Re: Sound

[Rick Sewill]

On Saturday, January 14, 2012 07:47:05 PM Patrick Dupre wrote:
> Hello,
> 
> After upgrade from fedora 14 to fedora 16 on a Inspiron 9400, I lost
> the sound!
> vlc run OK, but no sound!
> How can I check the hardware drivers?
> 
> Thank.

If you are now using pulse audio, and don't have pavucontrol installed, please 
install pavucontrol.  Please use pavucontrol to check if the volume is muted.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Desktop "stickiness" under Fedora-16/KDE

[Rick Sewill]

On Saturday, December 31, 2011 07:36:56 AM Timothy Murphy wrote:
> My desktop siezes up every hour or so;
> I can continue in the current desktop,
> but cannot change to another desktop
> or go to another application by clicking on an icon in the panel.
> 
> The problem cures itself in 20-30 seconds,
> so it is not life-threatening.
> 
> I killall-ed upowerd, but that didn't do the trick.
> There is nothing untoward in /var/log/messages.
> 
> The problem could be to do with Firefox or KDE or Fedora;
> I'm not sure which.
> 
> I've seen a few comments on this,
> but has anyone found a cure?

I'm still on Fedora 15, not sure when I will upgrade.
I run KDE, kontact/kmail, pidgin, alternate between Firefox and google-chrome.

My reason for not upgrading, so far, my desktop has only 1 G of ram.

Even on Fedora 15, if I try to run Firefox + kmail + all of the friends,
(the friends being Nepomuk, Akonadi, and what they call in), 
my system starts to swap.  

Depending what I'm doing in Firefox, Firefox and it's friend, 
the plugin-container, take lots of ram.

I will upgrade to Fedora 16 eventually, either when I can afford a new desktop,
or when I work up the courage to install on this desktop.

If possible, can you see the disk light on your desktop?
Is the disk light flashing when your desktop freezes up?

People may suggest reducing the memory footprint of Firefox.
I did a google search, found things to change in about:config,
disabled ram caching -- don't remember the change so do your own search,
disabled a number of Firefox plugins, all to control the memory footprint.

I actually created 2 scripts, use them at your own risk.
If my scripts are "bad" or "wrong", hopefully someone will tell us.

One script stops a number of services, including kontact (kmail).
The other script starts those services.
I always stop services before using Firefox or google-chrome.

rsewill@rsewill:~ <3:3> $ more bin/stopmemoryhogs 
#!/bin/bash

declare -i sleeptime=30

# qdbus im.pidgin.purple.PurpleService /im/pidgin/purple/PurpleObject 
PurpleCoreQuit

qdbus org.kde.kontact /MainApplication quit

# qdbus org.kde.kopete /MainApplication quit

sleep ${sleeptime}

declare printerapp=$(qdbus | grep printer-applet)
[ ! -z "${printerapp}" ] && qdbus ${printerapp} /MainApplication quit

akonadictl stop
# qdbus org.kde.kmix /MainApplication quit

sleep ${sleeptime}

qdbus org.kde.NepomukServer /nepomukserver quit

qdbus org.kde.korgac /MainApplication quit

rsewill@rsewill:~ <3:4> $ more bin/startmemoryhogs 
#!/bin/bash

declare -i sleeptime=30

nepomukserver &
# pidgin -f &

sleep ${sleeptime}

akonadictl start
# kopete&
# kmix&

sleep ${sleeptime}

kontact&

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: more than one bridge

[Rick Sewill]

On Tuesday, December 27, 2011 06:59:53 AM Hiisi wrote:
> On 27 December 2011 15:49, Sam Varshavchik  wrote:
> > Hiisi writes:
> >> Hi, list!
> >> Is there a way to set up more than one bridged interface having one
> >> physical device? I'm setting up virtual machines and want them to
> >> share the same network with host computer. For one guest machine I
> >> simply created a bridged interface adding line 'BRIDGE=br0' to
> >> /etc/sysconfig/network-scripts/ifcfg-p21p1 (host computer network
> >> interface), then created /etc/sysconfig/network-scripts/ifcfg-br0 with
> >> nececarry configuration. How to create second interface for second
> >> guest machine and so on?
> > 
> > Add the second machine to the same bridge.
> 
> Hi, Sam!
> Thanks, I've already did it. But theoretically, is it possible to
> create more than one bridge on one interface?

Have you looked into using VLANs?

From http://en.wikipedia.org/wiki/Virtual_network, a few paragraphs down,
"VLANs (Virtual LANs) are logical LAN's (Local Area Networks), based on 
physical LAN's. A VLAN can be created by partitioning a physical LAN into 
multiple logical LAN's (subnets) using a VLAN ID. Alternatively, several 
physical LAN's can function as a single logical LAN. The partitioned network 
can be on a single router, or multiple VLAN's can be on multiple routers just 
as multiple physical LAN's would be. A VLAN can be on a VPN."

Your question sounds similar to "partitioning a physical LAN into multiple
logical LAN's (subnets) using a VLAN ID."

Can someone, who has used VLANs recently, 
comment if this approach will do what the OP wants,
and help with the configuration on Linux if the OP wants to try it?

Last time I used VLANs was the late 1990's...on a SOHO (FlowPoint) router.
I'm afraid I'm a bit rusty and would have to test any "help" I might offer.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: SSH on Fedora 16

[Rick Sewill]

On Friday, December 23, 2011 10:07:00 AM Daniel Bossert wrote:
> On 12/23/2011 04:14 PM, Tom Horsley wrote:
> > On Fri, 23 Dec 2011 15:30:16 +0100
> > 
> > suvayu ali wrote:
> >> It would be helpful if you could give more details and say what
> >> command you are trying and its output with the verbose flag set like
> >> this -vvv.
> > 
> > Yep, the -vvv option on the remote ssh and taking a look at
> > /var/log/messages and /var/log/secure should provide details about why
> > failure happens. Perhaps the sshd_config file is set to only allow
> > public key connections? That would certainly make a password attempt
> > fail (and is how I have my server setup for remote connections versus
> > local network connections where I do allow passwords).
> 
> Hello
> 
> Here are the outputs:
> 
> Output from the remote machine:
> 
> daniel@saturn:~$ ssh -vvv daniel@172.25.0.1
> OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
<...text deleted...>
 
> [root@merkur ~]# cat /etc/ssh/sshd_config
> #$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
> 
> # This is the sshd server system-wide configuration file.  See
> # sshd_config(5) for more information.
> 
<...text deleted...>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication.  Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of "PermitRootLogin without-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
> # WARNING: 'UsePAM no' is not supported in Fedora and may cause several
> # problems.
> #UsePAM no
> #UsePAM yes
> 

Could you try "UsePAM yes" without the leading #, as in
UsePAM yes 

> # Accept locale-related environment variables
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
> LC_MESSAGES
<...text deleted...> 
> 
> Kind regards
> Daniel
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Bullies get into FireFox, and make a mess in F-14, way too easily, forcing me to DBAN the hd & reinstall...

[Rick Sewill]

On Sunday, November 20, 2011 04:11:32 PM Linda McLeod wrote:
> The bullies who have been targeting my PC with computer problems have
> got into FireFox yet again, changing things..
> 

Questions please.  

Are you running Firefox as root or as a normal user?

Have you disabled SeLinux?

Do your accounts, both root and your normal account,
have strong passwords?  Could the bullies know your passwords?

Do these bullies have physical access to your PC? 
If the bullies physical access, the only way I can think to protect stuff,
is to encrypt everything.  I would prefer others describe how to do this.
I've never encrypted my hard disk.

If these bullies do not have physical access, 
are they coming in through the Internet?
If yes, this leads to a bunch of questions.

Do you have a firewall device or NAT router or something offering you
some protection between your PC and the Internet?
Have you made changes to your PC's firewall?

How are the bullies coming in if they are coming in over the Internet?
It's possible, if the bullies are not smart, you could look at log messages. 
Someone who's done this before, would she look in /var/log/secure?

If a bully were coming in to my PC, over the Internet, 
I would first suspect they were using ssh.

I dislike the default ssh server configuration on Fedora.
I believe the default is to allow incoming ssh connections,
to normal user accounts, using password authentication.
The default iptables configuration for ssh is allow connections from anywhere.
The first things I do on a new system is disable password authentication,
only allow certain users ssh access, 
and restrict incoming ssh connections to a trusted subset of my local LAN.
I wish the default Fedora configuration, at the very least,
limited ssh connections to the local LAN.
I wish the ssh server had an option to test passwords for strength,
and reject incoming connections to accounts with weak passwords.

Other ways they could come in over the Internet include things like VPN
or VNC.  If you don't know what VPN or VNC is, you haven't enabled it.
If you are running a VNC server, are those passwords strong and secure?

Have you installed any software or plugins that are letting the bullies in?
Were you asked for the root password, by some program, unexpectedly?

If I believe a bully has gotten into my system and compromised it,
I would strongly recommend reloading my system from a backup I trust.
This backup needs to be one I believe was before the bullies first got in.
Otherwise, there are Linux rootkits designed to hide how bullies got in,
what they are doing, and prevent you from keeping them out.

To be perfectly honest, and not knowing any facts,
I would first suspect you have a weak password they brute force guessed,
and they are coming in through ssh.  Unfortunately, once in, they could
cause havoc in your user account, and if they got into your root account,
there is no telling how much harm they did.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Need to change uid and gid

[Rick Sewill]

On Friday, November 11, 2011 10:58:01 PM Rick Sewill wrote:
> On Friday, November 11, 2011 04:22:52 PM Jonathan Ryshpan wrote:
> > In the process of upgrading from Fedora-15 to Fedora-16, my uid and gid
> > have both been changed from 500 to 1000.  I maintain a "mirror" of my
> > system as backup using rsync, so in order for the mirroring to continue
> > properly the uid and gid in the mirror filesystem have to be changed to
> > match the main one.  There's no problem with my home directory, just use
> > "$ chown --recursive 1000.1000" in the mirror of my home directory.
> > However there are a few odd files, like my crontab
> > file /var/spool/cron/jonrysh which needs to have its uid (but NOT its
> > gid) changed.
> > 
> > Where is a convenient script to do this?  There must be one, since this
> > is essentially what was done in the upgrade from Fedora-15 to Fedora-15.
> > 
> > Many Thanks - jon
> 
> I would suggest
> find . -uid 500 -exec chown -h owner \;
> find . -gid 500 -exec chgrp -h group \;
> 

Oops...It's late.  My syntax for the find commands is bad.
I forgot the {} to specify the file selected by the find command.
find . -uid 500 -exec chown -h owner {} \;
find . -gid 500 -exec chgrp -h group {} \;

> The -h option says do the chown or chgrp to the symbolic link
> instead of following the symbolic link.  Without the -h option,
> the symbolic link is followed, causing the symbolic link ownership
> to not be changed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Need to change uid and gid

[Rick Sewill]

On Friday, November 11, 2011 04:22:52 PM Jonathan Ryshpan wrote:
> In the process of upgrading from Fedora-15 to Fedora-16, my uid and gid
> have both been changed from 500 to 1000.  I maintain a "mirror" of my
> system as backup using rsync, so in order for the mirroring to continue
> properly the uid and gid in the mirror filesystem have to be changed to
> match the main one.  There's no problem with my home directory, just use
> "$ chown --recursive 1000.1000" in the mirror of my home directory.
> However there are a few odd files, like my crontab
> file /var/spool/cron/jonrysh which needs to have its uid (but NOT its
> gid) changed.
> 
> Where is a convenient script to do this?  There must be one, since this
> is essentially what was done in the upgrade from Fedora-15 to Fedora-15.
> 
> Many Thanks - jon

I would suggest 
find . -uid 500 -exec chown -h owner \;
find . -gid 500 -exec chgrp -h group \;

The -h option says do the chown or chgrp to the symbolic link
instead of following the symbolic link.  Without the -h option,
the symbolic link is followed, causing the symbolic link ownership
to not be changed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Unable to ssh nodes with global IP

[Rick Sewill]

On Sunday, October 23, 2011 05:14:01 AM Harish Pillay wrote:
> > On 10/23/2011 05:09 PM, Abu Attar Musharih wrote:
> >> The customer service said that  ssh is not allowed. So, what to do
> >> then? I badly need a server with global IP for experimenting grid
> 
> You can do the following:
> a) edit /etc/ssh/sshd_config and change the default port 22 to a
> higher port say 10022. Actually anything above 1024 would
> be sufficient.
> b) restart your sshd daemon
> c) from your client, say if you are running on the command line,
> you can do the following: ssh -p 10022 hostname
> replacing the 10022 with whatever you've changed your sshd
> to.
> d) do ensure that on your server you open up the port you want
> sshd to accept connections. you can do that from the
> command line via system-config-firewall.
> 
> hth.
> 
> harish

Question to the OP please.  Are you also behind your own router?
Does it run NAT?  If yes, is it configured to forward an ssh connection,
from the Internet, to your local host?

When you switch your ssh server (etc/ssh/sshd_config) to use a non-standard
port, and if you are behind a router that is doing NAT, 
you will need to configure the router to forward the connection to your host.

If you are behind a router, owned by the ISP, that is using NAT,
our suggestions probably won't work...we need to know your network topology.

How can one tell if one is behind a router that uses NAT?
What is your local host's IP address?  
If your host's IP address is in the range, listed by rfc 1918,
http://www.rfc-editor.org/rfc/rfc1918.txt
192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255, 
or 10.0.0.0 - 10.255.255.255, you are behind a router running NAT.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Problems with Fedora15 and sound INTEL 82801DB0ICH4

[Rick Sewill]

On Thursday, October 20, 2011 11:35:06 PM Miguel Cardenas wrote:
> Hello
> 
> I have just moved to Fedora 15 (used another distro before), but it appears
> that the sound control is managed by the Phonon... I don't know much about
> it except that tried it some time ago when compiled it as a module for KD4,
> and it did not recognize all my sound devices and some multimedia
> formats...

I believe pulse audio is present on your system.  
I assume, if you do, ps wx | grep [p]ulseaudio
you will see something like
rsewill@rsewill:~ <3:6> $ ps wx | grep [p]ulseaudio
 2463 ?S $ more bin/kmix-alsa 
#!/bin/bash

export KMIX_PULSEAUDIO_DISABLE=1 && kmix
rsewill@rsewill:~ <3:2> $ ls -l bin/kmix-alsa
-rwx--. 1 rsewill rsewill 54 Oct 20 00:27 bin/kmix-alsa

> 
> If I open the KMix it does not show the devices, just a single (one)
> control for each input and output, no pcm mic etc. but I guess it is due
> the Phonon that does not support my chipset at all...
> 

The above script may get kmix to show the alsa controls.

> My doubt is, if I install another mixer control software, would it work by
> accessing directly to the audio (kernel?) driver without causing conflict
> to the Phonon?
> 

There is a pulse audio mixer control, pavucontrol, for the PulseAudio sound 
server.
rpm -q -i pavucontrol
You may need to install it, yum install pavucontrol

> And another multimedia related question, when trying AMAROK it told that
> there was no MPEG-1 plugin detected, but looking at the repositories can't
> find something like (using yum)... any idea of what may be wrong?
> 

You say it did not recognize all your sound devices and multimedia formats?

You will need to be more specific...what sound devices are recognized?  
What sound devices are not recognized?

Do you mean you have multiple sound devices such as an internal sound card,
a USB sound device, what?

Do you mean you plugged something into the sound jack and the internal sound 
card isn't behaving properly, such as not doing surround sound or something?
If this is a problem, this opens up, for me, a can of worms.  
It's possible you need to do something like create a file in /etc/modprobe.d
that passes various options to snd-hda-intel
Before going down this path, we need to know if this is, indeed, your problem.
I always get lost and confused going down this path and welcome others help.

What multimedia formats are recognized?
What multimedia formats are not recognized?

The comments, regarding pulse audio, are related to sound devices.

When you say it doesn't recognize multimedia formats, do you mean formats
like mp3?  Fedora doesn't, by default, provide the software for mp3 because
mp3 is a proprietary format.  If you are using audacious, you might need
rpm -q -i audacious-plugins-freeworld-mp3
found in the repository rpmfusion-nonfree
If you are using something else that uses gstreamer,
you might need gstreamer-plugins-bad or gstreamer-plugins-ugly or I don't know 
what else.

A disclaimer...I am interested in sound discussions because I always have 
problems with my own sound configuration.  Usually, when I try to answer
these questions, some kind soul corrects me and both I and the OP learn.

> Thanks!
> 
> Miguel
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Remote access

[Rick Sewill]

On Friday, October 14, 2011 10:25:59 AM Rick Sewill wrote:
> On Friday, October 14, 2011 06:05:29 AM Marko Vojinovic wrote:
> > On Friday 14 October 2011 05:13:53 KC8LDO wrote:
> > > Is there a way to use ssh to get through a firewall for remote access
> > > to a system? The situation I'm looking at is a Fedora system sitting
> > > behind a company firewall, which I have no control over, that I wish
> > > to gain access to by logging into it over the Internet from a remote
> > > computer. In other words the connection is initiated from outside of
> > > the firewalled company network.
> > > 
> > > What I'm thinking is using ssh to forward a port, 3389, to another
> > > computer on my own private network (also behind a firewall and NAT
> > > router) at home acting as a middle man. Then from another computer,
> > > lets say at a hotel, logging in to the same computer on my private
> > > home network and have it pass traffic bidirectionaly between the two
> > > end point computers.
> > > 
> > > Is this something than can be done using ssh and if so how? I would
> > > also like to have the remote Fedora system connection to the middle
> > > man computer remain even if the remote computer is not connected.
> > 
> > You want to look into OpenVPN. It does take some time to read the docs
> > and set it up, but it's worth it.
> > 
> >   http://openvpn.net/index.php/open-source.html
> > 
> > Essentially, it adds a virtual ethernet device (called tap) to each
> > machine, and connects these into a virtual LAN. From that point on you
> > can do whatever you want, as if the machines were next to each other in
> > the same room, connected to an ethernet switch.
> > 
> > It may happen that the default openvpn port is blocked by the company
> > firewall. In that case just reconfigure your machines to use openvpn on
> > some port that is not blocked. Other than that, openvpn will work for you
> > all over the globe, and it is completely under your control.
> > 
> > Best, :-)
> > Marko
> 
> Please talk with your manager and your sysadmin.
> 
> A good sysadmin will look at the firewall logs, will see something strange,
> will report it up to the chain of command, to his boss.
> 
> If the sysadmin doesn't, he should lose his job.
> 
> If you do something, behind the companies back, the company can't trust
> you. If a company can't trust you, they have to design you out of the
> company. They have to get rid of you.
> 
> I've worked remotely for a number of companies.
> 
> In each case, the company, and the sysadmin, wanted me to vpn in.
> They helped me.  They arranged which VPN I was to use and what I could
> access. They also insured their security wasn't compromised.
> 
> If you bypassed security at a company where I worked, you would be
> discovered. You would be fired.

I should add, in each case, the company provided me with the laptop to use.
The company insured the laptop had the firewall and virus software they wanted.
The sysadmin managed the laptop; either remotely or I brought the laptop in.
I was to use that laptop for work, and nothing else.
I was not to use any other PC for accessing work, only that laptop.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Remote access

[Rick Sewill]

On Friday, October 14, 2011 06:05:29 AM Marko Vojinovic wrote:
> On Friday 14 October 2011 05:13:53 KC8LDO wrote:
> > Is there a way to use ssh to get through a firewall for remote access to
> > a system? The situation I'm looking at is a Fedora system sitting behind
> > a company firewall, which I have no control over, that I wish to gain
> > access to by logging into it over the Internet from a remote computer.
> > In other words the connection is initiated from outside of the
> > firewalled company network.
> > 
> > What I'm thinking is using ssh to forward a port, 3389, to another
> > computer on my own private network (also behind a firewall and NAT
> > router) at home acting as a middle man. Then from another computer, lets
> > say at a hotel, logging in to the same computer on my private home
> > network and have it pass traffic bidirectionaly between the two end
> > point computers.
> > 
> > Is this something than can be done using ssh and if so how? I would also
> > like to have the remote Fedora system connection to the middle man
> > computer remain even if the remote computer is not connected.
> 
> You want to look into OpenVPN. It does take some time to read the docs and
> set it up, but it's worth it.
> 
>   http://openvpn.net/index.php/open-source.html
> 
> Essentially, it adds a virtual ethernet device (called tap) to each
> machine, and connects these into a virtual LAN. From that point on you can
> do whatever you want, as if the machines were next to each other in the
> same room, connected to an ethernet switch.
> 
> It may happen that the default openvpn port is blocked by the company
> firewall. In that case just reconfigure your machines to use openvpn on
> some port that is not blocked. Other than that, openvpn will work for you
> all over the globe, and it is completely under your control.
> 
> Best, :-)
> Marko

Please talk with your manager and your sysadmin.

A good sysadmin will look at the firewall logs, will see something strange,
will report it up to the chain of command, to his boss.

If the sysadmin doesn't, he should lose his job.

If you do something, behind the companies back, the company can't trust you.
If a company can't trust you, they have to design you out of the company.
They have to get rid of you.

I've worked remotely for a number of companies.

In each case, the company, and the sysadmin, wanted me to vpn in.
They helped me.  They arranged which VPN I was to use and what I could access.
They also insured their security wasn't compromised.

If you bypassed security at a company where I worked, you would be discovered.
You would be fired.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: selinux is a pain

[Rick Sewill]

On Tuesday, September 20, 2011 10:30:38 AM Tim wrote:
> On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> > I reinstalled (better hardware) a server and had selinux enabled (was
> > disabled before), and I starting to see why so many people don't use
> > selinux.
> 
> Let's clarify what you've written...  You are, now, trying to run a
> system with SELinux enabled, that was previously running with it
> disabled.  The same files on the drive, just changing the SELinux
> setting.  Is that right?
> 
> If so, no wonder you're having grief.  While SELinux was off, your
> system was writing files without setting any SELinux contexts.  So,
> those files are just default files.  Now that SELinux is on, there's no
> contexts written in the file attributes that would tell SELinux to allow
> access, so the default (for safety) action is to disallow it.
> 

If the above is his problem, has he tried creating /.autorelabel and reboot?
Please see "man selinux", 
"The best way to relabel the file system is to create the flag  file 
/.autorelabel  and reboot.  system-config-securitylevel, also has this 
capability.  The restorcon/fixfiles commands are also available for relabeling 
files."

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

On Thursday, August 18, 2011 11:31:18 PM Paul Allen Newell wrote:
> On 8/17/2011 10:33 PM, Andre Speelmans wrote:
> > Two things:
> > First, try without any firewall (service iptables stop), or enter a
> > first line like: iptables -I INPUT -j ACCEPT, just so we can isolate
> > the problem.
> > 
> > If that fails, look what actually gets send on the server (tcpdump -i
> > eth0 -nnl port 25).
> 
> Andre:
> 
> Thanks for help.
> 
> I did a "service iptables stop" on two of my machines (chalupa --
> 192.168.2.10 and chowder -- 192.168.2.11). I then typed, on chowder:
> +++
> telnet chalupa 23
> telnet chalupa 25
> telnet chalupa
> +++
> 
> In all three cases, the return was:
> +++
> telnet: connect to address 192.168.2.0: Connection refused

Is this a typo?  Did it say
telnet: connect to address 192.168.2.10: Connection refused

> +++
> 
> Paul
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

> My iptables is the default per F14 installation:
> +++
> # Generated by iptables-save v1.4.9 on Tue Aug 16 22:13:30 2011
> # Used command "iptables-save > iptables_F14_ORIGINAL_yoyo"
> *filter
> 
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [9950:627381]
> 

iptables entries are processed in the order found...

> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Above line jumps to "ACCEPT" for any packet with an established connection.

> -A INPUT -p icmp -j ACCEPT
Above line jumps to "ACCEPT" for any icmp packet.

> -A INPUT -i lo -j ACCEPT
Above line jumps to "ACCEPT" for any packet from the loopback interface.

> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
Above line jumps to "ACCEPT" for any ssh packet establishing a new connection.

May I suggest inserting an entry, at this spot, for mail, something like the 
following.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The goal of the previous line is to jump to "ACCEPT" for any mail packet 
establishing a new connection.

Instead of the above line, you might want to specify a source IP address range 
to limit which IP addresses can send mail to your machine.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -s 192.168.2.0/24 -j 
ACCEPT
The goal of -s 192.168.2.0/24, in the above line, is to only accept incoming 
connections to port 25 (the default smtp port), if the source IP address of 
the packet is in the range 192.168.2.0 - 192.168.2.255.

> -A INPUT -j REJECT --reject-with icmp-host-prohibited
Above line jumps to "REJECT" for any packet destined to the host.
As I said the order of entries is important.  

> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
Above line jumps to "REJECT" for any packet the host might forward.

> COMMIT
> # Completed on Tue Aug 16 22:13:30 2011
> +++
> 

I apologize for not reading your original message and going off on a telnet/ssh 
tangent in a previous email. 

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

On Tuesday, August 16, 2011 12:04:57 AM Paul Allen Newell wrote:
> Greetings
> 
> I am trying to figure out how to get communication between my F14 boxes
> on a local wired LAN. The best test case I can come up with to prove
> that I don't know what I am doing wrong is telnet.
> 
<...snip...>
> Ping works great between all of the machines for both  and
> .localdomain, lists the 192.168.10.x address like a happy camper
> should
> 
> But a telnet  25 or telnet .localdomain 25 fails.
> 
> I can't tell if I need to add information about the other machines
> somewhere else on  or if they really are known but something is
> blocking it.
> 

You didn't say if you could telnet locally to your local host:
Does this command work: telnet localhost
If not, the telnet service needs to be enabled/started.

Another possibility, iptables might be blocking it.
See if your iptables allows new incoming connections on the tcp telnet port.

There are other possibilities, but these are the first two I'd check.

If you plan to use ssh instead of telnet anyway, is best to do ssh instead.
I believe ssh is normally enabled/started.
I believe iptables is normally set up to allow incoming ssh connections.

I'm not sure the default sshd settings in /etc/ssh/sshd_config.
I'd go through those options.  Please see man sshd_config

I think the default is now only protocol 2 -- good if that's true.

I wish the default didn't allow PasswordAuthentication.
For testing and getting ssh working, password authentication may be okay.
Wouldn't want PasswordAuthentication as my default.
Is best to use PubkeyAuthentication, at a minimum, with good keys.

I think the default is to allow root login.  Wish that were not the case.
Make the person ssh in on a normal user account and su to root.
Please change "PermitRootLogin yes" to "PermitRootLogin no"

Please limit which users can come in over ssh in /etc/sshd_config.
Use AllowGroups and/or AllowUsers.

Not sure if you want X11Forwarding or not.

Some object to security by obscurity,
but you might wish to change the ssh port from port 22 to some other port.
It doesn't stop hackers if they discover your open ssh port.
It slows down those hackers who only look for ssh on port 22.

Question for iptables/firewall GUI people...
is there a way to specify ip address ranges in any firewall GUIs?

Rather than allow new incoming ssh connections 
from any IP address given by the rule, 
"-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT"
I think the OP would like to specify acceptable IP address ranges.

The OP sounds like he only wants local hosts coming in.
By hand, I would have entries with the source IP address range specified 
as in -s 192.168.0.0/16, -s 10.0.0.0/8, -s 172.16.0.0/12 

I can muck up /etc/sysconfig/iptables manually...most people shouldn't.
Bad things can happen if they don't know what they are doing.
It would be nice if firewall GUIs did this for them.  
Which firewall GUIs do?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: NM_CONTROLLED=no not working

[Rick Sewill]

On Friday, July 15, 2011 08:14:43 PM Rick Sewill wrote:
> On Friday, July 15, 2011 02:48:53 PM Ian Pilcher wrote:
> > I feel like I'm losing my mind.  Can someone confirm that this is
> > supposed to work before I bugzilla this?
> > 
> > I am trying to get NetworkManager to ignore my wireless adapter (while
> > still managing my Ethernet adapter and VPN connections).  I have created
> > 
> > /etc/sysconfig/network-scripts/ifcfg-wlan0:
> >DEVICE=wlan0
> >TYPE=Wireless
> >HWADDR=00:23:14:12:C1:38
> >NM_CONTROLLED=no
> 
> Does the following work?
> NM_CONTROLLED="no"

It was a long shot if NM_CONTROLLED="no" works...documentation indicates
NM_CONTROLLED=no should work.  I think what you have should work too

Documentation says one must have the correct HWADDR address.
Looking at your followup emails, it appears you have the correct HWADDR 
address.  Another long shot...documentation suggests you can have
HWADDR=00:23:14:12:C1:38 as you have...but as an experiment,
please put quotes around the MAC address
HWADDR="00:23:14:12:C1:38"

Why am I asking for quotes around things?  I'm not sure how NetworkManager 
"reads" ifcfg-wlan0.  It may have internal routines for reading the file -or-
it may use a shell (like the bash shell) to read ifcfg-wlan0.
I believe the non-NetworkManager network has scripts in 
/etc/sysconfig/network-scripts that use the bash shell to read  ifcfg-wlan0. 
I am trying to guess what syntax might make NetworkManager and
non-NetworkManager happy.  To tell the truth, what you have should work.
I just want to rule out this possibility.

Another line of questions.  
What is in /etc/NetworkManager/NetworkManager.conf?
I have the following:
rsewill@rsewill:~ <3:1> $ more /etc/NetworkManager/NetworkManager.conf 
[main]
plugins=ifcfg-rh
According to the documentation,  man NetworkManager.conf,
on a Redhat/Fedora system, one might have plugins=ifcfg-rh and/or keyfile
If one has both, the order the plugins are listed matters.
For example, do you have plugins=ifcfg-rh -or-  plugins=keyfile
-or- plugins=ifcfg-rh,keyfile -or- plugins=keyfile,ifcfg-rh?
Ideally you will say you have plugins=ifcfg-rh and we still won't have an idea 
what is wrong.  It's a possibility that needs to be ruled out.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: NM_CONTROLLED=no not working

[Rick Sewill]

On Friday, July 15, 2011 02:48:53 PM Ian Pilcher wrote:
> I feel like I'm losing my mind.  Can someone confirm that this is
> supposed to work before I bugzilla this?
> 
> I am trying to get NetworkManager to ignore my wireless adapter (while
> still managing my Ethernet adapter and VPN connections).  I have created
> /etc/sysconfig/network-scripts/ifcfg-wlan0:
> 
>DEVICE=wlan0
>TYPE=Wireless
>HWADDR=00:23:14:12:C1:38
>NM_CONTROLLED=no
> 


Does the following work?
NM_CONTROLLED="no"
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Bash: (foo==0)?foo=1:foo=0 valid?

[Rick Sewill]

On Saturday, July 02, 2011 02:11:52 PM inode0 wrote:
> On Sat, Jul 2, 2011 at 2:07 PM, Daniel B. Thurman  wrote:
> > I used:  (((foo==0)?foo=1:0)) and it works in a bash script!
> 
> I don't think that is quite the same as what I'm guessing your
> original attempt intended. In this case if foo does not equal 0 to
> begin with it won't be set to 0. Perhaps that doesn't matter in your
> particular case.
> 
> John

If you know that foo is always initialized to either a value of zero or one, 
would the following seem reasonable?
let foo=1-$foo
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound since upgrading to F15

[Rick Sewill]

On Monday, May 30, 2011 07:08:14 AM John Aldrich wrote:
> > On Sunday, May 29, 2011 10:59:42 PM John Aldrich wrote:

> Ok... I put the info you had in your local.conf file WRT audio, except for
> the USB as I don't have any USB audio. I'm tempted to put an old PCI sound
> card in to see if that might help things, but I don't really want to. I
> want to figure out what is going on with sound and why it doesn't work now,
> but it did before I upgraded to F15!

Do you, by chance, know what you had in your /etc/modprobe.d/ files,
related to sound, on Fedora 14?

If I do a google search, options snd_hda_intel model
it appears snd_hda_intel has other options.

My modprobe options might not be enough, or even correct for your hardware.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No ethernet connection -

[Rick Sewill]

On Monday, May 30, 2011 07:22:45 AM Frank Murphy wrote:
> On 30/05/11 13:19, Rick Sewill wrote:
> 
> 
> > I will try to upgrade to Fedora 15, in time.  At this moment, I am
> > hesitant. I have an old system, with limited RAM.  I need to have good
> > file backups. I am concerned my attempt to upgrade to Fedora 15 may
> > fail.
> 
> If upgrading F15 should preserve the ethX stuff,
> but if a fresh install pci slots (nic) will be emX

They changed the names?  Thank you for the heads up.
I will need to switch to the new names, in time, then.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No ethernet connection -

[Rick Sewill]

On Monday, May 30, 2011 04:35:54 AM Bob Goodwin wrote:
> New F-15 install.
> 
> How is the ethernet connection made/assigned, whatever? I made
> some changes via chkconfig and lost eth0 and eth1. Ethtool
> simply reports no devices. Is there a routine for setting up
> eth"x" or does it just have to happen automatically? That seems
> unlikely.
> 

With the caveat, I am still on Fedora 14 and haven't tried to upgrade yet,
I assume Fedora 15 still has needed configuration files in /etc/modprobe.d.

What is in your /etc/modprobe.d/local.conf?

My Fedora 14 /etc/modprobe.d/local.conf file contains the following:
rsewill@rsewill:~ <3:1> $ more /etc/modprobe.d/local.conf 
alias eth0 via-rhine
alias eth1 via-rhine
alias eth2 forcedeth
alias scsi_hostadapter libata
alias scsi_hostadapter1 sata_nv
alias scsi_hostadapter2 pata_amd
alias scsi_hostadapter3 usb-storage
options snd cards_limit=8
alias snd-card-0 snd-hda-intel
options snd-hda-intel index=0
alias snd-card-7 snd-usb-audio
options snd-usb-audio index=7

On Fedora 14 this was how I associated which ethernet driver for which device.
I assume it's still the same way on Fedora 15.

Another person is having sound problems, and I remember there is sound stuff
in /etc/modprobe.d/local.conf too.

I am wondering if Fedora 15 did things to the modprobe files -or- 
if the format of the modprobe files has changed -or- 
if the modprobe files have been replaced by something else.

I will try to upgrade to Fedora 15, in time.  At this moment, I am hesitant.  
I have an old system, with limited RAM.  I need to have good file backups.
I am concerned my attempt to upgrade to Fedora 15 may fail.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound since upgrading to F15

[Rick Sewill]

On Sunday, May 29, 2011 10:59:42 PM John Aldrich wrote:

With the disclaimer, I haven't tried to upgrade to Fedora 15 yet,
so I am getting my information from my Fedora 14 system,
I have a question on the alsa-info.sh script output.

I didn't see any "!!Modprobe options (Sound related)" in your output.
I assume Fedora 15 still needs modprobe options for sound.

I have sound options in my Fedora 14 /etc/modprobe.d/local.conf file.
...skip options not related to sound...
options snd cards_limit=8
alias snd-card-0 snd-hda-intel
options snd-hda-intel index=0
alias snd-card-7 snd-usb-audio
options snd-usb-audio index=7

I need to repeat the disclaimer, I am still using Fedora 14.

On my Fedora 14 system, alsa-info.sh script output gives the following:
...Skip beginning of my output...
!!Advanced information - PCI Vendor/Device/Susbsystem ID's
!!

00:10.1 0403: 10de:026c (rev a2)
Subsystem: 103c:2a45


!!Modprobe options (Sound related)
!!

snd-hda-intel: index=0
snd-usb-audio: index=7


!!Loaded sound module options
!!--
...Skip rest of my output...
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Antivirus for Fedora 14

[Rick Sewill]

On Friday, May 20, 2011 12:29:23 PM John Aldrich wrote:
> On Fri May 20 2011, Andrew Jamison wrote:
> > I always install ClamAV which is free from the repositories, that may
> > work for now. When viruses become a bigger threat on Linux (not to
> > far-fetched to say it could happen) then you may see commercial
> > programmers offering Linux versions of their clients.
> 
> You can already by commercial antivirus for Linux. Kaspersky offers a Linux
> version, as does AVG and Symantec. How well those work is anyone's guess. I
> don't have any info on whether or how well they work, simply advising that
> they already exist.
> 
> Now, I agree that it's not too far-fetched to expect to see a linux virus
> "in the wild." Apple is now reportedly advising users to get some sort of
> antivirus for the Mac, and since Apple's O/S is based on BSD, it doesn't
> seem like a huge stretch to imagine that a Linux virus could be developed.
> 
> I would like to see more "workstation" antiviruses be developed for linux.
> Most of the antivirus products I've seen for linux have been for servers.

There have been Linux viruses in the past.

Please see URL:
http://en.wikipedia.org/wiki/Linux_malware

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[OT] My paranoia and skype, was Re: Protected WLAN

[Rick Sewill]

On Wednesday, May 18, 2011 07:01:53 AM Marko Vojinovic wrote:

> Except for skype, of course... ;-) But that's old news. And now that
> Microsoft took it over, they will probably trade with the nsa for a
> backdoor... :-)
> 

I apologize for the off topic remarks I am about to make.

I would be very surprised if skype didn't have back doors for governments.

Skype is proprietary and we can't examine the source for back doors.

There were allegations the Chinese Skype had a text chat back door.
http://blogs.skype.com/en/2008/10/skype_president_addresses_chin.html

My paranoia causes me to believe the back doors don't stop with text chat.
My paranoia causes me to believe multiple governments demanded back doors.

This is one of two reasons I don't want to use skype.
The other reason I don't want to use skype is I don't want to be a super node.

In my mind, it would be very easy for governments to be men in the middle,
to intercept interesting skype traffic, to be able to store conversations.

To put it plainly, I don't trust skype.

Sorry to go off topic.  Flame me if you wish.  I think I deserve to be flamed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 11:45:47 PM JD wrote:
...
> Well, that bridge is the router.
> Wireless clients that are associated with an Access Point
> in "infrastructure" mode cannot directly talk to each other.
> Their traffic must  flow through the router.
> If I had set the two computers to use AdHoc mode of
> "association" with each other, then indeed, their traffic
> would go directly to each other without any other facility
> in between.

I've been quiet because I don't know enough about the internals of wireless.
This discussion gives me a question.

What would happen if the computers were set to AdHoc mode?
It's unclear to me if the gateway has to be set to AdHoc mode too.
As an aside, I'm curious if most devices allow an AdHoc mode setting.

>From a 64000 foot view, I'd expect the following.
The two wireless computers would find each other.
The two wireless computers would not find 192.168.1.1, the computer on the LAN, 
UNLESS the gateway answered the ARP for computers  on the LAN.
>From the ARP table on the Powerbook, from another response in this thread,
it appears the gateway answers ARP requests for computers on the LAN.

This may be a wild goose chase, but I'm curious what happens in this case.

I'm not sure if you would want to actually run your network in AdHoc mode.
I don't know the direct and indirect consequences of doing this.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 03:27:53 PM JD wrote:
> On 05/14/11 12:55, Rick Sewill wrote:
> > On Saturday, May 14, 2011 10:46:51 AM JD wrote:
> >> On 05/14/11 09:17, Rick Sewill wrote:
> >>> On Saturday, May 14, 2011 09:27:55 AM JD wrote:
> >>>> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
> >>>>> On 05/14/2011 09:36 AM, JD wrote:
> >>>>>> On my F14, I am running a firewall that accepts specific connection
> >>>>>> on specific ports from some machines on the LAN.
> >>>>>> 
> >>>>>> However, for one machine I made a general rule to accept all
> >>>>>> connections:
> >>>>>> 
> >>>>>> -A INPUT -s 192.168.1.60 -j ACCEPT
> >>>>>> 
> >>>>>> After restarting the firewall,
> >>>>>> 
> >>>>>> I still am unable to ping that machine and it is unable to ping me.
> >>>>>> That machine is not running a firewall.
> >>>>>> 
> >>>>>> I can ping the router and another machine I have on the LAN.
> >>>>>> The machine at 192.168.1.60 can do the same.
> >>>>>> 
> >>>>>> What else do I need to do to be able to talk to machine 192.168.1.60
> >>>>>> and it to my fedora machine?
> >>>>> 
> >>>>> Try:
> >>>>> 
> >>>>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
> >>>>> 
> >>>>> there needs to be a netmask in the syntax.
> >>>> 
> >>>> Tried it.
> >>>> Did not change anything :(
> >>> 
> >>> Could we see more of the network topology please?
> >>> 
> >>> Can you do on both machines:
> >>> /bin/netstat -rn
> >> 
> >> On Fedora Machine:
> >> # /bin/netstat -rn
> >> Kernel IP routing table
> >> Destination Gateway Genmask Flags   MSS Window  irtt
> >> Iface
> >> 10.0.0.00.0.0.0 255.255.255.0   U 0 0  0
> >> eth0
> >> 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
> >> wlan0
> >> 10.1.1.00.0.0.0 255.255.255.0   U 0 0  0
> >> eth0
> >> 192.168.122.0   0.0.0.0 255.255.255.0   U 0 0  0
> >> virbr0
> >> 0.0.0.0 192.168.1.254   0.0.0.0 UG0 0  0
> >> wlan0
> >> 
> >> 
> >> On the machine in question (192.168.1.60)
> >> # /sbin/netstat -rn
> >> Routing tables
> >> 
> >> Internet:
> >> DestinationGatewayFlagsRefs  Use  Netif
> >> Expire default192.168.1.254  UGSc80   
> >> en1 127127.0.0.1  UCS 00lo0
> >> 127.0.0.1  127.0.0.1  UH  04lo0
> >> 169.254link#6 UCS 00en1
> >> 192.168.1  link#6 UCS 20en1
> >> 192.168.1.10:26:18:6:ef:7 UHLW0  113en1   
> >> 566 192.168.1.60   127.0.0.1  UHS 00lo0
> >> 192.168.1.254  0:1d:5a:c8:91:c1   UHLW   15  153en1   
> >> 565
> >> 
> >> Internet6:
> >> Destination Gateway
> >> Flags  Netif Expire
> >> 
> >> ::1 link#1
> >> 
> >> UHL lo0
> >> fe80::%lo0/64   fe80::1%lo0
> >> Uc  lo0
> >> fe80::1%lo0 link#1
> >> UHL lo0
> >> ff01::/32   ::1
> >> U   lo0
> >> ff02::/32   fe80::1%lo0
> >> UC  lo0
> >> 
> >>> /sbin/ifconfig
> >> 
> >> On Fedora machine:
> >> 
> >> # /sbin/ifconfig
> >> eth0  Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
> >> 
> >> inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
> >> inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
> >> UP BROADCAST MULTICAST  MTU:1500  Metric:1
> >> RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:849 errors:0 dropped:0 overr

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 10:46:51 AM JD wrote:
> On 05/14/11 09:17, Rick Sewill wrote:
> > On Saturday, May 14, 2011 09:27:55 AM JD wrote:
> >> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
> >>> On 05/14/2011 09:36 AM, JD wrote:
> >>>> On my F14, I am running a firewall that accepts specific connection on
> >>>> specific ports from some machines on the LAN.
> >>>> 
> >>>> However, for one machine I made a general rule to accept all
> >>>> connections:
> >>>> 
> >>>> -A INPUT -s 192.168.1.60 -j ACCEPT
> >>>> 
> >>>> After restarting the firewall,
> >>>> 
> >>>> I still am unable to ping that machine and it is unable to ping me.
> >>>> That machine is not running a firewall.
> >>>> 
> >>>> I can ping the router and another machine I have on the LAN.
> >>>> The machine at 192.168.1.60 can do the same.
> >>>> 
> >>>> What else do I need to do to be able to talk to machine 192.168.1.60
> >>>> and it to my fedora machine?
> >>> 
> >>> Try:
> >>> 
> >>> -A INPUT -s 192.168.1.60/32 -j ACCEPT
> >>> 
> >>> there needs to be a netmask in the syntax.
> >> 
> >> Tried it.
> >> Did not change anything :(
> > 
> > Could we see more of the network topology please?
> > 
> > Can you do on both machines:
> > /bin/netstat -rn
> 
> On Fedora Machine:
> # /bin/netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags   MSS Window  irtt
> Iface
> 10.0.0.00.0.0.0 255.255.255.0   U 0 0  0
> eth0
> 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
> wlan0
> 10.1.1.00.0.0.0 255.255.255.0   U 0 0  0
> eth0
> 192.168.122.0   0.0.0.0 255.255.255.0   U 0 0  0
> virbr0
> 0.0.0.0 192.168.1.254   0.0.0.0 UG0 0  0
> wlan0
> 
> 
> On the machine in question (192.168.1.60)
> # /sbin/netstat -rn
> Routing tables
> 
> Internet:
> DestinationGatewayFlagsRefs  Use  Netif Expire
> default192.168.1.254  UGSc80en1
> 127127.0.0.1  UCS 00lo0
> 127.0.0.1  127.0.0.1  UH  04lo0
> 169.254link#6 UCS 00en1
> 192.168.1  link#6 UCS 20en1
> 192.168.1.10:26:18:6:ef:7 UHLW0  113en1566
> 192.168.1.60   127.0.0.1  UHS 00lo0
> 192.168.1.254  0:1d:5a:c8:91:c1   UHLW   15  153en1565
> 
> Internet6:
> Destination Gateway
> Flags  Netif Expire
> 
> ::1 link#1
> 
> UHL lo0
> fe80::%lo0/64   fe80::1%lo0
> Uc  lo0
> fe80::1%lo0 link#1
> UHL lo0
> ff01::/32   ::1
> U   lo0
> ff02::/32   fe80::1%lo0
> UC  lo0
> 
> > /sbin/ifconfig
> 
> On Fedora machine:
> 
> # /sbin/ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
>inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
>inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
>UP BROADCAST MULTICAST  MTU:1500  Metric:1
>RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
>TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
>collisions:0 txqueuelen:1000
>RX bytes:174589 (170.4 KiB)  TX bytes:418153 (408.3 KiB)
>Interrupt:19 Base address:0xd800
> 
> eth0:0Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
>inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
>UP BROADCAST MULTICAST  MTU:1500  Metric:1
>Interrupt:19 Base address:0xd800
> 
> loLink encap:Local Loopback
>inet addr:127.0.0.1  Mask:255.0.0.0
>inet6 addr: ::1/128 Scope:Host
>UP LOOPBACK RUNNING  MTU:16436  Metric:1
>RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
>TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
>collisions:0 txqueuelen:0
>RX bytes:373719874 (356.4 MiB)  TX bytes:373719874 (356.4 MiB)
> 
> virbr0Link encap:Ethernet  HWaddr 22:3E:A

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 09:27:55 AM JD wrote:
> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
> > On 05/14/2011 09:36 AM, JD wrote:
> >> On my F14, I am running a firewall that accepts specific connection on
> >> specific ports from some machines on the LAN.
> >> 
> >> However, for one machine I made a general rule to accept all
> >> connections:
> >> 
> >> -A INPUT -s 192.168.1.60 -j ACCEPT
> >> 
> >> After restarting the firewall,
> >> 
> >> I still am unable to ping that machine and it is unable to ping me.
> >> That machine is not running a firewall.
> >> 
> >> I can ping the router and another machine I have on the LAN.
> >> The machine at 192.168.1.60 can do the same.
> >> 
> >> What else do I need to do to be able to talk to machine 192.168.1.60
> >> and it to my fedora machine?
> > 
> > Try:
> > 
> > -A INPUT -s 192.168.1.60/32 -j ACCEPT
> > 
> > there needs to be a netmask in the syntax.
> 
> Tried it.
> Did not change anything :(

Could we see more of the network topology please?

Can you do on both machines:
/bin/netstat -rn

/sbin/ifconfig

If you don't mind, it might be easiest to copy your filewall
rules so we can see them.  As root,
/sbin/iptables -L -v

If you are concerned with security and sharing your public IP address, 
may I suggest changing the public IP address ranges to something else, 
like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output. 

Another question...if you have multiple ethernet devices,
which device is 192.168.1.60 connected to?  


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Best FOSS alternative for skype?

[Rick Sewill]

On Thursday, May 12, 2011 02:08:56 AM Zoltan Hoppar wrote:
> HI Fernando,
> 
> Yesterday night I have tried out your suggestion, and works
> surprisingly well. By the way, a far as I know there is an possibility
> to use our Fedora SIP inside at FAS, right?

Please correct me if I am wrong, 
but I am under the impression Fedora talk has been "retired".

Please see URL:
https://insight.fedoraproject.org/content/kevin-fenzi-fedora-talk-first-static-
then-silence-talkfedoraprojectorg-closing-2011-05-05

If Fedora talk has indeed, been retired, 
could someone update the wiki and other references to Fedora Talk?

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Best FOSS alternative for skype?

[Rick Sewill]

On Tuesday, May 10, 2011 04:54:33 PM Marko Vojinovic wrote:
...
> Thus the question: is there a FOSS VoIP app that provides roughly the same
> quality, reliability and free-as-in-beer service?

I would like to know the answer to this question also.

I've been reading about Google and xmpp and jingle.
http://en.wikipedia.org/wiki/Jingle_%28protocol%29

I found a firefox plugin I could download.
>From URL: http://www.google.com/chat/video
I clicked "Install voice and video chat" 
and got to URL: http://www.google.com/chat/video/download.html
I installed the rpm.
I haven't tested it much...I did call my google voice number 
to see if I could answer and I could.  
I assume I can call out too, but haven't tried.

Always keeping firefox running is not satisfactory for me.
I have an older machine, with not enough ram or cpu power.

I was hoping to use an open source voip client program.
empathy seems to use libjingle and will let me know when
there is an incoming google voice call, but it doesn't work.
Google voice wants me to "press 1" to accept the call.
I have no way to "press 1" in empathy.

I haven't had any success with any other client program.
I tried kopete, gajim, without success.

It used to be google voice worked with sip if one had a gizmo5 account.
Google discontinued gizmo5 recently.  
I heard rumors there are still ways to call google voice from sip,
but that doesn't help me.  
I want to use an open source client, and can no longer use a sip client.

If anyone knows how to get one of these xmpp client programs 
working with google voice, please share that information.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: dhcpd gateway settings

[Rick Sewill]

On Friday, April 22, 2011 01:58:35 PM Aaron Gray wrote:
> On 22 April 2011 19:37, Rick Sewill  wrote:
> > On Friday, April 22, 2011 12:11:38 PM Aaron Gray wrote:
> > > I am trying to set up a network and gateway on 192.168.1.x that I am
> > 
> > using
> > 
> > > for BOOTP'ing servers.
> > > 
> > > dhcpd.conf
> > > ~~~
> > > allow booting;
> > > allow bootp;
> > > ddns-update-style interim;
> > > ignore client-updates;
> > > subnet 192.168.1.0 netmask 255.255.255.0 {
> > > 
> > > option subnet-mask 255.255.255.0;
> > > option broadcast-address 192.168.1.255;
> > > option routers 192.168.1.1;
> > > option router-discovery true;
> > > option domain-name-servers 8.8.8.8;
> > > range dynamic-bootp 192.168.1.200 192.168.1.240;
> > > next-server 192.168.0.140;
> > > filename "pxelinux.0";
> > > 
> > > }
> > > subnet 192.168.0.0 netmask 255.255.255.0 {
> > > }
> > > ~~
> > > 
> > > But I cannot seem to get HTTP or other services to work on 192.168.1.x
> > > 
> > > I have the existing 192.168.0.x network and was wondering how gateway
> > > requests should get from 192.168.1.x to 192.168.0.1 ?
> > > 
> > > Many thanks in advance,
> > > 
> > > Aaron
> > 
> > If I were a dhcp client, with no other routing configuration information,
> > I will arp for the router at 192.168.1.1 to find the router's mac
> > address. I would send the packet not destined to my local subnet to the
> > router.
> > 
> > I will not arp for 192.168.0.140 because it is not on my local subnet.
> > 
> > The question becomes, how is the router at 192.168.1.1 configured?
> > The router needs to forward the packets to the 192.168.0.x network.
> 
> How do I do that ?

I was reading your answers to Jame's questions on the other sub-thread.
His questions were actually better than my questions.

What is device 192.168.1.1?  Is that the Netgear or your laptop?
>From the other thread I gather 192.168.0.140 is your laptop.
What is the IP address for the Netgear, 192.168.0.1?

A strange question, do you wish your laptop, running Linux, to "filter" packets 
from the 192.168.1/24 network to the Internet?

If the answer to the above question is no, you might consider configuring the 
Netgear to be the gateway for both the 192.168.0/24 and 192.168.1/24 subnets.
http://documentation.netgear.com/fvs336g/enu/202-10257-01/FVS336G_RM-05-08.html
The Netgear will be the gateway for both subnets. 
The Netgear will route traffic between the two subnets.

If, on the other hand, you want your laptop to filter packets from the 
192.168.1/24 subnet to the Internet, you have two choices.

You can configure your laptop to route packets between the 192.168.0/24 and 
192.168.1/24 subnets -or- you can configure your laptop to masquerade packets 
from the 192.168.1/24 subnet when it forwards packets from the 192.168.1/24 
subnet to the 192.168.0/24 subnet (and, by extension, to the Internet).

For both choices where you want your laptop filtering packets from the 
192.168.1/24 subnet, you need to do the following:
1) your laptop needs to do multihoming on the ethernet port
One IP address, for your laptop, should be 192.168.0.140.
The other IP address, for your laptop, should be 192.168.1.1.
I get these two IP addresses based on your dhcpd.conf file.
If you need help with this, we can go into more detail in another email.
I know how to do this if you are NOT using NetworkManager.
Someone else may know how to do this if you are using NetworkManager.

2) Your laptop needs to be set to enable IP forwarding.
 You can dynamically turn on IP forwarding with the following command
 (as root), echo 1 > /proc/sys/net/ipv4/ip_forward
 The above command would need to be done each time your laptop boots.
 Alternatively, you can change the line, "net.ipv4.ip_forward = 0"
 in the file, /etc/sysctl.conf, change the value from 0 to 1, to have the 
laptop always want to do IP forwarding when it boots.

3) You will need to examine your iptables and change your iptables 
configuration, as needed, to permit packets flowing between
the 192.168.0/24 and 192.168.1/24 subnet.

This is where you decide if you want to masquerade packets from the 
192.168.1/24 subnet or simply route packets from the 192.168.1/24 subnet.

If you want to simply route 192.168.0/24 packets, your step 4 is as follows:
4) configure the Netgear to route any packets to the 192.168.1/24 subnet
 through your laptop by telling the Netgear the gateway for the
 192.168.1/24 subnet is 192.16

Re: dhcpd gateway settings

[Rick Sewill]

On Friday, April 22, 2011 12:11:38 PM Aaron Gray wrote:
> I am trying to set up a network and gateway on 192.168.1.x that I am using
> for BOOTP'ing servers.
> 
> dhcpd.conf
> ~~~
> allow booting;
> allow bootp;
> ddns-update-style interim;
> ignore client-updates;
> subnet 192.168.1.0 netmask 255.255.255.0 {
> option subnet-mask 255.255.255.0;
> option broadcast-address 192.168.1.255;
> option routers 192.168.1.1;
> option router-discovery true;
> option domain-name-servers 8.8.8.8;
> range dynamic-bootp 192.168.1.200 192.168.1.240;
> next-server 192.168.0.140;
> filename "pxelinux.0";
> }
> subnet 192.168.0.0 netmask 255.255.255.0 {
> }
> ~~
> 
> But I cannot seem to get HTTP or other services to work on 192.168.1.x
> 
> I have the existing 192.168.0.x network and was wondering how gateway
> requests should get from 192.168.1.x to 192.168.0.1 ?
> 
> Many thanks in advance,
> 
> Aaron

If I were a dhcp client, with no other routing configuration information,
I will arp for the router at 192.168.1.1 to find the router's mac address.
I would send the packet not destined to my local subnet to the router.

I will not arp for 192.168.0.140 because it is not on my local subnet.

The question becomes, how is the router at 192.168.1.1 configured?
The router needs to forward the packets to the 192.168.0.x network.

To see the path, on the 192.168.1.x machine, try traceroute -n 192.168.0.x

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Help with PPTP VPN connection keeps failing

[Rick Sewill]

On Tuesday, April 19, 2011 10:38:34 PM Eric B. wrote:
> "Rick Sewill"  wrote in message
> news:201104191901.17623.rsew...@gmail.com...
> 
> > On Tuesday, April 19, 2011 10:43:32 AM Eric B. wrote:
> >> > CCP terminated by peer
> >> > Compression disabled by peer.
> >> > LCP terminated by peer
> > 
> > I don't know if this means anything.
> > 
> > I would have thought not successfully negotiating compression would not
> > be a
> > good enough reason to terminate the connection.
> > 
> > Still, I've been wrong more times than I care to admit.
> > 
> > Can you change the compression on your side to match what the peer
> > expects?
> > I don't know if the peer expects a specific compression or no
> > compression.
> 
> This may sound like a stupid question, but how/where does one configure
> compression using the Network Manager?  I can't seem to find documentation
> on option configuration anywhere.
> 
> Thanks,
> 
> Eric

I use KDE so I am limited in what I can do with GNOME Network Manager, but...
Can you go to the Network Connections, select VPN,
select the pptp connection and edit it.
Click the Advanced button, which I think is above the Save button.

Doing a google search: networkmanager pptp compression
I got the URL http://blog.herbertm.ca/archives/258
which may help us.

Can you tell us what the old settings were before changing any settings?

Can you make the settings be similar to the screen shot in the above URL?
I.e., have only MSCHAP selected, MPPE checked, 128 bit (most secure),
I think it doesn't matter if TCP header compression is checked/unchecked,
but have the other compressions unchecked.

While I would not terminate a connection if compression was not negotiated,
I would terminate a connection if encryption were not successfully negotiated.

Were there any messages about encryption negotiation in the log?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Help with PPTP VPN connection keeps failing

[Rick Sewill]

On Tuesday, April 19, 2011 10:43:32 AM Eric B. wrote:

> > 
> > CCP terminated by peer
> > Compression disabled by peer.
> > LCP terminated by peer

I don't know if this means anything.

I would have thought not successfully negotiating compression would not be a 
good enough reason to terminate the connection.  

Still, I've been wrong more times than I care to admit.

Can you change the compression on your side to match what the peer expects?
I don't know if the peer expects a specific compression or no compression.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Running ssh on unreserved ports

[Rick Sewill]

On Saturday, February 19, 2011 04:28:11 am Anne Wilson wrote:
> On Saturday 19 February 2011 10:20:30 Tim wrote:
> > On Fri, 2011-02-18 at 16:07 -0500, Alex wrote:
> > > I'd like to move it to a higher port to avoid the normal doorknob
> > > rattling that occurs with ssh running on a public server.
> > 
> > Even with it on a different port, you'd probably want to implement some
> > firewalling that auto-bans an IP after few failed attempts.  That stops
> > them from continually trying to get through.
> > 
> > I think there was a package called fail2ban, or something similar, that
> > did that automatically.
> 
> Fail2ban is easy to set up, and I've seen it stop attempts here.
> 
> Anne

The one time I suffered a rootkit on Linux was when someone
used a bug in ssh to get into my system.  Fortunately, for me,
I discovered the rootkit within hours of it happening and reloaded.

I am paranoid about ssh and welcome suggestions that increase my ssh 
security configuration, in particular, and overall security, in general.

Currently, for ssh on my system, I do the following:
1) in my /etc/ssh/sshd_config file
   a) I specify which users can use ssh (AllowUsers rsewill ...)
   b) I explicitly specified only protocol 2 could be used until that
   was the default in later versions of ssh.  (Protocol 2)
   c) I switch to a non-standard port (Port ...)
   d) I do not permit root logins, (PermitRootLogin no)
   e) I ignore user known hosts (IgnoreUserKnownHosts yes)
   f) I do not permit password authentication (PasswordAuthentication no)

   I do not permit kerberos authentication.

   This leaves public key authentication.
   Please make sure the key bits are large enough, default is 2048 for RSA,
   and make sure the person, with the private key, protects the private key.

2) in iptables
   a) I whitelist the IP addresses of those I permit coming in through ssh.

   If one can't whitelist IP addresses,one might try blacklisting
   IP address ranges.  For example, if one lives in Europe, one might not
   expect an ssh connection from the United States or Russia or China.

   Please note, I do not believe blacklisting is that effective.
   First, the zombie PCs can be anywhere, in any country.
   Second, people can use proxy services to get around country blacklists.

   If you still want to try to blacklist countries,
   please do a google search, China IP range, to get some sites
   that list IP address ranges for various countries.
   I can't/won't recommend any particular site, but can list a few
   examples from this google search:
http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
http://www.countryipblocks.net/country-blocks/select-formats/
http://www.find-ip-address.org/ip-country/

   With the advent of IPv6, you need to start whitelisting and 
   blacklisting IPv6 addresses when your ISP switches to IPv6.
   The default, for most ports, is to drop incoming connects.
   IPSec seems to be an exception.  I'm not sure I like having 
   IPSec as an exception unless I expect IPSec traffic.
   Why aren't there iptables filters that allow outgoing IPSec
   connections, but not incoming IPSec connections
   The normal IPv4 iptables filters also allow IPSec connections.
   Is this the "default" or have I accidentally enabled IPSec?

   b) I set up my iptables filters to drop packets from a source that
   fails to connect in  attempts over a certain period of time.
   I would suggest doing a google search: "ssh-evil" iptables
   for examples.  If you are not comfortable with iptables and 
   iptables filters, please get a trusted friend to help you.  
   The iptables filters are your firewall; you want all filters correct,
   and in the correct order, or you leave yourself open to attack.

It sounds like fail2ban scans log files for break-in attempts, not just
for ssh, but for other protocols as well.  It would be a welcome addition.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 12:55:12 pm M. Fioretti wrote:
> On Sat, Feb 12, 2011 12:47:13 PM -0600, Rick Sewill (rsew...@gmail.com) 
wrote:
> > Could you show us the output of twice, the second time a few seconds
> > after the first time so we can see if any interrupt number changes fast.
> > more /proc/interrupts
> 
> here are two runs, 5/6 seconds apart:
> 
> [root@polaris ~]# more /proc/interrupts
>CPU0   CPU1
>   0:136180   IO-APIC-edge  timer
>   1:  0  2   IO-APIC-edge  i8042
>   4:  0  2   IO-APIC-edge
>   7:  1  0   IO-APIC-edge  parport0
>   8:  0  1   IO-APIC-edge  rtc0
>   9:  0  0   IO-APIC-fasteoi   acpi
>  12:  0  4   IO-APIC-edge  i8042
>  14:  0  0   IO-APIC-edge  pata_amd
>  15:  0  0   IO-APIC-edge  pata_amd
>  17:  0  2   IO-APIC-fasteoi   firewire_ohci
>  20: 116972135   IO-APIC-fasteoi   ohci_hcd:usb3, nvidia
>  21:947289   IO-APIC-fasteoi   ehci_hcd:usb2, hda_intel
>  22:  0  3   IO-APIC-fasteoi   ehci_hcd:usb1
>  23: 252957 24   IO-APIC-fasteoi   ohci_hcd:usb4
>  43: 449718   5490   PCI-MSI-edge  ahci
>  44: 850242 23   PCI-MSI-edge  eth0
> NMI:  0  0   Non-maskable interrupts
> LOC:   12772218   13583547   Local timer interrupts
> SPU:  0  0   Spurious interrupts
> PMI:  0  0   Performance monitoring interrupts
> PND:  0  0   Performance pending work
> RES:68964877547957   Rescheduling interrupts
> CAL:   8607  11701   Function call interrupts
> TLB:  43915  42920   TLB shootdowns
> TRM:  0  0   Thermal event interrupts
> THR:  0  0   Threshold APIC interrupts
> MCE:  0  0   Machine check exceptions
> MCP:103103   Machine check polls
> ERR:  1
> MIS:  0
> [root@polaris ~]#
> [root@polaris ~]# more /proc/interrupts
>CPU0   CPU1
>   0:136180   IO-APIC-edge  timer
>   1:  0  2   IO-APIC-edge  i8042
>   4:  0  2   IO-APIC-edge
>   7:  1  0   IO-APIC-edge  parport0
>   8:  0  1   IO-APIC-edge  rtc0
>   9:  0  0   IO-APIC-fasteoi   acpi
>  12:  0  4   IO-APIC-edge  i8042
>  14:  0  0   IO-APIC-edge  pata_amd
>  15:  0  0   IO-APIC-edge  pata_amd
>  17:  0  2   IO-APIC-fasteoi   firewire_ohci
>  20: 116985135   IO-APIC-fasteoi   ohci_hcd:usb3, nvidia
>  21:947289   IO-APIC-fasteoi   ehci_hcd:usb2, hda_intel
>  22:  0  3   IO-APIC-fasteoi   ehci_hcd:usb1
>  23: 252957 24   IO-APIC-fasteoi   ohci_hcd:usb4
>  43: 449809   5490   PCI-MSI-edge  ahci
>  44: 850456 23   PCI-MSI-edge  eth0
> NMI:  0  0   Non-maskable interrupts
> LOC:   12774821   13585530   Local timer interrupts
> SPU:  0  0   Spurious interrupts
> PMI:  0  0   Performance monitoring interrupts
> PND:  0  0   Performance pending work
> RES:68969747548786   Rescheduling interrupts
> CAL:   8608  11703   Function call interrupts
> TLB:  43919  42921   TLB shootdowns
> TRM:  0  0   Thermal event interrupts
> THR:  0  0   Threshold APIC interrupts
> MCE:  0  0   Machine check exceptions
> MCP:103103   Machine check polls
> ERR:  1
> MIS:  0
> [root@polaris ~]#
> 
> 
> will try now to find out the clock interrupt rate. Thanks

I think the clock interrupt rate is shown by the "Local timer interrupts".
I don't know if that number is okay or not.  I think it might be okay.

I am curious about the Rescheduling interrupts.
I do not have a dual core system so I have no rescheduling interrupts.

I do not know how many rescheduling interrupts is too many. 

I did google searches, "Resheduling interrupts"
and Linux "Resheduling interrupts"
It appears there have been problems, in this area, over the years.
We should be careful to limit ourselves to any recent problems.

I found some sort of explanation of rescheduling interrupts at
https://help.ubuntu.com/community/ReschedulingInterrupts
Also at this URL were suggestions for troubleshooting problems.
One suggestion, from this URL was to use "vmstat 1".
I haven't used vmstat before so this is educational.
Ano

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 12:43:53 pm M. Fioretti wrote:
> On Sat, Feb 12, 2011 12:27:55 PM -0600, Rick Sewill (rsew...@gmail.com) 
wrote:
> > Could you show the output of iostat -x 1,
> > not iostat -x 1 | egrep -i 'device|sda'
> > please?
> 
> Sure, sorry, here you go (this is with Firefox open, right now)
> 
> 
> Linux 2.6.35.10-74.fc14.x86_64 (polaris.localdomain)  02/12/2011  
_x86_64_(2
> CPU)
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>   28.930.003.230.690.00   67.15
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.7612.231.72   
> 2.0796.94   111.7654.97 0.10   26.58   4.13   1.57 dm-0   
>   0.00 0.002.45   13.9896.65   111.7612.68 2.18 
> 132.68   0.95   1.57 dm-1  0.00 0.000.010.00
> 0.09 0.00 8.00 0.005.45   3.18   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>   48.760.000.500.000.00   50.75
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
> 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
>   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
> 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>   16.580.001.010.000.00   82.41
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 0.000.00  
> 19.00 0.00   152.00 8.00 0.010.79   0.11   0.20 dm-0  
>0.00 0.000.00   19.00 0.00   152.00 8.00 0.01  
>  0.79   0.11   0.20 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>4.460.000.994.950.00   89.60
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.0027.000.00   
> 9.00 0.00   272.0030.22 0.077.67   7.67   6.90 dm-0   
>   0.00 0.000.00   34.00 0.00   272.00 8.00 0.10   
> 2.82   2.03   6.90 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>4.500.001.000.000.00   94.50
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
> 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
>   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
> 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>   12.870.000.990.000.00   86.14
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
> 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
>   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
> 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>   39.300.000.500.000.00   60.20
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
> 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
>   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
> 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00

Is there any correlation between avg-cpu %user and Device sda 
wsec/s writes?

Is there a burst of %user cpu activity followed by a burst of wsec/s writes?

If the system is doing so little, I'd expect less %user cpu activity.
Since the system is 2 CPU, does 48% means one cpu ran solid for a second?

Someone help us...I know there is a command to show open files, lsof.
Does that command include a w

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 12:27:55 pm Rick Sewill wrote:
> On Saturday, February 12, 2011 12:09:34 pm M. Fioretti wrote:
> > On Sat, Feb 12, 2011 19:03:56 PM +0100, Marco Fioretti
> 
> (mfiore...@nexaima.net) wrote:
> > > On Sat, Feb 12, 2011 12:55:16 PM -0500, Lamar Owen (lo...@pari.edu) 
wrote:
> > > > On Saturday, February 12, 2011 12:19:33 pm M. Fioretti wrote:
> > > > > besides hard drive and DVD burner there are only Logitech webcam,
> > > > > wheelmouse and earphone microphone, but everything is plugged in
> > > > > the back which is not really accessible without moving
> > > > > furniture. I'll do that if needed, but isn't a way to check for
> > > > > those interrupts from the prompt?
> > > > 
> > > > Let's see if iowaits are you issue.  Install the sysstat package
> > > > (yum install sysstat) and run: iostat -x 1
> > > 
> > > here it is, thanks for the tip. When it isn't zero, the await column
> > > gives anything from 27.36 to 35.78 (last line) to 5 (I have already
> > > posted top output in a comment to the web page):
> > > 
> > > [root@polaris ~]# iostat -x 1 | egrep -i 'device|sda'
> > 
> > Sorry, of course that's only the part of the story about sda. here is one
> > complete run of iostat:
> > 
> > 
> > Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s
> > avgrq-sz avgqu-sz   await  svctm  %util sda   0.00 5.00 
> >   0.00 5.00 0.0064.0012.80 0.036.00   6.00   3.00
> > dm-0
> > 
> >   0.00 0.000.008.00 0.0064.00 8.00 0.04
> > 
> > 4.38   3.75   3.00 dm-1  0.00 0.000.000.00
> > 0.00 0.00 0.00 0.000.00   0.00   0.00
> > 
> > other runs show all null values for  dm-0 / dm-1, or values similar to
> > these
> > 
> > Marco
> 
> Could you show the output of iostat -x 1,
> not iostat -x 1 | egrep -i 'device|sda'
> please?
> 
> On my system, when I do
> iostat -x 1
> I get "avg-cpu" besides drive information.
> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
>5.050.004.040.000.00   90.91
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util
> sda   0.00 0.000.000.00 0.00 0.00 0.00
> 0.000.00   0.00   0.00
> 
> It might help to see the "avg-cpu".
> If we are lucky, either the %user or %system or ... will show high cpu
> usage.

Another question please...if it's spurious interrupts, I found the device file,
/proc/interrupts, which has a row for Spurious interrupts.

We haven't demonstrated the problem is interrupt related.
Can we try to isolate or rule out this as a problem please?

Could you show us the output of twice, the second time a few seconds
after the first time so we can see if any interrupt number changes fast. 
more /proc/interrupts
...
more /proc/interrupts

Can people suggest any information/files in /proc which might help us?

I assume there is a periodic hardware clock interrupt for your CPU.
Can we find out this clock interrupt rate somewhere?


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 12:09:34 pm M. Fioretti wrote:
> On Sat, Feb 12, 2011 19:03:56 PM +0100, Marco Fioretti 
(mfiore...@nexaima.net) wrote:
> > On Sat, Feb 12, 2011 12:55:16 PM -0500, Lamar Owen (lo...@pari.edu) wrote:
> > > On Saturday, February 12, 2011 12:19:33 pm M. Fioretti wrote:
> > > > besides hard drive and DVD burner there are only Logitech webcam,
> > > > wheelmouse and earphone microphone, but everything is plugged in
> > > > the back which is not really accessible without moving
> > > > furniture. I'll do that if needed, but isn't a way to check for
> > > > those interrupts from the prompt?
> > > 
> > > Let's see if iowaits are you issue.  Install the sysstat package
> > > (yum install sysstat) and run: iostat -x 1
> > 
> > here it is, thanks for the tip. When it isn't zero, the await column
> > gives anything from 27.36 to 35.78 (last line) to 5 (I have already
> > posted top output in a comment to the web page):
> > 
> > [root@polaris ~]# iostat -x 1 | egrep -i 'device|sda'
> 
> Sorry, of course that's only the part of the story about sda. here is one
> complete run of iostat:
> 
> 
> Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
> avgqu-sz   await  svctm  %util sda   0.00 5.000.00   
> 5.00 0.0064.0012.80 0.036.00   6.00   3.00 dm-0   
>   0.00 0.000.008.00 0.0064.00 8.00 0.04   
> 4.38   3.75   3.00 dm-1  0.00 0.000.000.00
> 0.00 0.00 0.00 0.000.00   0.00   0.00
> 
> other runs show all null values for  dm-0 / dm-1, or values similar to
> these
> 
> Marco

Could you show the output of iostat -x 1, 
not iostat -x 1 | egrep -i 'device|sda'
please?

On my system, when I do
iostat -x 1
I get "avg-cpu" besides drive information.
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   5.050.004.040.000.00   90.91

Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz 
avgqu-sz   await  svctm  %util
sda   0.00 0.000.000.00 0.00 0.00 0.00 
0.000.00   0.00   0.00

It might help to see the "avg-cpu".
If we are lucky, either the %user or %system or ... will show high cpu usage.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 09:53:28 am M. Fioretti wrote:
> On Sat, Feb 12, 2011 15:25:54 PM +, Alan Cox (a...@lxorguk.ukuu.org.uk) 
wrote:
> > There are lots of other things it could be, unfortunately you've not
> > provided any really useful information on the machine, you've not
> > provided any dumps of stuff that would be useful
> 
> I have now, in comments to the article. I certainly did not expect to
> get the complete answer in one step (as I wrote at the end of that
> page), I wrote everything I thought useful in that page. And I had put
> "little details like which X server is being run" in that page since
> the beginning, in the form I thought it could be enough, ie attaching
> the installed RPM packages. And I also _acknowledged_ right there that
> it couldn't be enough "so please tell me what other inputs do you
> need, thanks".
> 
> > On an 8GB box with Intel onboard video even Gnome is usable so
> > something is definitely wrong in your specific setup
> 
> exactly my point :-) I am sure a big part of the problem is
> Firefox+Flash, but can that be the WHOLE problem? As I wrote in the
> article, it's not like killing Firefox (while it does improve things)
> solves everything.
> 
> Dmesg output is pasted below. Boot, reboot or not it makes no
> difference. let it go ten minutes, and it starts behaving like
> that.
> 
> Thanks again for your quick support! Just ask for more tests if
> needed.
> 
> Marco
> 
> [0.00] Initializing cgroup subsys cpuset
> [0.00] Initializing cgroup subsys cpu
> [0.00] Linux version 2.6.35.10-74.fc14.x86_64


That is something I hadn't thought of.

What devices are connected to your system?

Perhaps a Linux driver, for a device is having problems.
Perhaps a device is generating lots of interrupts.

Can you disconnect any devices and see if the slowness goes away?



signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: "why is my Linux so damn slow?"

[Rick Sewill]

On Saturday, February 12, 2011 07:51:25 am M. Fioretti wrote:
> Greetings,
> 
> when I upgraded from Fedora 12 to Fedora 14, about twenty days ago,
> the system (which wasn't doing really well even before the upgrade)
> became almost unusable. The problem is, very likely, upstream of
> Fedora, but I would like to understand where exactly is and if/how
> Fedora in some way amplifies it. I've posted all details here:
> 
> http://freesoftware.zona-m.net/help-request-why-is-my-linux-so-damn-slow

You have a very interesting problem.

Given the amount of RAM, and given the result of the top command,
from the URL, you are not having a memory to disk swap problem.

May I ask, what is the "purpose" of this system?  Is it a server?
With the amount of memory, I have no idea how much disk space,
and processes running, can I assume it is a server?

If we suspect X/nVidia -and- the system is a server, can we boot
in runlevel 3 (i.e., boot without X) to see if the system runs slow?

When was the last time this system was booted?

When the system is initially booted, does the system start slow,
or does the system run "fast" for awhile, and then slow down?

Is the system slowing down account specific?
Does the system run slow when marco is not logged in?
Do you have another account you can log in as?

Is the slowness caused when certain applications are running?

According to the top command, firefox had 24.6% of the CPU,
and python and java and another python and httpd and mysqld and ...
were all running.  Firefox is at the top of the top output.

Can you quit Firefox and make sure Firefox is really stopped.
After quitting Firefox, please do killall firefox to make sure.
Please do ps aex | grep [f]irefox to make sure firefox is stopped.

I wonder if Firefox is visiting a website that causes Firefox problems.
The top output shows Firefox has TIME+ of 96:00.54--I'm not sure
the units for 96:00.54, is that 96 minutes, 96 hours, or what?
I would like to rule Firefox out, as a possible cause of the slowness.

Can you please boot the system, with the network off?
I am curious to see if network traffic is causing the slowness.
Perhaps some network service is being attacked from the Internet.
I would actually like to see the number of bytes in/out on your interfaces.

I don't know anything about your iptables rules...do they give a hint on
network activity?  Are services available to the Internet that shouldn't be?
If your system is a server, perhaps you are suffering a brute force attack 
against some service or services.  Can you do iptables -L -v
Do any iptables rules show unusual byte/packet counts?

I neglected to ask if you checked system logs?
Is there anything special in /var/log/messages or /var/log/secure or
/var/log/cron or ... I would do a ls -ltr /var/log to see the size of your
logs and see which logs are being written to most.  I don't run httpd.
Where are the log files for httpd kept?  Are those log files in /var/log/httpd?
I would also check subdirectories of /var/log for log files for services.

The purpose of the above questions is to gather more information.
Hopefully, something  will stand out that points to the problem.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outout format of time command

[Rick Sewill]

On Tuesday, February 01, 2011 04:13:20 am Adel ESSAFI wrote:
> Hello,
> I have  followed the man page of  time commande to put a certain output
> format.
> However, time command does not recognise -f  option.
> 
> Could you help please.
> 
> 
> 
> [adel@localhost generateInstance]$ time -f "%e" ls
> bash: -f: command not found

There are two separate time commands.

One is a bash built-in.  
To set the format for this time, please set the environment variable,
TIMEFORMAT.  Please do "info bash" and search for TIMEFORMAT.

The other is the time command described by "man time".
To use this time command, please do $(which time) -f "%e" ls
On my system, $(which time) happens to be /usr/bin/time
so I can also do /usr/bin/time -f "%e" ls


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [Fedora] Re: [Fedora] Re: korganizer crash

[Rick Sewill]

On Thursday, January 27, 2011 04:10:46 pm Walter Cazzola wrote:
> Dear all,
> just to add something to my problem, this affect only my user, from root
> korganizer starts like a charm. I've noticed that it is bound to the
> akonadi server but also killing all the process related to akonadi
> korganizer from my user doesn't start.
> 
> :-(
> 
> any help is appreciated
> 

I just started using kde a little while ago so I may not be much help.

I believe, to identify a problem, one needs to isolate the problem.

To this end, what calendar(s) were you working with just before it failed?

If they were local calendars, can you move them out of the way,
until you identify which local calendar causes the problem, and then
examine that calendar to see what might be causing the problem?

I would strongly encourage you to make a backup before moving files.
It would be bad if my suggestion made matters worse.

If they are calendars from the Internet, can you bring up korganizer
with your PC not connected to the Internet--korganizer will fail to get 
to the internet, but you might be able to disable the Internet calendar.
If disabling an Internet calendar stops the crashing, we get a hint.

Once the calendar(s) causing problems can be identified, 
others may have hints what is causing the crashing problem.

Also, when it crashes, I assume abrt wants to make a report.
Do the details of the report give a hint why korganizer is crashing?
The hint may have no meaning to me, but might help a developer.
With the hint, one might google to see what others did to fix similar problems.

I wish I could give you an answer.  
I'm afraid I can only suggest isolating the problem.
Hopefully others, who have used kde longer or develop kde 
will recognize the problem and suggest a fix or workaround.



signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: iptables and NAT

[Rick Sewill]

On Tuesday, January 25, 2011 09:12:07 am Ian Pilcher wrote:
> What is the default gateway on the web server?  It's possible that
> packets are getting through the "gateway" server just fine, but getting
> lost on the way back.

Can the OP run wireshark and look for the packets?

Also, if one does 
iptables -L -v -t nat
-and-
iptables -L -v
before and after trying to send a packet from the Internet to his server,
do the byte and packet counts for the nat iptables entries and the other 
iptables entries (for forwarding the packet) get incremented as expected?


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fwd: Re: [Fedora] Re: FC14 Installation Hangs

[Rick Sewill]

On Saturday, January 22, 2011 01:14:40 pm Ashley M. Kirchner wrote:
> On 1/22/2011 12:03 PM, JB wrote:
> > Kernel command line:
> > always keep -->  ignore_loglevel
> > add -->   enforcing=0
> 
>  The only major difference this time is that it's also detecting the
> additional drives that are on the add-on card.  Previously it wasn't,
> but now I can see them after it says 'waiting for hardware to
> initialize...'.  It's going through ata1.00, ata1.01, ata3.00, and
> ata3.01 - which accounts for the four hard drives, and then it lists the
> CD-ROM.  But it still dies at the same exact spot after detecting the
> CD-ROM ...
> 
>  For the record, I previously tried without the add-on card plugged
> in and it too went nowhere.  So there is something either with the
> CD-ROM or just after it that causing it to hang.  And when I say hang,
> I'm talking complete lock up.  NUM key doesn't do anything, the machine
> is a brick.  Only recovery is to hold the power button till it shuts off.
> 
>  By the way, when booting CentOS, it also displays that 'waiting for
> hardware to initialize...' however it sits there for a mere 5 seconds
> then moves on and boots normally.

I looked at URL, http://fedoraproject.org/wiki/KernelCommonProblems,
for hints.  It has a suggestion, under "Crashes/Hangs", 
"# initcall_debug will allow to see the last thing the kernel tried to 
initialise before it hung."
I have the impression, from what is said, the kernel is hanging trying to 
initialize something.  Perhaps this parameter will help give us a hint.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Checking whether Gnome screensaver currently active

[Rick Sewill]

On Tuesday, January 18, 2011 08:52:57 pm Robert Nichols wrote:
> On 01/18/2011 12:28 PM, Rick Sewill wrote:
> > On Tuesday, January 18, 2011 09:00:22 am Robert Nichols wrote:
> >> On 01/18/2011 01:34 AM, Rick Sewill wrote:
> >>> On Monday, January 17, 2011 10:57:00 pm Robert Nichols wrote:
> >>>> On 01/17/2011 09:57 PM, Rick Sewill wrote:
> >>>>> Question please:
> >>>>> 
> >>>>> Can you use
> >>>>> gnome-screensaver-command -q
> >>>>> 
> >>>>> man gnome-screensaver-command
> >>>>> 
> >>>>> I'm currently trying out KDE so I don't know
> >>>>> what is returned by the above command for the
> >>>>> various gnome-screensaver states.
> >>>> 
> >>>> As I said in my original message, when run from a cron job that fails:
> >>>> ** Message: Failed to connect to the D-BUS daemon:
> >>>> /bin/dbus-launch terminated abnormally with the following
> >>>> error: Autolaunch error: X11 initialization failed.
> >>>> 
> >>>> And yes, I did try it with "DISPLAY=:0.0" in the environment.
> >>> 
> >>> You have a good puzzle!
> >>> 
> >>> I read all the responses for the problem,
> >>> http://www.mail-archive.com/debian-kde@lists.debian.org/msg30421.html
> >>> 
> >>> I tried to condense their answer to the following...please give it a
> >>> try:
> >>> 
> >>> I created a file, ${HOME}/bin/testscreensaver
> >>> = Please begin contents of file testscreensaver with following line
> >>> #!/bin/bash
> >>> 
> >>> # We must set the DISPLAY variable so dbus is happy.
> >>> 
> >>> export DISPLAY=:0.0
> >>> 
> >>> # We must find the DBUS_SESSION_BUS_ADDRESS so dbus is happy.
> >>> 
> >>> for pid in $(pgrep -u $USER)
> >>> do
> >>> 
> >>>   declare DBUS_SESSION_BUS_ADDRESS=$(cat /proc/${pid}/environ | \
> >>>   
> >>>   tr '\0' '\n' | grep "DBUS_SESSION_BUS_ADDRESS=")
> >>> 
> >>> # I looked for the first DBUS_SESSION_BUS_ADDRESS found.
> >>> 
> >>>   [ -z "${DBUS_SESSION_BUS_ADDRESS}" ] || break
> >>> 
> >>> done
> >>> 
> >>> 
> >>> # Strip off the DBUS_SESSION_BUS_ADDRESS= string at the beginning.
> >>> DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS:25}"
> >>> 
> >>> # I echo it for debugging purposes...you probably don't want to echo
> >>> it. echo "Set bus address to<${DBUS_SESSION_BUS_ADDRESS}>"
> >>> 
> >>> # If I have a string, I call the gnome-screensaver-command
> >>> [ -z "${DBUS_SESSION_BUS_ADDRESS}" ] || gnome-screensaver-command -q
> >>> 
> >>> = Please end file testscreensaver with previous line
> >> 
> >> Hmmm, in that script you're not doing anything with
> >> DBUS_SESSION_BUS_ADDRESS beyond testing for non-null (it's not
> >> exported), so "Set bus address to" is a misnomer.  "Found bus address"
> >> might be more to the point.  It does test whether this user currently
> >> has a session, which is useful.
> > 
> > Please see "man dbus-daemon".
> > 
> > I believe the variable, DBUS_SESSION_BUS_ADDRESS, must be set for desktop
> > applications to find the per-session daemon to have interprocess
> > communication amongst themselves.  From "man dbus-daemon", I am
> > referring to the per-session daemon, not the systemwide daemon.
> 
> Look again at the script you posted and explain where it does anything but
> set and test for non-null an internal shell variable that has no special
> meaning to the shell itself.  Had you in some manner exported that variable
> so that gnome-screensaver-command could see it, then I would have more
> reason to believe you.

I stand corrected. 

 I ran a test without DBUS_SESSION_BUS_ADDRESS set.
Only the export DISPLAY=:0.0 seems to be needed.





signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: xmms only playing mp3 as root

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> Hi Mchael,
> This system was installed - clean - from dvd on 28-12-2010.
> I use my laptop like my car. Drive it - stick to the rules - not messing 
> with things I do not know about.
> When beyond me I ask for advice.
> Your positive input is appreciated.
> Before I try anything is your advice still standing since this is new 
> install?
> Await your comment
> Thanks.
> Johan
> 

I just noticed this thread.
Please forgive me if my comments are not germane.

When you are logged in, as root, do you have a file,
~/.xmms/config, and if so, is there a line in this file,
output_plugin=

When you are logged in, as a normal user, do you have a file,
~/.xmms/config, and if so, is there a line in this file,
output_plugin=

For me, when I am logged in, as a normal user, I do have a file,
~/.xmms/config, and the line in my file is
output_plugin=/usr/lib64/xmms/Output/libxmms-pulse.so

I have not run xmms, as root.  I do not have a directory, /root/.xmms

I thought, somewhere, I read, your xmms was looking for /dev/dsp.
I thought /dev/dsp was for the audio system, Open Sound System (OSS).
I thought, but could be wrong, OSS, was replaced,
in the default Fedora installation, by Pulse Audio
(with ALSA actually used to drive the sound hardware).

I do not have the device file, /dev/dsp.

xmms does play mp3 files, for me, as a normal user.
In my setup, xmms must use Pulse Audio.  I don't have OSS installed.

I apologize if my comments are not germane.
I missed the start of this thread.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0d9KQACgkQyc8Kn0p/AZTHXgCfTUj0MJTDhsfwr8qi5AqlQvVk
dOYAoIuwuLynII/pRpEzyY1V7xXvCzh4
=JrHI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: How do I set up DHCP in order to upgrade the software on my router?

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/28/2010 09:20 AM, Rick Sewill wrote:
> On 12/28/2010 08:31 AM, Colin Paul Adams wrote:
> 
>> I edited 
>> /etc/dhcp/dhcpd.conf
> 
>> to look like this:
> 
>> #
>> # DHCP Server Configuration file.
>> #   see /usr/share/doc/dhcp*/dhcpd.conf.sample
>> #   see 'man 5 dhcpd.conf'
>> #
>> authoritative;
>> use-host-decl-names on;
>> ddns-update-style none;
> 
>> option domain-name "colin.demon.co.uk";
>> next-server 192.168.254.201;
>> filename "linux/pxelinux.0";
>> allow bootp;
> 
>> subnet 192.168.254.0 netmask 255.255.255.0 {
> 
>>  option subnet-mask 255.255.255.0;
>>  option broadcast-address 192.168.254.255;
> 
>> }
>> group {
>>  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
>> }
> 

Hmmm.  I did a little more digging.

I found, in "man dhcpd.conf", the following:
BOOTP Support
  Each BOOTP client must be explicitly declared in the dhcpd.conf file.
  A very basic client  declaration  will  specify  the  client  network
  interface's  hardware  address  and  the IP address to assign to that
  client.   If the client needs to be able to load a boot file from the
  server,  that  file's name must be specified.   A simple bootp client
  declaration might look like this:

   host haagen {
 hardware ethernet 08:00:2b:4c:59:23;
 fixed-address 239.252.197.9;
 filename "/tftpboot/haagen.boot";
   }

Could you instead of doing what I thought previously, replace
>> group {
>>  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
>> }
>
with something like the following...
host myrouter {
  hardware ethernet 00:14:7F:F8:83:DD;
  fixed-address 192.168.254.254;
  filename "/var/lib/tftpboot/ZZQIAA8.225.bli";
}

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0aCigACgkQyc8Kn0p/AZTTqgCdHDl7KvO+2RfFy2Eep3k/RFOL
v1UAoJYrZnNwME92MLP5o8vsH9Wn3dBt
=GgOI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: How do I set up DHCP in order to upgrade the software on my router?

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/28/2010 08:31 AM, Colin Paul Adams wrote:

> I edited 
> /etc/dhcp/dhcpd.conf
> 
> to look like this:
> 
> #
> # DHCP Server Configuration file.
> #   see /usr/share/doc/dhcp*/dhcpd.conf.sample
> #   see 'man 5 dhcpd.conf'
> #
> authoritative;
> use-host-decl-names on;
> ddns-update-style none;
> 
> option domain-name "colin.demon.co.uk";
> next-server 192.168.254.201;
> filename "linux/pxelinux.0";
> allow bootp;
> 
> subnet 192.168.254.0 netmask 255.255.255.0 {
> 
>   option subnet-mask 255.255.255.0;
>   option broadcast-address 192.168.254.255;
> 
> }
> group {
>  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
> }
> 

I looked at /usr/share/doc/dhcp-4.2.0/dhcpd.conf.sample,
and saw the following:
"
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

subnet 10.254.239.32 netmask 255.255.255.224 {
  range dynamic-bootp 10.254.239.40 10.254.239.60;
  option broadcast-address 10.254.239.31;
  option routers rtr-239-32-1.example.org;
}
"

If the above, in the sample file, is correct,
and your router is using BOOTP instead of DHCP,
I would think you need
  "range dynamic-bootp ..."

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0aADAACgkQyc8Kn0p/AZRzlACfeZe3M257Yjd7hJxLdIJDqHzt
srIAnjHnPolQVWotLGs7lw9E2Wsz8vjr
=Q7Av
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: nm-applet autoload

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/21/2010 10:52 AM, Rick Sewill wrote:
> On 12/21/2010 10:28 AM, Richard Heck wrote:
> 
>> After an upgrade from F12 to F14, which went very smoothly even on an 
>> old laptop (yea!), nm-applet is no longer loaded automatically under 
>> KDE. I can load it manually from a terminal, and then all is well, but 
>> this is a hassle. I could also add it to the Autostart folder, but that 
>> seems the wrong way to handle it.
> 
>> Suggestions?
> 
>> Thanks,
>> Richard
> 
> 
> For me, nm-applet is loaded as a Startup Application
> (System->Startup Application->Network Manager)
> The command found in the Startup Program was
> "nm-applet --sm-disable"
> 
> Note: I am using Gnome, not KDE.  Your mileage may vary.
> 

I mistyped...that should be
(System->Preferences->Startup Applications->Network Manager)

Sorry.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Q29sACgkQyc8Kn0p/AZQccwCfUcAdM5gDnalJ8hE/Byy2SMVP
PJMAoJTEV0CnFA4vvQyxuUes4PBPF2ZZ
=++4C
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: nm-applet autoload

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/21/2010 10:28 AM, Richard Heck wrote:
> 
> After an upgrade from F12 to F14, which went very smoothly even on an 
> old laptop (yea!), nm-applet is no longer loaded automatically under 
> KDE. I can load it manually from a terminal, and then all is well, but 
> this is a hassle. I could also add it to the Autostart folder, but that 
> seems the wrong way to handle it.
> 
> Suggestions?
> 
> Thanks,
> Richard
> 

For me, nm-applet is loaded as a Startup Application
(System->Startup Application->Network Manager)
The command found in the Startup Program was
"nm-applet --sm-disable"

Note: I am using Gnome, not KDE.  Your mileage may vary.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Q20gACgkQyc8Kn0p/AZTJwgCffog0UDfOQNgW6XYDqdSzIBTb
+AsAoJPwVACpkmGOa7ZK8/eCmBfv2Bfi
=wbYG
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Testing changes to fstab

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/15/2010 07:29 PM, Robert Moskowitz wrote:
> A long time ago I got burned with a type in /etc/fstab and back then I 
> was told how to test out changes to fstab.
> 
> Well I just added my USB drive to fstab and want to make sure I got it 
> right.  The line I added is:
> 
> /dev/sdb1/media/usbdriveext4defaults1 2
> 
> I figure this out from the fstab man page and that the following works:
> 
> mount /dev/sdb1 /media/usbdrive
> 
> But I want to test first before I reboot.  BTW, the messages I now get 
> for this drive during boot are:
> 
> Dec 15 19:56:06 homebase kernel: usb 1-2: New USB device found, 
> idVendor=0bc2, idProduct=3300
> Dec 15 19:56:06 homebase kernel: usb 1-2: New USB device strings: Mfr=1, 
> Product=2, SerialNumber=3
> Dec 15 19:56:06 homebase kernel: usb 1-2: Product: Desktop
> Dec 15 19:56:06 homebase kernel: usb 1-2: Manufacturer: Seagate
> Dec 15 19:56:06 homebase kernel: usb 1-2: SerialNumber: 2GHJTCB4
> Dec 15 19:56:06 homebase kernel: usb 1-2: configuration #1 chosen from 1 
> choice
> 
> Oh, and I used e2label to label the partition the same as its serial #).
> 
> 

A suggestion please.

Instead of using "/dev/sdb1" in /etc/fstab, can you use either,
UUID=uuid-for-the-partition or LABEL=label-for-the-partition?

I speak from personal experience.

At one time, I tried using "/dev/sdf1" for a usb drive.

Then I added another usb device.

Depending how usb devices were discovered,
my usb drive wasn't /dev/sdf1 any more.

When the device is plugged in, even if the device is not mounted,
can you check "ls -l /dev/disk/by-uuid" or "ls -l /dev/disk/by-label"
to learn the uuid or label for the usb drive, respectively?

Since you stated you labeled the partition, 2GHJTCB4,
you should be able to do, in your /etc/fstab,

LABEL=2GHJTCB4 /media/usbdriveext4defaults1 2

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0JuO4ACgkQyc8Kn0p/AZQyrACdEWkPCbLuz8TiB1vLCmH3eeAS
ow4AnR4ixd/G68+1q27kLzK4NIALOcVp
=6CP2
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Still having problems with mount of USB drive at boot time

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/14/2010 03:33 PM, Robert Moskowitz wrote:
> This is for Fedora 12 and a 1.5Tb USB seagate drive.
> 
> How do I get this drive recognixzed at boot time?  Once it is set up it 
> is known as:
> 
> /media/d4ae05a3-c60f-489d-8159-e16c9a271f0b
> 
> 

Caution: I am on Fedora 14.
I can't remember if the following is true for Fedora 12.
I believe the following is true for Fedora 13.

When the disk is on and plugged in, does an entry for it appear in
ls -l /dev/disk/by-uuid

What I have done is the following:
1) In my /etc/fstab I have
   (following is all one line, forgive the line wrap)
UUID=90de18a5-489b-40bd-85a4-9a2ff3a15d81 /media/wd  ext2   noauto
0 0

2) When I turn on my USB disk, the following appears:
   ls -l /dev/disk/by-uuid/90de*
rsew...@rsewill:~ <2:6> $ ls -l /dev/disk/by-uuid/90de*
lrwxrwxrwx. 1 root root 10 Dec 15 01:42
/dev/disk/by-uuid/90de18a5-489b-40bd-85a4-9a2ff3a15d81 -> ../../sdf1

It appears I can use UUID=name where name is found in /dev/disk/by-uuid
in my /etc/fstab file.

3) I do, sudo mount /media/wd
   Please note: I have my /etc/sudoers file set up so I can do
   sudo mount 
   As root, one edits the /etc/sudoers file using the visudo command
   to set up what user can do what with the sudo command.

Similarly, I believe I can use LABEL=label for the disk if it appears in
/dev/disk/by-label.  I have a walkman which I have labeled, WALKMAN.
My fstab entry for it is as follows:
  (following is all one line, forgive the line wrap)
LABEL=WALKMAN   /media/walkman   vfat
noauto,user 0 0

The entry, when the walkman is plugged in, in /dev/disk/by-label is
rsew...@rsewill:~ <2:11> $ ls -l /dev/disk/by-label/WALKMAN
lrwxrwxrwx. 1 root root 10 Dec 15 01:47 /dev/disk/by-label/WALKMAN ->
../../sdg1

I can mount my walkman, as a normal user, because of the "user" option
in the /etc/fstab file.
mount /media/walkman

I use "noauto" or "noauto,user" so I can control when the device is
mounted.  I mount these devices manually.

Please see "man 8 mount" for the definitions of these options,
noauto, user, defaults.

I assume, since you say you want it mounted automatically,
and I assume at boot time, you will not want the "noauto" option.

Would you, instead, use the "defaults" option instead of "noauto"?

If the device is not turned on during boot, with the "defaults" option,
I'm not sure what will happen.  I expect the system to wait a long time
and/or hang waiting for the device to appear.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Id6gACgkQyc8Kn0p/AZR65gCfSjpKUXRNqj0KzLgfazGY4Y8U
4xgAnRjdZ0kiUMGBUmXgfV4oUqn5ZGy/
=tTbg
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fedora14.Impossible Internet.More and More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/15/2010 12:18 AM, Rick Sewill wrote:
> On 11/14/2010 10:23 PM, Luis Suzuki wrote:
>> All below was taken when Gnome NetworkManager was saying that Auto eth0
>> was active and OK.
> 
>> Below some more data:# ping 192.168.1.254
>> PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
>> 64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=1.15 ms
>> 64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.700 ms
>> 64 bytes from 192.168.1.254: icmp_req=3 ttl=64 time=0.733 ms
>> 64 bytes from 192.168.1.254: icmp_req=4 ttl=64 time=0.715 ms
>> 64 bytes from 192.168.1.254: icmp_req=5 ttl=64 time=0.706 ms
>> 64 bytes from 192.168.1.254: icmp_req=6 ttl=64 time=0.775 ms
>> 64 bytes from 192.168.1.254: icmp_req=7 ttl=64 time=0.801 ms
>> 64 bytes from 192.168.1.254: icmp_req=8 ttl=64 time=0.716 ms
>> 64 bytes from 192.168.1.254: icmp_req=9 ttl=64 time=0.726 ms
>> 64 bytes from 192.168.1.254: icmp_req=10 ttl=64 time=0.708 ms
>> 64 bytes from 192.168.1.254: icmp_req=11 ttl=64 time=0.709 ms
> 
> 
> This means the ethernet hardware is working.  You can ping the router.
> 
>> #less /etc/resolv.conf
>> # Generated by NetworkManager
>> domain lan
>> search lan
>> nameserver 192.168.1.254
>> /etc/resolv.conf (END) 
> 
> 
> This is good as long as the router will do DNS for you.
> 
>> #ifconfig -a
> 
>> eth0  Link encap:Ethernet  HWaddr 00:21:70:BC:71:84  
>>   inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
>>   inet6 addr: fe80::221:70ff:febc:7184/64 Scope:Link
>>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>   RX packets:120 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:1000 
>>   RX bytes:11211 (10.9 KiB)  TX bytes:19119 (18.6 KiB)
>>   Interrupt:43 Base address:0x8000 
> 
> The interface IP address is 192.168.1.64...okay.
> 
>> # ip route
>> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.64
>>  metric 1 
> 
>> # netstat -rn
>> Kernel IP routing table
>> Destination Gateway Genmask Flags   MSS Window  irtt
>> Iface
>> 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
>> eth0
> 
> 
> You have no default route...this is part of the problem.
> When doing ip route, you should have something like
> default via 192.168.1.254 dev eth0
> When doing netstat -rn, you should have something like
> 0.0.0.0 192.168.1.2540.0.0.0 UG0 0
> 0 eth0
> 
>> # cat /etc/sysconfig/network-scripts/ifcfg-eth0
>> cat: /etc/sysconfig/network-scripts/ifcfg-eth0: No such file or directory
> 
> 
> Argh.  I don't use NetworkManager...if there is no ifcfg-eth0 file,
> what does NetworkManager do?  People?
> 
> What you need to do is add a default route to 192.168.1.254 for eth0
> 
> I have no plans to use NetworkManager any time soon so I can only give
> you general hints...I wish someone who does use NetworkManager would
> take over this discussion.
> 
> Needless to say...I will try.
> 
> When you start the Network Manager client to examine/modify
> configurations, you should find the configuration for eth0.
> 
> I'm only guessing, but is it something like Network connections?
> Can you select the ethernet network connection and push the edit button?
> 
> When you do that, does a pop-up appear?
> Does it have a IPv4 Settings tab?
> 
> Can you select the IPv4 Settings tab.
> 
> What is the Method: "Automatic (DHCP)"
>  or "Automatic (DHCP) addresses only"
>  or "Manual"
>  or what?
> 
> I'm guessing the Method is Manual...but please tell me.
> 
> The following advice is based on the belief the Method is Manual.
> 
> Is there a Routes button?  Please press it.
> 
> Does another pop-up appear, something like "Editing IPv4 routes for 
> Can you add a route,
> AddressNetmask   Gateway Metric
> 0.0.0.00.0.0.0   192.168.1.254   1
> 
> Can someone who does use NetworkManager correct the above please?
> I'm sure I have things wrong since I don't use NetworkManager.
> Hopefully, people can get the idea what I want tried.
> 
> Please let me know how far off I am regarding the NetworkManager GUI.
> 
> When you are done, please do either
> ip route or netstat -rn
> I wish to see if the default route has been added.
> If you have a default route...try to ping some

Re: Fedora14.Impossible Internet.More and More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2010 10:23 PM, Luis Suzuki wrote:
> All below was taken when Gnome NetworkManager was saying that Auto eth0
> was active and OK.
> 
> Below some more data:# ping 192.168.1.254
> PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
> 64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=1.15 ms
> 64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.700 ms
> 64 bytes from 192.168.1.254: icmp_req=3 ttl=64 time=0.733 ms
> 64 bytes from 192.168.1.254: icmp_req=4 ttl=64 time=0.715 ms
> 64 bytes from 192.168.1.254: icmp_req=5 ttl=64 time=0.706 ms
> 64 bytes from 192.168.1.254: icmp_req=6 ttl=64 time=0.775 ms
> 64 bytes from 192.168.1.254: icmp_req=7 ttl=64 time=0.801 ms
> 64 bytes from 192.168.1.254: icmp_req=8 ttl=64 time=0.716 ms
> 64 bytes from 192.168.1.254: icmp_req=9 ttl=64 time=0.726 ms
> 64 bytes from 192.168.1.254: icmp_req=10 ttl=64 time=0.708 ms
> 64 bytes from 192.168.1.254: icmp_req=11 ttl=64 time=0.709 ms
> 

This means the ethernet hardware is working.  You can ping the router.

> #less /etc/resolv.conf
> # Generated by NetworkManager
> domain lan
> search lan
> nameserver 192.168.1.254
> /etc/resolv.conf (END) 
> 

This is good as long as the router will do DNS for you.

> #ifconfig -a
> 
> eth0  Link encap:Ethernet  HWaddr 00:21:70:BC:71:84  
>   inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
>   inet6 addr: fe80::221:70ff:febc:7184/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:120 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000 
>   RX bytes:11211 (10.9 KiB)  TX bytes:19119 (18.6 KiB)
>   Interrupt:43 Base address:0x8000 

The interface IP address is 192.168.1.64...okay.

> # ip route
> 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.64
>  metric 1 
> 
> # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags   MSS Window  irtt
> Iface
> 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
> eth0
> 

You have no default route...this is part of the problem.
When doing ip route, you should have something like
default via 192.168.1.254 dev eth0
When doing netstat -rn, you should have something like
0.0.0.0 192.168.1.2540.0.0.0 UG0 0
0 eth0

> # cat /etc/sysconfig/network-scripts/ifcfg-eth0
> cat: /etc/sysconfig/network-scripts/ifcfg-eth0: No such file or directory
> 

Argh.  I don't use NetworkManager...if there is no ifcfg-eth0 file,
what does NetworkManager do?  People?

What you need to do is add a default route to 192.168.1.254 for eth0

I have no plans to use NetworkManager any time soon so I can only give
you general hints...I wish someone who does use NetworkManager would
take over this discussion.

Needless to say...I will try.

When you start the Network Manager client to examine/modify
configurations, you should find the configuration for eth0.

I'm only guessing, but is it something like Network connections?
Can you select the ethernet network connection and push the edit button?

When you do that, does a pop-up appear?
Does it have a IPv4 Settings tab?

Can you select the IPv4 Settings tab.

What is the Method: "Automatic (DHCP)"
 or "Automatic (DHCP) addresses only"
 or "Manual"
 or what?

I'm guessing the Method is Manual...but please tell me.

The following advice is based on the belief the Method is Manual.

Is there a Routes button?  Please press it.

Does another pop-up appear, something like "Editing IPv4 routes for 
Can you add a route,
AddressNetmask   Gateway Metric
0.0.0.00.0.0.0   192.168.1.254   1

Can someone who does use NetworkManager correct the above please?
I'm sure I have things wrong since I don't use NetworkManager.
Hopefully, people can get the idea what I want tried.

Please let me know how far off I am regarding the NetworkManager GUI.

When you are done, please do either
ip route or netstat -rn
I wish to see if the default route has been added.
If you have a default route...try to ping something on the Internet.

I manage my interfaces myself...I do networking things for a living.
NetworkManager was not my friend, in the past, when it interfered with
what I needed to do...so I turned it off, and never turned it back on.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzg0KcACgkQyc8Kn0p/AZTTPwCdHKiyosgZVP2T6xhv8+3s9IWz
ncMAnjTVRt5qm1BLkygIDI+jgqddysHI
=ZkNj
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fedora14.Still Impossible Internet.More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2010 02:02 PM, Luis Suzuki wrote:
> Well it seems my problem is related with this one:   bugzilla
> 649570.However my NIC is a Realtek RTL 8102E.
> 
> the DHCP discovery packets may not be responded as well.However the
> workaround,
> does not work for me(place acpi=off or pcie_aspm=off in grub kernel boot
> options).
> 
> So,I probably need to completely stop processes that are in charge of
> automatic
> network discovery and configure all,manually from scratch.
> 
> I tried once and it did not work,I did:
> 
> chkconfig NetworkManager off
> /etc/init.d/network stop
> ifconfig eth0 192.168.1.64 netmask 255.255.255.0
> /etc/init.d/network start
> 
> Note: my DNS server is 192.168.1.254(when auto configured).

Given you are using 192.168.x.x, you must have a router doing NAT.

When you believe your ethernet connection is up, can you ping your
router IP address?  Is your router IP address 192.168.1.254?
Is your router also your DNS server?

Can you please give us the information from the following commands:
ifconfig -a
This will give us a hint if your ethernet interface thinks it's up.
The ping command above will tell us if it's really up and you can ping
your router.

netstat -rn(or ip route)
Either of these commands will give us an idea of your current routing
table.  We need to be certain 192.168.1.254 isn't some other interface
on your PC.  We need to see what your default route actually is.  We
need to make sure you don't have other routes that are interfering with
your ability to get to the Internet.

cat /etc/sysconfig/network-scripts/ifcfg-eth0
This will give us a hint how the eth0 interface is coming up...
I assume you haven't put anything special in /etc/sysconfig/network
I assume you don't have any /etc/sysconfig/network-scripts/route* files

cat /etc/resolv.conf
This will give us a hint of your current DNS information.

If you can ping the router, and the router is your gateway, and you
still can't get to the Internet, we need to know information about the
router.

Is that router configured as a dhcp server for your local lan?

Does that router do DNS for your local lan?
Can you access your router, examine its configuration, and make sure it
is configured to do DNS for your local lan.

Can you access your router, examine the information for its WAN
interface, and insure it has the correct IP address and DNS information
from your ISP?  I assume your ISP is providing you with a dynamic IP
address.  Tell me if I'm wrong.

Please tell us the DNS information your router has from your ISP.
Please tell us the first number of your WAN dynamic IP address, as
in 24.x.x.x, I don't wish you to advertise your IP address in a public
forum.  I just wish to see you have a "reasonable" WAN IP address.

Does your router have any special parental features blocking your access
to the Internet?  Does your router have any firewall rules blocking your
access to the Internet?

We may need to know more information about your ISP...I hope we don't.

If you can get to your router, and your router looks okay...meaning
the LAN side looks okay (correct DHCP, etc) and the WAN side looks okay
(correct IP address and DNS information), I will ask about the ISP.

I will ask,
what kind of Internet connection are you using?  xDSL, cable, etc.

Does your ISP require you to "log in" to their web site to validate your
Internet connection (MAC address) the first time you try to get to the
Internet with a new device (is the router a new device as far as the ISP
is concerned)?  I had a cable company that did something like that...I
don't have that cable company any longer.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzgf+kACgkQyc8Kn0p/AZSjSwCgg3+cdd+POgmcT519yzjDxMuL
ecAAn0k2EmvWBmJdXnQeAC9jXo2Mo1r5
=JjRr
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: DNS on F13

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 Le 10/11/2010 00:14, Paolo Galtieri a écrit :
>>> I had configured a local DNS server under F12 and everything was
>>> working
>>> fine.  I upgraded the system to F13 and
>>> setup DNS again.  Now I see the following errors.
>>>
>>> Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
>>> dlv.isc.org   SOA: got insecure response; parent
>>> indicates it should be secure
>>> Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof
>>> failed)
>>> resolving 'dlv.isc.org/DLV/IN':
>>> 168.158.8.15#53
>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
>>> dlv.isc.org   SOA: got insecure response; parent
>>> indicates it should be secure
>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
>>> dlv.isc.org   SOA: got insecure response; parent
>>> indicates it should be secure
>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
>>> dlv.isc.org   SOA: got insecure response; parent
>>> indicates it should be secure
>>> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG)
>>> resolving
>>> 'howtoforge.com.dlv.isc.org/DS/IN
>>> ': 168.158.8.15#53
>>> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof
>>> failed)
>>> resolving 'howtoforge.com.dlv.isc.org/DLV/IN
>>> ': 168.158.8.15#53
>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
>>> dlv.isc.org   SOA: got insecure response; parent
>>> indicates it should be secure
>>> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG)
>>> resolving
>>> 'www.howtoforge.com.dlv.isc.org/DS/IN
>>> ': 168.158.8.15#53
>>> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof
>>> failed)
>>> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
>>> ': 168.158.8.15#53
>>>
>>> I have 2 servers configured in the forwarders section of named.conf
>>>
>>> forwarders { 68.2.16.30; 168.158.8.15; };

I didn't see anything wrong in your named.conf or named.rfc1912.zones

I tried dig, found in bind-utils-9.7.1-2.P2.fc13.x86_64.

When I did,
[r...@rsewill etc]# dig +dnssec @168.158.8.15  energy.gov

; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> +dnssec @168.158.8.15
energy.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 28148
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;energy.gov.IN  A

;; Query time: 78 msec
;; SERVER: 168.158.8.15#53(168.158.8.15)
;; WHEN: Wed Nov 10 21:33:15 2010
;; MSG SIZE  rcvd: 39

It appears I didn't get a valid answer.

When I just changed the nameserver,
[r...@rsewill etc]# dig +dnssec @68.2.16.30  energy.gov

; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> +dnssec @68.2.16.30
energy.gov
; (1 server found)
<...>
;; Query time: 99 msec
;; SERVER: 68.2.16.30#53(68.2.16.30)
;; WHEN: Wed Nov 10 21:34:23 2010
;; MSG SIZE  rcvd: 1720

I got a very large, which looks valid to me, answer.

If I leave off the +dnssec option,
[r...@rsewill etc]# dig @168.158.8.15  energy.gov

; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>> @168.158.8.15 energy.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31441
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;energy.gov.IN  A

;; ANSWER SECTION:
energy.gov. 2380IN  A   205.254.148.200

;; Query time: 79 msec
;; SERVER: 168.158.8.15#53(168.158.8.15)
;; WHEN: Wed Nov 10 21:37:37 2010
;; MSG SIZE  rcvd: 44

I seem to get a valid answer.
The bind I am using is
[r...@rsewill etc]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64

What version of bind are you using?

I have two questions about the name server at 168.158.8.15
1) Do we know if that name server supports dnssec?

2) If it supports dnssec, can we find out what name server
   (software and version) is being used so we can search the
   Internet to see if that name server is supposed to be
   interoperable with bind-9.x.x when doing dnssec?

I am wondering why FC12 worked.
I don't know what version of bind (rpm -q bind) is in FC12.

I can see 3 possibilities why FC12 bind might have worked
1) perhaps the name server at 168.158.8.15 has a bug when doing dnssec,
   but was interoperable with the bind found in FC12, but not bind FC13.

2) Perhaps there is an error in

Re: DNS on F13

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/10/2010 10:28 AM, Paolo Galtieri wrote:
> On 11/10/10 00:13, François Patte wrote:
> Le 10/11/2010 00:14, Paolo Galtieri a écrit :
 I had configured a local DNS server under F12 and everything was working
 fine.  I upgraded the system to F13 and
 setup DNS again.  Now I see the following errors.

 Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
 dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof failed)
 resolving 'dlv.isc.org/DLV/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
 dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
 dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
 dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
 'howtoforge.com.dlv.isc.org/DS/IN
 ': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
 resolving 'howtoforge.com.dlv.isc.org/DLV/IN
 ': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
 dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
 'www.howtoforge.com.dlv.isc.org/DS/IN
 ': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
 resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
 ': 168.158.8.15#53

 I have 2 servers configured in the forwarders section of named.conf

 forwarders { 68.2.16.30; 168.158.8.15; };

 It only complains about the second one.

 I found Bug 577639 which seems related, but it's marked closed notabug.

 So if it's not a bug why am I seeing these errors and how do I go about
 resolving them?

 Is this a configuration issue on my side, or is this an issue with my ISP?

 The file "/etc/named.iscdlv.key" contains the correct key.

 Any assistance is appreciated.
> 
> Did you test if it is not related to selinux?
> 
> 
> I don't believe it has anything to do with SElinux since the errors only 
> show up for one of the 2 DNS servers I have listed in the forwarders 
> entry.  Also I don't get any SElinux alert messages.

> Paolo

May we see your /etc/named.conf file please?

I am wondering if you have an old /etc/named.conf file.
Please look for /etc/named.conf.rpmnew, and if it's there,
please compare the two files, save your current /etc/named.conf,
and mv /etc/named.conf.rpmnew /etc/named.conf

When I do,
[r...@rsewill ~]# service named start
Starting named:[  OK  ]
followed by
[r...@rsewill ~]# host -a energy.gov localhost



I do not have bind-chroot installed.  Are you using bind-chroot?

For this test, I am using
[r...@rsewill ~]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64
What version of bind are you using please?

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkza40YACgkQyc8Kn0p/AZRDHQCglJg1SNUT0qN/PAWKyE1+CDHJ
VbQAn1ueb1AKs4SUXIj2iZi3CJapPrdP
=yyT5
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Intermittent freezing

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/29/2010 04:05 AM, Nigel Bishop wrote:
> I am running Fedora 13 with Linux Kernel 2.6.33-3.85.fc13.x86_64 with Gnome
> 2.30.0 on HP laptop ProBook 4510S
> 
> At times, it almost freezes, with very slow response to the keyboard. System
> monitor shows that something is hogging the CPU. Sometimes, after a few
> minutes, it recovers, other times I have to re-boot.
> 
> Any ideas?
> 
> Nigel
> 
> 

Which system monitor program are you using?

To my surprise, gnome-system-monitor shows me, under Processes, only my
processes, not all the processes in the system.

Question to everyone, is there a way to have gnome-system-monitor show
all processes, in the system, not just my processes?

The KDE system monitor, ksysguard, on the other hand, can show me all
processes in the system.

One can also run "top" in a shell.
If "top -i" is done, idled or zombied processes will not be displayed.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzKubwACgkQyc8Kn0p/AZTsFwCgiho/zN2j72lhTKzxFR3Bhhu1
OFQAn0sZdAc/PPEljKDDJqu1SpbqySXi
=lL83
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: More on DNS issue

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/23/2010 09:32 PM, Joe Zeff wrote:
> On 10/23/2010 06:58 PM, Rick Sewill wrote:
> [snip]
>> Can you show your ifcfg-eth0, ifcfg-lo, and /etc/resolv.conf please?
> 
> My pleasure!
> 
> [r...@khorlia network-scripts]# cat ifcfg-eth0
> # Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
> DEVICE=eth0
> BOOTPROTO=none
> HWADDR=00:10:dc:3a:6b:74
> ONBOOT=yes
> SEARCH="zeff.us"
> USERCTL=no
> PEERDNS=yes
> IPV6INIT=no
> NM_CONTROLLED=no
> TYPE=Ethernet
> DHCP_HOSTNAME=khorlia.zeff.us
> IPADDR=192.168.0.30
> NETMASK=255.255.255.0
> GATEWAY=192.168.0.1
> PREFIX=24
> DNS1=207.217.77.82
> DNS2=207.217.120.83
> 
> [r...@khorlia network-scripts]# cat ifcfg-lo
> DEVICE=lo
> IPADDR=127.0.0.1
> NETMASK=255.0.0.0
> NETWORK=127.0.0.0
> # If you're having problems with gated making 127.0.0.0/8 a martian,
> # you can change this to something else (255.255.255.255, for example)
> BROADCAST=127.255.255.255
> ONBOOT=yes
> NAME=loopback
> DNS1=207.217.77.82
> DNS2=207.217.120.83
> 
> [r...@khorlia etc]# cat resolv.conf
> # Generated by NetworkManager
> search zeff.us
> 
> 
> # No nameservers found; try putting DNS servers into your
> # ifcfg files in /etc/sysconfig/network-scripts like so:
> #
> # DNS1=xxx.xxx.xxx.xxx
> # DNS2=xxx.xxx.xxx.xxx
> # DOMAIN=lab.foo.com bar.foo.com
> nameserver 207.217.77.82
> nameserver 207.217.120.83
> nameserver 71.242.0.12
> 
> Interesting.  I thought I'd disabled Network Manager several years ago, 
> but checking, system-config-services had it enabled.  I've tried 
> disabling it again, but don't have much faith in that anymore!

I can think of two possibilities:
1) the DNS information is first being written to /etc/resolv.conf
   when interface eth0 is brought up, and then overwritten later.

2) the DNS information is not successfully being written to
   /etc/resolv.conf when interface eth0 is brought up.

For the first possibility,
I notice /etc/sysconfig/network-scripts/ifup-post will call
/sbin/ifup-local if it exists and is executable.
Also, /etc/sysconfig/network-scripts/ifdown-post will call
/sbin/ifdown-local if it exists and is executable.
Could you create /sbin/ifup-local and /sbin/ifdown-local (or add some
lines to these files if they exist) for debugging purposes

I'm thinking something along the lines of having a file in /root that
captures what /etc/resolv.conf is each time an interface is brought up
or down...would something like the following for both files seem reasonable:
#!/bin/bash
echo "# $(date) # ${0} ${1}" >> /root/debug-resolv-conf
cat /etc/resolv.conf >> /root/debug-resolv-conf

The files, /sbin/ifup-local and /sbin/ifdown-local,
need to be executable to work.

I hope you get the idea.

For the second possibility,
I searched /etc/sysconfig/network-scripts to see what scripts have
DNS1 and found /etc/sysconfig/network-scripts/ifup-post

If I read ifup-post correctly, ... there are 2 if statements that both
need to execute for the section of code that writes /etc/resolv.conf

You have PEERDNS=yes so the first if statement,
if [ "$PEERDNS" != "no ] ... is satisfied correctly.

Could the second if statement be failing somehow:
if [ -n "$DNS1" ] && ! grep -q "nameserver $DNS1" /etc/resolv.conf &&
   tr=$(mktemp /tmp/XX) ; then

Assuming $DNS1 equals 207.217.77.82, and the entry is not already in
/etc/resolv.conf, the only way I can see this if statement failing is
if tr=$(mktemp /tmp/XX) fails.

It's only a guess...could selinux be causing tr=$(mktemp /tmp/XX) to
fail somehow?  When you get a repeatable failure condition, does
changing selinux to permissive mode cause things to work?
I am not sure which file(s) to examine in /var/log to find log messages
when selinux prevents an action...that might be a better way to check.

Final question, when you get a failure condition, does bringing the
eth0 interface down and up, manually, after the system is up and
running, cause /etc/resolv.conf to be written correctly?  I ask this
question because the conditions during boot might be different from the
conditions when one brings an interface up manually on a running system.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzEBrcACgkQyc8Kn0p/AZSaHACgq8Dk/FG90y49SLoz1xB8NGhu
FRMAniGdWyPJ2Iqyc6jH2IFOqB/6ivGc
=UicA
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: More on DNS issue

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/23/2010 07:59 PM, Joe Zeff wrote:
> OK, I've now rebooted, and the problem manifested again.  No surprise.
> 
> Checking, both ifcfg-eth0 and ifcfg-lo have the proper DNS in them but 
> resolf.conf claims they don't.
> 
> [r...@khorlia etc]# ls -l resolv.conf
> -rw-r--r--. 2 root root 317 Oct 23 17:53 resolv.conf
> 
> [r...@khorlia network-scripts]# ls -l ifcfg*
> -rw-r--r--. 8 root root 343 Oct 15 00:51 ifcfg-eth0
> -rw-r--r--. 1 root root 293 Sep 15 12:30 ifcfg-lo
> 
> Neither of them has changed recently, as you can see and resolv.conf was 
> rebuilt at boot.  Any ideas?

Can you show your ifcfg-eth0, ifcfg-lo, and /etc/resolv.conf please?

If you have anything you want kept private, please replace the private
information with X, Y, ...

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzDktsACgkQyc8Kn0p/AZTpfwCfYHvnGBIyDgN4Jkr+dBE+R+3b
y9EAoKXiNG6g4Xa8mhVQykpIaTZq98To
=0NH/
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Suggestions about podcast apps (rhythmbox and vlc)

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/16/2010 11:40 AM, Suvayu Ali wrote:
> Hi,
> 
> I was looking for some application to listen to and maybe keep some of 
> the podcasts I want to listen to. So far I have been using rhythmbox, it 
> serves my purposes just right except when something goes wrong and the 
> database (its in XML format) goes bad. Apparently there is no way of 
> easily importing/combining databases for the podcast feeds for rhythmbox.
> 
> So I tried out the latest feature enhancements in vlc, again it works 
> perfectly except that I can't save any of the podcasts.
> 
> Does anyone know how to solve either of these problems? Or is there some 
> other application that meets my needs? I am open to trying new 
> applications as long as they are light on the desktop (the reason I 
> didn't like Miro).
> 
> Thanks for any thoughts.
> 

I use gpodder for podcasts.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky52SwACgkQyc8Kn0p/AZS6QACglZ44khJ1aGsjcVAWF8bp/UYh
jI4AoKpXd5EM51E22gEgIEEW3AAlbCYf
=rGyI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/14/2010 02:58 PM, Patrick Lists wrote:
> On 10/14/2010 09:29 PM, Rick Sewill wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>>
>> This is off topic, but I thought I should tell people.
>>
>> This past weekend, I suffered a DOS attack launched against VOIP SIP
>> Clients.  The attack came, at different times, from 3 separate IP addresses.
> 
> I don't see why you would want to attack a VoIP client. Maybe the dark 
> side knows something I don't. Recently I have seen an increase in brute 
> force register attacks from Chinese networks. But that was on Asterisk 
> servers. I had to block the following networks from which most attacks 
> originated:
> 
> 60.0.0.0/255.248.0.0
> 60.8.0.0/255.254.0.0
> 60.10.0.0/255.255.0.0
> 
> Most other attacks came from the US, France and Brazil.
> 
> Installing fail2ban may help where a single IP tries to brute force 
> itself into a SIP server. But that does not apply to a VoIP client.
> 
> Would you mind sharing which networks your attacks came from?
> 

I hesitate to answer, but will.

The people who own 67.222.1.124 and 184.106.213.202
were very cooperative and interested.

The Chinese IP address was 218.14.146.200.
I could connect to 218.14.146.200 port 80 and saw,
what I thought, was a Chinese job website...I don't know Chinese.
I apologize if the website is not Chinese.

The attack packets had a user agent name of friendly-scanner.

I assumed it was a version of something found at
http://blog.sipvicious.org/

I assume it was looking for an asterisk server.

Unfortunately, my twinkle client decided to reply.
I tried looking for a twinkle configuration option to tell twinkle to
just ignore REGISTER requests, to no avail.

A snippet of the twinkle log looked like the following:


+++ 12-10-2010 09:12:24.764991 INFO SIP ::process_sip_msg
Received from: udp:67.222.1.124:5092
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 67.222.1.124:5092;branch=z9hG4bK-1019189801;rport
Content-Length: 0
From: "2299812582" 
Accept: application/sdp
User-Agent: friendly-scanner
To: "2299812582" 
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 1066778109
Max-Forwards: 70


- ---

+++ 12-10-2010 09:12:24.769299 INFO SIP ::send_sip_udp
Send to: udp:218.14.146.200:5069
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
127.0.0.1:5069;received=218.14.146.200;rport=5069;branch=z9hG4bK-1124511546
To: "3096784503" ;tag=gusmt
From: "3096784503" 
Call-ID: 497952175
CSeq: 1 REGISTER
Server: Twinkle/1.4.2
Content-Length: 0


- ---

+++ 12-10-2010 09:12:24.770028 INFO SIP ::send_sip_udp
Send to: udp:218.14.146.200:5069
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
127.0.0.1:5069;received=218.14.146.200;rport=5069;branch=z9hG4bK-404923090
To: "3096784503" ;tag=yrkuk
From: "3096784503" 
Call-ID: 1619872740
CSeq: 1 REGISTER
Server: Twinkle/1.4.2
Content-Length: 0


- ---

+++ 12-10-2010 09:12:24.770475 INFO SIP ::process_sip_msg
Received from: udp:67.222.1.124:5092
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 67.222.1.124:5092;branch=z9hG4bK-4261809208;rport
Content-Length: 0
From: "2299812582" 
Accept: application/sdp
User-Agent: friendly-scanner
To: "2299812582" 
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 2728516634
Max-Forwards: 70


- ---

+++ 12-10-2010 09:12:24.771846 INFO SIP ::process_sip_msg
Received from: udp:218.14.146.200:5069
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5069;branch=z9hG4bK-2590771448;rport
Content-Length: 0
From: "3096784503" 
Accept: application/sdp
User-Agent: friendly-scanner
To: "3096784503" 
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 3719869292
Max-Forwards: 70


- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky3iqsACgkQyc8Kn0p/AZTGxgCfYOtgq3yP4qeaFTjv5gMwI6O1
4GkAoIjl3m7n5iOrNTEORClyYtUqf68E
=MMlX
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


This is off topic, but I thought I should tell people.

This past weekend, I suffered a DOS attack launched against VOIP SIP
Clients.  The attack came, at different times, from 3 separate IP addresses.

I blocked the IP addresses using IP Tables when I discovered it.

The attack was a bombardment of several hundred SIP REGISTER requests,
per second, with a user agent of friendly-scanner.
The attack was a sustained attack over three days.

I contacted my ISP.  They told me they have taken steps.

I contacted 2 of the 3 owners of the offending IP addresses.
The third owner of the IP address was a job site address in China,
and I couldn't figure out how to contact them.

In my case, I run the VOIP SIP program, twinkle.

Twinkle started consuming vast amounts of memory, going from a normal 5
MiB usage to 500-600 MiB usage, before I realized what was happening.

Twinkle attempted to respond to each incoming packet with an outgoing
SIP error packet.

I posted a message on the yahoo group used by twinkle asking what they
could do to better handle such an attack.

If you suddenly seem to have memory problems, I suggest running
something like System Monitor to find out what applications have memory.

I also be on the lookout for unexpectedly high internet traffic.

This message is off-topic, because it is not specific to Fedora.
I thought it wouldn't hurt to let people know of this type of attack.
I hope people don't object to this off-topic post.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky3WikACgkQyc8Kn0p/AZRr+QCgnpEL5nIS5JX+0AucTKeGyrbf
ZDoAnjIFC7hVPW58sKM6tVVNSNwEN2xq
=mLHd
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH can't connect

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/02/2010 11:32 AM, Jim wrote:
>   Wether I run NX (nomachine) or SSH I get the same error message, no 
> matter what host I try to connect to.
> 
> And on the host servers SSHd is running.
> And so is the Client box.
> 
> Running  NX
> Error message:   ssh: connect to host 70.236.39.98 port 22: Connection 
> timed out
> 
> Running $ ssh j...@70.236.39.98
> ErrorMessage:ssh: connect to host 70.236.39.98 port 22: Connection 
> timed out
> 

My concern about security makes me worry about asking too much about the
host, 70.236.39.98

Unfortunately, a little more information about the host, 70.236.39.98,
might help.

Is it a dedicated always on the Internet host, or a "dial-up" host?

I note, when I do,
host -a 70.236.39.98

I get
;; ANSWER SECTION:
98.39.236.70.in-addr.arpa. 6995 IN  PTR
ppp-70-236-39-98.dsl.ipltin.ameritech.net.

- From the answer, is the host, 70.236.39.98, using PPP and is the host
always on the Internet, or only on the Internet when 70.236.39.98 has
outgoing traffic?

I also think I cannot get very close to the host when I do,
traceroute -n 70.236.39.98

I shouldn't be surprised that I cannot ping 70.236.39.98
A number of firewalls don't respond to ping.

Another, completely orthogonal possibility, is to ask about the ISP.
Perhaps the ISP, Ameritech, is restricting ports?
A number of ISPs restrict email ports (port 25).
I haven't heard of ISP restricting ssh ports (port 22), but need to ask.

Do you have access to iptables on 70.236.39.98?
There is a way to see the "count" of the number of packets each iptable
rule handles.
I think, as root, one does iptables -L -v -n
The "-v" verbose option causes counts to be shown.
Please see "man iptables"

If we believe the problem is iptables on 70.236.39.98, we should see a
count for the iptables rule that is blocking the traffic increase.

I would discourage one from showing their iptables rules willy-nilly.
Please sanitize security information shown in open forums.

People will argue, if the rules are correct, it doesn't matter if they
are shown.  I will counter by asking when does anyone, and I include
myself in this list of people who are very imperfect, have the rules
"perfectly" correct.

I suspect the packet isn't even getting to 70.236.39.98...but don't know
where, or why, the packet is getting dropped.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkynyo4ACgkQyc8Kn0p/AZSiRACgk7ObVoG/t1SOQCu6ZK5ul46w
zjMAoI5SkD2AD27YCn5ymMmQPpimlLbJ
=8D2u
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: I need a jabber client, like real fast

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/25/2010 11:30 AM, Robert Moskowitz wrote:
> On 08/25/2010 11:39 AM, Robert Moskowitz wrote:
>> On 08/25/2010 11:27 AM, Máirín Duffy wrote:
>>
>>> On Wed, 2010-08-25 at 11:11 -0400, Robert Moskowitz wrote:
>>>
>>>  
 We are suppose to have a WebEX meeting going, but having problems.  So
 the coordinator told everyone to jump on a jabber session.

 I don't know what to use for jabber on my FC12 system.


>>> Empathy or Pidgin work. I believe in at least one of them they call
>>> jabber 'XMPP' instead of using the word 'jabber'
>>>  
>> I can't figure out in Empathy how to join jabber.ietf.org to get into
>> the core session.
> 

This is neat.  I didn't realize the IETF was using jabber for chats.

I'm using Pidgin because empathy doesn't support O-T-R.
I have a Mac friend who uses O-T-R when talking to me.

If I right click on Pidgin in my Notification Area,
I get the option, "Join Chat..."

A Window pops up, saying "Join a Chat" with
Account...I select one of my Jabber accounts,
such as my Google jabber account.
The Window expands to the following:
Account rsew...@gmail.com/pidgin...
Room:
Server:
Handle: rsewill
Password:

I enter hallway for the room and jabber.ietf.org for the server getting
Account rsew...@gmail.com/pidgin...
Room: hallway
Server: jabber.ietf.org
Handle: rsewill
Password:
I click Join and I am in hallway chat room at jabber.ietf.org.

The following URL describes how to set up google talk chat in Pidgin:
http://google.com/support/chat/bin/answer.py?hl=en&answer=24073

I learn something new every day.

Thank you!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx1UVAACgkQyc8Kn0p/AZR1HACfak9Qgrt3qlSTHo3m9CDYw8n7
zjEAnjtactmPfiLTunMNz0I8o3FTYqEu
=Vx72
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 01:06 PM, Zoltan Hoppar wrote:
> Rick, here is the pavucontrol input devices picture.
> 
> http://img443.imageshack.us/img443/8031/inputdevices.png
> 
> Zoltan
> 

It appears you have two input devices.

One is the RS880 Audio Device.
One is the Bels? hangforr?? Analog Stereo device.

Please accept my apology for using ? for non-English characters.
I don't know how to enter non-English characters.

I'm not sure what the "Monitor of ..." entries are for.
I ignore them (can someone tell us what they are for?).

When you run paman (from rpm -q -i paman), it should show
"Server Information" as the first tab, "Devices" as the second tab,
"Clients" as the third tab, "Modules" as the fourth tab, and finally
"Sample Cache"

For "Server Information", what is the "Default Sink" and what is the
"Default Source".

I have, for Default Sink, alsa_output.pci-_00_10.1.analog-stereo
Default Source, alsa_input.pci-_00_10.1.analog-stereo

For devices, I have
Sinks
alsa_output.pci-_00_10.1.analog-stereo  Internal Audio Analog Stereo

Sources
alsa_output.pci-_00_10.1.analog-stereo.monior
 Monitor of Internal Audio Analog Stereo
alsa_input.pci-_00_10.1.analog-stereo   Internal Audio Analog Stereo

This leads to my questions:
1) do you have alsa_input.xxx... for each microphone input source?
   I would ignore the "Monitor of ..." entries.
2) On the "Server Information" tab, what is the default Source when
   you do not have the USB sound card in, and what is the default Source
   when you have the USB sound card.

I still suspect you have to select your default source and default sink.

I did another Internet search...don't know if it will help:
http://wiki.archlinux.org/index.php/Allowing_Multiple_Programs_to_Play_Sound

Please search for "Random Lack of Sound":
"
 Random Lack of Sound

If you randomly have no sound on startup, it may be because your system
has multiple sound cards, and their order may sometimes change on
startup. If this is the case, then change this section of /etc/asound.conf:

ctl.dmixer {
type hw
card FOO
}

Replace FOO with the desired audio device, as reported in the
/proc/asound/cards file. An example of the file is shown below.

 0 [U0x46d0x9a1]: USB-Audio - USB Device 0x46d:0x9a1
  USB Device 0x46d:0x9a1 at usb-:00:12.2-2, high
speed
 1 [SB ]: HDA-Intel - HDA ATI SB
  HDA ATI SB at 0xf9ff4000 irq 16

Device 0 is the microphone built into a webcam, while device 1 is the
integrated sound card. If you've copied the /etc/asound.conf from above
as is, alsa will attempt to initialize the microphone as an audio output
device, but will fail and you will have no sound. Rather than setting
FOO to the number, you set it to the name next to the number, like so:

ctl.dmixer {
type hw
card SB
}
"
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 12:35 PM, Zoltan Hoppar wrote:
> I think this will be the problem - I have only one input device called
> Analog Stereo. No line in or whatever...
> 
> Next?
> 

I'm stuck.

I expected to see, in pavucontrol, "Input Devices", something like,

"Internal Audio Analog Stereo",  ... a button to mute, a button to lock
channels together, a button to set as fallback,

and then under that
Port: I have "Microphone 1" selected, other choices "Microphone 2", and
"Line-In"

And then
Front Left 
Front Right 

and then a bar showing audio activity.

You might have something different than "Front Left" and "Front
Right"...I don't know.

I don't know how to proceed from here.

Can others answer if it's normal to not have a "Port:", if the card
doesn't support multiple ports?

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 11:14 AM, Zoltan Hoppar wrote:
> 
> 
> 2010/8/20 Rick Sewill mailto:rsew...@gmail.com>>
> 
> On 08/19/2010 01:08 PM, Zoltan Hoppar wrote:
>> Hi,
> 
>> This is an smaller problem around pulseaudio. I couldn't explain
> why is
>> so, but I think this is an PA bug. Currently the playback works every
>> way but, recording not. When I try to use Empathy jabber voice call
>> option to my partner, then rings out with voice, but after pick up
> - for
>> an shiny brief moment - the mic works, after that no more - and
> pops out
>> an error that "couldn't link source" (maybe the thread makes itsef
>> suicide, perhaps?). After that I have made an second try - I have
>> attached an USB soundcard - what is widely usable on many linux
> (it uses
>> Cystal Sound chipset). The result was disappointing - here the mic
>> worked as should, but I heard no voice in my headphone, nor even at my
>> speakers.
>> Anybody could confirm this is an bug? Is there a known solution?
> 
> 
>> PS: If needed, I'm ready to debug.
> 
>> Thanks,
> 
>> Zoltan
> 
>> --
>> PGP:  06853DF7

I have an idea about the microphone.

When running pavucontrol, under "Input Devices", do you have more than
one port?  I discovered I have, "Microphone 1", "Microphone 2", and
"Line-In" when I look at Port: .  Given where I
plugged in my microphone, I believe I need to have "Microphone 1"
selected as the port for my microphone to work.

Could you check if you have multiple ports, and try changing the port,
and see if the microphone works if a certain port is selected?
I would try this test without the second USB sound card.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/19/2010 01:08 PM, Zoltan Hoppar wrote:
> Hi,
> 
> This is an smaller problem around pulseaudio. I couldn't explain why is
> so, but I think this is an PA bug. Currently the playback works every
> way but, recording not. When I try to use Empathy jabber voice call
> option to my partner, then rings out with voice, but after pick up - for
> an shiny brief moment - the mic works, after that no more - and pops out
> an error that "couldn't link source" (maybe the thread makes itsef
> suicide, perhaps?). After that I have made an second try - I have
> attached an USB soundcard - what is widely usable on many linux (it uses
> Cystal Sound chipset). The result was disappointing - here the mic
> worked as should, but I heard no voice in my headphone, nor even at my
> speakers.
> Anybody could confirm this is an bug? Is there a known solution?
> 
> PS: If needed, I'm ready to debug.
> 
> Thanks,
> 
> Zoltan
> 
> -- 
> PGP:  06853DF7
> 

Usually, when I say things about Pulse Audio, others gently correct me.

Sounds like you have two separate problems...without the USB sound card,
your microphone stops working.

With the USB sound card, your speakers/headphones stop working.

I think you need to debug each problem separately.

Do you have pavucontrol installed?
rpm -q -i pavucontrol -- yum install pavucontrol

I'd check what pavucontrol tells you about the volume settings for your
input devices and output devices.  Please make sure nothing is muted.

When you add the USB sound card, I'd expect separate controls for the
second sound card.

I only have one sound card...I'd expect Pulse Audio to supply a way to
select the sink (speaker/headphone) and the source (microphone) to use
when you have multiple sound cards.  I'm not sure how to select the
source or sink when one has multiple sound cards.  Hopefully, others
will answer.

Before running empathy, does your microphone work when you do not have
the USB sound card?  After running empathy, do you need to reboot to get
your microphone to work?  If you look at the pavucontrol settings for
the microphone before starting empathy and compare those settings after
you start empathy, what changes?

Before running empathy, your speaker/headphones work when you have a
second sound card?  After running empathy, do you need to reboot to have
your speaker/microphones work?  What pavucontrol settings change for
your speaker/headphones?

I always look at http://www.pulseaudio.org/wiki/PerfectSetup when I have
problems with Pulse Audio...nothing jumps out at me that may help you.
I'm curious what does Empathy think it's using for sound?  Is it Alsa or
what?

Is there anything in /var/log/messages from pulseaudio when you run empathy?

Some bug reports suggest doing "pulseaudio -vvv".  Normally, pulseaudio
is running as a user startup application (or so I think).  Can one do
"kill pulseaudio"
"pulseaudio -vvv > somefile.txt"
and see if there are any useful pulseaudio messages.
I have no idea what pulseaudio -vvv produces...it may be lots of output.
pulseaudio -vvv may have so many messages audio quality will be bad.

My best guess, if the pavucontrols look correct after running empathy,
but the microphone or speakers/headphones stop working, I'd suspect
Pulse Audio or Alsa or both.  If the volume controls are being changed,
I'd wonder what empathy is doing.

I haven't tried empathy yet...I should.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxt59kACgkQyc8Kn0p/AZRxvQCeO2FsDl69Z74BgFSlbumycOzZ
y3sAn2MeH/H1jcY7nxt8Dn+uluaICbPH
=JgtC
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No keyboard or mouse under X - How to debug udev?

[Rick Sewill]

On 08/19/2010 08:17 AM, Mike Fleetwood wrote:
> Hi,
> 
> Quick background:
> I have Fedora 12 installation recently transferred to new hardware
> with embedded ATI Radeon HD 4250 GPU.  The ATI/Radeon X11 driver
> didn't support the GPU and the VESA X11 driver just switched the
> monitor into power saving mode.  Upgraded just X11 (and udev and
> kernel dependencies) to versions from Fedora 13.  ATI/Radeon X11
> driver now works and my desktop is displayed but X11 finds no keyboard
> or mouse.
> 
> Worked around this by adding the following to /etc/X11/xorg.conf, to
> tell X11 not to rely on udev to provide keyboard and mouse details.
> Section "ServerFlags"
> 
> Option "AutoAddDevices" "off"
> 
> EndSection
> 
> 
> Question:
> How do I investigate udev to see why X11 isn't getting a keyboard and mouse?
> 
> Thanks,
> Mike

I do not think it's a good idea to mix/match Fedora 12 and Fedora 13
versions of X11, udev, and kernel dependencies.  I would suggest doing a
full upgrade to Fedora 13, if possible.

Having expressed my concern, I'd suggest looking at /var/log/Xorg.0.log
to see if there are any messages from X11 in regard to the mouse or
keyboard.  I'd also try booting Fedora 12 (or is it Fedora 13) in
inittab 3, and start X11 manually using startx, to see if there are any
messages printed when X11 starts/stops.  I can think of little else.

Others will be able to give better advice.  They will probably ask which
kernel dependencies were upgraded.

Perhaps, to get others to give better advice, it might be good to
explain why you need to mix/match between Fedora 12 and Fedora 13.

Again, I think it's a bad idea to mix/match things from different
versions.  I doubt if one could ask developers or post a bugzilla report
asking for help.  Personally, I wouldn't do this.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sound Streaming Problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/30/2010 10:43 AM, Oliver Ruebenacker wrote:
>  Hello,
> 
>   I have a recurring problem with sound streaming with Fedora 13 (and
> earlier versions - I am having this problem for quite a while, across
> different Fedora versions) on my Dell Latitude 820 laptop. This
> affects equally the sound of YouTube videos and music CDs. Sometimes
> it works flawlessly, sometimes there is no sound, and sometimes the
> sound cycles through short intervals, like a stuck record, but with
> faster repetitions.

Someday, I will be proficient with Fedora Sound, but I'm not there yet.

I think you looked for a pattern to get an idea what is happening.
- From your message, I don't think you found any pattern.
It can be quite frustrating.

Could you be having multiple problems?

When you said you had youtube videos stuttering, I thought of
Internet latency, but you wouldn't have that issue with music CDs.

When having a problem, I would focus on the simplest problem first.
If possible, focus on the problem with music CDs to rule out networking.

You might have music CD stuttering issues if a program were hogging the
CPU.  Is there any program, in the background, that might hog the CPU?

> 
>   Occasionally, restarting the application (Firefox, Rhythmbox, etc)
> helps, often it does not. Sometimes, logging out and back in helps,
> sometimes it does not help. On rare occasions, changing the volume
> control helps (when I'm not listening, I usually keep the volume at
> zero, and it sometimes seems as if the system has not noticed that the
> volume has been turned up, until I turn it up some more).
> 

Does the problem happen in the middle of playing something or always at
the beginning?  Does the problem ever clear itself, in the middle of
playing something, without you intervening?

There are multiple sound drivers in Linux.
There are multiple sound servers in Linux.
When I say sound system below, I am referring collectively to what sound
drivers and sound servers you are using.

What sound systems being used may have a bearing on your problem.

As far as your configuration, what sound system are you using?
Are you using Pulse Audio -or- are you using Alsa directly?
Are you using something else?

I am using pulseaudio so I have /usr/bin/pulseaudio running.
I can also see that pulseaudio is running by using the pacmd.
pacmd is in "rpm -q -i pulseaudio-utils"
I can do "pacmd stat" to get a quick status of pulseaudio.

>   I tried different plugins/add-ons with Firefox, and different
> application to play the music CD, but it does not seem to make a
> difference.
> 

- From this, I will assume it is the sound system, or something happening
in the background in your PC, not a specific program.

>   What can I do? Thanks!
> 

I will assume you keep your RPMs up to date.

I believe more information on your configuration is needed.

Please check what programs are running in the background.
Try to rule out programs hogging the CPU.

Please provide more information on your sound system configuration.

Knowing your configuration, I would start looking through bugzilla.
I would start searching the internet for people having similar problems.

Assuming you are using Pulse Audio, I would look at
http://pulseaudio.org/wiki/PerfectSetup
http://pulseaudio.org/wiki/FAQ

Your configuration might have sound going directly to Alsa.
I'm not sure what to suggest in this case.  Perhaps looking at
http://alsa.opensrc.org/index.php/Main_Page
Perhaps, http://alsa.opensrc.org/index.php/FAQ

If you are using Pulse Audio, I believe the following:
Currently, I believe Pulse Audio is an abstract layer acting like a
generic interface for sound, providing certain higher level features.

Pulse Audio talks to Alsa.  Also, in turn, talks to the Alsa sound
device drivers that talk to the hardware.

Pulse Audio provides APIs for programs that think they are talking to
Alsa so those programs really talk to Pulse Audio, which in turn,
talks to Alsa.

If you are using Alsa directly, I believe the following:
Alsa provides its own API for programs.  Alsa talks to the Alsa sound
drivers which control the hardware.

You might not be using Pulse Audio or Alsa at all.
You might be using OSS.  I believe OSS is a competitor to Alsa.
http://en.wikipedia.org/wiki/Open_Sound_System
I believe OSS has its own sound drivers that talk to the hardware.

I found a URL talking about Linux sound, which predates Pulse Audio.
http://www.linux.com/archive/articles/113775
It is "old" webpage, but still interesting.

I think Linux sound is still evolving.
I know my understanding of Linux sound is still evolving.
I expect and welcome others correcting me each time I comment on sound.

There are many people who stay with one sound server or another,
one set of sound drivers or another, who are far more knowledgeable.
Hopefully, they will be stirred to comment once they know more about
your sound system configuration.

-BEGIN PGP SIGNA

Re: Crontab as alarm clock with ogg123

[Rick Sewill]

On 07/24/2010 02:55 PM, Robert Arkiletian wrote:
> Hi,
>
> Using 'crontab -e' I set crond to play an ogg music file with ogg123.
> But it only plays it if I'm logged in.
> How does one make it play even if a different user is logged in or
> nobody is logged in?
>
> To debug I tried su - to another user and play the file. I got error
>
> ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect:
> Connection refused
>
> === Could not load default driver and no driver specified in config
> file. Exiting.
>
> So I'm thinking it's the same infrastructure to prevent others music
> playing when you switch users. But in my case I *want* it to play. Any
> ideas?
>

Ideas, yes.  Solutions, no.  Pulse Audio still confuses me.
I'm almost afraid to comment.  Give me courage.

I am guessing, but think the Pulse Audio Daemon is normally per user.

When a different user is logged in, that user starts Pulse Audio.
Your cron job won't talk to the other user's Pulse Audio Daemon.
Your cron job doesn't have the correct "cookie".

Your cron job won't be able to start a working Pulse Audio Daemon.
The other user's Pulse Audio Daemon has the hardware.

Please, someone who understands this better, tell me if I'm correct.

If the above is the problem, there are, perhaps three ways to fix this.
Two ways, are similar to Pulse Audio problems described in the FAQ.

People wanted to know how to make sound work when "switching users".
In Linux, we have a "User Switch Applet" letting us switch users.
http://www.pulseaudio.org/wiki/FAQ#Sounddoesntworkwhenswitchingusers
The above suggests using ConsoleKit.
I am guessing ConsoleKit defines "cookies" for sharing resources.
If a user has the "cookie", that user can use the resource.
I don't understand how to use ConsoleKit "cookies" with Pulse Audio.
The "cookie" must be somewhere in the user's home directory.

People wanted to know how to configure Pulse Audio for over the network.
The idea would be to have your cron job talk to the user's Pulse Audio
as if your cron job audio were coming over the network.
http://www.pulseaudio.org/wiki/FAQ#HowdoIusePulseAudiooverthenetwork
I don't fully understand this choice either.  I think,
"copy ~/.pulse-cookie to all clients that shall be allowed to connect" 
may be necessary, but not sufficient.

Another choice is to run the Pulse Audio Daemon in "system mode".
http://www.pulseaudio.org/wiki/SystemWideInstance
The above URL warns people not to run Pulse Audio in "system mode".

I don't think I'd want to run Pulse Audio in "system mode".
If possible, I'd like to know how to use these "cookies".
It seems cookies are needed when switching users or over the network.

Hopefully someone who understands these choices can explain them to us.
Hopefully they can also explain which choice is best for you.
Hopefully they will give us a "cookbook" for setting up the best choice.
If these are not good choices, hopefully they will offer another choice.

Some may say Pulse Audio is getting in the way and should not be used.
I don't wish to participate in the Pulse Audio is good or bad debate.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Phone calls from laptop

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2010 01:13 AM, RAMAKISHOREBABU KOPPULA wrote:
> 
> 
> On Thu, Jul 15, 2010 at 11:54 PM, JD  > wrote:
> 
>  On 07/15/2010 11:20 AM, Frank Murphy wrote:
> > On 15/07/10 10:37, RAMAKISHOREBABU KOPPULA wrote:
> >> My laptop has a internal modem and RJ-11 connector. I want to connect
> >> the phone line to the laptop and by using head phones I want to make
> >> calls. How to do this? Is there any software available to do this?
> >>
> >> Kishore
> >>
> > Maybe?
> >
> > yum install ekiga
> >
> > Upstream:
> > http://www.ekiga.org/
> >
> >
> That's not what the user wants.
> He just wants an app that will use the regular standard phone line
> to make person to person calls using the local telco service.
> He is not asking for a VOIP solution.
> 
> Ekiga (formerly called GnomeMeeting) is a VoIP and video conferencing
> application for GNOME and Windows. ...
> 
> 
> Yes, you are correct.
> 
> Kishore
> 
> --

Not quite what you what, but something interesting to look at.
The Fedoraproject is trying to use VoIP for communications.

Please see, http://talk.fedoraproject.org/

For VoIP software,
please see http://talk.fedoraproject.org/setup-local-system

twinkle, empathy, ekiga, are VoIP softphones.  They are tools.
They use the SIP VoIP protocol.

Ekiga used to be gnome-meeting, compatible with Microsoft Netmeeting,
running the H.323 protocol Microsoft Netmeeting used.  Ekiga supports
both the H.323 protocol and the SIP VoIP protocol.

In order to do what you want, if you wish to use a SIP softphone, you
would need an account with a provider, that works with SIP softphones,
who let's you make landline calls from your VoIP softphone.
You would configure your VoIP softphone to use that provider.

In the case of most SIP VoIP softphones, you can configure multiple
providers.  There will be multiple providers.  You will need to search
the Internet to comparison shop.

I have not tried empathy.  I tried ekiga and twinkle.
I had better luck with twinkle and currently have twinkle running with
accounts on talk.fedoraproject.org and sipphone.com.

There are a large number of VoIP SIP providers.  They come and go.
Each VoIP SIP provider can be thought of as an island of VoIP SIP users.

There is a community that is trying to join these islands together.
Please see URL, http://sipbroker.com/sipbroker/action/login
The list of VoIP SIP providers, that I have found, is
http://www.sipbroker.com/sipbroker/action/providerWhitePages
The list of PSTN access numbers, that I have found, is
http://www.sipbroker.com/sipbroker/action/pstnNumbers

I should mention what a PSTN access number is.  Some SIP providers have
PSTN access numbers.  People, who do not near their VoIP SIP softphones
can call these PSTN access numbers to get into the SIP provider's
network letting the person call a PC from a landline or mobile phone.

Please note what I said about each provider being an island.  The
provider may (or may not) let one use the provider's PSTN access number
to call a person's softphone in a different island.  Hopefully, they do,
but it is their service and they do what they wish.

I do not make landline calls so can't answer what provider I'd use for
landline calls.

People have mentioned Skype.  Skype can also be thought of as an island
of people who use Skype for VoIP.  Partly, skype defines a proprietary
protocol for doing VoIP over the Internet.  Skype's protocol is
proprietary, so we don't get to see what their protocol actually is.
Skype is more than just a proprietary protocol and software running on
your PC.  Skype is run by one company.  That company is your provider
and will make landline calls when you use Skype.  You will need to check
their prices for providing this service.

I tried running Skype to talk to other people who were using Skype, as a
communications tool, at a place where I worked.
I found it was better to install Skype on the Windows PC, they provided,
rather than install it on my Fedora Linux PC.  I had problems with Skype
on my Fedora Linux PC.  This was some years ago.  Hopefully, Skype works
better on Fedora Linux now.

Other notes: I had problems, using the VoIP SIP protocol, through
firewalls and behind NAT, in the past.  Hopefully, those problems have
been fixed.  Currently, I am not behind NAT, so I can't give an answer.

What I will say about Skype...when it works...it just works.  It is easy
to install.  It works around firewalls and NAT and everything.
Personally, I do not trust Skype.  It is proprietary.  It works very
hard to get around security mechanisms.

Given my current Internet configuration, I would become a Skype
supernode if I ran Skype on my Linux PC.  Couple that with the fact my
ISP is going the bandwidth CAP route, I would probably exceed my ISP's
bandwidth CAP and suffer the consequences.

Off the topic, I am in the 

Re: sshd Authentication refused

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> 
> The keys work except for ssh Fedora 12 -> Fedora 13. If you ssh
> Fedora 13 -> Fedora 12 or ssh Fedora 12 -> Fedora 12 they work. If you
> provide a password when sshing Fedora 13 -> Fedora 12 it works. Just
> need to solve the issue of needing to provide a password.
> 

I assume ssh Fedora 13 -> Fedora 13 works.

Could you compare the /etc/ssh/sshd_config file on Fedora 12 with the
/etc/ssh/sshd_config file in Fedora 13?  Just guessing, but perhaps
there is some option in the Fedora 13 sshd_config that needs tweaking.

I looked at http://www.openssh.org/faq.html
The faq said,
"3.14 - I copied my public key to authorized_keys but public-key
authentication still doesn't work.

Typically this is caused by the file permissions on $HOME, $HOME/.ssh or
$HOME/.ssh/authorized_keys being more permissive than sshd allows by
default.

In this case, it can be solved by executing the following on the server.

$ chmod go-w $HOME $HOME/.ssh
$ chmod 600 $HOME/.ssh/authorized_keys $ chown `whoami`
$HOME/.ssh/authorized_keys

If this is not possible for some reason, an alternative is to set
StrictModes no in sshd_config, however this is not recommended."

I am wondering what happens if you put "StrictModes no" in the
Fedora 13 /etc/ssh/sshd_config file.  This would only be for a test.
They specifically said they do not recommend doing this so I wouldn't
leave this option set this way, but I'm curious what happens.

Clarification please: is it true public key authentication doesn't work,
Fedora 12 -> Fedora 13?  Does password authentication work,
Fedora 12 -> Fedora 13?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw9a70ACgkQyc8Kn0p/AZTcBwCfRbs3EwkbC5acm2jWwYS4M8pv
B/gAnj16vKbcIxswBfyx4BXagwKfhBhB
=JXkJ
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: sshd Authentication refused

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2010 01:43 PM, Kevin Fenzi wrote:
> On Tue, 13 Jul 2010 11:16:46 -0700 (PDT)
> David Highley  wrote:
> 
>> New install of Fedora 13 we get the following /var/log/secure entry
>> when we ssh from a Fedora 12 system to the Fedora 13 system:
>> Authentication refused: bad ownership or modes for
>> file /home/dhighley/.ssh/authorized_keys
>>
>> We have checked and tried different modes until we are blue in the
>> face. Have read the upates notes for openssh and Fedora 13 release.
>> Googled the net for know issues and bugzilla.redhat.com. We did check
>> for selinux blocks and found none.
>>
>> User home directory is auto NFS mounted and we use NIS. This works
>> Fedora 12 to Fedora 12.
> 
> You may want to use 'ssh-copy-id' to copy the key over to the f13
> system. That will setup the right permissions and such automatically
> for you. 
> 
> Also, you will want to see if there are any selinux alerts on the f13
> machine. 'ausearch -m avc -ts today' can list the ones from today. 
> 
> kevin
> 

I cannot explain how f12 <--> f12 works, but f12 <--> f13 does not.
I can only guess there is something different for the NFS mount -or-
something different regarding NIS.

=

One possibility, which I consider very, very remote is the following.

I may be wrong but I think the ownership and modes for all the parent
directories from your /home/dhighley/.ssh directory also matter.

I assume you made sure /home/dhighley/.ssh is mode 700.
What is the mode of /home/dhlighley?  Is it 755 (I think that's okay).
I think any write mode for group or other would be bad.
I assume /home/dhlighley is owned by you, the user.

What about /home?  Who owns it?  What is it's mode?
I think root must own it.
I think only root should have write access to it.

I actually assume the ownership and modes are all correct...the
possibility of this being the problem seems exceedingly rare to me, but
please check.

=

Another possibility, which I also consider remote, but is worth asking.
On the f13 machine, when you log in as dhlighley, is the user name only
found in NIS?  On occasion, if one is testing something new, one might
put in a local account in the /etc/passwd file, and forget it is there.
Depending on your /etc/nsswitch.conf file, the local file is probably
checked before NIS.

Sorry, can't think of anything else.  Others have already mentioned selinux.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8ubMACgkQyc8Kn0p/AZSC9wCePd3r5B52EBYAQ7mQtRsPWeql
99AAn2UBA4uvL7lvX9zBF2mm82OYObu9
=xTPl
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH / permissions problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2010 10:49 AM, Gary Stainburn wrote:
> Hi folks,
> 
> This seems like de ja vu, but I can't find anything in the archives.
> 
> I've got F13 on my laptop, and also on a new virtual server.
> 
> I've copied my home directory from my old server to my new one and then tried 
> to ssh to the new server.  However, I have a problem
> 
> If I ssh to root on the new server everything is fine, but if I ssh to my 
> user 
> I get errors and X forwarding doesn't work.
> 
> Can anyone suggest things for me to look at / try.
> 
> Gary
> 
> [g...@dcomp5 ~]$ ssh -Y -C lcomp3 -l root
> r...@lcomp3's password: 
> Last login: Tue Jul 13 16:04:20 2010 from gary.ringways.co.uk
> [r...@lcomp3 ~]# kcalc 
> [r...@lcomp3 ~]# logout
> [g...@dcomp5 ~]$ ssh -Y -C lcomp3
> g...@lcomp3's password: 
> Last login: Tue Jul 13 15:55:16 2010 from gary.ringways.co.uk
> /usr/bin/xauth:  timeout in locking authority file /home/gary/.Xauthority
> [g...@lcomp3 ~]$ kcalc
> X11 connection rejected because of wrong authentication.
> kcalc: cannot connect to X server localhost:11.0
> [g...@lcomp3 ~]$ 
> 

If root works, but your local user does not, and you appear to have
gotten beyond the initial login sequence--it seemed to accept password
authentication in both cases--I would suspect something in one of your
~/.bash* files.  I've been burned, multiple times, having something in
my .bashrc or .bash_profile that does something "interactive",
forgetting an ssh shell is batch.

I have the same problem when I try to do things in a cron job when I
forget a cron job is also batch.

I have carefully separated my .bash_profile and .bashrc file into those
parts I always want done and those parts that are interactive.

I place a check in my .bashrc file to prevent interactive stuff being
done in a batch job.

# check for shell is not interactive
[ -z "${PS1}" ] && return

As a "quick" test, could you save your .bash_profile and .bashrc files,
get the "default" files, and see if you can ssh in?  The default files
should be found /etc/skel/.bash_profile and /etc/skel/.bashrc

Also, I strongly recommend you disable ssh root login and have people
first log into their own account and then su to root.  To disable root
login, please look at /etc/ssh/sshd_config.
In this file, I have
PermitRootLogin no

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8swIACgkQyc8Kn0p/AZRgbACffvA3UUlqVw4ICErb/H7NfLk0
8AcAoKe0WgTDz7OwcDb6gPjjXvjNxJz8
=K3YZ
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On a different track, again to help the original poster.

In other messages on this thread, it sounded like the original poster
was using a driver, ens1370, which some people thought was suspect.

Is there a tool that can talk directly to the driver, bypassing Alsa,
OSS, Pulse Audio, everything, so one can see if the driver can generate
sound through the card?

We will probably need to know all the steps to use such a tool?

For example, wouldn't we need to stop certain services or applications
that might have exclusive use of the driver/device/card?

==

Another question, in regard to this ens1370 driver, are there any
/var/log/messages regarding this driver.

==

Another question, should the original poster try OSS?

- From the /var/log/messages in another message from the original poster,
"Jul  4 14:55:03 davehost pulseaudio[2120]: alsa-util.c:
snd_pcm_avail() returned a value that is exceptionally large:
18446744073709522368 bytes (418293516244 ms).
Jul  4 14:55:03 davehost pulseaudio[2120]: alsa-util.c: Most likely
this is a bug in the ALSA driver 'snd_ens1370'. Please report this
issue to the ALSA developers."

Is it possible OSS would use a different driver and have more success
with that driver?  Is the ens1370 driver an ALSA driver?

==

Another question regarding what is in the /var/log/messages please?
Are there many Pulse Audio messages just prior to this message that says
"value that is exceptionally large?"

I ask, because, I tried searching Bugzilla for similar bugs.
Some bug reports indicate sound continued to work, but there was
stuttering.  Others said sound stopped working after a few minutes.  One
said sound did not work.

Following said sound stopped working after a yum update:
https://bugzilla.redhat.com/show_bug.cgi?id=572322

Following said "log of alsa-util's messages about snd_hda_intel
malfunction" and "When I try to obtain Surround 4.0 sound instead of
classic Stereo sound from a soundcard capable of Surround 5.1 I see in
/var/log/messages"
https://bugzilla.redhat.com/show_bug.cgi?id=537714
This bug report brings up a question about the Sound Blaster card,
(again I am showing my ignorance), does the Sound Blaster Card support
multiple variations in sound (Surround sound, classic stereo, etc)?
Do any of these other variations in sound work?

Finally, is the Pulse Audio server crashing?  I found the following bug
report, which said pulseaudio is crashing?
https://bugzilla.redhat.com/show_bug.cgi?id=530650

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0ikQACgkQyc8Kn0p/AZRb8ACfWi9Ky/zE8Wbfgtl6uZPD4pqd
I2EAoJVwUAL7JjzBF2RZX/Xovp0udAfw
=nNgw
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/06/2010 10:38 AM, Bill Davidsen wrote:
> Rick Sewill wrote:
>> On 07/05/2010 10:23 PM, Rick Sewill wrote:
> .
>> I am wondering if OSS is enabled on your system.
>>
>> Please look for things related to OSS in
>> /etc/modprobe.conf (if it exists)
>> and /etc/modprobe.d
>> Please make sure the line in /etc/modprobe.d/dist-oss.conf is
>> commented out.
>>
>> Please do, lsmod | grep snd
>> Please make sure there is nothing like snd-pcm-oss or snd-seq-oss
>> installed.
>>
> I think you have this totally backward. There are many applications which use 
> the /dev/dsp* devices, and which will produce no sound unless they are 
> present. 
> In fact, I think the majority of older hardware does not have support for 
> sound 
> other than oss. As I look at my newest TV card it has stuff in /dev/dvb, 
> while 
> the other 4-5 cards which have been happily in use do not.
> 
> To test (as root):
>modprobe -v snd-pcm-oss
>{test applications for sound here}
> 
> A lot of people have functional old hardware they can't replace, for 
> financial 
> or technical reasons. That's why there is oss support, to support the 
> hardware 
> which needs it.
> 

This is something I didn't know.  As I said, audio still confuses me.

Our goal should be to help the original poster.

In this regard, this new information raises a number of questions.

I am hoping someone will say there is a wiki or web page that answers
these questions (and questions I didn't think of).

The questions, I hope, which might be of use to the original poster are
as follows:
1) for what hardware should one use OSS as opposed to Pulse Audio.
   I did a quick internet search, but failed to find such a list.
   I am hoping others can help.

   This question is to help the original poster decide if they should
   switch to OSS and see if it works.

2) How does one tell if OSS is being used?
   I assume, if I do lsmod | grep oss, I will see if the OSS modules
   are being loaded.

3) How does one switch from Pulse Audio to OSS?
   I assume one needs to edit files in /etc/modules.d/*.conf
   or /etc/modules.conf.
   Files to be edited might include dist-oss.conf and blacklist.conf
   and others?  Am I right?

   Are there other files one needs to edit?
   Are there any rpms one needs to install?
   Are there any rpms one needs to remove?

   Are there any application configuration changes one needs to make?
   I assume applications can be configured to use the OSS api, as well
   as the ALSA api and/or Pulse Audio API.

4) How does one switch from OSS back to Pulse Audio?
   Is the answer to this the inverse of the answer to question 3?
   I.e., edit files /etc/modules.d/*.conf or /etc/modules.conf
   Install certain rpms?
   Remove certain rpms?

5) is there a web page that describes the tools one uses when using OSS?
   Are these the tools: http://www.opensound.com/ossapps.html#mixer

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0f/IACgkQyc8Kn0p/AZRCogCgqMIl3yxUUveNk+MNcnvhq0um
sRkAoIsCgZcczEiEWmrk2gY+ZxljtbJf
=Uu8V
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Help me troubleshoot this problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


 Having said the above, if you suspect an acpi or apic problem,
 the URL: http://fedoraproject.org/wiki/KernelCommonProblems
 says,
 "acpi=off is a big hammer, and if that works, narrowing down by trying
 pci=noacpi instead may yield clues"
 It also says, "nolapic and noapic are sometimes useful"

> 
> A quick update. I tried the acpi=no option and so far, so good. I have even 
> brought it back into X windows and ran some yum updates to apply some stress. 
> I'll leave it in this state until tomorrow evening just to make sure. Then 
> I'll try the smaller hammers. 
> 
> Question showing my ignorance of what acpi is. If pci=noacpi works or does 
> not work, what clues is that giving me?
> 

I didn't respond earlier because we've reached my level of ignorance too.

If I were you, I might try to narrow the problem a little further.

Eventually I would write a Bugzilla bug report telling the maintainers
the symptoms, what I had done, including things that didn't work as well
as things that seemed to work.

If I had a workaround, I wouldn't expect much help from a maintainer
because I would assume they have other problems to solve where a
workaround is not known.

If my Bugzilla bug report happened to be in an area a maintainer was
already digging in, the maintainer might take an interest and ask me to
do things to help gather more information.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0eoUACgkQyc8Kn0p/AZR50wCcDs5oxFPA5YEY7WxUzXnx5y1w
YQQAnRj/zLTrSXXOVqxTsHfkP2golkvs
=LcJc
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

On 07/05/2010 10:23 PM, Rick Sewill wrote:
> On 07/05/2010 09:26 PM, Dave Stevens wrote:
>> Quoting JD :
> 
>>> Can you post output of lspci?
>>
>> sure, here:
>>
>> 00:00.0 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a2)
>> 00:01.0 ISA bridge: nVidia Corporation MCP55 LPC Bridge (rev a3)
>> 00:01.1 SMBus: nVidia Corporation MCP55 SMBus (rev a3)
>> 00:02.0 USB Controller: nVidia Corporation MCP55 USB Controller (rev a1)
>> 00:02.1 USB Controller: nVidia Corporation MCP55 USB Controller (rev a2)
>> 00:04.0 IDE interface: nVidia Corporation MCP55 IDE (rev a1)
>> 00:05.0 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
>> 00:05.1 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
>> 00:05.2 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
>> 00:06.0 PCI bridge: nVidia Corporation MCP55 PCI bridge (rev a2)
>> 00:08.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
>> 00:09.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
>> 00:0a.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:0b.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:0c.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:0d.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:0e.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:0f.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
>> 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8  
>> [Athlon64/Opteron] HyperTransport Technology Configuration
>> 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8  
>> [Athlon64/Opteron] Address Map
>> 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8  
>> [Athlon64/Opteron] DRAM Controller
>> 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8  
>> [Athlon64/Opteron] Miscellaneous Control
>> 01:06.0 Multimedia audio controller: Ensoniq ES1370 [AudioPCI]
>> 05:00.0 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
>> Bridge (rev 07)
>> 05:00.1 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
>> Bridge (rev 07)
>> 08:00.0 VGA compatible controller: ATI Technologies Inc Radeon HD 4770 
>> [RV740]
>> 08:00.1 Audio device: ATI Technologies Inc RV710/730
>>
>> and for what it's worth I'm curious why my video card shows up as an  
>> audio device.
>>
> 
> I don't know if it will be useful, but can you do, as root,
> lspci -vvv -s 8:00.1
> I assume there will be a kernel driver in use.
> 
> Sound has always confused me.  Let me see if I can get this right this
> time.  Every time I try to explain sound, someone (correctly!) dings me.
> 
> Pulse Audio provides a framework through which applications should do
> audio (microphone/speakers/etc).  Pulse Audio speaks to Alsa.
> 
> Alsa speaks to the driver that actually drives the audio hardware.
> Then there is the driver, itself, which drives the hardware.
> 
> Pulse Audio is supposed to provide a consistent interface to audio.
> 
> Before we had Pulse Audio, applications would speak with alsa
> (or with ESD which also was supposed to provide a consistent interface
> to audio).  I guess an application could also talk to the driver itself,
> but I would hope this to be rare.
> 
> Now, I believe, we have the following:
> Pulse Audio provides the consistent interface.
> Pulse Audio uses Alsa.
> Alsa talks to the hardware driver.
> 
> Applications, that think they are talking directly to Alsa can actually
> be talking to Pulse Audio through a plugin,
> rpm -q -i alsa-plugins-pulseaudio
> 
> Applications that think they are talking directly to Esound can actually
> be talking to Pulse Audio through a plugin,
> rpm -q -i pulseaudio-esound-compat
> 
> I believe, Applications should, over time, be changed to talk to Pulse
> Audio.
> 
> Why this background?  We need to follow the audio path.
> 
> We need to see what Pulse Audio thinks.
> 
> We need to see what Alsa thinks.
> 
> We need to see if a driver has the hardware.
> 
> Pulse Audio can mute the audio.
> Alsa should be "controlled" by Pulse Audio, but is still best to make
> sure Alsa isn't muting the audio.
> I assume we have a kernel driver for the audio hardware.
> 
> Pulse Audio might have sound muted.
>>From xterm (gnome-terminal) please run pavucontrol,
> or from the menu, Applications,
> Sound & Video, please start Pulse Volume Control,
> Please check the "Output Devices" tab to see if you have volume and make
> sure it is not muted.
> pavucontrol is provided by 

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

On 07/05/2010 09:26 PM, Dave Stevens wrote:
> Quoting JD :

>> Can you post output of lspci?
> 
> sure, here:
> 
> 00:00.0 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a2)
> 00:01.0 ISA bridge: nVidia Corporation MCP55 LPC Bridge (rev a3)
> 00:01.1 SMBus: nVidia Corporation MCP55 SMBus (rev a3)
> 00:02.0 USB Controller: nVidia Corporation MCP55 USB Controller (rev a1)
> 00:02.1 USB Controller: nVidia Corporation MCP55 USB Controller (rev a2)
> 00:04.0 IDE interface: nVidia Corporation MCP55 IDE (rev a1)
> 00:05.0 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
> 00:05.1 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
> 00:05.2 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
> 00:06.0 PCI bridge: nVidia Corporation MCP55 PCI bridge (rev a2)
> 00:08.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
> 00:09.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
> 00:0a.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:0b.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:0c.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:0d.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:0e.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:0f.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
> 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8  
> [Athlon64/Opteron] HyperTransport Technology Configuration
> 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8  
> [Athlon64/Opteron] Address Map
> 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8  
> [Athlon64/Opteron] DRAM Controller
> 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8  
> [Athlon64/Opteron] Miscellaneous Control
> 01:06.0 Multimedia audio controller: Ensoniq ES1370 [AudioPCI]
> 05:00.0 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
> Bridge (rev 07)
> 05:00.1 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
> Bridge (rev 07)
> 08:00.0 VGA compatible controller: ATI Technologies Inc Radeon HD 4770 [RV740]
> 08:00.1 Audio device: ATI Technologies Inc RV710/730
> 
> and for what it's worth I'm curious why my video card shows up as an  
> audio device.
> 

I don't know if it will be useful, but can you do, as root,
lspci -vvv -s 8:00.1
I assume there will be a kernel driver in use.

Sound has always confused me.  Let me see if I can get this right this
time.  Every time I try to explain sound, someone (correctly!) dings me.

Pulse Audio provides a framework through which applications should do
audio (microphone/speakers/etc).  Pulse Audio speaks to Alsa.

Alsa speaks to the driver that actually drives the audio hardware.
Then there is the driver, itself, which drives the hardware.

Pulse Audio is supposed to provide a consistent interface to audio.

Before we had Pulse Audio, applications would speak with alsa
(or with ESD which also was supposed to provide a consistent interface
to audio).  I guess an application could also talk to the driver itself,
but I would hope this to be rare.

Now, I believe, we have the following:
Pulse Audio provides the consistent interface.
Pulse Audio uses Alsa.
Alsa talks to the hardware driver.

Applications, that think they are talking directly to Alsa can actually
be talking to Pulse Audio through a plugin,
rpm -q -i alsa-plugins-pulseaudio

Applications that think they are talking directly to Esound can actually
be talking to Pulse Audio through a plugin,
rpm -q -i pulseaudio-esound-compat

I believe, Applications should, over time, be changed to talk to Pulse
Audio.

Why this background?  We need to follow the audio path.

We need to see what Pulse Audio thinks.

We need to see what Alsa thinks.

We need to see if a driver has the hardware.

Pulse Audio can mute the audio.
Alsa should be "controlled" by Pulse Audio, but is still best to make
sure Alsa isn't muting the audio.
I assume we have a kernel driver for the audio hardware.

Pulse Audio might have sound muted.
>From xterm (gnome-terminal) please run pavucontrol,
or from the menu, Applications,
Sound & Video, please start Pulse Volume Control,
Please check the "Output Devices" tab to see if you have volume and make
sure it is not muted.
pavucontrol is provided by rpm -q -i pavucontrol,
yum install pavucontrol if necessary.
You may have more than one Port...I have two ports.
I have "Analog Output" and I have "Analog Headphones".
Please make sure you have volume and it is not muted on all ports.
By the way, if you don't mind me asking, what ports do you have?

If Pulse Audio is happy, please see what Alsa thinks.
rpm -q -i alsa-utils  (yum install alsa-utils if necessary)

>From xterm (gnome-terminal) please run: alsamixer
provided by alsa-utils

Controls for alsamixer can be found in the upper right corner.
"F1" for help, "F3" for Playback, "F4" for Capture, Esc for exit.

I'd be curious to know what alsamixer shows you.
For me, I only have

Re: Help me troubleshoot this problem

[Rick Sewill]

On 07/05/2010 06:15 PM, awrobinson...@nc.rr.com wrote:
> 
>  Geoffrey Leach  wrote: 
>> On 07/05/2010 03:28:20 PM, awrobinson...@nc.rr.com wrote:
>>>
>>>  Geoffrey Leach  wrote: 
 On 07/05/2010 01:27:01 PM, awrobinson...@nc.rr.com wrote:
> I am trying to install Fedora on a PC I built. I had Windows XP
> running on it for more than a year without any apparent problems.
>> 
>>>
>>> Hardware:
>>>
>>> Motherboard: BIOSTAR TFORCE TF520-A2 AM2 NVIDIA nForce 520 MCP ATX 
>>> AMD
>>> Processor: AMD Athlon 64 X2 4200+ Brisbane 2.2GHz Socket AM2 65W
>>> Dual-Core Processor
>>> Video Card: MSI NX8400GS-TD256E GeForce 8400 GS 256MB 64-bit GDDR2 
>>> PCI
>>> Express
>>> Memory: A-DATA 2GB (2 x 1GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400)
>>> Dual Channel
>>> Memory: A-DATA 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400)
>>> Dual Channel
>>> (6 GB total)
>>> Hard drive: SAMSUNG EcoGreen F2 HD103SI 1TB 5400 RPM SATA 3.0Gb/s 
>>> 3.5"
>> 
>> I wasn't able to discover anyything about Fedora compatibility with  
>> your Biostar MB, so you might well be in unexplored territory. It 
>> appears that the hardware compatibility lists for Fedora are no longer 
>> maintained, alas.
>>
>> The Nvidia FOSS driver for X (NV) might be a problem for you. I suggest 
>> you stay at runlevel 3 until your problems are resolved. If R/L 5 
>> causes you a problem after that, try the proprietary driver. I've found 
>> that it works well. 
>>
>> You didn't say where your Fedora came from. Are you sure that it's 
>> clean?
>>
> 
> Pretty sure. I used the netinstall CD for both 13 and 12. I checked the 
> md256sum for the Fedora 13 iso. I downloaded both from the Fedora site, so 
> they came from a Fedora-specific mirror. And there is the fact that I got the 
> same behaviour from both.
> 
> Again, please keep the questions coming. I really want to resolve this.
>  

May I suggest looking at the URL:
http://fedoraproject.org/wiki/KernelCommonProblems

It is where I would start when trying to debug Fedora panic/crash problems.

>From this webpage, in the "Crashes/Hangs" section, they seem to suggest
setting kernel boot parameters to try to narrow the problem or work
around the problem.

For more information on kernel boot parameters, the web page says,
"The full list of kernel options is in the file
/usr/share/doc/kernel-doc-/Documentation/kernel-parameters.txt,
which is installed with the kernel-doc package"

I assume one can find the correct kernel-parameters.txt file either
looking in the local file system assuming Fedora is usable -or-
searching the internet for "kernel-parameters.txt"
If one finds it with an internet search, please make sure the
kernel-parameters.txt more or less match the correct version of the
Fedora kernel.

Having said the above, if you suspect an acpi or apic problem,
the URL: http://fedoraproject.org/wiki/KernelCommonProblems
says,
"acpi=off is a big hammer, and if that works, narrowing down by trying
pci=noacpi instead may yield clues"
It also says, "nolapic and noapic are sometimes useful"

You need to look at kernel-parameters.txt to see what these parameters
do before using them.  Please don't try a parameter just to try it.
Using a kernel boot parameter could make matters worse.

If you suspect a video problem...and I believe they are trying to phase
out support for the kernel boot parameter, "nomodeset"--I believe they
have already phased out support for Intel, but still have some code
support for AMD which you have, I would still try that boot parameter to
see what happens.  You will need to search the internet to find out
about the parameter "nomodeset".  I don't consider using "nomodeset" as
a solution, but rather as a way to gather a data point or work around a
problem.

I would suggest trying one kernel boot parameter at a time, with the
hope of better isolating what is happening if a parameter seems to work.

If you discover a kernel boot parameter that acts as a workaround, it
may or may not provide a clue, to start isolating what is happening.

I would also look at the /var/log/messages for clues what was happening
a little before the failure/panic...you may hate me for suggesting
looking at /var/log/messages, sometimes there is nothing there and
sometimes there is too much there.

If you find a kernel boot parameter that works around the problem,
you will need to decide whether or not to write a bugzilla bug report.
If you do not find a kernel boot parameter, you may still wish to write
a bugzilla bug report.  A bugzilla bug report is the way, I believe,
for communcating problems with the maintainers.  I hope they ask you for
information, and I hope they suggest how to get what they ask for.
I would encourage you to write a bugzilla bug report, unless the problem
is a hardware failure, in which case, I don't know what to do.
Sometimes, if a problem is a hardware failure, nothing can be done.
Sometimes, if a problem is a hardware failure, the software can be more
graceful when the 

Re: Ideas for integrating a SIP account, N900, Magic Jack, Linux, etc...

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/23/2010 05:33 PM, Linuxguy123 wrote:
> People are using PAP2 devices to connect to Magic Jack accounts, thus
> removing the need to use the Magic Jack USB dongle.
> 
> Where does Google Voice fit into this ?
> 
>  
> 

I was actually wondering if Google Voice might be useful for you.

If my understanding is correct, you can do the following:
1) You can have a google voice number act as the number everyone dials.
   This would be the number you give people to call you.

2) You can tell google which phones to ring when someone calls the
   google voice number.

3) I believe, but am not certain, google supports some sort of
   voice mail.

In my mind, Google Voice is like having a main number for a business.
People call the main number.  Individual phones are called by Google.
You can program which phones ring when this main number is called.
If caller-id is working, you can control what happens based on caller.

The individual phones still have their own phone numbers.
The individual phones still can place or receive calls.

I could be wrong, but believe you can have a "home" phone,
a "cell" phone, and a SIP phone through sipphone.com associated
with a Google Voice number.
I'm not sure if you can have more than one of each or not.

I believe, one can also, somehow, dial out from the Google Voice number.

I was looking into Google Voice.  It may or may not work for you.
As always, please do your own research to see if it works for you!

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkwikOEACgkQyc8Kn0p/AZTPIQCggDNzy8uePoKjuagW6d2SsK7T
LK8AnRBuxM0Mt9c0Y8pyARNmHCbf8OVR
=BLAv
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound from Amarok (phonon/ pulseaudio)

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/05/2010 01:18 PM, Rex Dieter wrote:
> Linuxguy123 wrote:
> 
>> On Wed, 2010-05-05 at 11:54 -0500, Rex Dieter wrote:
>>> Linuxguy123 wrote:
>>>
 F12 /x86, fully up to date, except I can't boot the most recent kernel.

 $uname -a
 Linux localhost.localdomain 2.6.32.10-90.fc12.i686.PAE #1 SMP Tue Mar
 23 10:04:28 UTC 2010 i686 i686 i386 GNU/Linux

 Sound works for everything except Amarok.

 Settings -> Configure Amarok -> Playback -> Sound System Configuration
 shows "Configure Phonon" which then lists pulse Audio as my sole
 option.
>>>
>>> Does the 'test' button work or do anything?
>>
>> Nope.
> 
 $ yum list phonon
 Installed Packages
 phonon.i686
 4.4.0-3.fc12  @updates
>>> ...
 How do I get sound working for Amarok ?
>>>
>>> What does pavucontrol say is your PA output device?
>>
>> "Internal Audio Digital Stereo (IEC958)"
>>
>> On the Configuration tab, Internal Audio is shown as "Digital Stereo
>> Duplex (IE958)"
>>
>> On the Playback tab, Amarok is the only application shown, other than
>> System Sounds.
> 
> While playing, does pavucontrol show any activity for the amarok stream?
> 
> Either way, I'd venture there is a volume problem here, something got muted 
> or set to 0 somehwere.
> 
> -- Rex
> 

Hmm.  While digging around when I had sound problems,
I found the following URL of interest:
http://pulseaudio.org/wiki/PerfectSetup

It claims,
"Amarok ¶

Amarok is a KDE media player. It supports multiple "engines", which can
be changed within the menu: "Settings -> Configure Amarok... ->
Engines". The GStreamer engine supports PulseAudio (refer to the general
GStreamer section on this page for more information), while the Xine
engine supports both PulseAudio (1.1.2 and newer) and Esound (older
versions). "

Going further down for the Gstreamer section,
"GStreamer Applications ¶

Applications using the modern GStreamer media framework such as
Rhythmbox or Totem can make use of the PulseAudio through gst-pulse, the
PulseAudio plugin for GStreamer in gst-plugins-good. After installing
it, you have to enable it as default audio sink and source for all GNOME
applications by changing the GConf keys
/system/gstreamer/0.10/default/audiosink and
/system/gstreamer/0.10/default/audiosrc:

gconftool -t string --set /system/gstreamer/0.10/default/audiosink pulsesink
gconftool -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc

Alternatively, you can make these changes with the GUI tool
gstreamer-properties.

The GStreamer plugin wraps playback, recording and the mixer interface. "

I don't know where gconftool can be found.
I used gsteamer-properties to set the default audio sink and source.
gstreamer-properties is a binary provided by gnome-media-apps
$ rpm -q gnome-media-apps
gnome-media-apps-2.28.5-1.fc12.x86_64

The gstreamer Pulse Audio Plugin is found in
$ rpm -q gstreamer-plugins-good
gstreamer-plugins-good-0.10.21-1.fc12.x86_64

$ rpm -q -l gstreamer-plugins-good|grep -i pulse
/usr/lib64/gstreamer-0.10/libgstpulse.so

In the end I believe Pulse Audio will be a good thing.
I like the idea of this abstraction layer and what it tries to do.

I tried switching a number of programs to using Pulse Audio native.

I think I still have some programs trying to go to Alsa.
I believe programs trying to go to Alsa are being intercepted by
$ rpm -q alsa-plugins-pulseaudio
alsa-plugins-pulseaudio-1.0.22-1.fc12.x86_64

I have things, more or less, working now.  Stuff could still be better.

Like me, your mileage will vary.  I wish you luck.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvhwlkACgkQyc8Kn0p/AZSlxQCcDNIHC601ZIvq2eGtPqtT3zMF
u1wAoIMx6sPIeW+UhSebTnNfhSQMTsk4
=Eej1
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sound Problems FC12

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/30/2010 06:30 PM, Jim wrote:
> On 04/28/2010 05:48 PM, Jim wrote:
>> On 04/28/2010 01:18 PM, Jim wrote:
>>> On 04/28/2010 12:59 PM, Jim wrote:
 Fc12-X86_64/KDE

 No sound at all.

 Pulseaudio volume is set to 100% , alsamixer is set to 80% and in 
 System
 Settings>  Multimedia it shows Dummy for devices, no sound using "test"

 I have a Ensoniq ens-1371 and it has a driver snd-ens1371 the module is
 being loaded at boot time.

 See below.

 Where is the system-config-soundcard package for Fedora 12.


I don't know where the system-config-soundcard package is either.

 Sound worked perfect in Fedora 11  , did upgrade to Fedora 12 and no 
 sound.



...

>>
>> rtkit-daemon[1596]: Sucessfully made thread 1946 of process 1946 
>> (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
>> pulseaudio[1946]: pid.c: Daemon already running.
>>  rtkit-daemon[1596]: Sucessfully made thread 1952 of process 1952 
>> (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
>>  pulseaudio[1952]: pid.c: Daemon already running.
>>  gnome-keyring-daemon[1957]: couldn't set environment variable in 
>> session: The name org.gnome.SessionManager was not provided by any 
>> .service files
>>  pulseaudio[1593]: module.c: Module "module-device-manager" should be 
>> loaded once at most. Refusing to load.
>>  pulseaudio[1593]: module-x11-xsmp.c: module-x11-xsmp may no be loaded 
>> twice.
>>  pulseaudio[1593]: module.c: Failed to load  module "module-x11-xsmp" 
>> (argument: "display=:1006
>> session_manager=local/unix:@/tmp/.ICE-unix/1889,unix/unix:/tmp/.ICE-unix/1889"):
>>  
>> initialization failed.
>>
> 
> In the /var/log/messages it says that module-x11-xsmp is not loading.
> In /etc/pulse/default.pa it shows the  paragraph;
> 
> /etc/pulse/default.pa
> 
> ### Register ourselves in the X11 session manager
> #load-module module-x11-xsmp
> 
> It appears here that the module is not ment to be loaded.
> 
> And here is the only place I can find about xsmp;
> 
> locate xsmp
> /usr/lib/pulse-0.9.21/modules/module-x11-xsmp.so
> 
> Why is this module interfering with my not getting any sound ??
> 

I don't know the answer to your questions.
It sounds as if pulseaudio is already running when your session starts.

You wouldn't, by any chance, be running pulse audio in system mode?
Please see URL:
http://pulseaudio.org/wiki/SystemWideInstance
I am guessing you are not running pulse audio in system mode.

I don't understand how pulse audio can already be running.
Do you have something in your .bash_profile or .bashrc file, maybe?

I found two pulse audio commands useful when I had sound problems:
pavucontrol -- yum info pavucontrol
and to a lesser extent, paman -- yum info paman

Please install pavucontrol if you haven't already:
yum install pavucontrol
Please run pavucontrol -- it is GUI based (please note I use Gnome;
  I assume it works fine on KDE)
You will see the following tabs:
"Playback   Recording   Output Devices   Input Devices   Configuration"
Please select the "Output Devices" tab.
One possibility, and it is probably a long-shot, you may have multiple
output devices.  One output device might have good volume.  The other
might not.
The output devices are selected by changing the
"Port: ..." item.  For me, I have
"Port: Analog Output" and
"Port: Headphones"
The volume is always the same for both devices for me...but you might
be changing the volume of one and not the other...I don't know.

For grins, please install paman if you haven't already.
yum install paman
Please run paman -- it is GUI based
It has the following tabs:
"Server Information  Devices  Clients  Modules  Sample Cache"
I am wondering if you can find module-x11-xsmp under Modules.

I am curious to know what is listed in Clients, and, if something
is listed under devices.

I assume, under Server Information, it is not disconnected or anything.

I have since found another pulse audio command.
yum info padevchooser -- it is GUI based.
If I am not mistaken, one can "advertise" one's sound devices over the
network with pulse audio and one can select a pulse audio sound device
on another host.  I doubt if you have done this, but is interesting if
it can be done.

I better add a disclaimer.  I don't know or understand the workings of
pulse audio and alsa and sound devices very well.  I looked at lots of
stuff when I upgraded to Fedora 12 and my sound wasn't working.  I got
sound to work so I am happy.  I can't remember what was wrong.

It would be nice if someone who knows and understands pulse audio and
alsa better would chime in with better advice than I can give.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvblngACgkQyc8Kn0p/AZS6ewCgpNvRHIqviP7ICXxctOCvE92p
NFQAn2koSTkg5Vod2FPqnaZSiQEBkOzK
=lI

Re: GW (LAN1, LAN2, ADSL) config

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/20/2010 07:15 PM, j.halifax . wrote:
>>
>> .please do netstat -rn
>> Please also do /sbin/ifconfig -a
>>
> 
> ==
> netstat
> ==
> # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags   MSS Window  irtt Iface
> 192.168.180.0   0.0.0.0 255.255.255.0   U 0 0  0 eth3
> 10.255.253.010.255.250.250  255.255.255.0   UG0 0  0 eth2
> 10.1.1.010.255.250.250  255.255.255.0   UG0 0  0 eth2
> 195.39.130.00.0.0.0 255.255.255.0   U 0 0  0 eth0
> 10.255.250.00.0.0.0 255.255.255.0   U 0 0  0 eth2
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth2
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth3
> 172.17.0.0  192.168.180.1   255.255.0.0 UG0 0  0 eth3
> 192.168.0.0 192.168.180.1   255.255.0.0 UG0 0  0 eth3
> 0.0.0.0 195.39.130.89   0.0.0.0 UG0 0  0 eth0
> 
> ==
> ifconfig
> ==
> ifconfig -a
> eth0  Link encap:Ethernet  HWaddr 00:1B:11:B1:5D:0D
>   inet addr:195.39.130.92  Bcast:195.39.130.255  Mask:255.255.255.0
>   inet6 addr: fe80::21b:11ff:feb1:5d0d/64 Scope:Link
>   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>   RX packets:24299910 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:15282420 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:16111717780 (15.0 GiB)  TX bytes:2946725879 (2.7 GiB)
>   Interrupt:21 Base address:0xca00
> 
> eth1  Link encap:Ethernet  HWaddr 00:19:D1:9D:E6:14
>   BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>   Memory:9220-9222
> 
> eth2  Link encap:Ethernet  HWaddr 00:19:5B:38:B7:36
>   inet addr:10.255.250.37  Bcast:10.255.250.255  Mask:255.255.255.0
>   inet6 addr: fe80::219:5bff:fe38:b736/64 Scope:Link
>   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>   RX packets:53693057 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:15359524 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:5565104705 (5.1 GiB)  TX bytes:13115812080 (12.2 GiB)
>   Interrupt:22 Base address:0xa900
> 
> eth3  Link encap:Ethernet  HWaddr 00:1B:11:B1:1C:D4
>   inet addr:192.168.180.100  Bcast:192.168.180.255  Mask:255.255.255.0
>   inet6 addr: fe80::21b:11ff:feb1:1cd4/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:4068329 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:60337 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:417749601 (398.3 MiB)  TX bytes:4328913 (4.1 MiB)
>   Interrupt:18 Base address:0x6800
> 
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
>   inet6 addr: ::1/128 Scope:Host
>   UP LOOPBACK RUNNING  MTU:16436  Metric:1
>   RX packets:431338 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:431338 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:41551814 (39.6 MiB)  TX bytes:41551814 (39.6 MiB)
> 
> sit0  Link encap:IPv6-in-IPv4
>   NOARP  MTU:1480  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
> 
> Thank you so much... :)
> jh
> 
> 

The routing table and interfaces look okay.

I am confused.  I have questions below.

> 
>>  Původní zpráva 
>> Od: Rick Sewill 
>> Předmět: Re: GW (LAN1, LAN2, ADSL) config
>> Datum: 21.4.2010 01:10:47
>> 
> On 04/20/2010 05:48 PM, j.halifax . wrote:
>>>>>>
>>>>> Is IP forwarding on?
>>>>>
>>>> Yes, it is.
>>>>
>>>>
>>>>
>>>>>  Povodní zpráva 
>>>>> Od: Terry Polzin 
>>

Re: GW (LAN1, LAN2, ADSL) config

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/20/2010 05:48 PM, j.halifax . wrote:
>>>
>> Is IP forwarding on?
>>
> Yes, it is.
> 
> 
> 
>>  Původní zpráva 
>> Od: Terry Polzin 
>> Předmět: Re: GW (LAN1, LAN2, ADSL) config
>> Datum: 20.4.2010 19:03:39
>> 
>> On Tue, 2010-04-20 at 15:31 +0200, j.halifax . wrote:
>>> Hi All,
>>>
>>> please help me kindly to reconfig my default GW (Fedora 12).
>>>
>>> The GW has 3 active Ethernet cards:
>>> eth0 - connected to Internet ADSL router (incl. VPN, pptpd)
>>> eth1 - not used
>>> eth2 - LAN1
>>> eth3 - LAN2.
>>>
>>> I had everything working fine but due to some problems I lost 
>>> the configuration of the GW and I can't get it working again.
>>>
>>> (1) The Internet access (LAN1 -> GW -> Internet) is working fine.
>>> (2) The access of  (Internet -> GW -> LAN1 / LAN2) is ok incl. VPN
>>> (3) I can not access LAN2 neither from LAN1 nor from GW box
>>>
>>> Traceroute shows that for (3) packets don't go to eth3 (LAN2) as
>>> they should, but they fall down to eth0 (default gw).
>>>
>>> Can you please advise me what I need to set-up (iptables) in the GW?
>>>
>>> Thank you so much for your kind help.
>>>
>>> Regards,
>>> jh
>>>
>> Is IP forwarding on?
>>
>> -- 
>> users mailing list
>> users@lists.fedoraproject.org
>> To unsubscribe or change subscription options:
>> https://admin.fedoraproject.org/mailman/listinfo/users
>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>
>>
>>


As another person asked, please do netstat -rn
Please also do /sbin/ifconfig -a

When debugging a routing problem, we need to see your routing table.
It's also good to see the interfaces.

I would be surprised if the problem were iptables related.

Sounds more like the problem is routing table related.

I'm assuming you haven't done anything with the /sbin/ip command
like policy routing.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvOM/sACgkQyc8Kn0p/AZSWmQCfTd7Anw2fdFOLrxgWSjen40oh
dWAAoKJcsXKaL7HEvRyMdNoxQbLoMQZS
=8n1a
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH tunnel for ssh traffic

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 04:38 PM, Christoph Höger wrote:
> 
>>
>> Host remote
>>  HostKeyAlias myAliasForRemote
>>  HostName remote.com
>>  LocalForward  veryremotehost:22
>>
>> Host veryremote
>>  HostKeyAlias myAliasForVeryRemote
>>  HostName localhost
>>  port 
> 
> 
> This comes very close to my needs. Only one thing left: Is there any way
> to trigger ssh remote just by running ssh veryremote?
> 

I always started "ssh remote" manually.

Could you create a bash shell script that starts "ssh remote" in the
background, and then starts "ssh veryremote"?

- From the "man ssh" page, there is a suggestion about using
"  The following example tunnels an IRC session from client machine
  “127.0.0.1” (localhost) to remote server “server.example.com”:

  $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
  $ irc -c ’#users’ -p 1234 pinky 127.0.0.1
"

Perhaps you could do something like:
# Please note...I have not tested this.
#!/bin/bash
# establish the initial ssh tunnel putting it in the background
ssh -f remote sleep 10 &
# wait 2 seconds for ssh to set up the tunnel, hopefully long enough
sleep 2
# establish the ssh tunnel to the very remote machine.
ssh veryremote

I prefer starting "ssh -f remote sleep 10 &" manually to know the ssh
tunnel is actually started before I start using it to forward traffic.

Other than using a bash script, I can't think of a way to trigger
the starting of "ssh remote".

On another note, they added a ~/.ssh/config option that is new to me.
For those having problems with a home directory shared across multiple
machines, from "man ssh_config",
they added NoHostAuthenticationForLocalhost
"
NoHostAuthenticationForLocalhost
   This option can be used if the home directory is shared across
   machines.  In this case localhost will refer to a different
   machine on each of the machines and the user will get many warn-
   ings about changed host keys.  However, this option disables host
   authentication for localhost.  The argument to this keyword must
   be “yes” or “no”.  The default is to check the host key for
   localhost.
"

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHmV4ACgkQyc8Kn0p/AZQpuQCfXK3UcWOd8LR0FkHbRK0uqH9n
mYMAn0XVzkFoD7y4Cxkq3NLGpWyHp2x3
=YRkG
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: authentication problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 11:51 AM, jack craig wrote:
> Hi Folks,
> 
> I have an authentication issue with ssh that i'd like to ask for clues
> on solving?
> 
> i have created a local host key, id_rsa.pub.
> 
> i have copied that to the remote host, .ssh/authorized_keys,
> and checked the perms for both ~/.ssh & .ssh/authorized_keys.
> 
> yet i get the below, ...
> 
> 
> ssh -v -l jackc sby1.extraview.com
> OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
> publickey,gssapi-with-mic,password  < !
...
> No credentials cache found
> 
...
> No credentials cache found
> 
...
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/jackc/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> Agent admitted failure to sign using the key.
> debug1: Next authentication method: password
> ja...@sby1.extraview.com's password:
> 
> my naive reading of the above looks like it fulfilled
> one authentication method, but then goes on to ask for another,
> in this case, a password.
> 
> my wag is that there is an /etc/pam.d config that is wrong,
> but this isn't my strong suite and i don't want to guess/mess around.
> 
> also, this phrase, ...
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> No credentials cache found
> 

I wouldn't worry about GSS failure.  You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html
it explains the idea behind GSS.  I tend to think of GSS as Kerberos.

> where do i find the minor code its referring to?
> 
> any ssh guru's out there to provide  a clue?
> 

Not sure.

When it says, "Agent admitted failure to sign using the key.",
is it referring to ssh-agent?

There is a program, ssh-add, which talks to ssh-agent.
I haven't used ssh-add or ssh-agent in a long time.

Before I take us down this path which might be a wild good chase,
I better ask are you using these?

Whenever I have publickey authentication problems,
it usually is file and directory permissions.
You indicated you checked ~/.ssh and ~/.ssh/authorized_keys

As a test, could you make certain your $HOME directories,
on both the local and remote machine, are not writable by anyone,
but owner?

Could you make sure ~/.ssh on both machines is only read/write
by owner?

Could you make sure the files in ~/.ssh, such as authorized_keys,
config, id_rsa, known_hosts, are only read/write by owner?

For me, anything in ~/.ssh should only be read/write by owner.
Call me paranoid but only owner should have access to these files.

The one kicker, I'm asking you to do, is make sure both
$HOME directories are, at most, readable, by others, and not writable.

If you want someone to put files in your $HOME directory area,
can you set up $HOME/droparea and give them read/write access
to $HOME/droparea?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
=l5hs
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH tunnel for ssh traffic

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 09:12 AM, Christoph Höger wrote:
> Hi,
> 
> I need to ssh to some remote VM that sit in a private LAN. For any other
> service (e.g. RDP) I'd use ssh tunneling just normal.
> But what do I do for ssh traffic? Since ssh is not host agnostic, it
> will always complain about localhost having a different RSA key.
> I just do not want to edit the known_hosts every time I need to connecto
> to a new machine!
> 
> Is there some way to tell ssh to use a tunnel directly for a connection?
> 
> regards
> 
> Christoph
> 

I'm afraid I do not understand what you are asking.

Let me try to answer what I think you are asking.
I apologize if I'm wrong.

Let us say I want to ssh tunnel to a remote machine on a remote lan.
Let us say I want to tunnel ssh traffic through this ssh tunnel to
still a third machine on that remote lan.

Could I do something like the following in my ~/.ssh/config file:

Host remote
 HostKeyAlias myAliasForRemote
 HostName remote.com
 LocalForward  veryremotehost:22

Host veryremote
 HostKeyAlias myAliasForVeryRemote
 HostName localhost
 port 

Now, could I do
ssh remote
and myAliasForRemote is what is associated with the host in my
~/.ssh/known_hosts file.
and as long as this connection is open, could I do
ssh veryremote
and myAliasForVeryRemote is what is associated with the host,
veryremotehost, in my ~/.ssh/known_hosts file.

I am not sure if the DNS name, "veryremotehost" needs to be resolved
locally or remotely.  I think it is remotely, but you would need to
check.  Normally, I would have used IP addresses because the hosts on
the company's internal lan did not have DNS entries.

The HostKeyAlias controls the name used for the host that is stored in
the ~/.ssh/known_hosts file.

Is this what you are asking?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHWB0ACgkQyc8Kn0p/AZT9LACcDNo/uJxnV1fx4JEbboAIgFt2
fMYAoK62YhEtG/Oc45hZs1hAED9tLBOe
=aTns
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sftp does not work after upgrade fo F12

[Rick Sewill]

On 03/30/2010 05:57 AM, Gianfranco Durin wrote:
...
> =
> 
> Googling a little, I see I am not the only one to have a similar problem:
> 
> http://www.experts-exchange.com/OS/Linux/Setup/Q_24958525.html
> http://support.expandrive.com/discussions/expandrive-mac/361-can-ssh-connect-on-the-comandline-but-expandrive-connection-allways-dies
> 
> So, finally I tried:
> ===
> sftp -vvv localhost
...
> debug1: Sending subsystem: sftp
> debug2: channel 0: request subsystem confirm 1
> debug2: fd 3 setting TCP_NODELAY
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug3: Wrote 192 bytes for a total of 1941
> debug2: channel 0: rcvd adjust 2097152
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: subsystem request accepted on channel 0
> debug3: Wrote 48 bytes for a total of 1989
> debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
> debug1: client_input_channel_req: channel 0 rtype e...@openssh.com reply 0
> debug2: channel 0: rcvd eow
> debug2: channel 0: close_read
> debug2: channel 0: input open -> closed
> debug2: channel 0: rcvd eof
> debug2: channel 0: output open -> drain
> debug2: channel 0: obuf empty
> debug2: channel 0: close_write
> debug2: channel 0: output drain -> closed
> debug2: channel 0: rcvd close
> debug3: channel 0: will not send data after close
> debug2: channel 0: almost dead
> debug2: channel 0: gc: notify user
> debug2: channel 0: gc: user detached
> debug2: channel 0: send close
> debug2: channel 0: is dead
> debug2: channel 0: garbage collecting
> debug1: channel 0: free: client-session, nchannels 1
> debug3: channel 0: status: The following connections are open:
>#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
> 
> debug3: channel 0: close_fds r -1 w -1 e 6 c -1
> debug3: Wrote 32 bytes for a total of 2021
> debug3: Wrote 64 bytes for a total of 2085
> debug1: fd 0 clearing O_NONBLOCK
> debug3: fd 1 is not O_NONBLOCK
> Transferred: sent 1872, received 2040 bytes, in 0.1 seconds
> Bytes per second: sent 22414.6, received 24426.1
> debug1: Exit status -1
> Connection closed
> =
> Honestly, I am little confused...
> 
> Thanks to all,
> Gianfranco

I am confused too.

Just a guess...might be a wild goose chase...
for the user account you are trying to sftp to, could you save your bash
startup files on the server machine and set up the default bash startup
files?

My memory is vague, or it might be my imagination, but I seem to
remember having a problem, a very long time ago, about having things in
my bash startup files that were interfering with my ability to do things
through ssh.  Whatever problem I had may no longer be a problem.

I finally fixed my problem by stopping my .bashrc file from doing
certain things if not interactive.

I came to the conclusion my problem had something to do with things in
my .bashrc file intercepting input from the standard input and creating
unexpected output on standard output.

I still try to separate my bash startup files into stuff I always want
to do and stuff I only want to do when interactive.

I still put the following line in an appropriate place in my .bashrc
file to stop doing certain things when I am not interactive:

# check for shell is not interactive
[ -z "${PS1}" ] && return

It's just a guess...but it would be quick and easy to test.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sftp does not work after upgrade fo F12

[Rick Sewill]

On 03/29/2010 10:23 AM, Gianfranco Durin wrote:
> On 03/29/2010 03:28 PM, Aaron Konstam wrote:
>> On Mon, 2010-03-29 at 11:07 +0200, Gianfranco Durin wrote:
>>> On 03/25/2010 03:51 PM, Marvin Kosmal wrote:
 Could start with which sftp on the Fedora machine.

 YMMV

 Marvin

>>>
>>> Thanks,
>>> I use openssh
>>>
>>> and I have
>>>
>>> Subsystem sftp /usr/libexec/sftp-server
>>>
>>> enable in my sshd.config file.
>>>
>>> Is it enough?
>>>
>>> Gianfranco
>> This is the line in my sshd.conf file
>> Subsystem   sftp/usr/libexec/openssh/sftp-server
>>
>> The file you reference does not exist on my machine.
> 
> Yes, sorry, you are right, this is the very same I have
> 
> Gianfranco

Can you ssh successfully from the client side to the server side?

Sorry if you already answered this question.
I started looking at this thread in the middle.

If you cannot ssh, that will give us some hints.

If you can ssh successfully, please check your /etc/hosts.allow and
/etc/hosts.deny files on the server side.  I believe openssh-server is
built to examine those files.  I believe those files can authenticate or
block connections on a per service per user per host basis.

On the client side, can you do sftp -v 

Does anyone know if multiple sftp -v -v -v increase the logging level as
it does in ssh -v -v -v ?

If using multiple -v does increase the logging level, can you do
sftp -v -v -v ...


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ogm video

[Rick Sewill]

On 03/28/2010 05:50 PM, Michael Miles wrote:
> On 03/28/2010 03:06 PM, Tim wrote:
>> Can you supply a sample OGM video (a weblink to one)?  I don't recall
>> having problems playing them in the past, but I can't find one at the
>> moment.
>>
>>
> Limite de Segurança.ogm
> 
> unfortunately this has to be downloaded with torrent
> http://www.kickasstorrents.com/t524772.html
> 
> 
> try it
> 
> I do believe it is an older file
> 
> Good quality but it is only a codec that is stopping it
> 
> ogmdemux splits it and ogmjoin reassembles
> 
> I have changed the format to avi and changed fourcc to xvid but the 
> players still wont work
> sound is there but no video
> 
> I have installed every codec under the sun but no joy there
> 
> I opened a virtual windows os and intalled klite codec pack
> xillisoft converted it no problem
> 
> on the linux side no way
> 
> Michael Miles
> 

It may not help, but I am curious.

When you split it, you get a number of files.
If you do the command,
file 
what does the file command tell you?

I am hoping the file command can identify the video file type.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ogm video

[Rick Sewill]

On 03/28/2010 03:46 PM, Michael Miles wrote:
> Can anyone tell me how to get codec for ogm video files
> 
> Vlc no
> mplayer no
> smplayer no
> xine no
> 
> 
> I have tried to convert
> I used all I could find
> 
> 
> All say no codec
> 
> 
> I can't seem to find codec

Not heard of ogm before.

yum search ogm
gave a number of choices, including ogmtools.

yum install ogmtools

followed by
man ogmdemux
seems to imply ogmdemux can extract streams from an OGM.

Please read the notes part of the man page...it says,
"What not works:

*  Headers  created by older OggDS (DirectShow) filter versions are
   not supported (and probably never will be).
"

First see if
ogminfo 
gives any useful information to see if these tools work on the file.

Perhaps you can extract the streams and play them separately?

Not sure if this will help or not.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: log in through root

[Rick Sewill]

On 03/28/2010 02:49 PM, Sam Sharpe wrote:
> On 28 March 2010 20:26, agraham  wrote:
>> On 28/03/10 09:29, Rajanish Kumar wrote:
>>> Hi!
>>>   I have already installed Fedora 12 .I have given root password...and
>>> finally added a user name "rajanish"
>>> .I am log in through "rajanish"but i have not accessing throgh root...I want
>>> to log in through root because i want to learn administrative property.
>>>   please help me to guide log in through root..
> 
>> At the login prompt (or your graphical login program - gdm, kdm etc)
>> use the username "root" and password that you set when installing Fedora.
> 
> Nice idea, but it won't work unless you enable it:
> http://linuxers.org/quick-tips/fedora-12-enable-root-login-gui
> 
>> Please ignore all those that present horror stories and FUD about root,
>> you have to learn somehow and the best way is to mess around as root.
> 
> I disagree and I am a professional Linux sysadmin. I never login as root.
> 
>> Unlike a normal user, your path with will include /sbin so you won't
>> need to prepend root commands with a path e.g. /sbin/ifconfig.
> 
> You can add /sbin and /usr/sbin to your normal path if this is a
> problem for you. I do this and then I login as a normal user and use
> "sudo" or "su -c" to prefix any commands I want to run as root.
> 
>> And if you happen to do something like  "rm -rf /", just re-install and
>> start-over, I'm sure you'll learn from your mistakes like we all did.
> 
> No comment ;o)
> 
> --
> Sam

rm -rf / doesn't just happen on Linux...one of my coworkers did
rm -rf * on Solaris...he thought he was one place, but he was at /

You should have heard his language.
On second thought...no you shouldn't.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: log in through root

[Rick Sewill]

On 03/28/2010 12:04 PM, bruce wrote:
> hey...
> 
> as a guy who's been running different variants of unix/sun/vax vma for
> ~25 years... you can run as root/user with equal ability to screw up
> if you don't know what you're doing! running as a user implies that
> you can't do certain things/apps on a system.. but who's to say that
> someone didn't open up the system to allow users to run thoses
> "dangerous" apps as a user!
> 
> bottom line, people should know what the heck they're doing when they
> start to play on the system..
> 
> as to your issues with windows... what kind of virus system/apps are
> you running to prevent viruses from being able to be downloaded on the
> box???
> 
> if you have "good" anti-virus apps running, and they're updated on a
> frequent basis.. the system should be ok, unless she's going to sites
> that are probably good breeding grounds for getting infected. in which
> case, you should tell her to stay the hell away from those sites...
> 
> peace..
> 


It was Norton anti-virus...and I updated to the latest patches.
I updated Windows to the latest patches.
I updated IE to IE 8, hoping that would slow down problems.

Unfortunately, you hit the nail on the head.
Took her only a few days to get infected again.

She told me she was visiting hundreds of web sites looking for pictures.
I don't think any anti-virus apps, even if kept up to date, could help.

I am stuck what to do.  She doesn't want me switching her to Linux.

She wants her Creative Memories software to work.
She is comfortable clicking the IE icon to get to Yahoo! mail.

She's learned how to find pictures and how to print pictures.

She wants to go to hundreds of web sites looking for pictures.
It's something, she believe, the PC should be able to do.
She doesn't understand why her PC can't be kept safe.

I was hoping against hope, switching her to Linux would slow the problem
down.  I doubt if anything can be done to prevent it.

I'm afraid I took this off-topic.  Sorry to everyone for doing that.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: log in through root

[Rick Sewill]

On 03/28/2010 03:29 AM, Rajanish Kumar wrote:
> Hi!
>  I have already installed Fedora 12 .I have given root password...and
> finally added a user name "rajanish"
> .I am log in through "rajanish"but i have not accessing throgh root...I
> want to log in through root because i want to learn administrative property.
>  please help me to guide log in through root..
>   
> Rajanish Kumar
> Fedora User
> 

Others will answer how to log in through root.

I would express a different concern.

Please forgive me if this sounds like a rant.
I don't wish it to be such.  The following is what I believe.

Linux has a different mindset from Windows.

I think of Windows as being single-user focused.
One user, at a time, does things on Windows.
That user, is, for all intents and purposes, "god" on the PC.
That user, invariably, runs with administrator privileges.

I realize I am being unfair to Windows.
One can have multiple Windows users "active" at the same time.
One can leave one user active and log in as another user.

Windows users can be restricted from administrator privileges.

Windows users are coerced into running with administrator privileges.
Windows users run programs that try to do upgrades automatically.
Windows users visit websites that try to do installs immediately.

Linux is multi-user.  People are expected to run as normal users.
People should be root only long enough to do system things.

Program developers create downloads with this in mind.
People can download and compile and build programs as normal users.
Only when people need to install, do people need to become root.

For most things, people should run as a "normal" user.
When I see a person running normal programs, as root, I shudder.

People have arguments, which is more secure, Windows or Linux.
I believe it is not the operating system that is secure or insecure.
I believe it is the way people use the operating system.

I believe one can take an insecure Windows operating system and make it
secure.  One can argue, it will also be annoying to use, or unusable,
but that is another discussion.

I believe one can take a secure Linux operating system and make it insecure.

What am I trying to say?

Please be very, very careful what you do as root.
You can make a terrible mess if you don't know what you are doing.

This is the end of my rant...wishing it didn't sound like a rant.

To help this person and me and others, can someone suggest some
reasonable websites that explain how to keep Linux secure and how to be
a Linux administrator for beginners?

What I found, when searching the Internet, was rather dated.

I'm not looking for information on selinux or the intricacies of iptables.

I'd rather find a tutorial saying things like...
only run services (chkconfig service ...) you need,
only open firewall ports (iptables ...) you really want opened,
only install software from sources you trust,
don't run user programs or games as root,
get a USB drive for backups and how to do backups,
etc.

I have a personal reason for asking for this information.

My sister keeps bringing her Windows XP PC to me for fixing.
It takes her less than a week to get viruses on her PC.
I've reloaded from the factory partition twice already.

The second time, she got viruses, really frustrated me.
Before giving her back her PC, I made sure all the patches were in.
I had Norton Utilities running with all updates.
I made sure her firewall was enabled.
Did me little good.

Her PC currently has some viruses on it (this is the third time).
Again, I made sure all patches were in and all updates were in.

Norton Utilities can detect the viruses, but not remove them.

I told her I wanted to install Linux on her PC.
She is bucking.  She knows how to find notepad.
She wants to be able to run a "Creative Memories" program.
She has both Internet Explorer and firefox (I tried to get her to use
firefox) set to go to her favorite website, as her home page.

I only find out she has a problem when she can't do her usual routine.
The first two times, I found out, because the malware was demanding
money and wouldn't let her do anything with her PC.

This last time, I found out, because, when she clicked the web browser
icon, it went to the wrong web page, not her home page.

Even if I force her to switch to Linux, I will have problems.
She will fuss and fuss until I give her the root password.
I won't want to give her the root password...for obvious reasons.
She will take a "secure" Linux system and make it vulnerable.
She won't know what she is doing.

You may think I'm being unfair to her...and I am.
She is not computer literate.  She is literate in other things.
She calls her PC her brain because someone explained the PC was the
brain.  She doesn't know what a hard disk is...she doesn't know the
difference between program and data...she doesn't know how to find
things unless those things are icons on the desktop...she needs help
configuring her printer and ethernet.  Once configured, she

Re: Routing choice under user control per application instance?

[Rick Sewill]

On Thu, 2010-03-18 at 14:07 -0600, S P Arif Sahari Wibowo wrote: 
> Hi!
> 
> I am wondering whether it is possible to choose TCP/IP routing 
> for a specific instance of an application - chosen on user-level 
> when the application is started?
> 
> More specifically I have a workstation with 2 Internet 
> connections (different devices), and I would like to have some 
> applications connecting to Internet using one connection while 
> other applications connecting to Internet using the other 
> connection, where I choose which application instance use which 
> connection.
> 
> I control the whole workstation (root, hardware) so I can do 
> whatever on the machine, but not the router / connection.
> 
> Any idea?

I have not done what you are requesting.

I did an Internet search and came to the following conclusions:
1) You can mark packets using iptables.
   The marking can be based on type of traffic, ex: html, smtp, etc.

2) You then use ip routing to do what is called policy routing.
   You have multiple routing tables.
   The routing table to be used will be selected based on the marking.

I will suggest you look at the following URL and see if it helps you.

This URL is not for the faint of heart:
http://linux-ip.net/html/adv-multi-internet.html

The key overview to understand this URL is the summary near the top:
Quoting from the URL,
"...Before beginning let's outline the process we are going to follow. 

  * Copy the main routing table to another routing table and set the
alternate default route [38]. 

  * Use iptables/ipchains to mark traffic with fwmark. 

  * Add a rule to the routing policy database. 

  * Test!"

I have not personally done this.
I can't do much more than give you the URL reference.
You will need to determine if this as a possible solution for you.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Backup, what system files are *really* important?

[Rick Sewill]

> > 
> > /opt (and /usr/local) are likely to contain stuff that wasn't installed
> > via rpm or yum, thus needs to be preserved. That's all. YMMV.
> > 
> 
> what about /var ?
> 
> /var/www/html
> /var/www/named
> /var/lib/dhcpd
> /var/lib/imap
> /var/cache/samba
> 

Did they move /var/named to /var/www/named?
At one time I needed to do my own DNS and have a /var/named 
laying around.  I guess it depends what's in the /etc/named.conf file.

Probably all of /var/lib should be examined -- I don't know where
asterisk, mysql, or other packages keep their data.

And /var/spool/cron -- if you have any user cron jobs.

All of /var/spool should be examined for directories to back up.

And ... /sbin/ifup-local and /sbin/ifdown-local if you have those files.
Those files, if present, are referenced from files in the 
/etc/sysconfig/network-scripts directory.  I'm sure there's a good
reason those files are in /sbin; I wish they were in /usr/local/sbin.

And consider /root -- it's up to you whether you want to back this up

And /boot/grub/grub.conf -- /etc/grub.conf is a symbolic link.
I dual boot so my grub.conf has other boot directives in it.

Hopefully, /etc/grub.conf is the only symbolic link to worry about.
I did "find /etc -type l" and grub.conf was the only symbolic link
pointing to something I needed to worry about.

I'd check for symbolic links in the directories you back up.

Do hard links cause backup problems?
Are there any hard links one has to worry about when doing backups?
At this moment, I can't think of any.

I haven't had to create any block or character special files in the
/dev directory in a while.  I suggest you keep a text file detailing 
any special /dev files you might have created.  I am thinking of the 
case where you are doing something with a device driver for something
that is not supported in FC12.  Hopefully, this won't apply.  
I'd keep a text file detailing anything like this in my /root.

Finally, I'd examine the sub-directories in /usr/src.
Before FC12, my webcam wasn't supported.  I kept source code
in /usr/src/redhat/SOURCES for building a driver for my webcam.
You may have something in /usr/src/redhat/SOURCES or 
/usr/src/redhat/RPMS that you need to add to FC12.  If possible,
keep information in a text file describing where you got the
code rather than try to back up /usr/src/redhat...but as a last
resort, be prepared to back up stuff, if necessary.

I'd actually keep a text file detailing any changes 
I make that are not part of standard Fedora.
It's easier to go to a text file where I keep a list of things from 
livnia or source files I need to get something working that isn't
supported, then to discover something is missing and have to remember 
where I got it and how I had to install it.

I'd also generate a text file, on a regular basis,
yum list all > /root/yum-list-$(date '+%Y%m%d').lst
so I have a list of Fedora packages that were in my system.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines