Re: [CentOS-virt] open-vm-tools for latest CentOS-4 and CentOS-5 kernel-vms
John Thomas wrote: Johnny Hughes said the following on 12/31/2007 11:37 AM: snip The open-vm-tools are available here: http://people.centos.org/~hughesjr/open-vm-tools/ The purpose of these RPMS (open-vm-tools) is to replace the VMware-Tools RPMS that come with VMWare. Please remove VMWare-Tools inside the VM if you are going to install these open-vm-tools for testing. Thank you for these. May I ask the costs and benefits? Following are my guesses and hopes: My Guesses: Benefits: Easier to install, just toss into repo and yum install NAME Costs: None My Hopes: Benefits: Easier to install, will be in CentOS repo with vm kernels This will be the case, yes. Though that is not the case now. No need to run vmware-config-tools.pl after kernel upgrade This is indeed a huge benefit, as it requires one less reboot and does not require you to do anything via your console or to rebuild anything as a user. You also do not need build tools inside your client VM now. Time syncing is somehow better It is not really better ... but it is the same. I have found that if your client is running fast, you need to adjust the vmware.conf file like this article says: http://kb.vmware.com/kb/1591 And that these tools will keep it from being slow. Johnny will personally help you with all your computer problems (just kidding) For the right price :-D Other added benefits are that the vmhgfs works without recompiling by the user. Costs: None I do not see any negative issues. I do still need to come up with something to copy the xorg.conf file into place while maintaining a backup, and also the same for a gpm config file. But I think this will be a major improvement for VMWare users as are the kernel-vm kernels. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] open-vm-tools for latest CentOS-4 and CentOS-5 kernel-vms
Ray Van Dolson wrote: No need to run vmware-config-tools.pl after kernel upgrade This is indeed a huge benefit, as it requires one less reboot and does not require you to do anything via your console or to rebuild anything as a user. You also do not need build tools inside your client VM now. This is indeed, very cool. I would like to point out that VMware is working very hard to get these tools incorporated into Linux distros right now. Whether or not we should do this or promote Xen instead is a different argument for a different time. Many people use VMWare right now, and these tools will work in all the version, not just the free server (though that is where we develop and test them). But I think this will be a major improvement for VMWare users as are the kernel-vm kernels. Couple questions regarding these kernels... should they be run on the host or on the guest? And I see they are in -testing right now, and also in tru's home directory. Where is the authoritative source for them and will they end up in centosplus at some point? We (Tru Huynh actually, with help from Akemi Yagi and Fabian Arrotin) created them. There is no Authoritative source (except us :D), the SRPMS are available from the current locations now. They are the EL kernel with the clock freq set to 100HZ instead of 1000HZ ... which is pretty much required to get any kind of performance inside of VMware VMs. They will end up somewhere ... either in a virt repo or extras (as they are named kernel-vm and not kernel, they are not replacing the kernel as such). They are designed to run inside VMs, though will run on the host as well currently. All they do is adjust the freq of the clock to 100HZ. They are not recommended for the host, however. It is possible that we will work with the VMWare people to add other tweaks to these kernels for performance gains ... if there are specific things called out by them to increase / enhance usability or performance inside VMware VMs. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] open-vm-tools for latest CentOS-4 and CentOS-5 kernel-vms
On Jan 1, 2008 7:53 AM, Johnny Hughes [EMAIL PROTECTED] wrote: Ray Van Dolson wrote: Couple questions regarding these kernels... should they be run on the host or on the guest? And I see they are in -testing right now, and also in tru's home directory. Where is the authoritative source for them and will they end up in centosplus at some point? We (Tru Huynh actually, with help from Akemi Yagi and Fabian Arrotin) created them. There is no Authoritative source (except us :D), the SRPMS are available from the current locations now. They are the EL kernel with the clock freq set to 100HZ instead of 1000HZ ... which is pretty much required to get any kind of performance inside of VMware VMs. And if you are interested in how the -vm kernel was born and what the current status of development is, take a look at: http://bugs.centos.org/view.php?id=2189 I would also like to encourage people to join in the effort and contribute to that bug tracker with new findings, test results, etc. Akemi ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-es] Ayuda con sendmail
