instance method 'append'

503 The method of the class of the application that I am creating in Typescript does not work as I expected.

525 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

© 2024 OneMinuteCode. All rights reserved.