[CentOS] Chrome
Hello, I have been using chrome for a while now on other systems. I am having an issue finding Chrome for Centos. Can anyone point me in the right direction? Thnx. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS lookup delay with centos postfix
On Wednesday 25 July 2012 17:47, the following was written: I used dig from the email svr command line with the primary DNS svr up and (naturally) it pulled from there as normal. Then I downed the primary DNS svr, saw the nagios check fail and tried again. The same dig lookup was actually faster and pulled from the secondary DNS svr just fine. And, again, the nagios alert cleared as soon as the primary DNS svr was back online. I believe the reason you noticed a faster response is because the second query used the cached information from the first look-up not because the second server is/was faster. to verify this look at the TTL times in the response. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] webmin and DNS configuration on CentOS 6.2
On Wednesday 09 May 2012 16:38, the following was written: I have two seemingly identical (in this reglard, at least) machine - both of them are running CentOS 6.2 with bind (bind-chroot) installed. I used webmin to edit the DNS configuration. One one of them it seems to work fine, on the other I get messages akin to the following: Sounds to me as if you have SELinux set to enforce on the one that is giving you issues. you can check this with; getenforce You should get one of the following responses; Enforcing Permissive SELinux only allows writing to /var/named/chroot/slave by default Another question I have is why do you not have your servers setup as Master and Slave? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables drop on virtual host
On Friday 27 April 2012 18:41, the following was written: On 4/27/2012 5:05 PM, Bob Hoffman wrote: dropping IPs by host machine, protecting the vms. would something like this work -A PREROUTING -s 66.77.65.128/26 -j DROP or would my server die upon testing it...lol ___ okay, after about 400 atempts and some hour or so of reading, I find that red hat auto disables the ability to use the host iptables rules to protect the virtual machines. # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 not sure which would be turned on, bottom two or just the middle net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 1 I would think you only need the middle one turned on for the firewall. If you are looking to block ip addresses from getting to your VM's then you should seetup your firewall on the bridge. And adding that one rule above should take care of your issues. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Isues with YUM Update
On Thursday 15 March 2012 20:38, the following was written:
On 3/15/2012 8:09 PM, Robert Spangler wrote:
Hello all,
Is this a known issue?
From what I can tell it started on Tuesday.
~ $ sudo yum -y update Password:
Setting up Update Process Setting up repositories dag
100% |=| 1.1 kB00:00 kbs-CentOS-Extras
100% |=| 1.9 kB00:00 kbs-CentOS-Misc
100% |=| 1.9 kB00:00
http://www.gtlib.gatech.edu/pub/centos/4.9/updates/i386/repodata/repomd.
xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror.
http://ftp.osuosl.org/pub/centos/4.9/updates/i386/repodata/repomd.xml:
[Errno 14] HTTP Error 404: Not Found Trying other mirror.
From one of those mirror sites:
http://www.gtlib.gatech.edu/pub/centos/4/readme
This directory (and version of CentOS) is depreciated.
CentOS-4 is now past EOL
You can get the last released version of centos 4.9 here:
http://vault.centos.org/4.9/
Thnx. Missed that one totally. Guess I'll finally have to update the hardware
in this old machine.
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Isues with YUM Update
Hello all, Is this a known issue? From what I can tell it started on Tuesday. ~ $ sudo yum -y update Password: Setting up Update Process Setting up repositories dag 100% |=| 1.1 kB00:00 kbs-CentOS-Extras 100% |=| 1.9 kB00:00 kbs-CentOS-Misc 100% |=| 1.9 kB00:00 http://www.gtlib.gatech.edu/pub/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.osuosl.org/pub/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.sanctuaryhost.com/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.trouble-free.net/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.atlanticmetro.net/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.ubiquityservers.com/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirrors.greenmountainaccess.net/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.san.fastserv.com/pub/linux/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.metrocast.net/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirrors.gigenet.com/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://centos.mirrors.hoobly.com/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.umd.edu/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.raystedman.net/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.team-cymru.org/CentOS/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://centos.eecs.wsu.edu/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://yum.singlehop.com/CentOS/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.wiredtree.com/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirrors.ecvps.com/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirrors.rit.edu/centos/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirrors.tummy.com/mirrors/CentOS/4.9/updates/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Cannot open/read repomd.xml file for repository: update failure: repodata/repomd.xml from update: [Errno 256] No more mirrors to try. Error: failure: repodata/repomd.xml from update: [Errno 256] No more mirrors to try. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] File permissions
On Saturday 10 March 2012 13:45, the following was written: Thnx everyone. I was under the impression that even though you had access to the directory you still could not touch a file that you were not part of the owner or group unless the bits were set. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] File permissions
Hello, I need to know if there is something I am missing about file permission as I believe I am seeing some strange stuff on my system. I have a directory as follows: drwxrwxrwx 7 root root 4096 Mar 10 13:35 temp In this directory I have a file: -rw-r--r-- 1 root root 137 Oct 30 02:16 208-109-248-33test As a normal user should I be able to rename this file? I believe that only root should be able to modify this file but as a normal user I am able to rename it without elevated privileges as so: temp $ mv 208-109-248-33test 208-109-248-33-mv [Sat Mar 10 13:41:05] /temp temp $ lt 208* -rw-r--r-- 1 root root 137 Oct 30 02:16 208-109-248-33-mv How is this possible? If it is possible what am I missing or not understanding? Thnx. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Running processes
Hello, I was wondering if anyone could tell me why so many processes are started on my system? Here is a list of them. I am trying to figure out why they are running and if I can stop them. Thnx. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root2 0.0 0.0 0 0 ? S 19:33 0:00 [migration/0] root3 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/0] root4 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/0] root5 0.0 0.0 0 0 ? S 19:33 0:00 [migration/1] root6 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/1] root7 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/1] root8 0.0 0.0 0 0 ? S 19:33 0:00 [migration/2] root9 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/2] root 10 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/2] root 11 0.0 0.0 0 0 ? S 19:33 0:00 [migration/3] root 12 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/3] root 13 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/3] root 14 0.0 0.0 0 0 ? S 19:33 0:00 [migration/4] root 15 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/4] root 16 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/4] root 17 0.0 0.0 0 0 ? S 19:33 0:00 [migration/5] root 18 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/5] root 19 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/5] root 20 0.0 0.0 0 0 ? S 19:33 0:00 [migration/6] root 21 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/6] root 22 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/6] root 23 0.0 0.0 0 0 ? S 19:33 0:00 [migration/7] root 24 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/7] root 25 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/7] root 26 0.0 0.0 0 0 ? S 19:33 0:00 [events/0] root 27 0.0 0.0 0 0 ? S 19:33 0:00 [events/1] root 28 0.0 0.0 0 0 ? S 19:33 0:00 [events/2] root 29 0.0 0.0 0 0 ? S 19:33 0:00 [events/3] root 30 0.0 0.0 0 0 ? S 19:33 0:00 [events/4] root 31 0.0 0.0 0 0 ? S 19:33 0:00 [events/5] root 32 0.0 0.0 0 0 ? S 19:33 0:00 [events/6] root 33 0.0 0.0 0 0 ? S 19:33 0:00 [events/7] root 34 0.0 0.0 0 0 ? S 19:33 0:00 [khelper] root 107 0.0 0.0 0 0 ? S 19:33 0:00 [kthread] root 118 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/0] root 119 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/1] root 120 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/2] root 121 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/3] root 122 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/4] root 123 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/5] root 124 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/6] root 125 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/7] root 126 0.0 0.0 0 0 ? S 19:33 0:00 [kacpid] root 291 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/0] root 292 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/1] root 293 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/2] root 294 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/3] root 295 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/4] root 296 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/5] root 297 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/6] root 298 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/7] root 301 0.0 0.0 0 0 ? S 19:33 0:00 [khubd] root 303 0.0 0.0 0 0 ? S 19:33 0:00 [kseriod] root 387 0.0 0.0 0 0 ? S19:33 0:00 [khungtaskd] root 388 0.0 0.0 0 0 ? S19:33 0:00 [pdflush] root 389 0.0 0.0 0 0 ? S19:33 0:00 [pdflush] root 390 0.0 0.0 0 0 ? S 19:33 0:00 [kswapd0] root 391 0.0 0.0 0 0 ? S 19:33 0:00 [aio/0] root 392 0.0 0.0 0 0 ? S 19:33 0:00 [aio/1] root 393 0.0 0.0 0 0 ? S 19:33 0:00 [aio/2] root 394 0.0 0.0 0 0 ? S 19:33 0:00 [aio/3] root 395 0.0 0.0 0 0 ? S 19:33 0:00 [aio/4] root 396 0.0 0.0 0 0 ? S 19:33 0:00 [aio/5] root 397 0.0 0.0 0 0 ? S 19:33 0:00 [aio/6] root 398 0.0 0.0 0 0 ? S 19:33 0:00 [aio/7] root 548 0.0 0.0 0 0 ? S 19:33 0:00 [kpsmoused] root 636 0.0 0.0 0 0 ? S 19:33 0:00 [ata/0] root 637 0.0 0.0 0 0 ? S 19:33 0:00 [ata/1] root 638 0.0 0.0 0 0 ? S 19:33 0:00 [ata/2] root 639 0.0 0.0 0 0 ? S 19:33 0:00 [ata/3] root 640 0.0 0.0 0 0 ? S 19:33 0:00 [ata/4] root 641 0.0 0.0 0 0 ? S 19:33 0:00 [ata/5] root 642 0.0 0.0 0 0 ? S 19:33 0:00 [ata/6] root 643 0.0 0.0 0 0 ? S 19:33 0:00 [ata/7] root 644 0.0 0.0 0 0 ? S 19:33 0:00 [ata_aux] root 654 0.0 0.0 0 0 ? S 19:33 0:00
Re: [CentOS] Running processes
On Thursday 08 March 2012 20:44, the following was written: From the looks of things, you have 8 CPUs (or cores), and these standard processes are being started on a 1 per core basis. I have a quad-core proc, and have 4 of each of those processes (0-3). That is what I was thinking but wasn't sure. Thnx. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 software raid 10 with LVM - Need help with degraded drive and only one MBR
On Saturday 03 March 2012 00:35, the following was written: I escalated to the DC manager and this is what he replied: I'm sorry your having a hard time with software raid on your server and our install process. From what I remember talking with out techs long ago about this is, that when using raid10 and software raid, the bootloader cannot be installed on the software raid partition and has to be on a single drive. I am not 100% sure on this, and will confirm with my tech later tonight and to see what can be done to correct your issue. Do not let them tell you that you cannot boot from a software raid. I do it here all the time. The /boot has to be on a raid1 setup to boot. Everything else can be on a whatever raid you choose. Bottom line is if they caused you downtime then you should be compensated for it. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat PREROUTING chain
On Tuesday 14 February 2012 15:21, the following was written: Is there a way to add a rule to the nat table (CentOS 5.7) that would alter the port number of tcp packets destined for the server itself? I have ip_forwarding enabled, but the packets don't seem to hit the prerouting chain. I have the following redirect rule in the prerouting table. I also tried DNAT, but if the packets don't hit PREROUTING, it won't work either. iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 16079 packets, 896K bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 10.10.10.0/24 0.0.0.0/0 tcp dpt:25 redir ports 12345 aspen 2# cat /proc/sys/net/ipv4/ip_forward 1 Where are you applying this rule? On a firewall or on the SMTP server itself? If the firewall then you need to use DNAT Example: iptables -t nat -A PREROUTING -p tcp --dport Port -j DNAT --to-destination Server IP:Port If you only want this to happen on the inside of the firewall then you are also going to have to include the interface you want this rule to apply to. If it is on the SMTP server itself then you don't need forward to be turned on and you need to use REDIRECT Example: iptables -t nat -A PREROUTING -p tcp --dport Port -j REDIRECT --to-ports Port Also make sure no other rule is filtering the packets before this rule because if the packets are altered then this rule will never be used. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Saturday 04 February 2012 19:18, the following was written: On 02/03/2012 11:56 PM, Robert Spangler wrote: On Friday 03 February 2012 09:10, the following was written: On 02/03/2012 08:07 AM, Mihamina Rakotomandimby wrote: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Thank you. All packets appear on both interfaces, unless you use ebtables/iptables to restrict them. Really? Only hubs present packets to all interfaces. Linux work as a router not a hub. A network bridge connects multiple network segments at the data link layer (Layer 2) of the OSI model. In Ethernet networks, the term bridge formally means a device that behaves according to the IEEE 802.1D standard. A bridge and a switch are very much alike; a switch being a bridge with numerous ports. Switch or Layer 2 switch is often used interchangeably with bridge. The OP was asking for help on configuring bridging. You reply made it sound like it wasn't necessary as All packets appear on both interfaces. That statement is false unless it has been configured that way. Which at that point in time we can assume that the OP hasn't configured it, thus the question. Nice textbook definition btw. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Friday 03 February 2012 08:07, the following was written: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Create your Bridge interface as you have found on the web. Remember you do not have to label it as br0, you can label it any number you want. After that is complete you just have to edit ifcfg-eth2 and ifcfg-eth3 to switch them to be part of the bridge with the following: snip DEVICE=eth# ONBOOT=yes BRIDGE=br# /snip If your configs have a 'HARDWARE=' leave that in there. the above should be all you need. Remember to replace the '#' with the correct information. Here is my config file for the interface connect to the bridge: snip # Realtek Semiconductor Co., Ltd. RTL-8110SC/8169SC Gigabit Ethernet DEVICE=eth0 #BOOTPROTO=static #BROADCAST=192.168.1.255 HWADDR=48:5B:39:2A:07:D5 #IPADDR=192.168.1.100 #NETMASK=255.255.255.0 #NETWORK=192.168.1.0 ONBOOT=yes BRIDGE=br0 /snip I would suggest that you only comment out the other lines by placing a '#' in the front that way you can back out easy if there are any problem as I have above. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Friday 03 February 2012 09:10, the following was written: On 02/03/2012 08:07 AM, Mihamina Rakotomandimby wrote: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Thank you. All packets appear on both interfaces, unless you use ebtables/iptables to restrict them. Really? Only hubs present packets to all interfaces. Linux work as a router not a hub. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Emergency help needed on host network randomly stop working.
On Wednesday 12 October 2011 03:43, the following was written: Hi, This is a Centos 5.5 host with one xen guest. About 2 weeks ago, the host randomly lost network connection. By this I mean I could not connect to the services on it, or ping it. Also was the status of the guest. From serial console, I connected to the host, trying to see what happened. No clue (any error messages) in messages or dmesg. ifdown/ifup the interface did not help, either. Only rebooting was my only choice. Searching through Google, I got the information that some other guys met similar problem, and resolved by setting stp on with the bridge interface. I set it, too. And the problem still occurs. Any idea what I should check now? I am no expert but it sounds like you might be in the early stages of hardware failure. Next time this system stop responding check the following: 1. System interface state 2. Connected switch interface If the switch shows down but the system shows up I wold start by replacing the NIC on the system. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BIND and a second server resolving itself
On Friday 07 October 2011 06:25, the following was written:
In the named.conf, located on main.example.com, I am adding my entire 16
IP block of addresses along with my localhost
options {
allow-recursion { localhost; xxx.xxx.xxx.xxx /29;};
allow-query { localhost; xxx.xxx.xxx.xxx/29; };
};
Maybe I am missing something here but if you are only allowing your entire 16
block to query/resolve on your DNS server why are you even running a DNS
server? Sounds like an over kill to me. Why not just setup the resolv.conf
file to use your Datacenter, Google or some other open DNS server to resolve
for YUM?
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth enumeration order
On Tuesday 20 September 2011 04:10, the following was written: On 19.09.2011 23:48, Robert Spangler wrote: On Monday 19 September 2011 11:04, the following was written: So How do you specifiy the order in which NICs are enumerated? or at least how to tell centos to stop messing with the 70-persistent-net.rules? Add the hardware addresses to their ifcfg-eth# files. HWADDR=xx:xx:xx:xx:xx:xx That's it?! What about udev? Do not know. Never had to touch udev rules for my network. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation of 6.0
On Tuesday 20 September 2011 17:39, the following was written: On Tuesday, September 20, 2011 04:44:35 PM Robert Nichols wrote: On 09/20/2011 02:49 PM, Craig White wrote: Guessing that you didn't look/watch the console on first boot but rather used ssh to connect from another station. If you haven't rebooted the system since the first boot, hook up a monitor/keyboard/mouse and see. Operation of the firstboot script depends on having a GUI installed. It doesn't get executed if you installed just the base system. Actually, this isn't correct. On my RHEL 6.1 system, on firstboot with a non-GUI console a curses-based (or a reasonable facsimile of a curses-based) text-mode configurator came up, and allowed me to configure networking and a number of other items. Do an install without GUI (not necessarily a minimal install, but a server install) and see what comes up on first boot. Like I said, that's what my RHEL 6.1 box did on first boot. I guess it would all depend on what ISO you are using then because I built a new system this weekend using 'CentOS-6.0-x86_64-minimal.iso' and upon reboot I never get anything for first boot. I had to edit my configuration files by hand to get the system online. NetworkManager is a POS and should be dropped. Of course this is my opinion and I stand by it. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth enumeration order
On Monday 19 September 2011 11:04, the following was written: So How do you specifiy the order in which NICs are enumerated? or at least how to tell centos to stop messing with the 70-persistent-net.rules? Add the hardware addresses to their ifcfg-eth# files. HWADDR=xx:xx:xx:xx:xx:xx -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6: ethernet ifconfig up failure
On Sunday 11 September 2011 14:57, the following was written: So why is ifconfig eth0 up not connecting? Have you tried 'ifup eth0'? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to understand SELinux MSG
On Thursday 08 September 2011 16:58, the following was written: I'm not a pro or anything, but this bug report gives a bit more info. Have you made any changes to the disk lately? https://bugzilla.redhat.com/show_bug.cgi?id=485921 find / -context *:file_t:* The above command will show you what file is causing the messages. Thank you for your response. I do not make changes to the disk other then software update and saving files. I run your command above and its output is as follows: ~ $ sudo find / -context *:file_t:* getfilecon(/proc/29073/task/29073/fd/4): No such file or directory getfilecon(/proc/29073/task/29073/fdinfo/4): No such file or directory getfilecon(/proc/29073/fd/4): No such file or directory getfilecon(/proc/29073/fdinfo/4): No such file or directory So it doesn't look like any files are labeled incorrectly. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to understand SELinux MSG
On Friday 09 September 2011 10:21, the following was written: That's the total output? Yep. Nothing more. I ran it again and here is the new output: [Fri Sep 09 10:40:20] [rjs@bms] /home/rjs ~ $ sudo find / -context *:file_t:* getfilecon(/proc/7408/task/7408/fd/4): No such file or directory getfilecon(/proc/7408/task/7408/fdinfo/4): No such file or directory getfilecon(/proc/7408/fd/4): No such file or directory getfilecon(/proc/7408/fdinfo/4): No such file or directory [Fri Sep 09 10:40:44] [rjs@bms] /home/rjs -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Trying to understand SELinux MSG
Hello,
I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be labeled file_t. If you have just added a new disk drive to the system you
can relabel it using the restorecon command. Otherwise you should relabel the
entire files system.
Allowing Access:
You can execute the following command as root to relabel your computer
system: touch /.autorelabel; reboot
Additional Information:
Source Context: user_u:system_r:pam_console_t
Target Context: system_u:object_r:file_t
Target Objects: / [ dir ]
Source: pam_console_appSource
Path: /sbin/pam_console_apply
Port: Unknown
Host: host1.mycompany.com
Source RPM Packages:pam-0.99.6.2-6.el5_5.2
Target RPM Packages:filesystem-2.4.0-3.el5.centos
Policy RPM: selinux-policy-2.4.6-316.el5
Selinux Enabled:True
Policy Type:targeted
MLS Enabled:True
Enforcing Mode: Enforcing
Plugin Name:file
Host Name: host1.mycompany.com
Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP
Fri Jul 15
07:31:24 EDT 2011 x86_64 x86_64
Alert Count:77
First Seen: Thu 08 Sep 2011 02:04:40 PM EDT
Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT
Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c
Line Numbers:
Raw Audit Messages :
host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied
{ read } for pid=690 comm=pam_console_app name=/ dev=md4 ino=2
scontext=user_u:system_r:pam_console_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
arch=c03e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=pam_console_app
exe=/sbin/pam_console_apply subj=user_u:system_r:pam_console_t:s0
key=(null)
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to run yum update
On Wednesday 31 August 2011 17:37, the following was written: The system involved is a 32-bit system, installed via the net about a yum update encountered the following diagonstic Error: Package: yaf-1.3.2-1.el6.rf.x86_64 (@rpmforge) Requires: libfixbuf-0.9.0.so.8()(64bit) Removing: libfixbuf-0.9.0-1.el6.rf.x86_64 (@rpmforge) libfixbuf-0.9.0.so.8()(64bit) Updated By: libfixbuf-1.0.1-1.el6.rf.x86_64 (rpmforge) Not found These are 64 bit programs. Look at them closely. 'x86_64' '(64bit)' Are your clues. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 2 questions on CentOS firewall
On Tuesday 19 July 2011 09:11, the following was written: Timothy Murphy wrote: I'm running CentOS-6 on an HP MicroServer with a Billion 5200S modem/router connecting to the internet. I'm running the standard CentOS-6 firewall on the server. (1) I can open port 22 on the Billion, allowing me to ssh in from outside. But for some reason I cannot ping the same address from outside. (I can ping it internally.) Why is this? I'm not sure if the problem lies with the router or the server? There does not seem to be any explicit rule on either to allow ICMP packets through. This is due to modem refuses to answer to pings. You might have option to allow it in modem config. Modems cannot answer pings. They are a bridge. The most likely reason why the OP cannot ping is because the firewall is not allowing it. Adding rules to allow pings should clear up this issue. (2) I have a Linksys WRT54GL WiFi router attached to the server, to allow access to the internet from laptops. This works fine. But I was surprised to find that when I turn OFF the firewall on the server this stops access to the internet on laptops. (I didn't test to see if re-booting the laptop would solve this.) Can disabling the firewall actually prevent some linkage? When you turn off firewall, it stops routing packets so they can not be passed to systems behind it. IPTABLES does not route packets. IPTABLES manipulate packet so that they can be routed to the proper destination. The reason the OP could not connect to the internet is because the firewall was NAT'ing his packets that were leaving his network to his internet facing ip address. Ounce the natting stopped the packets were sent to the internet with the address of his laptop which was most likely a private address. Since private addresses are not supposed to be routed on the internet the receiving router dropped the return packet. Only option I can think of is to use shorewall as firewall and add NAT/Masquerade and the rest of the rules to routestoped confgi file: The OP can continue to use IPTABLES the rules just need to be setup properly. No need to install other software when what you have installed will do the job. OP can start by reading this Tutorial. http://www.zoominternet.net/~lazydog/iptables-tutorial -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A bridge problem
On Monday 13 June 2011 14:02, the following was written: We just went to replace the bridge/firewall services one one server with the same on another. It's pretty simple, and I literally cloned (w/ rsync) a third server that does this onto the one that will be the new one. Then copied the /etc/sysconfig/iptables from the one being replaced, and brought it up this morning. Nope. We had to put everything back the way it was. The new one sees the two or three servers behind the firewall, and we can ping them, from the new box. On one, we see IPP broadcasts; in fact, we see lots of broadcast packets using tcpdump. From outside, though, you can't see the servers. Trying to ping them, they see nothing. It seems to be the case that tcp and icmp packets are blocked, and we can't figure out why. Is the firewall IP or port based or a combo of both? Is the firewall setup on the bridge interface or on each individual server interface i.e., eth0, eth1 etc.. What does ifconfig show you? Are all the interfaces started? Do the DHCP interfaces receive a DHCP address? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ultrasecure sshd server
On Thursday 09 June 2011 17:34, the following was written: How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. Have you thought about securing your ssh keys with a pasword? I do that here so if someone would happen to get a hold of my keys they still could not use them. I am guessing that is why you are looking for both keys and passwords. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables to block region-specific ip's?
On Wednesday 11 May 2011 12:58, the following was written: I'm running fail2ban on my centos machine. It's handling sshd and postfix, and is working quite well. From the reports I'm seeing all the atempts are from a certain registrar's region, I won't name it, and was wondering instead of blocking individual ip's if there was a way I could block with iptables the complete region of ip's. I realize this will cut off a good majority of the world, but this is something i'm still curious about? iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP Replace the x's with the start of the ip address range you want to block and also make sure you are using the correct bit mask for that range. If the interface is something other then eth0 then you will need to replace that too with the correct interface. The '-I' will place this rule as the very first rule in the chain. If you are using a passthrough box then replace INPUT with FORWARD. With regards blocking ip's and fail2ban, which method is better in terms of system resources, blocking via iptables as in the case of sshd or blocking via hosts.deny as in the case of postfix? I don't know the answer to this. I prefer IPTABLES. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts not resolving hostnames
On Friday 08 April 2011 14:32, the following was written: On Fri, Apr 8, 2011 at 1:27 PM, m.r...@5-cent.us wrote: Johan Martinez wrote: I have modified /etc/hosts file with IP address and hostname entries. However, host command is returning 'Host vhost1.example.com not found: 3(NXDOMAIN)'. Also, apache is returning error on start as '[error] (EAI 2)Name or service not known: Could not resolve host name vhost1.example.com-- ignoring!' . The ssh worked fine and resolved the hostname correctly (ssh from same system to itself - just for test). Am I missing something here? I thought /etc/hosts will be referred for all lookups. Any help?? Does /etc/resolv.conf exist? If so, what does /etc/nsswitch.conf say - files first? mark resolv.conf exists and nsswitch.conf has a following line: hosts: files dns Check /etc/host.conf that is the file that tells the system in what order to do it's lookups. Should be as follows: order hosts,bind SELinux was in enforcing mode, but I didn't see any errors in audit.log. Still I have disabled it for now. SELinux shouldn't play a role here. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts - hostname alias for 127.0.0.1
On Tuesday 08 March 2011 12:39, the following was written: And giving it 127.0.0.1 would tell it others to ignore it, I think. Where did your user come up with this idea - clearly, they have *no* clue what they're doing, and need at least a brown bag lunch about TCP/IP, and they should not be allowed to dictate this. Their idea is a bug, and needs to be fixed. snip You guys do know that the names in your host file only apply to YOU on that machine right? It does not matter if you connect to 127.0.0.1 or something else UNLESS you specifically listen on a specific IP address on that machine AND you need to connect to that address from the machine itself. snip Let me expand on the above: if anyone on *any* other machine is trying to connect to that, it won't work. If they try to point a browser to it, unless they've done ssh -X to the server, they'll talk to their *own* machine, and it won't be found. Let me try another way to explain this to you. If you try to get to the site xyz.com and you open your browser and type that in you are using what to get the ip address of that service? Correct, DNS, as you don't have xyz.com listed in your LOCAL host file. In DNS the site xyz.com resolves to 1.1.1.1 Now you ssh (ssh -x) into the xyz server. The server has the following in its Hosts file; 127.0.0.1 xyz.com You open a browser the xyz servers X session what is going to resolve for xyz.com? Correct, 127.0.0.1 and if the system is configured correctly to listen on that address you will connect. Now lets say that the host file has the following; 127.0.0.1 xyz You are still logged into the server with your x session going. Now in your browser you type xyz. What address do you get and why? If you type xyz.com into the same browser what address do you get and why? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts - hostname alias for 127.0.0.1
On Monday 07 March 2011 15:22, the following was written: Keith Keller wrote: On Mon, Mar 07, 2011 at 10:34:24AM -0600, Sean Carolan wrote: Can anyone point out reasons why it might be a bad idea to put this sort of line in your /etc/hosts file, eg, pointing the FQDN at the loopback address? 127.0.0.1hostname.domain.com hostname localhost localhost.localdomain You can do this if you want. The host file is only used by the machine it is on. As to bad Idea it would depend on what you are trying to do and if the process you are trying to reach locally is listening on that ip address. I have only the short name configured on 127.0.0.1 Would the application work with a hosts entry like this? If the process what configured to listen on that interface, yes. 127.0.0.1hostname.dummy localhost localhost.localdomain (Make sure you pick .dummy so as not to interfere with any other DNS.) Why do you need the '.dummy'? short name should work fine. In theory you could leave off .dummy, but then you risk hostname being completed with the search domain in resolv.conf, which creates the problems already mentioned with putting hostname.domain.com in /etc/hosts. (I have not tested this at all!) Resolv.conf is not used for the hosts file, it is used for DNS. I have my short name configured to the lo interface and the FQDN to the real ip address. If I ping the short name I get this: etc $ ping -c 3 bms PING bms (127.0.0.1) 56(84) bytes of data. 64 bytes from bms (127.0.0.1): icmp_seq=1 ttl=64 time=0.038 ms 64 bytes from bms (127.0.0.1): icmp_seq=2 ttl=64 time=0.038 ms 64 bytes from bms (127.0.0.1): icmp_seq=3 ttl=64 time=0.037 ms If I ping the FQDN I get this: etc $ ping -c 3 bms.domain.com PING bms.domain.com (x.x.x.x) 56(84) bytes of data. 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=2 ttl=64 time=0.038 ms 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=3 ttl=64 time=0.093 ms And giving it 127.0.0.1 would tell it others to ignore it, I think. Where did your user come up with this idea - clearly, they have *no* clue what they're doing, and need at least a brown bag lunch about TCP/IP, and they should not be allowed to dictate this. Their idea is a bug, and needs to be fixed. How do you figure this? The hosts file is ONLY used locally. If someone is looking you up they are using DNS if they don't have you configured in their hosts file. Their idea might be flaws but it is not bugs. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 16:43, Carlos S wrote: Thanks for the help. You are welcome. Robert, you pointed out the mistakes correctly. Not sure why I used iptables-save command at first place... Most likely because in ever other distro and web page that is the way to do it. It's just RH that it is different. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 13:36, Carlos S wrote: I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 Shouldn't that be '--to-ports'? http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET # iptables-save service iptables save That should save the rules. However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help? Same place, /etc/sysconfig/iptables. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
On Monday 31 January 2011 07:46, Jobst Schmalenbach wrote: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me invalid request. From the man pages: DNAT --to-destination ipaddr[-ipaddr][:port-port] You could combined these two rules into one with Multiport. Check the MAN pages. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to disable screen locking system-wide?
On Thursday 20 January 2011 09:14, Ross Walker wrote: On Jan 19, 2011, at 2:44 PM, Bob Eastbrook baconeater...@gmail.com wrote: By default, CentOS v5 requires a user's password when the system wakes up from the screensaver. This can be disabled by each user, but how can I disable this system-wide? Many of my users forget to do this, which results in workstations being locked up. Let's try this again... KDE has a multi-user x login feature that allows another user to start a new session keeping the existing session active. And if that doesn't work you could always; Press CTRL+ALT+F2-6 Logon Start a new X session with 'statrx -- :1' -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] input/output error while copy
On Friday 14 January 2011 04:01, Ritika Garg wrote: When I give the command cp file1 file2 then the error comes: cp: cannot create regular file `file2': Input/output error This occurs sometimes and it occurs when I am giving the command inside a external hard disk which is mounted by ntfs-3g manually. Why does this error come? I believe it is self explanatory. Looks like you don't have write permissions on the drive. Check your permissions. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5.6 is out
On Friday 14 January 2011 05:45, Mister IT Guru wrote: On 13/01/2011 21:45, Daniel Heitmann wrote: On 13.01.2011, at 22:34, Ray Van Dolson wrote: You should probably give RH a call with your questions, or try this mailing list: Or wait a few more weeks for CentOS 6, if it's a money-issue. I assumed that this would be the case! Made me realise how much faith I have in the CentOS volunteers. Every time I've heard of a RHEL release, I brace myself and think WooHoo - CentOS in three months! Is this how other CentOS users feel when they hear a RHEL announcement? NO! This is a volunteer effort. You cannot expect them to have the newest release out days after it is announced. There is work that needs to be done before they can release the OS as CentOS. They do what they can when they can. After all it s free so why complain? You could always learn how to help them get the newest release out there if time is such an important issue. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to recreate eth0 - Realtek 8169sc
On Sunday 09 January 2011 13:33, Rudi Ahlers wrote: Our intranet's WAN interface just stopped working yesterday, and I can't figure it out. Look in /etc/sysconfig/network-scripts. There you should see ifcfg-eth# If ifcfg-eth0 isn't there copy ifcfg-eth1 to ifccfg-eth0 and then configure ifcfg-eth0 to the information needed for your WAN link. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] # chkconfig: kill at run level 3
On Friday 03 December 2010 19:30, Michael D. Berger wrote: In the control script of my daemon in /etc/init.d?, I have # chkconfig: 35 97 3 The result of this is that I have links: /etc/rc.d/rc1.d/K03... /etc/rc.d/rc3.d/S97... /etc/rc.d/rc5.d/S97... As mentioned in a previous thread, my complex daemon throws an exception when I shutdown. Perhaps things might be better if I had: /etc/rc.d/rc3.d/K03... Might this be a good idea? If so, how can I make it happen automatically? Check /etc/rc.d/rc6.d and insure that you have K??yourscriptname in there. It looks like your script demon was setup to be run but was never properly setup to be shut down. When shutting down the system the system is switched to run level 6. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Converting to Raid1
On Tuesday 30 November 2010 11:59, Matt wrote: Have a CentOS 4.x 32 bit server running on a single 500M SATA drive. What is easiest way to convert too RAID 1 on it? Anyone have a link? Would be open to hardware or software just do not want to reinstall the entire mess. http://tinyurl.com/3659gcx You are aware that you are going to need 2 partitions of equal size for the mirror? -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos and Bridging
On Friday 26 November 2010 21:47, Scott Robbins wrote: http://wiki.centos.org/HowTos/KVM It has couple of points the OP may need to know. One is that NetworkManager needs to be disabled. The other is how to handle iptables (OP disable it while troubleshooting). Ah, aikawarazu, good point. Not using NetworkManager--to be honest, I find it causes more problems than it solves, I was't aware of that. Nor do I. I prefer to configure my system for the CLI. (The wiki article does mention additions to iptables.) Nice. Will have to take a look at this one too. Oh, thnx for your input. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos and Bridging
Hello, Presently I am running CentOS release 5.5 (Final). I am looking to setup bridging as I would like to setup some KVM virtual hosts on my system as a test lab. I am following the the instruction at this site http://tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html but I cannot figure out where I am going wrong and would be thankful if someone could point me in the right direction. Here is what I have done: Check bridge information with the following: ~ $ modprobe -v bridge No issues or errors ~ $ cat /proc/modules | grep bridge bidge 91889 0 - Live 0x89247000 Check to ensure forwarding is turned on: ~ $ cat /proc/sys/net/ipv4/ip_forward 1 Checked that my interface are up and running (Was sure of this but did the check anyway): ~ $ ifconfig eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1059 errors:0 dropped:0 overruns:0 frame:0 TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:454226 (443.5 KiB) TX bytes:120584 (117.7 KiB) Interrupt:90 Base address:0x8400 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:92 errors:0 dropped:0 overruns:0 frame:0 TX packets:92 errors:0 dropped:0 overruns:0 carrier:0[Thu Nov 25 So now I begin to create the bridge form CLI as I want to make sure everything works before committing it to the config: brctl addbr br0 ifconfig eth0 down ifconfig br0 192.168.1.100 up ifconfig eth0 0.0.0.0 up route add default gw 192.168.1.254 I check my interfaces and routing: ~ $ ifconfig br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:398 (398.0 b) eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64662 errors:0 dropped:0 overruns:0 frame:0 TX packets:63301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17699194 (16.8 MiB) TX bytes:7958063 (7.5 MiB) Interrupt:90 Base address:0x8400 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:211 errors:0 dropped:0 overruns:0 frame:0 TX packets:211 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17346 (16.9 KiB) TX bytes:17346 (16.9 KiB) ~ $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 br0 0.0.0.0 192.168.1.254 0.0.0.0 UG0 00 br0 Time to test if ping works: ~ $ ping -c3 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted --- 192.168.1.254 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms I know the firewall is causing this issue so I stop the firewall: ~ $ service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: nat filter[ OK ] Unloading iptables modules:[ OK ] Time to try ping again: ~ $ ping -c3 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. From 192.168.1.100 icmp_seq=1 Destination Host Unreachable From 192.168.1.100 icmp_seq=2 Destination Host Unreachable From 192.168.1.100 icmp_seq=3 Destination Host Unreachable --- 192.168.1.254 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms To back out all I needed to do was: ifconfig br0 down brctl delbr br0 service iptables start service netowrk restart Everything is back to normal. I cannot figure out what am I missing here? Interfaces and routing look to be setup correctly. Is there something else I need to be looking at? -- Regards Robert Linux The adventure of a life time. Linux User
Re: [CentOS] Centos and Bridging
On Friday 26 November 2010 12:22, Eduardo Grosclaude wrote: Presently I am running CentOS release 5.5 (Final). I am looking to setup bridging as I would like to setup some KVM virtual hosts on my system as a Time to test if ping works: ~ $ ping -c3 192.168.1.254 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted Did you remember to brctl addif the regular interfaces? Nope, that is what I had forgotten. Thnx -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos and Bridging
On Friday 26 November 2010 12:27, Akemi Yagi wrote: I recommend you look at the documentaion available from docs.redhat.com. For setting up bridged networking, see: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Vi rtualization/index.html#sect-Virtualization-Network_Configuration-Bridged_ne tworking_with_libvirt Thank you kindly for the link. I have some reading a head of me. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos and Bridging
On Friday 26 November 2010 12:28, Robert Heller wrote: works before committing it to the config: brctl addbr br0 ifconfig eth0 down ifconfig br0 192.168.1.100 up ifconfig eth0 0.0.0.0 up brctl addif br0 eth0 You need to add the physical interface(s) to the bridge interface. Yes, thank you for this information. This is the set I had missed. You can set this up to go automagically like this: sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-eth0 # nVidia Corporation MCP77 Ethernet DEVICE=eth0 BOOTPROTO=static HWADDR=00:19:66:D6:ED:93 ONBOOT=yes BRIDGE=br0 sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 TYPE=Bridge BOOTPROTO=static BROADCAST=192.168.250.255 IPADDR=192.168.250.1 NETMASK=255.255.255.0 NETWORK=192.168.250.0 ONBOOT=yes Thnx again for this information. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS update system-config-network GUI
On Thursday 18 November 2010 12:25, John Hodrien wrote: DHCP will always over write the resolv.conf file when started. Importantly, no. PEERDNS=no is designed for exactly this purpose. Thnx for the information and setting me straight. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS update system-config-network GUI
On Thursday 18 November 2010 07:09, Lanny Marcus wrote: Box is fully updated CentOS 5.5 (32 bit). DHCP is from the ADSL modem 192.168.1.1. After I update the DNS settings and restart the network, the DNS changes do not hold. I have tried using this GUI, as a regular user, after giving the root password, and, also, logged in as the root user. DHCP will always over write the resolv.conf file when started. When I begin, the Primary DNS is shown as 192.168.1.1 the IP of the ADSL modem. I move that IP to the Tertiary DNS and insert the Primary and Secondary DNS IP's I want to use. Then, I save the file, quit, and restart the network (service network restart). I see messages that the file has been saved and suggesting that I restart the network or the box. You don't have to restart the network once you have edited resolv.conf file. This file is probed every time you use DNS so once you have changed and saved it your changes will take effect. The DNS I want to use is that of OpenDNS.com and I saw it work, briefly.Then,it stops working and when I launch the system-config-network GUI again, I see it has reverted to the original configuration, with only the Primary DNS of 192.168.1.1 (the ADSL modem) shown. That is because of what I first posted, DHCP overwrites the resolv.conf file. Questions: The DNS Search Path is blank. Is there something I should insert there? Not sure I do not use GUI programs to configure my system. If it appears that I am using the system-config-network GUI properly, what configuration file can I modify, to make these DNS changes hold permanently? As long as you are using DHCP you are going to have this issue. What I can suggest is the following in preferred order; 1. Edit the DHCP server to give out the DNS Server you want to use. 2. Buy a Cisco/Linksys Router/Switch and place that between the ADSL and your machine and set it up to give out the DNS servers you want to use. 3. Create a file myresolv.conf with the setup the way you want and then at the end of rclocal put in a line to copy myresolv.conf to resolv.conf. I am sure there are other ways of doing this but if this is a laptop then you really don't want to make any changes to anything but the DHCP Server as when you move from location to location you could prevent your laptop from functioning properly. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] XEN and RAID
Hello, I am looking for good website with information on the above 2 items listed in the subject. I have place some with RAID and believe I am picking that up but XEN is another story. I have some free time coming and would really like to learn both and build my present machine into a VM with many hosts installed for testing/learning. Any and all information/links you could forward onto me would be greatly appreciated. Thnx -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables
On Thursday 16 September 2010 16:03, alexus wrote: I'm trying to do some simple tcp port forwarding The first thing you need to do is drop the RH-firewall BS and create a new firewall rule set setup for your needs. If you don't know how to setup a firewall then I would suggest you get one of those GUI programs that can do this for you. [r...@wcmisdlin02 ~]# curl --verbose http://10.52.208.221:80 * About to connect() to 10.52.208.221 port 80 * Trying 10.52.208.221... Connection refused * couldn't connect to host * Closing connection #0 curl: (7) couldn't connect to host [r...@wcmisdlin02 ~]# Looks like this host doesn't accept port 80 connections. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: Re: iptables]
On Monday 17 May 2010 09:58, Len Kuykendall wrote: Date: Thu, 29 Apr 2010 00:13:43 +0200 From: gavro...@gavroche.pl To: centos@centos.org Subject: Re: [CentOS] [Fwd: Re: iptables] On Fri, Apr 23, 2010 at 06:08:45PM -0400, Robert Spangler wrote: On Friday 23 April 2010 15:20, cahit Eyigünlü wrote: how or why i have redesigned it to this and it seems like worked : See big problems in your future. :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] Anyone with a little bit of security awareness would never set the default policy to ACCEPT and the reason is below. You would think RH would know better. -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT With this rule above you just opened up you complete system to what ever it is connected to. That is why it is working. I am hoping this box doesn't have Internet access. -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT /etc/sysconfig/iptables 40L, 1617C Even if you didn't have the line with '-i eth0 -j ACCEPT' you system was still open to everyone because at this point if none of the rules apply and the firewall falls back to the policy setting to decide what to do with a packet. Since all your policies are set to ACCEPT the packet is accepted and the hacker is in. For this reason one would think RH would do a little more and set the default policies to DROP. It is so easy to miss the reject or drop statements at the end and the policy would catch them for you. I know some will argue that RH did what they needed to do, but they could go that extra step don't you think. Absolutely agree with you. It would save us from threads like that because people would need to read about iptables and stop to ask silly questions. -- Dominik Zyla Setting the default policy to DROP is not always the best approach, especially if you do remote administration. What happens when you are connected remotely and execute: # iptables -F You are either jumping in the car to drive to the server or on the phone trying to reach someone local to assist because the default DROP policy just killed your session. Why would you ever do a '-F' remotely? Change the rules and something is not working then you should just restart/reload the firewall. Everything that worked before the change will still be working again and the rules that wasn't working will be removed. In my opinion a better option for creating a default DROP policy is to add the following rule (INPUT chain in this example) as the last entry in a chain: -A INPUT -j DROP Now you have a chain that performs like one with a default DROP policy but does not kill your remote session if all rules are flushed. As I state above opinions very but forget that rule or comment it out by mistake and your system is left wide open to everyone because your default rules is set to 'ACCEPT' everything. To each his own. I set the default policy to DROP and I also place the DROP rule at the end of all my chains. The policy is my safety net in case I would happen to remove the DROP rule at the end of a chain by mistake. When working remotely you have to be extra careful because should you lock yourself out it could be a long night. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setup firewall with 3 nic cards
On Saturday 08 May 2010 14:46, Jerry Geis wrote: How does someone debug iptables? Seems like the local eth0 is working , eth2 is working but connections on eth1 dont seem to go anywhere. How can I tell what is happening for eth1 and iptables? Maybe its your routing? Post both the firewall rules and your routing table. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [Fwd: Re: iptables]
On Friday 23 April 2010 15:20, cahit Eyigünlü wrote: how or why i have redesigned it to this and it seems like worked : See big problems in your future. :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] Anyone with a little bit of security awareness would never set the default policy to ACCEPT and the reason is below. You would think RH would know better. -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT With this rule above you just opened up you complete system to what ever it is connected to. That is why it is working. I am hoping this box doesn't have Internet access. -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT /etc/sysconfig/iptables 40L, 1617C Even if you didn't have the line with '-i eth0 -j ACCEPT' you system was still open to everyone because at this point if none of the rules apply and the firewall falls back to the policy setting to decide what to do with a packet. Since all your policies are set to ACCEPT the packet is accepted and the hacker is in. For this reason one would think RH would do a little more and set the default policies to DROP. It is so easy to miss the reject or drop statements at the end and the policy would catch them for you. I know some will argue that RH did what they needed to do, but they could go that extra step don't you think. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables rules
On Monday 29 March 2010 16:48, m.r...@5-cent.us wrote: I've got a server with several ip's on eth0. I want to block all traffic *except* to port 80 on them, but not on any other IPs, so that eth0 is www.xxx.yyy.zzz eth0:1 is www.xxx.yyy.ggg eth0:2 is www.xxx.yyy.hhh I've tried -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.ggg --dport ! 80 -j DROP -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.hhh --dport ! 80 -j DROP The problem is your firewall is no firewall. It blocks nothing and allows everything. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [769:48207] :RH-Firewall-1-INPUT - [0:0] By setting all the default policies to ACCEPT you are blocking nothing. -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -d www.xxx.yyy.ggg -p tcp -m tcp ! --dport 80 -j DROP -A RH-Firewall-1-INPUT -d www.xxx.yyy.hhh -p tcp -m tcp ! --dport 80 -j DROP -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT ... and I notice it puts the ! in front of the --dport, but has no complaints. However, I can telnet to www.xxx.yyy.hhh 443. What's wrong with the rules? See above. Try these rules I'm sure you will get better results. And yes, I dropped the stupid RH-Firewall-1-INPUT BS that RH puts in there. Lets make a stateful firewall while we are at it also. #Set policies to drop iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #Setup OUTPUT Rules to allow everything outbound iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I OUTPUT -m state --state NEW -j ACCEPT iptables -I OUTPUT -j DROP # Setup INPUT Rules to only all what we want iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -I INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT iptables -I INPUT -j DROP Sure you can combined the output rules into one but I like it this way in case I need to block something from exiting the system. You can use this tutorial to better define your rules, for example the icmp rule you have above you can fine tune this to only allow what is needed. Just remember that the rules are read from top to bottom and the first matching rules is used. http://www.zoominternet.net/~lazydog/iptables-tutorial.html -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID 5 setup?
On Saturday 27 March 2010 05:07, John R Pierce wrote: for all practical purposes its the same thing. if it was really stripe then mirror, a naive mirror handler would think it would have to remirror both drives when one half of one of the stripesets failed and was replaced. but in fact, the mirror handlres tend to be well aware of whats going on. mirror 0+1 aand stripe that with mirrored 2+3, and its really all the samethe native raid10 in newer mdraid is cleaner because you don't end up with extra partial volume metadevices... Thank you kindly for your reply. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID 5 setup?
On Saturday 27 March 2010 09:22, Ross Walker wrote: for all practical purposes its the same thing. if it was really stripe then mirror, a naive mirror handler would think it would have to remirror both drives when one half of one of the stripesets failed and was replaced. but in fact, the mirror handlres tend to be well aware of whats going on. mirror 0+1 aand stripe that with mirrored 2+3, and its really all the samethe native raid10 in newer mdraid is cleaner because you don't end up with extra partial volume metadevices... RAID0+1 is never a good configuration because a single drive failure in a RAID0 stripe fails out the whole stripe, and with say an 4x2 RAID0+1, you are more likely to hit a disk failure with 4 drives in a RAID0 then 2 in a RAID1. That's why RAID1+0 came about. Thnx for clearing this up. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID 5 setup?
On Thursday 25 March 2010 18:10, Robert Heller wrote: The prefered way to go would be RAID10 (RAID1 (mirror) + RAID0 (stripe)). Form pairs as RAID1, then strip the pairs. With 8 disks, this would 4 pairs, 1.5TB/pair = 1.5*4 = 6TB total. I am just starting to look into this RAID and I was wondering wouldn't RAID01 be better then RAID10? In a 4 disc system having the first two using stripping and then backing them up the second set with mirrors? My though is having D1 and D2 as the primary drives stripping and then having D3 backup D1 and D4 backup D2. And if enough room place a couple more drives in the system as hot standby's. Or am I looking at this all wrong? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multiple FreeNX servers and SSH ports
On Sunday 21 March 2010 10:54, Niki Kovacs wrote: Recently I played around with FreeNX on my own desktop, and I'd like to install it on these two computers. On my PC, I just redirected port 22 in the router, so SSH (and thus FreeNX) requests from the outside get redirected to my desktop PC. (And yes, I have a strong password :oD) There was a lot of information given to you about this, but one piece I didn't see. If you are using SSH then why not switch from password authentication to Key authentication? Thus should someone figure out what port you are using, and today it isn't that hard with the many tools out there, they still will not be able to connect. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel Errors
On Monday 08 March 2010 20:08, Robert Spangler wrote: Hello, I was wondering if anyone could point me in the right direction? I am receiving these in my log file and do not know what they mean or what to look for; Mar 8 04:03:56 bms kernel: ata3.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 I would like to thank all who replied. I was able to correct this issue following the steps in this web site: http://smartmontools.sourceforge.net/badblockhowto.html Seems the bad block was used by /var/account/pacct.1 and after fixing this the problem went away. So again thanks to everyone. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel Errors
Hello, I was wondering if anyone could point me in the right direction? I am receiving these in my log file and do not know what they mean or what to look for; Mar 8 04:03:56 bms kernel: ata3.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 Mar 8 04:03:56 bms kernel: ata3.00: cmd 25/00:28:42:d3:37/00:00:13:00:00/e0 tag 0 cdb 0x0 data 20480 in Mar 8 04:03:56 bms kernel: res 51/40:22:64:d3:37/40:00:13:00:00/e0 Emask 0x9 (media error) Mar 8 04:03:56 bms kernel: ata3.00: configured for UDMA/133 Mar 8 04:03:56 bms kernel: SCSI error : 2 0 0 0 return code = 0x802 Mar 8 04:03:56 bms kernel: Info fld=0x400 (nonstd), Invalid sda: sense = 72 11 Mar 8 04:03:56 bms kernel: end_request: I/O error, dev sda, sector 322425666 Mar 8 04:03:56 bms kernel: ata3: EH complete These are only happening during my daily cron jobs. Here is the dir for cron.daily cron.daily $ lsl total 164 drwxr-xr-x2 root root 4096 Jan 2 01:59 ./ drwxr-xr-x 108 root root 12288 Mar 8 06:03 ../ lrwxrwxrwx1 root root28 Oct 19 2008 00-logwatch - ../log.d/scripts/logwatch.pl* -rwxr-xr-x1 root root 418 Nov 17 2007 00-makewhatis.cron* -rwxr-xr-x1 root root 135 Feb 21 2005 00webalizer* -rwxr-xr-x1 root root 276 Feb 21 2005 0anacron* -rwxr-xr-x1 root root 125 Jan 2 01:59 apcstatus* -rwxr-xr-x1 root root 123 Jan 2 01:56 apcstatus~* -rwxr-xr-x1 root root 1042 Jan 29 2008 certwatch* -rwxr-xr-x1 root root94 May 2 2009 chkrootkit* -rwxr-xr-x1 root root74 May 6 2009 connections* -rwxr-xr-x1 root root 180 Jul 25 2008 logrotate* -rwxr-xr-x1 root root 2133 Dec 1 2004 prelink* -rwxr-xr-x1 root root 104 Jun 1 2009 rpm* -rwxr-xr-x1 root root 121 Nov 16 2007 slocate.cron* -rwxr-xr-x1 root root 286 Jun 1 2009 tmpwatch* -rwxr-xr-x1 root root74 Feb 29 2008 yum.check* -rw-rw-rw-1 root root 179 Sep 1 2009 yum.cron -rw-rw-rw-1 root root 192 Sep 1 2009 yum.cron.org -rwxr-xr-x1 root root 164 Sep 3 2009 zulu* I'm at a lose for what could be causing this. Thank you very much for your help. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS and Bash History
Hi, I was wondering if bash or inputrc has changed form CentOS v4 to CentOS v5? Reason I ask is at the bash cli I can type, for example 'su' and then with the up and down arrows I can scroll through my history and will only see the commands that begin with 'su'. In CentOS 5 this isn't the case. I have added some code to my inputrc file to make this work in CentOS 4 as follows: # Search History for previous used commands \M-[A:history-search-backward \M-[B:history-search-forward \M-[C:forward-char \M-[D:backward-char And this works well in CentOS 4 but I cannot get it to work in CentOS 5. Anyone know why or what I have to change? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS and Bash History
On Friday 19 February 2010 12:42, Les Mikesell wrote: On 2/19/2010 11:30 AM, Robert Spangler wrote: Hi, I was wondering if bash or inputrc has changed form CentOS v4 to CentOS v5? Reason I ask is at the bash cli I can type, for example 'su' and then with the up and down arrows I can scroll through my history and will only see the commands that begin with 'su'. In CentOS 5 this isn't the case. I have added some code to my inputrc file to make this work in CentOS 4 as follows: # Search History for previous used commands \M-[A:history-search-backward \M-[B:history-search-forward \M-[C:forward-char \M-[D:backward-char And this works well in CentOS 4 but I cannot get it to work in CentOS 5. Anyone know why or what I have to change? I usually just hit ctl-R for the reverse-i-search function. It's a little annoying for people who don't use emacs, but it works. Yeah, the above is a lot simpler and faster. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pls help about changing network card but assign to another ethx
On Thursday 04 February 2010 14:21, adrian kok wrote: Hi I change eth1 from realtek to dlink but the centos is showing eth2 instead of eth1 Edit your ifcfg-eth1 and add the MAC Address of the card. I would do this for every interface. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS issue.. help ?!
On Monday 25 January 2010 09:35, Roland Roland wrote: it's all working fine, right now i want to change the main public dns from one IP to another to do some testing (the new public dns ip has records which the old one doesnt have and it's done as such for testing) so i got into /etc/resolv.conf and changed the first nameserver to the NEW public DNS. /etc/init.d/network restart /etc/init.d/named restart when i issue an nslookup example.com ON the dns server, i get the exact IP i want to do testing on. but when i do nslookup example.com on the clients machine. the website resolves to another IP ( the one set in the initial public dns records) Hmmm, sounds like you change the resolv.conf on the DNS server and not the clients machine. In this case every thing worked as it is supposed to. If you are just testing then might I suggest you do it like this. On the clients machine type in the following: nslookup host your want to lookup IP address of test dns server or if DIG is installed; dig @IP address of test dns server host your want to lookup This will cause nslookup and/or DIG to use the DNS server you want to test. is there any other changes i need to do for the DNS server redirects its requests to the new public dns ? resolv.conf does not direct and queries that come in to the DNS server. It is for the servers use only. Lookups and serving a zone at two totally different processes. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] routing multiple network cards on a single subnet
On Wednesday 20 January 2010 13:57, Frank Cox wrote: On Wed, 2010-01-20 at 09:50 -0800, R-Elists wrote: ummm, why do the two different networks need an IP on the same subnet ? I have had a number of people ask me why I want this arrangement, where I have two modems on a single outbound subnet. This is (going to be) a server with limited upload bandwidth. By having two outbound connections, I can use a round robin dns entry to share the load between the two connections and increase my capacity. Please be aware that DNS was not designed to do what you are doing. Yes it will do a round-robin but is not connection aware. Lose a link and you lose half of the connections even though one link is still active. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
On Friday 08 January 2010 15:32, James B. Byrne wrote: :BRUTE_FORCE - [0:0] . . . -A BRUTE_FORCE -p tcp -m tcp -m state -m recent --set -i eth0 --dport 22 --state NEW -A BRUTE_FORCE -m comment -j RETURN --comment Return to calling chain COMMIT Check out this TUTORIAL http://www.zoominternet.net/~lazydog/iptables-tutorial.html#RECENTMATCH -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos UPS
Hello, I received for X-mas an APC UPS system form my computer. I'm looking for how I can integrate it into the system so that the system will shut down either after the UPS power is low enough or a timed event after the power is out will automatically shutdown. Would also like it to be smart enough to stop the shut down process if power is restored before the shutdown starts. Anyone have any recommendation for this setup? Thanks. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
On Friday 18 December 2009 16:05, Peter Serwe wrote: I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. IPTALES is the same; iptables -A [INPUT/FORWARD] -d ip address -j [REJECT/DROP] The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. I beg to differ here. IPTABLES is not that hard when you understand it. Like anything else, once you know what you are doing it isn't that hard. And no, I have never used any GUI program to configure my firewalls. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. This is all subjective to the user. I would say that PF is a nightmare and IPTABLES is easier to use. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Again this is all subjective to the user. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] port forwarding using iptables
On Wednesday 25 November 2009 13:57, Boris Epstein wrote: Happy Thanksgiving! Same to you too. Does anybody know if there is a convenient utility to configure iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? And if not, where and how does one put the requisite commands? I do all my iptables configuring from the command line. iptables config is store in /etc/sysconfig/iptables. This Tutorial for iptables should be able to help you. http://www.zoominternet.net/~lazydog/iptables-tutorial.html Port forwarding is really not that hard. The big question is if the forwarding to another port is on the same box or will you be forwarding it onto another box? If it is staying local then you want to look at REDIRECT not forwarding. I.e., iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 If you are truly going to forward it onto another box then you need to look at DNAT. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How Can I change CentOS CLI Screen Resolution to smaller text (without GUI)?
On Sunday 08 November 2009 20:59, Sam Acosta wrote: I'd like to view the Screen resolution in smaller text on my server terminal. The server is not installed with any GUI so it's in plain text mode. Try adding 'vga=795' to the end of the kernel line in grub.conf file. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables -d fqdn instead of IP
On Thursday 29 October 2009 19:57, Ryan Lynch wrote: No offense, Robert, but I don't think yours is a very helpful statement. I think it is about time you get off my back! When someone asks about alternative web servers, do we just tell them Best bet is to stay with Apache? That's just an opaque personal prejudice, and it doesn't give the guy asking the question any new or helpful information. It was an opinion and yes there were other replies that told him what he needed to know. Don't assume I don't know anything. I can definitely think of cases where using FQDNs is a better choice, Please do explain. On second thought never mind because I am really not interested. and I have some examples from my own personal experience. So I don't believe that you can say there is a best method, for all situations. Yes I can. Host information can be spoofed. So can IP Addresses. Here is the point you are missing, if he is going to connect to your system then he is going to do it via IP address not using his FQDN and the network could care less about FQDN. Packets are not routed using FQDN they are routed via IP Address and Mac's. So while FQDN is an option it is not as reliable as the IP Address. So what are you going to do now a reverse lookup? How often do they match what you are looking for these days? Not often. You can always create a packet that says you are this or that but without the true IP address you'll never get a response which means you will never get connected. You might be ignorant of the applicable use cases, but that doesn't mean they don't exist. Ahh yes, you understand everyone problem and have the perfect solution. Please excuse me old wise one. What an @ss. Do not bother to respond on the list as you are just wasting everyones time. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Syslog do not work
On Friday 30 October 2009 16:34, tim_da...@cbca.com wrote: The syslog is not working Is it rumnning? check it with ps -ef | grep syslogd and also I installed Webmin, also it does not work, this is what the error is Info Internet Explorer cannot display the webpage icon How are you logging into webmin? url? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] combining iptables parameters
On Wednesday 28 October 2009 16:36, Marcus Moeller wrote: Dear Ryan. is there a way to combine iptables parameters like: iptables -A OUTPUT -p UDP -p TCP -d $IP1 -d $IP2 ? Each of those parameters is called a match, in IPTables-speak. You can specify multiple matches in one rule, but all matches are combined with an implicit logical AND. There is no way to get a logical OR amongst multiple matches in a single rule. If you want OR logic, you use multiple rules. So, your example could not work as single rule, because no single IP packet can be both TCP and UDP, and no single IP packet can have multiple destination IP addresses. IPTables tries to prevent you from creating nonsensical rules like that in most situations. You would have to specify the required match space across multiple rules, maybe something like this: iptables -A OUTPUT -p UDP -d $IP1-j DROP iptables -A OUTPUT -p TCP -d $IP1 -j DROP iptables -A OUTPUT -p UDP -d $IP2 -j DROP iptables -A OUTPUT -p TCP -d $IP2 -j DROP That's what I am doing atm. Thanks for the update. Even simpler; iptables -A OUTPUT -d $IP1 -j DROP iptables -A OUTPUT -d $IP2 -j DROP This will catch everything doesn't matter if its UDP or TCP or ICMP. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grub problems
On Wednesday 28 October 2009 15:47, m.r...@5-cent.us wrote: This is irritating: I've got a server I just upgraded to 5.4, then rebooted, only to discover that it just *sits* there at the grub boot menu. I looked at grub.conf, and uncommented hiddenmenu (which should have been done long ago). It *still* sits there when I reboot. Any clues, folks? mark grub.conf: #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-164.2.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-164.2.1.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-164.2.1.el5.img title CentOS (2.6.18-164.el5) root (hd0,0) kernel /vmlinuz-2.6.18-164.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-164.el5.img snip ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Looks OK. Can you boot this system at all? Have you tried to boot yhe old kernel, maybe there is an issue with the new one? If you cannot boot ayt all try a live CD and check the log files for a clue. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables -d fqdn instead of IP
On Wednesday 28 October 2009 16:44, Marcus Moeller wrote: does it work to define iptables rules with a fqdn as destination instead of an IP address? Or is it useful to resolve the name first using e.g. nslookup, writing the result to a variable which is then used within the -d statement? Best bet it to stay with the address. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudoers file
On Wednesday 28 October 2009 04:11, vijay shanker wrote: This file MUST be edited with the 'visudo' command as root. NO, it MUST not be edited with 'visudo'. YES, you should use 'visudo'. You can edit sudoer with vi or vim and save the changes too. Just read what it tells you you need to do in order to save it. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Monday 19 October 2009 17:18, Bowie Bailey wrote: The logs on my mail server are filling up with this kind of thing: Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 The source port is always 25 and the destination is a high-numbered port. The destination address is the private IP of the server. These seem to be related to outgoing email connections based on the source IPs, but I don't know why they are not part of an established connection. The mail server seems to be running just fine regardless of these blocked connections. Any ideas? Are you running a mixed firewall rule set? Stateful and Connection or just one or the other? Since you state a private address, I'm going to assume you mean something in the 192.168 or similar space, is NATting an issue? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rythmbox and MP3
On Sunday 11 October 2009 01:22, Lucian @ lastdot.org wrote: Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Usually rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1. el5.rf.i386.rpm does the job for me. Thank you for the reply. I have 4.8 installed and it seems that rpmforge doesn't have the rpm's for my distro No Match for argument: gstreamer-plugins-bad No Match for argument: gstreamer-plugins-ugly -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rythmbox and MP3
On Sunday 11 October 2009 05:35, lostson wrote: Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Personally I use rpmfusion repo which you can fine here http://rpmfusion.org/ After you enable the repos for your system then as root run yum install gstreamer-plugins-bad gstreamer-plugins-ugly This will get you the codecs you need to play mp3's This repo doesn't have anything for my Distro 4.8. Thanks for the reply. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rythmbox and MP3
Hello, Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Thnx -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
On Thursday 01 October 2009 16:56, ML wrote: I have a home business circuit and I am gearing up to host my business affairs in my place. I have Comcast and 13 static IP's. I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. If you can, I would place a 3rd NIC into this device and use it for a DMZ and place all servers into that space keeping the internet facing server away from everything else. A lot easier to control thing. I have a box here with 4 NICs working nicely. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auto update
On Tuesday 25 August 2009 14:35, Ron Blizzard wrote: On Tue, Aug 25, 2009 at 6:37 AM, Johnny Hughesjoh...@centos.org wrote: If so, in CentOS 5.3 that package is called pirut and the individual file that runs is called puplet. It seems that puplet is not working correctly after the upgrade to 5.3, according to this bug: http://bugs.centos.org/view.php?id=3565 I get the same thing when running puplet from the commandline on my machine. We are looking at this issue now. I thought I was the only one who had the problem. My solution was to run 'yum update' every day (or every other day). I figured I had accidentally turned the service off when I was shutting down some of the other services. You can set this up to auto run with chkconfig service. chkconfig --level 35 yum on (to turn it on at boot) service yum start (to start the service) -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 23:31, Hugh E Cruickshank wrote: If you are worried about valid config then you should be using the tools that come with Bind instead of relying on some third party software. named-checkconf for checking the configuration of Bind named-checkzone for checking the zone file. There are man pages for both that explain how to use them. I will check those out but what about the ease of use factor. Would you suggest something like webmin over had tailoring the config files? 'Ease of use' is subjective. I find them very easy to use and the man pages should be able to direct you. As to would I suggest a program, I prefer to do things by hand when it comes to DNS. The reason for this is so that I understand the internal workings and how things are setup. I am able to log into a server and look at the config files and understand how this server is working. Should the front end program be programmed with an unforeseen bug, I am still able to fix what the program has broken and keep my services up and running until the bug is fixed. I am the DNS support person for my companies global DNS infrastructure. The company I work for uses Men Mice as it's front end and I am thankful for this. The amount of DNS changes done daily is staggering and this tool helps a lot. I do not have experience with other DNS front ends. If I were supporting a small DNS setup (a hand full of domains that the records do not change often) I think I would prefer to do this by hand. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote: Here are my questions... 1. Is the BIND master/slave the appropriate approach? Yes, you should already have something like this in case the main/master server would fail. 2. Can I have each subnet be a master for itself and a slave for the other subnet? DNS is about domains not subnets. If each subnet was going to have it's own domain then the answer could be 'yes'. 3. Any pointers to applicable docs/examples? The ones that ship with the Bind package are good from what I understand. I have not looked at them so I cannot say one way or the other. If you are looking for a good book on the subject I would highly recommend O'Reilly's DNS and BIND 5th edition. 4. Can you recommend a front end for BIND (we have webmin installed but I have yet to start working with it)? How large is this domain and how many domains are there going to be? Is the DNS server going to be updated automatically or by hand? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 21:29, Hugh E Cruickshank wrote: From: Robert Spangler Sent: August 14, 2009 16:18 On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote: Here are my questions... 1. Is the BIND master/slave the appropriate approach? Yes, you should already have something like this in case the main/master server would fail. I did have two independent DNS servers. One on our primary development server and one on our old production server. We have replaced the old production server but have not pulled it from service yet. I am now in the process of ensuring that all functionality of the old server has been migrated to either the new production servers or some place else. My current efforts on revising our internal DNS service is part of this review process. I would suggest placing one on each site. That way you can cut the traffic between sites for DNS lookups. I would also ensure that only one does the updates per domain. 2. Can I have each subnet be a master for itself and a slave for the other subnet? DNS is about domains not subnets. If each subnet was going to have it's own domain then the answer could be 'yes'. My bad! In my own mind I have been treating the two locations as domains while they are in fact only subnets. It should not take too much effort to translate my thinking to fact. The reason I asked is you should not have a shared domain that can be updated by more then one master. You risk losing data or valid data being over written. 3. Any pointers to applicable docs/examples? The ones that ship with the Bind package are good from what I understand. I have not looked at them so I cannot say one way or the other. If you are looking for a good book on the subject I would highly recommend O'Reilly's DNS and BIND 5th edition. As soon as I saw your book recommendation there was the sound of a loud AARRR! followed closely by the some mutterings that sounded much like I have that book! Why did I not think of it in the first place! Now where frack did I put it?. Of course knowing me by the time I find it I will have forgotten why I was looking for it (and will be an old edition to boot). Been there and done that. I now have a book shelf where I keep all my books and manuals. 4. Can you recommend a front end for BIND (we have webmin installed but I have yet to start working with it)? How large is this domain and how many domains are there going to be? Is the DNS server going to be updated automatically or by hand? It is not large probably less than 50 devices in total. The only automatic updating that I can foresee would be from the DHCP server. the only reason I asked about this was that I was thinking that it might be easier to administer and ensure valid BIND config files. If you are worried about valid config then you should be using the tools that come with Bind instead of relying on some third party software. named-checkconf for checking the configuration of Bind named-checkzone for checking the zone file. There are man pages for both that explain how to use them. Thanks for your input. You are welcome. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Split dns issues
On Monday 03 August 2009 00:36, Les Mikesell wrote: Drew wrote: It's a bit of bad form to use NAT and private addresses at all because the internet really wasn't designed to be segmented, but everyone does it. Why is NAT bad form? I don't mean to imply it shouldn't be used - it is pretty much a necessary evil now, but it doesn't fit the original IP design very well. From my standpoint as an admin, private IP's NAT are another tool to help secure my network. You can't attack what you can't see and even a misconfigured router or firewall won't expose my network to prying eyes. There are small problems like often needing split DNS, not being able to offer public services easily, not being able to track the source addresses meaningfully in logs, etc., but the real killer comes when your large Say what? How do you figure this? Unless you are not NAT'ing correctly. When NAT'ing only the destination address is changes and on the outbound only the source address is changed. So if you are logging you should still see the ip addresses. organization merges with another using the same private address range and you need to connect the networks. This can be worked around and has on many occasions at the office. The bigger problem is when you are just partnering with another company using the same range. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network guru please help: baffled by missing file
On Friday 17 July 2009 08:14, Timothy Murphy wrote: The mirrorlist entry in my Fedora-11 /etc/yum.repos.d/fedora-update.repo reads: mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released - f$releaseverarch=$basearch As far as I can see, this means that yum is looking for the file metalink at mirrors.fedoraproject.org ? If I try sudo yum update I get: Why would you want to link to Fedora's Repo's? So you can have an unstalbe Centos box? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] More then one version of KDE
Hello, Is it possible to have more then one version of KDE installed and switch between them? I'd like to try out the new KDE but don't want to lose what I have now. Thnx -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] router NAT problem
On Thursday 11 June 2009 14:14, Mintairov Mikhail wrote: iptables -F iptables -F -t nat iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.127.0/24 -j SNAT --to-source [my internet ip] I know how some like to do the SNAT thing, but a simple rule will get this done also iptables -t nat -A POSTROUTE -o ppp0 -j MASQUERADE As to your problem look at your rules with the following and ensure that the SNAT rule is there iptables -L -v -n | less -SCi -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos firewall?
On Friday 24 April 2009 18:51, Jason Todd Slack-Moehrle wrote: How do I add 5900 to the centos firewall? How do I edit the conf file? I don't know your knowledge so Lets go through this step by step. Commands will be between []. Examples will be between ''. You are looking to see why port 5900 is blocked. Are you sure something is listening on this port? Check to see if port 5900 is listening with the following: [lsof -i] If that port is not listed or if the service is listening on another port you should see this now. If not then start the service and try to connect again. Still having issues connecting then we should check the firewall. First lets see if the firewall is up: [service iptables status] If the firewall is up this should give you a list of all the rules present. If the firewall is not running it will state firewall is not running. If the firewall is not running, vcn is running and you still cannot connect the problem is outside your control and you will have to talke with your service provider. Even if the firewall is running the service provider can still be blocking the port so after ensureing/configuring the below and you are still unable to connect you need to contact the service provider and question them. If the firewall is running you now have to figure out how it is being started. Some people use the default method (myself included) and some use scripts (which I believe is because they do not know how or understand how to configure the default setup). First let us check in what run level the system is started. [grep id: /etc/inittab] You should see something like 'id:3:initdefault:' This is run level 3 and all my startup scripts are going to start from '/etc/rc.d/rc3.d'. Look in this directory for anything that might be iptables or firewall related. As stated above some time a script other then the default is used to start the firewall. Do you see anything other then iptables? Scripts starting with a 'K' are not run and those with an 'S' are. We should also check rc.local to ensure there is nothing being started there that might over ride firewall if it is started in 'rc3.d'. If you have determined that the firewall is being started the default way and it is up and running then /etc/sysconfig/iptables is the file you have to look at and edit. If the firewall is being started using another method then you are going to have to look at that script to determine how to correct/update that script. You can edit the file with 'vim' or 'vi', depending on what is installed on your system, from the command line. Here is a link to a very good IPTABLES Tutorial. http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Don't forget to use torrents for your downloads!
On Wednesday 01 April 2009 21:26, William L. Maltby wrote: If your torrent has distributed hash table capability, I suggest that you also use that feature. Happy sharing! So what is everyone using for their torrent? What is the best? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP error message on /var/log/messages
On Sunday 15 March 2009 16:22, mcclnx mcc wrote: I just setup CENTOS 4.7 with latest patches on DELL server. I also configured NTP point to out time server. I found /var/log/messages file every 20 to 30 minutes will generate a error message : Mar 15 14:28:15 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 14:45:22 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 15:02:29 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Any one know whar wring it is? Any firewalls setup? Is port 123 open? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2Ban
On Saturday 28 February 2009 23:45, Devraj Mukherjee wrote: Hi all, I am trying to get fail2ban going on my server and its log message reports the following error 2009-02-16 17:42:05,339 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2009-02-16 17:42:05,354 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH Is this because of the way the RedHat tool sets up the firewall? Thanks for any responses. Redhart in their great wisdom decided to make themselve different. As a way of making it's customers dependant on them. This is simple to fix. Edit the rule set with your favoirate editor and do the following: Remove all the lines with -j RH-Firewall-1-INPUT. Replace all the lines with RH-Firewall-1-INPUT with INPUT The original looks something like this: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT The new should look something like this: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -p 50 -j ACCEPT -A INPUT -p 51 -j ACCEPT -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A INPUT -p udp -m udp --dport 631 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Fail2Ban should work now. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables: forwarding on internal device
On Friday 06 February 2009 15:57, Marcus Moeller wrote: Hi Again. Iptables -nL Show? Here is the complete output (there are a lot of other rules active on that machine): [snip] Your rule is not showing up. How did you set this rule up? If you added it to your firewall rules you need to restart the firewall. If you added it by hand then it must have spit out an error as it didn't take. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables: forwarding on internal device
On Saturday 07 February 2009 13:17, Marcus Moeller wrote: Iptables -nL Show? Here is the complete output (there are a lot of other rules active on that machine): [snip] Your rule is not showing up. How did you set this rule up? If you added it to your firewall rules you need to restart the firewall. If you added it by hand then it must have spit out an error as it didn't take. Doesn't it fit to just execute service iptables save? That depends. Are you using a script, other then the one provided by init.d, to start and setup your firewall then this is just going to save the running firewall to /etc/sysconf/iptables. This is the file that is read by the script in init.d. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables: forwarding on internal device
On Saturday 07 February 2009 14:22, Filipe Brandenburger wrote: I suggest you verify the output of iptables -nvL after you load the rule again, and verify the contents of /etc/sysconfig/iptables after you run service iptables save again. If there is indeed a problem, looking at those might give you a clue of where/when it is happening. Maybe even pastebin the script you are using to configure your rules. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ftp and iptables
On Tuesday 27 January 2009 21:45, Agile Aspect wrote: Robert Spangler wrote: Do you have a rule like this: -A OUTPUT --m state --state RELATED,ESTABLISHED -j ACCEPT No I don't. It doesn't work under CentOS 5.2. But it works on my laptop which is running Fedora 9. I don't understand why it doesn't work on your server unless you are not using STATEFUL inspection on your firewall. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ftp and iptables
On Thursday 22 January 2009 17:28, Agile Aspect wrote: Regarding item (2), I would guess I would have to add the following entries: Active: - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 20 --dport 4:6 -j ACCEPT All FTP connecting begin with port 21. Port 20 is a DATA connection. ip_conntrack_ftp will track connection needing the Data port open. Passive: -- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4:6 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 4:6 --dport 4:6 -j ACCEPT Do you have a rule like this: -A OUTPUT --m state --state RELATED,ESTABLISHED -j ACCEPT If not you should place this in your rules. This rule eleminates the need to continuesly add rules to allow out going connection for allowed incoming connection. If you do then you should not need the OUTPUT rules you listed above. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls network address traslation different in centos?
On Friday 02 January 2009 00:16, Kenneth Burgener wrote: On 1/1/2009 8:13 PM, Robert Spangler wrote: Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' --append and --table are legal syntax... # man iptables -t, --table table This option specifies the packet matching table which the command should operate on. If the... -A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination... Shorthand I find the best. Thnx for the clarification on this. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls network address traslation different in centos?
On Wednesday 31 December 2008 16:05, chloe K wrote: ls the network address traslation in centos5.2 different? Nope. I disable the default iptable rule and use the following commands but I can't connect http://public:8080 from outside to this host 192.168.0.10 port 80 eth1 is public address eth0 is private address 192.168.0.1 iptables -F -t nat iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to 192.168.0.10:80 Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' Try these; iptables -F -t nat iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # !!! Following line is wrapped !!! iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 192.168.0.10:80 iptables -A FORWARD -i eth0 -j ACCEPT You could and should tighten these rules up. You should look into Stateful packet inspection for your firewall. If you are looking to learn how to write your own rules use the following; http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