Acabo de instalar sendmail, configure el sendmail.mc y al poner: m4 /etc/mail/sendmail.mc /etc/mail/sendmail.cf me sale el siguiente error # $id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ # NONE:0: m4: ERROR: end of file in argument list _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Ayuda con sendmail
Henry Villavicencio wrote: Acabo de instalar sendmail, configure el sendmail.mc y al poner: m4 /etc/mail/sendmail.mc /etc/mail/sendmail.cf me sale el siguiente error # $id: local_procmail.m4,v 8.22 2002/11/17 04:24:19 ca Exp $ # NONE:0: m4: ERROR: end of file in argument list error en sendmail.mc? intentar cd /etc/mail make -- Ugo Bellavance ([EMAIL PROTECTED]) Consultant en Sécurité Informatique Lubik Inc. Site Web: http://www.lubik.ca # Tél.: 514-907-3253 # Sans Frais: 866-507-3253 # Fax.: 1-866-334-1426 Protection de courriel par LastSpam (www.lastspam.com) -- This message has been verified by LastSpam (http://www.lastspam.com) eMail security service, provided by Lubik Ce courriel a ete verifie par le service de securite pour courriels LastSpam (http://www.lastspam.com), fourni par Lubik (http://www.lubik.ca) www.lubik.ca ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
RE: [CentOS-es] Cluster de Balanceo
--- Hector Martínez Romo [EMAIL PROTECTED] wrote: Estimado Gracias por tu respuesta, sin embargo piranha , por lo menos a mi no me sirve, eso es lo que creo, debido a que yo no cuento con otro servidor para que haga el balanceo entre los dos que tengo, abra alguna otra solución donde solo utilice los dos servidores que tengo? 1- si son MX pues el mismo mecanismo del MX en el DNS funciona bastante bien cuando le pones el mismo peso a los servidores 2- maquinas virtuales? 3- hardware especializado? content switch cu roger __ RedHat Certified ( RHCE ) Cisco Certified ( CCNA CCDA ) Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] 1680x1050 Monitor
Here is my xorg.conf I hope it could be useful to you. Good luck On Dec 31, 2007 12:28 PM, [EMAIL PROTECTED] wrote: On Mon, 31 Dec 2007 02:28:58 -0700 Carlos Daniel Ruvalcaba Valenzuela [EMAIL PROTECTED] wrote: I have the same monitor actually, here are some tips: Add this modeline to your Monitor section: modeline [EMAIL PROTECTED] 147.14 1680 1784 1968 2256 1050 1051 1054 1087 -hsync +vsync Add the new resolution to your Screen section ([EMAIL PROTECTED]), finally restart X, set the new resolution using system-config-desplay or Resolution Applet. Thanks, but did not work yet. Could you post your xorg.conf so I can compare? -- Thanks http://www.911networks.com When the network has to work xorg.conf Description: Binary data ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] display resolution
On Dec 31, 2007 12:25 AM, Bart Schaefer [EMAIL PROTECTED] wrote: Were you able to select your monitor from the list or are you choosing some kind of generic monitor? Move your existing xorg.conf out of the way before running system-config-display so that it's forced to start from scratch. It probably got the wrong HorizSync and VertRefresh values. If that doesn't work you'll need to find a manual or other description of your monitor and set HorizSync and VertRefresh and possibly a couple of Modeline entries by hand. yes. i removed xorg.conf to generate it from scratch. i selected generic 1024x768 monitor. still cant get 1024x768 to work. on some other distro and livecd i can even get 1280x1024. 800x600 works perfect. but it's just too low for me. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] display resolution
dny wrote: On Dec 31, 2007 12:25 AM, Bart Schaefer [EMAIL PROTECTED] wrote: Were you able to select your monitor from the list or are you choosing some kind of generic monitor? Move your existing xorg.conf out of the way before running system-config-display so that it's forced to start from scratch. It probably got the wrong HorizSync and VertRefresh values. If that doesn't work you'll need to find a manual or other description of your monitor and set HorizSync and VertRefresh and possibly a couple of Modeline entries by hand. yes. i removed xorg.conf to generate it from scratch. i selected generic 1024x768 monitor. still cant get 1024x768 to work. on some other distro and livecd i can even get 1280x1024. SO ... rsync that xorg.conf file off that machine (or copy it to the hard drive somewhere if the live CD can do that) and use it in CentOS-5. It should be interchangeable. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.1, mythtv, saa7134_dvb?
Akemi Yagi wrote: ... I do not know the answer but you can try building the module first - much faster than building the whole kernel anyway. I also suggest filing a request at bugs.centos.org. This will help remind Johnny when he does centosplus for the next release. Alas, the saa7134 in 2.6.18 is too old for my card :-( The driver in 2.6.18 supports card numbered 1 to 95. My card (medion) has number 96 :-( Putting saa7134 from a 2.6.23 kernel into 2.6.18 doesn't work. Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.1, mythtv, saa7134_dvb?
On Jan 1, 2008 4:44 AM, Mogens Kjaer [EMAIL PROTECTED] wrote: Alas, the saa7134 in 2.6.18 is too old for my card :-( The driver in 2.6.18 supports card numbered 1 to 95. My card (medion) has number 96 :-( Putting saa7134 from a 2.6.23 kernel into 2.6.18 doesn't work. Oh, this is unfortunate. In that case, the easiest way to get your card to work may be to use the 2.6.23 kernel. Of course, you'd have to take care of security fixes etc yourself... Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 31 Dec 2007 12:21:34 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: William L. Maltby wrote: On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote: Peter Farrell wrote: Problem is I want a REAL router/firewall with little work. Run a smoothwall installtion and replace your CentOS install. http://www.smoothwall.org/ well first challenge is my unit's USB ethernet dongles. Centos uses the RTL 8150 driver for them. Smoothwall only lists the RTL 8129, 8139, and 8169... I've used this at home for years. I don't know if it's suitable, but it seems *very* flexible. Allows for NAT or not, has typical zones, reporting, IPTables modification support, ... http://www.ipcop.org/ Has run/tested successfully on various configurations here. It's another ditch your CentOS solution though. But you can put it on any old junk laying around and it'ss probably work. Using cable modem in the boonies, 486DX/66 gives about 450KB/sec, Pentium 200MHz pci gives = 700MB/sec - both from decent sites. Tested using both ISA and PCI bus adapters through both twisted pair and thin coax. As I thought about things this morning, trying to put up smoothwall, I realized that one of my goals is to have a tool to turn a Centos system that I am using for foo, into a firewall for bar for a day. I have Astaro for my serious firewall needs (see later post), but need something 'portable'. You see I have these plans with some small itx systems have you considered linux that fits on a floppy disk? http://mypage.uniserve.ca/~thelinuxguy/small_and_floppy_linux/ http://www.linuxlinks.com/Distributions/Floppy/ http://www.dmoz.org/Computers/Software/Operating_Systems/Linux/Distributions/Tiny/Floppy_Sized/ get one running and configured and save to floppy... things go south reboot the machine and everything is back. no hard drives to worry about... Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
On Tue, 1 Jan 2008, Robert Moskowitz wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 31 Dec 2007 12:21:34 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: William L. Maltby wrote: On Mon, 2007-12-31 at 09:33 -0500, Robert Moskowitz wrote: Peter Farrell wrote: Problem is I want a REAL router/firewall with little work. Run a smoothwall installtion and replace your CentOS install. http://www.smoothwall.org/ well first challenge is my unit's USB ethernet dongles. Centos uses the RTL 8150 driver for them. Smoothwall only lists the RTL 8129, 8139, and 8169... I've used this at home for years. I don't know if it's suitable, but it seems *very* flexible. Allows for NAT or not, has typical zones, reporting, IPTables modification support, ... http://www.ipcop.org/ Has run/tested successfully on various configurations here. It's another ditch your CentOS solution though. But you can put it on any old junk laying around and it'ss probably work. Using cable modem in the boonies, 486DX/66 gives about 450KB/sec, Pentium 200MHz pci gives = 700MB/sec - both from decent sites. Tested using both ISA and PCI bus adapters through both twisted pair and thin coax. As I thought about things this morning, trying to put up smoothwall, I realized that one of my goals is to have a tool to turn a Centos system that I am using for foo, into a firewall for bar for a day. I have Astaro for my serious firewall needs (see later post), but need something 'portable'. You see I have these plans with some small itx systems have you considered linux that fits on a floppy disk? http://mypage.uniserve.ca/~thelinuxguy/small_and_floppy_linux/ http://www.linuxlinks.com/Distributions/Floppy/ http://www.dmoz.org/Computers/Software/Operating_Systems/Linux/Distributions/Tiny/Floppy_Sized/ get one running and configured and save to floppy... things go south reboot the machine and everything is back. no hard drives to worry about... Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. Yes, floppy drives are rare - but they are still incredibly valuable. I've dealt with needing to install drivers from floppy for OSes, and the OSse are looking to floppy. I've needed DOS' fdisk to get me out of problems at times, and having a bootable copy of DOS on-hand has done the job. Some BIOS updates are only available from a bootable floppy (won't install to anything else). Saves times and frusteration in having a reusable floppy around than having to sometimes create a bootable CD to put the files on. Reuse the floppy as often as needed. Old hardware still exists and is usable, and sometimes only work, or work best, with floppies. Sometimes old school is still good school. We still often use VT100 or 3270 emulation for remote connectivity... Think about their origins. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.1, mythtv, saa7134_dvb?
Akemi Yagi wrote: On Jan 1, 2008 4:44 AM, Mogens Kjaer [EMAIL PROTECTED] wrote: Alas, the saa7134 in 2.6.18 is too old for my card :-( The driver in 2.6.18 supports card numbered 1 to 95. My card (medion) has number 96 :-( Putting saa7134 from a 2.6.23 kernel into 2.6.18 doesn't work. Oh, this is unfortunate. In that case, the easiest way to get your card to work may be to use the 2.6.23 kernel. Of course, you'd have to take care of security fixes etc yourself... Is there anything special I have to do to use a vanilla kernel on a Centos 5.1 machine? Nothing special hardware (except for the TV card), /boot and / on software RAID 1. The centos 2.6.18 kernel is build with 1084 (!) patches, I assume they are there for a reason. I stopped doing kernel compilations around RedHat 9... Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. - -- Mark Drunkenness is not an excuse for stupidity. If you're stupid when you're sober then that's one thing, but if you're sober when you're stupid, then you're just plain stupid! == Powered by CentOS5 (RHEL5) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHelHmAHUWFbtwPigRAnENAJ4lTmw4Y/zYA0o2UoLkS9kfS0BmBgCfdCaY MMt82ApSGiXMHn10XOFXslQ= =fm8P -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.1, mythtv, saa7134_dvb?
Mogens Kjaer wrote: Akemi Yagi wrote: On Jan 1, 2008 4:44 AM, Mogens Kjaer [EMAIL PROTECTED] wrote: Alas, the saa7134 in 2.6.18 is too old for my card :-( The driver in 2.6.18 supports card numbered 1 to 95. My card (medion) has number 96 :-( Putting saa7134 from a 2.6.23 kernel into 2.6.18 doesn't work. Oh, this is unfortunate. In that case, the easiest way to get your card to work may be to use the 2.6.23 kernel. Of course, you'd have to take care of security fixes etc yourself... Is there anything special I have to do to use a vanilla kernel on a Centos 5.1 machine? Nothing special hardware (except for the TV card), /boot and / on software RAID 1. The centos 2.6.18 kernel is build with 1084 (!) patches, I assume they are there for a reason. I stopped doing kernel compilations around RedHat 9... Hmm ... I would try to use a newer Fedora kernel SRPM that meets the requirements. Or maybe even just use MythDora for this machine as it is specifically designed for mythtv boxes. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. Best, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 01 Jan 2008 10:32:14 -0500 Ugo Bellavance [EMAIL PROTECTED] wrote: I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Ugo well... if he built a live CD that would essentially be a portable firewall. Just boot the CD in what ever machine you've got it configured for and off you go. - -- Mark Drunkenness is not an excuse for stupidity. If you're stupid when you're sober then that's one thing, but if you're sober when you're stupid, then you're just plain stupid! == Powered by CentOS5 (RHEL5) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHemhKAHUWFbtwPigRAls+AJ9kK/E6npMSwZVbtk2EaTwsAJXijQCfZXtM mY7S6pC9N2eqTK+8oVY5qts= =1aig -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 01 Jan 2008 10:59:17 -0500 Chris Mauritz [EMAIL PROTECTED] wrote: Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. Best, true... - -- Mark Drunkenness is not an excuse for stupidity. If you're stupid when you're sober then that's one thing, but if you're sober when you're stupid, then you're just plain stupid! == Powered by CentOS5 (RHEL5) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHemiHAHUWFbtwPigRAowzAJ429jU5WZsIo9yA87vemrXm22PUJACfVGp7 RxnJ+67PIkCU7Do6+Nvfl6A= =c3oq -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. Of course in my lab, the firewall is a 'older' machine. But I want to learn from this so that when I am at a conference or trade show and need a firewall 'fast', I can put up the services on one of my Centos notebooks. BTW, WRT 'older' machines. I am looking more at the cost of running these machines (power draw). It is not just a matter of the $0.124/KWH that I pay, but the cost to add another circuit (my NOC shares two circuits that were already runnning at 50% utilizatoin), and the cost of cooling in the summer (we added a tap into the cold air return system by the rack fans to capture the computer heat for the winter). I just got the firewall running (see later note) on a decTOP micro PC that I pulled the 10Gb 3.5 drive and installed a 2.5 6Gb drive. The system pulls about 10W! Compared to ~100W for some of my Compaq SFFs. Let's see 90W/day = 2.16KWH = ~$0.27/day = ~$97.76/year. That can pay for replacing another old Compaq with another decTOP (well not really as you have to add memory, switch out drives, and add a second USB ethernet dongle; guess the ROI is around 2 years). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
Chris Mauritz wrote: Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. hmmm ... I would think that they do not handle heat very well though. Maybe they do, and certainly it is better than throwing them away I guess. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. I have enough gear to get through TSA. My next trip will have me carrying 3 laptops (granted 2 are 12 and one 7) and one microITX box. Plus a bunch of USB gizmos, my Bose 2 headphones, etc. And I do carryon, so space is at a premium. The boxes here in the lab are not portable, but the learning has to be. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
Chris Mauritz wrote: Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. I have a Dell notebook that functions as my backup Win2000 family finance system. Next project is to see if I can reuse that old Toshiba 4000cdt box ;) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 01 Jan 2008 10:32:14 -0500 Ugo Bellavance [EMAIL PROTECTED] wrote: I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Ugo well... if he built a live CD that would essentially be a portable firewall. Just boot the CD in what ever machine you've got it configured for and off you go. bad assumption about available CD. But bootable USB is an option, and they are cheap enough (check out ecost countdowns), and hold more than a CD. That will be coming next. Centos on a USB drive. DSL on USB is supposedly 'easy'. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
Firewall is up and running. Used Shorewall with Webmin. Les Bell wrote: Robert Spangler [EMAIL PROTECTED] wrote: While IPTABLES might be CHEAP (price) it is a very good firewall. Learn to set it up from the command line, it isn't that hard. Amen. I've been using CentOS for firewalls here for a long time now, with hand-written rules. Besides, generic firewall configuration tools don't - can't - know about many of the more advanced modules and features of iptables. I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything. So I decided to try out shorewall, which has a front end in Webmin. The 'nice' thing about this was as I built a portion of Shorewall (say the zones), I could sue the Webmin edit the conf file directly to see the 'raw' config file and looky there, a URL for a help page! Taking it slow, I got Shorewall up in about 1 hour. But I have questions for the Shorewall people. They talk about iptables, then netfilter. The site says that Shorewall is not a deamon. Well I see a Shorewall service running. Can't see that is using any cpu cycles or how much memory. The iptables have the same content they had when I used the upstream's tool at Centos install time to set up basic 'firewall' features. So what gives ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
--- Johnny Hughes [EMAIL PROTECTED] wrote: Chris Mauritz wrote: Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. hmmm ... I would think that they do not handle heat very well though. Maybe they do, and certainly it is better than throwing them away I guess. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The bad thing is if you always keep the laptop plugged in the battery will be useless and will not hold a charge. That is what happen with one of my laptops. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Firewall frustration
Robert Moskowitz wrote: Firewall is up and running. Used Shorewall with Webmin. Les Bell wrote: Robert Spangler [EMAIL PROTECTED] wrote: While IPTABLES might be CHEAP (price) it is a very good firewall. Learn to set it up from the command line, it isn't that hard. Amen. I've been using CentOS for firewalls here for a long time now, with hand-written rules. Besides, generic firewall configuration tools don't - can't - know about many of the more advanced modules and features of iptables. I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything. So I decided to try out shorewall, which has a front end in Webmin. The 'nice' thing about this was as I built a portion of Shorewall (say the zones), I could sue the Webmin edit the conf file directly to see the 'raw' config file and looky there, a URL for a help page! Taking it slow, I got Shorewall up in about 1 hour. But I have questions for the Shorewall people. They talk about iptables, then netfilter. The site says that Shorewall is not a deamon. Well I see a Shorewall service running. Can't see that is using any cpu cycles or how much memory. The iptables have the same content they had when I used the upstream's tool at Centos install time to set up basic 'firewall' features. So what gives There is also an iptables 'service', that doesn't mean there is a deamon. It is a simple way to start the firewall at boot time. Have you checked m0n0wall/pfsense livecd? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote: I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything. *boggle* Is it really that hard? ## Clear up whatever is in there at the moment. iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F POSTROUTING ## Accept anything related to existing connections iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT ## I want to allow incoming port 80 to 1.2.3.4 iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT ## I want to allow incoming port 123 (ntp) to 1.2.3.6 iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j ACCEPT ## Lets block ALL other incoming things iptables -A INPUT -j DROP iptables -A FORWARD -j DROP There you go. That's a very basic firewall using iptables in about 3 minutes :) -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drbd on CentOS 5
On Fri, 2007-12-07 at 22:40 +0100, Fabian Arrotin wrote: No, you don't need the centosplus kernel to use DRBD ... but actually there is no (not yet) kmod-drbd for the current (and updated) CentOS 5.1 kernel. They'll appear soon Sorry for the late reply: thanks for the answer, Fabian. Much appreciated. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.22.9-61.fc6 i686 GNU/Linux 13:28:34 up 15 days, 11:56, 1 user, load average: 0.44, 0.47, 0.42 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
Steven Haigh kirjoitti viestissään (lähetysaika tiistai, 1. tammikuuta 2008 20:23): On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote: I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything. There you go. That's a very basic firewall using iptables in about 3 minutes :) -- Steven Haigh How about look: http://easyfwgen.morizot.net/gen/ It has been quite long time very easy tool for n00bs to generate rules... I've using it for ages now. After generation very easy to use and configure more rules, if needed. Jarmo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Firewall frustration
--- Steven Vishoot [EMAIL PROTECTED] wrote: --- Johnny Hughes [EMAIL PROTECTED] wrote: Chris Mauritz wrote: Ugo Bellavance wrote: Mark Weaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Jan 2008 08:57:22 -0500 Robert Moskowitz [EMAIL PROTECTED] wrote: Have you ever thought about how rare floppy drives are now? At best you go with a bootable usb, if your notebook supports bootable USB. My Libretto does have a bootable floppy, but that is something extra to carry. It will not boot from anything else (besides its HD). My nc4010 (this notebook) will boot from usb. My corp notebook (nc2400) is locked down; and I don't see any value at getting corp IT bent out of shape. why would you even think about using a Notebook computer as a firewall? I was assuming you were going to delegate this task to an older machine with sufficient resources to handle the task and not give the task to a notebook computer. I guess he wants it to be portable. He seems to be knowing his requirements a lot better than we do. It looks like he wants an easy firewall that would boot for HD only, cost nothing, and runs with usb ethernet devices. I really think he should carry an embedded firewall (like a soekris or a wrap) with pfsense on it. Old laptops make pretty good firewalls, I think. They take little space, have a built-in battery backup and built-in keyboard/monitor to use when you are visiting the datacenter. I have repurposed a couple of older laptops for these reasons since the machine doesn't need to be very fast to accomplish the mission. A lot of 3-4 year old laptops cave in under the weight of Windows, but are really overkill for a simple unix firewall. Better than sending them to the dustbin. hmmm ... I would think that they do not handle heat very well though. Maybe they do, and certainly it is better than throwing them away I guess. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The bad thing is if you always keep the laptop plugged in the battery will be useless and will not hold a charge. That is what happen with one of my laptops. You can always take the battery out and keep it plugged in. Runs cooler, too. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall frustration
Thanks I will read this through a bit later. Perhaps I was making more of it than needed, but my attempts were not working. And all I was trying for at first was to allow SSH through. Steven Haigh wrote: On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote: I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything. *boggle* Is it really that hard? ## Clear up whatever is in there at the moment. iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F POSTROUTING ## Accept anything related to existing connections iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT ## I want to allow incoming port 80 to 1.2.3.4 iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT ## I want to allow incoming port 123 (ntp) to 1.2.3.6 iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j ACCEPT ## Lets block ALL other incoming things iptables -A INPUT -j DROP iptables -A FORWARD -j DROP There you go. That's a very basic firewall using iptables in about 3 minutes :) -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] cron clarification
What is the ramifications to simply placing scripts in the /etc/cron.hourly directory as opposed to actually adding jobs via the crontab -e method? Is there any significance to using one method versus the other? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron clarification
On Tue, Jan 01, 2008 at 04:08:17PM -0700, Joseph L. Casale wrote: What is the ramifications to simply placing scripts in the /etc/cron.hourly directory as opposed to actually adding jobs via the crontab -e method? Is there any significance to using one method versus the other? If you don't need to run something at a specific time then cron.hourly is easier and simpler. Just drop the script into the directory. If you need something at a specific time then look into /etc/cron.d/ which is similar to traditional crontab format, but again is simply a matter of dropping files into that directory. eg % cat /etc/cron.d/sysstat # run system activity accounting tool every 10 minutes */10 * * * * root /usr/lib/sa/sa1 1 1 # generate a daily summary of process accounting at 23:53 53 23 * * * root /usr/lib/sa/sa2 -A Traditional crontab entries do still work, if you really want to deal with that, but it's harder to automate install/uninstalls. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] cron clarification
Traditional crontab entries do still work, if you really want to deal with that, but it's harder to automate install/uninstalls. -- rgds Stephen Thanks Stephen and Jim! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: CentOS 4.4 Installtion Screen Shots
Dear All, I want to take a moment to thank everyone who responded to my query. Regards -S.Balaji Craig White wrote: On Mon, 2007-12-31 at 17:55 -0500, Jim Perrin wrote: On Dec 31, 2007 4:55 PM, William L. Maltby [EMAIL PROTECTED] wrote: And I was so trying to not fill in for Perrin(?). We've had enough flame wars for this decade and I was hoping to avoid another. You'll notice that I consciously did not post a reply to this thread specifically to... DAMMIT how to I always get drawn into these things! :-P Hope everyone is having, had, or will have a happy new year! My resolutions involve being kinder to folks on the list, offering solid advice without snarky comments, and doing charity work once a month! Rails Ruby developers understand...it's called MINASWAN 'Matz is nice and so we are nice' (Matz being the short name for the Yukihiro Matsumoto, the creator of the ruby language) It's civil territory. You couldn't handle it...they say once a dog gets the taste of blood into their mouth, they never forget. ;-) Happy new year back to ya Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos