RE: [CentOS] IPTables help
>iptables will process rules until a match. If the match is -j >ACCEPT/REJECT/DROP, it will end processing there. If it's -j >another_chain, it will jump to the other chain. If it matches a rule >in the other chain with -j ACCEPT/REJECT/DROP, it will stop processing >there. Otherwise, if no rules in this inner chain matches, it will >resume processing in the outer chain just after the rule which jumped >to the inner chain. Filipe, Appreciate the help, but I think I am still unsure of that last point. If the default policy for INPUT is DROP, and a rule "allowing" traffic is not matched, once it gets to the end it performs the default policy action from what I have gathered now. This contradicts the suggestion you make about it jumping to the next chain? Are you sure (it was an RH instructor today that explained this to me)? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] read only root file system
Responding to a question posted earlier this month, Centos 5.1 includes configuration files for enabling the read-only root filesystem. Actually, all filesystems can be mounted read-only with particular files and directories mounted on a read-write tmpfs (in RAM). This capability comes directly from the upstream provider. You can have your Centos system running read-only root in two easy steps: 1. Edit /etc/sysconfig/readonly-root and change READONLY=no to READONLY=yes 2. Reboot When your computer comes back up, the root and any other system partitions will be mounted read-only. All the files and directories listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. You can add additional files and directories to rwtab to make them writable after reboot. Note that this system is stateless. When you reboot again, everything written to the tmpfs filesystem vanishes and the system will be exactly as it was the last time it was booted. You could add a writable filesystem on disk or NFS for writing files you want to retain after rebooting. Take a look at /etc/rc.d/rc.sysinit to see how the magic is done. This capability is a "technology preview" (beta) and is buggy. Note that /etc/mtab and thus "mount" do not show the complete list of filesystems because the /etc directory is on a read-only filesystem. /proc/mounts always shows the correct mount information. You could update /etc/mtab from /proc/mounts to correct it both after boot and after running the mount or umount commands to change mounts. Run "fgrep -v rootfs /proc/mounts >/etc/mtab" to correct /etc/mtab. Note that mounting or symlinking /proc/mounts to /etc/mtab causes other problems such as breaking the df command. You can change your read-only root filesystem to read-write mode immediately with this command run by the root user: mount -n -o remount,rw / - Fred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Friday 23 May 2008 21:31, Fajar Priyanto wrote: > Actually I have written a small tutorial on iptables, but I haven't > translated it into english. I'll let you know when it's done. Hopefully it > will be useful for others. Please have someone, or for that matter a few people, who have a good understanding of firewalls look over your tutorial before it is published. While you show a basic understanding of how firewalls work you lack the knowledge of true security. Just my observation. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] small annoying problem with Ati video driver
--- "Juan C. Valido" <[EMAIL PROTECTED]> wrote: > I have a small annoying problem with Ati video > driver, when Centos 5.1 > starts and gets to the login screen the resolution > is too high for my > monitor (better than out of range) and it's annoying > can I have it start > in a lower resolution. Thanks... Juan, If you are referring to the installer, then you can use kernel params: linux askmethod vga=788 (or 791) resolution=1024x768 -- Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to move my MBR
I copied over the MBR from hdc to sda. I found a 4.4 LiveCD, but apparently its damaged so it wouldn't boot. I attempted to put everything back and when I rebooted it went into a GRUB screen instead of a normal boot. I had no idea how to get it to boot from there, so instead of taking the time to figure it out, I decided it was time to make the plunge to CentOS 5. So I'm now on CentOS 5 and my old /home hard drive is completely history. :) Thanks, Scott On Fri, May 23, 2008 at 10:49 AM, Scott Moseman <[EMAIL PROTECTED]> wrote: > > I also do not see an CentOS 4.x x86_64 Live CD; only i386. > Is it not really going to matter, 64b vs 32b, when using that? > > Thanks, > Scott > >> >> Do I need to move the MBR, remove the old drive, and reboot from >> a LiveCD in order to have a reconfigure of grub correctly see which >> drive it should find to boot from? Or can I do this before taking the >> system down for the drive removal? >> > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: sed
Scott Silva wrote: sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' (where there's a space *and* a TAB inside each of the [ ] ) The above version easier to read and "copy paste". Space is space and tabe is \t sed 's/^\([^ \t]*[ \t]*[^ \t]*\)\([ \t]*.*\)$/\1.contoso.com\2/' I grew up with versions of 'sed' that don't understand this new-fangled method of specifying tabs, and write enough cross-platform code that I can't rely on it (still doesn't work in Solaris 10, for example). perl can do anything sed can do and has almost no platform or version related syntax differences - plus it has \s to represent 'whitespace' and you don't have to bang your head on the wall when you are half done and realize you have to do something spanning multiple lines. Show your example. Inquiring minds want to know! perl -p -e 's/(\s+\S+)/$1.contoso.com /' That's "match one or more whitespace characters followed by one or more non-whitespace and add .contoso.com after whatever matched. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Friday 23 May 2008 23:25:36 Joseph L. Casale wrote: > >Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please > > mind the word wrap): #Clear all rules and policies first: > >iptables -P INPUT ACCEPT > >iptables -P OUTPUT ACCEPT > >iptables -P FORWARD ACCEPT > >iptables -F > >iptables -t nat -F > > I misunderstand this, if the default policy is to accept, then how does > this work (I thought it was wise to make it Drop)? In terms of Cisco ACL's, > how does iptables work, does it simply continue processing until it sees > something explicitly denying if the default policy is ACCEPT, versus DROP, > will it continue processing until it sees something explicitly allowing? The reason we 'clear' all the policies and rules at the start is to make sure that there are no 'overlapping/contradicting' ones. So, if our iptables is 'brand new' from Centos with nothing in it, there's no need to clear them. But, it's good practice to clear them FIRST to avoid headache later or accidentally lockout. > >#Finally dropping all other traffic (positive list firewall): > >iptables -P INPUT DROP > >iptables -P OUTPUT DROP > >iptables -P FORWARD DROP > > So here you know restate the default policy? I thought you could only > define this once? Yes, we finally define the MOST strict one at the LAST of the rules. Why? Because if we define it in the START of the rule, we will be effectively lockout from our box :) (if we use ssh, or the Xwindow is hanging, etc). Actually I have written a small tutorial on iptables, but I haven't translated it into english. I'll let you know when it's done. Hopefully it will be useful for others. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 08:30:55 up 19 min, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Fri, May 23, 2008 at 12:25 PM, Joseph L. Casale <[EMAIL PROTECTED]> wrote: > In terms of Cisco ACL's, how does > iptables work, does it simply continue processing until it sees something > explicitly > denying if the default policy is ACCEPT, versus DROP, will it continue > processing until > it sees something explicitly allowing? iptables will process rules until a match. If the match is -j ACCEPT/REJECT/DROP, it will end processing there. If it's -j another_chain, it will jump to the other chain. If it matches a rule in the other chain with -j ACCEPT/REJECT/DROP, it will stop processing there. Otherwise, if no rules in this inner chain matches, it will resume processing in the outer chain just after the rule which jumped to the inner chain. >>#Finally dropping all other traffic (positive list firewall): >>iptables -P INPUT DROP >>iptables -P OUTPUT DROP >>iptables -P FORWARD DROP > So here you know restate the default policy? I thought you could only define > this once? You define the default policy for every built-in chain: INPUT, OUTPUT and FORWARD. > Does this -F not reset the above stated policy? No, it doesn't. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to debug ssh slow connection issues.
Try to change this in your /etc/ssh/sshd_config: If in CentOS 5, change: AddressFamily any to: AddressFamily inet If in CentOS 4, change: ListenAddress :: to: ListenAddress Uncomment those lines if needed. Change: GSSAPIAuthentication yes to: GSSAPIAuthentication no Change: UseDNS yes to: UseDNS no Uncomment the last line if applicable. Then restart your sshd and try to connect again, see if that improved the situation or not. If it did, it's related to DNS. Keep a backup of your original file and restore it later. Better yet, do the changes on a copied file and then start sshd in the command line in debugging mode with the -f option to specify the new config file. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: sed
on 5-23-2008 11:51 AM Les Mikesell spake the following: Stephen Harris wrote: On Fri, May 23, 2008 at 06:59:24PM +0200, Thomas Johansson wrote: Stephen Harris wrote: sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' (where there's a space *and* a TAB inside each of the [ ] ) The above version easier to read and "copy paste". Space is space and tabe is \t sed 's/^\([^ \t]*[ \t]*[^ \t]*\)\([ \t]*.*\)$/\1.contoso.com\2/' I grew up with versions of 'sed' that don't understand this new-fangled method of specifying tabs, and write enough cross-platform code that I can't rely on it (still doesn't work in Solaris 10, for example). perl can do anything sed can do and has almost no platform or version related syntax differences - plus it has \s to represent 'whitespace' and you don't have to bang your head on the wall when you are half done and realize you have to do something spanning multiple lines. Show your example. Inquiring minds want to know! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Jason Pyeron > Sent: Friday, May 23, 2008 2:42 PM > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Paul Heinlein > > Sent: Friday, May 23, 2008 2:35 PM > > > > On Fri, 23 May 2008, Jason Pyeron wrote: > > > > >>> debug3: Normalising mapped IPv4 in IPv6 address > > >>> debug3: Trying to reverse map address 192.168.1.80. > > >>> > > >>> paused 7 seconds > > >> > > >> Here, obviously, is part of the problem. Your name service isn't > > >> answering reverse lookups for your LAN addresses -- or it least it > > >> isn't answering them in a timely manner. Fixing that, either > > >> through DNS or /etc/hosts, will help a bunch. > > > > > > [EMAIL PROTECTED] ~]# date && host 192.168.1.80 && date && host > > > host80.1.internal.pdinc.us && date Fri May 23 13:55:52 EDT 2008 > > > 80.1.168.192.in-addr.arpa domain name pointer > host80.1.internal.pdinc.us. > > > Fri May 23 13:55:52 EDT 2008 > > > host80.1.internal.pdinc.us has address 192.168.1.80 Fri May 23 > 13:55:52 > > EDT > > > 2008 > > > [EMAIL PROTECTED] ~]# > > > > > > Hmmm, does not take 7 seconds. > > > > User-space utilities like /usr/bin/host don't always provide an > > accurate reflection of the name services inherited by init- or > > kernel-launched processes -- especially if the network wasn't (for > > reasons unknown) fully functional at boot time. > > Reboot? No effect. > > > I'm still inclined to believe that hostname-lookup issues are involved > > here; an strace with timestamps might provide a better glimpse of the > > exact system calls that are timing out. > > Like wise, but with local DNS and local IPs humming perfectly? > Weird: [EMAIL PROTECTED] ~]# for i in `ip addr show | perl -ne 'm/inet (.+)\// and print $1,"\n";'`; do echo try $i && time ssh $i true && echo; done try 127.0.0.1 real0m0.093s user0m0.007s sys 0m0.001s try public_ip_1_in_/etc/sysconfig/network-scripts/ifcfg-eth0 real0m5.799s user0m0.005s sys 0m0.005s try 192.168.1.21 real0m28.484s user0m0.007s sys 0m0.003s try public_ip_2 real0m28.552s user0m0.007s sys 0m0.001s try public_ip_3 real0m28.503s user0m0.007s sys 0m0.003s try 192.168.1.39 real0m28.559s user0m0.006s sys 0m0.003s try 192.168.1.52 real0m28.487s user0m0.006s sys 0m0.003s try 192.168.1.58 real0m28.489s user0m0.008s sys 0m0.002s -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] More recent GDE on CentOS 5+
On Fri, May 23, 2008 at 12:00:41PM -0700, MHR wrote: > I have not had any success building a more recent version of GDE than > 2.16.0 on CentOS. > > I tried jhbuild, and went line by line using the how-to web page for > jhbuild (http://www.gnome.org/~jamesh/jhbuild.html), and I get hung up > on dbus-glib-l (which does not appear to be in CentOS or available for > it, at least from base, updates, extras, KB & rpmforge). Garnome is > another possibility that I haven't looked at yet 'cuz jhbuild is > supposed to be easy and fully automated (it might be, if everything it > needs is already there, but it doesn't tell you up front what that > means or how to get it or ...). > > Gnome "says" we should use the GDE that ships with our distribution, > but RH (CentOS) has to oldest revision available. To get a newer one, > the Gnome people recommend building my own. > > Has anyone tried this successfully? How? > Not a great answer for you, but... are you tied to CentOS? Could you use Fedora? If I were in your shoes I'd probably start with the Fedora SRPM's and then build up additional components that are required or modify... Actually I'd probably just use Fedora :) Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] More recent GDE on CentOS 5+
I have not had any success building a more recent version of GDE than 2.16.0 on CentOS. I tried jhbuild, and went line by line using the how-to web page for jhbuild (http://www.gnome.org/~jamesh/jhbuild.html), and I get hung up on dbus-glib-l (which does not appear to be in CentOS or available for it, at least from base, updates, extras, KB & rpmforge). Garnome is another possibility that I haven't looked at yet 'cuz jhbuild is supposed to be easy and fully automated (it might be, if everything it needs is already there, but it doesn't tell you up front what that means or how to get it or ...). Gnome "says" we should use the GDE that ships with our distribution, but RH (CentOS) has to oldest revision available. To get a newer one, the Gnome people recommend building my own. Has anyone tried this successfully? How? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] small annoying problem with Ati video driver
I have a small annoying problem with Ati video driver, when Centos 5.1 starts and gets to the login screen the resolution is too high for my monitor (better than out of range) and it's annoying can I have it start in a lower resolution. Thanks... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
Stephen Harris wrote: On Fri, May 23, 2008 at 06:59:24PM +0200, Thomas Johansson wrote: Stephen Harris wrote: sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' (where there's a space *and* a TAB inside each of the [ ] ) The above version easier to read and "copy paste". Space is space and tabe is \t sed 's/^\([^ \t]*[ \t]*[^ \t]*\)\([ \t]*.*\)$/\1.contoso.com\2/' I grew up with versions of 'sed' that don't understand this new-fangled method of specifying tabs, and write enough cross-platform code that I can't rely on it (still doesn't work in Solaris 10, for example). perl can do anything sed can do and has almost no platform or version related syntax differences - plus it has \s to represent 'whitespace' and you don't have to bang your head on the wall when you are half done and realize you have to do something spanning multiple lines. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Paul Heinlein > Sent: Friday, May 23, 2008 2:35 PM > To: CentOS mailing list > Subject: RE: [CentOS] how to debug ssh slow connection issues. > > On Fri, 23 May 2008, Jason Pyeron wrote: > > >>> debug3: Normalising mapped IPv4 in IPv6 address > >>> debug3: Trying to reverse map address 192.168.1.80. > >>> > >>> paused 7 seconds > >> > >> Here, obviously, is part of the problem. Your name service isn't > >> answering reverse lookups for your LAN addresses -- or it least it > >> isn't answering them in a timely manner. Fixing that, either > >> through DNS or /etc/hosts, will help a bunch. > > > > [EMAIL PROTECTED] ~]# date && host 192.168.1.80 && date && host > > host80.1.internal.pdinc.us && date Fri May 23 13:55:52 EDT 2008 > > 80.1.168.192.in-addr.arpa domain name pointer host80.1.internal.pdinc.us. > > Fri May 23 13:55:52 EDT 2008 > > host80.1.internal.pdinc.us has address 192.168.1.80 Fri May 23 13:55:52 > EDT > > 2008 > > [EMAIL PROTECTED] ~]# > > > > Hmmm, does not take 7 seconds. > > User-space utilities like /usr/bin/host don't always provide an > accurate reflection of the name services inherited by init- or > kernel-launched processes -- especially if the network wasn't (for > reasons unknown) fully functional at boot time. Reboot? > > Do you remember if there were any network timeouts when you booted the > machine in question? Oddly, yes there was. > > Are you running nscd? > [EMAIL PROTECTED] ~]# chkconfig --list | grep nscd nscd0:off 1:off 2:off 3:off 4:off 5:off 6:off > I'm still inclined to believe that hostname-lookup issues are involved > here; an strace with timestamps might provide a better glimpse of the > exact system calls that are timing out. Like wise, but with local DNS and local IPs humming perfectly? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
On Fri, 23 May 2008, Jason Pyeron wrote: debug3: Normalising mapped IPv4 in IPv6 address debug3: Trying to reverse map address 192.168.1.80. paused 7 seconds Here, obviously, is part of the problem. Your name service isn't answering reverse lookups for your LAN addresses -- or it least it isn't answering them in a timely manner. Fixing that, either through DNS or /etc/hosts, will help a bunch. [EMAIL PROTECTED] ~]# date && host 192.168.1.80 && date && host host80.1.internal.pdinc.us && date Fri May 23 13:55:52 EDT 2008 80.1.168.192.in-addr.arpa domain name pointer host80.1.internal.pdinc.us. Fri May 23 13:55:52 EDT 2008 host80.1.internal.pdinc.us has address 192.168.1.80 Fri May 23 13:55:52 EDT 2008 [EMAIL PROTECTED] ~]# Hmmm, does not take 7 seconds. User-space utilities like /usr/bin/host don't always provide an accurate reflection of the name services inherited by init- or kernel-launched processes -- especially if the network wasn't (for reasons unknown) fully functional at boot time. Do you remember if there were any network timeouts when you booted the machine in question? Are you running nscd? I'm still inclined to believe that hostname-lookup issues are involved here; an strace with timestamps might provide a better glimpse of the exact system calls that are timing out. -- Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: RAID5 or RAID50 for database?
on 5-22-2008 9:58 PM Bahadir Kiziltan spake the following: You need at least 6 drives for RAID5. I don't know if Perc 4e/Di allows configuring the RAID5. Where did you get this bit of information? You can create a raid 5 with 3 or more disks. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
On Fri, May 23, 2008 at 8:50 AM, Matt Shields <[EMAIL PROTECTED]> wrote: > > I'd use awk. Put the lines in a file, then do this > > cat test.txt | awk '{ print $1 "\t" $2 ".centos.com\t" $3 "\t" $4 }' > Or just awk '{ print $1 "\t" $2 ".centos.com\t" $3 "\t" $4 }' test.txt > newhostsfile (The cat just complicates things, as with most cats :-) mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Paul Heinlein > Sent: Friday, May 23, 2008 2:17 PM > > On Fri, 23 May 2008, Jason Pyeron wrote: > > > debug3: Normalising mapped IPv4 in IPv6 address > > debug3: Trying to reverse map address 192.168.1.80. > > > > paused 7 seconds > > Here, obviously, is part of the problem. Your name service isn't > answering reverse lookups for your LAN addresses -- or it least it > isn't answering them in a timely manner. Fixing that, either through > DNS or /etc/hosts, will help a bunch. [EMAIL PROTECTED] ~]# date && host 192.168.1.80 && date && host host80.1.internal.pdinc.us && date Fri May 23 13:55:52 EDT 2008 80.1.168.192.in-addr.arpa domain name pointer host80.1.internal.pdinc.us. Fri May 23 13:55:52 EDT 2008 host80.1.internal.pdinc.us has address 192.168.1.80 Fri May 23 13:55:52 EDT 2008 [EMAIL PROTECTED] ~]# Hmmm, does not take 7 seconds. > > > debug1: do_pam_account: called > > > > pause 7 seconds > > > > debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success) > > This delay puzzles me. Are you using LDAP as an authentication > backend? If so, reverse-mapping failure may be the issue here, too. NIS. But the delay is constant regardless of the user being in the local /etc/passwd or NIS. Further on the local prompt "id user" works just fine. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
On Fri, 23 May 2008, Jason Pyeron wrote: debug3: Normalising mapped IPv4 in IPv6 address debug3: Trying to reverse map address 192.168.1.80. paused 7 seconds Here, obviously, is part of the problem. Your name service isn't answering reverse lookups for your LAN addresses -- or it least it isn't answering them in a timely manner. Fixing that, either through DNS or /etc/hosts, will help a bunch. debug1: do_pam_account: called pause 7 seconds debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success) This delay puzzles me. Are you using LDAP as an authentication backend? If so, reverse-mapping failure may be the issue here, too. -- Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] how to debug ssh slow connection issues.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Paul Heinlein > Sent: Friday, May 23, 2008 1:06 PM > > > When sshd looks to be the culprit, my troubleshooting begins by > launching it in foreground mode on a non-standard port on the server: > >sshd -ddd -p > Will snip in reply to this. Putting it in full just in case. [EMAIL PROTECTED] ~]# /usr/sbin/sshd -ddd -p 2 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 191 debug2: parse_server_config: config /etc/ssh/sshd_config len 191 debug3: /etc/ssh/sshd_config:86 setting UsePAM yes debug3: /etc/ssh/sshd_config:89 setting GatewayPorts yes debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_4.6p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='2' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 2 on ::. Server listening on :: port 2. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 2 on 0.0.0.0. Bind to port 2 on 0.0.0.0 failed: Address already in use. Generating 768 bit RSA key. RSA key generation complete. debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 191 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug1: inetd sockets after dupping: 3, 3 debug3: Normalising mapped IPv4 in IPv6 address debug3: Normalising mapped IPv4 in IPv6 address Connection from 192.168.1.80 port 40084 debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_4.6 debug2: fd 3 setting O_NONBLOCK debug3: privsep user:group 74:74 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diff ie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,a es192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes25 6-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,a es192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes25 6-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm ac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm ac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellma n-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,r [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm ac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hm ac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug2: Network child is on pid 25687 debug3: preauth child monitor started debug3: mm_request_receive entering debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3:
RE: [CentOS] samba question
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of david chong > Sent: Thursday, May 22, 2008 3:21 AM > To: CentOS mailing list > Subject: [CentOS] samba question > > Hi, > > I am running Centos5.1, trying to configure samba now. I am > quite new in this area and hope help from the list. > > I could not connect to it from a windows xp pc You should really look into the Samba Mailing list.. https://lists.samba.org/mailman/listinfo/samba I only use two mailing lists (Linux that is...) Centos and Samba.. Following your thread, you likely need to add the server to the hosts and lmhosts files on your XP boxes, as was already mentioned Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba question
On Fri, May 23, 2008 at 12:09 AM, david chong <[EMAIL PROTECTED]> wrote: > > Pinging server name, From the server itself can ping. > However from winxp client cannot ping by server name, can only ping by > ip address. > This probably means that your Win XP hosts file doesn't have the name in it mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
On Fri, May 23, 2008 at 06:59:24PM +0200, Thomas Johansson wrote: > Stephen Harris wrote: > > sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' > > > >(where there's a space *and* a TAB inside each of the [ ] ) > > > The above version easier to read and "copy paste". Space is space and tabe > is \t > > sed 's/^\([^ \t]*[ \t]*[^ \t]*\)\([ \t]*.*\)$/\1.contoso.com\2/' I grew up with versions of 'sed' that don't understand this new-fangled method of specifying tabs, and write enough cross-platform code that I can't rely on it (still doesn't work in Solaris 10, for example). -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re:Re:Re:Can't get past the splash screen
On Thu, May 22, 2008 at 10:39 PM, Eon Strife <[EMAIL PROTECTED]> wrote: > Hi, > Thanks, I check those folders, and they are already empty. > Now, I tried to remove the freenx by using yum, and then I removed the files > it left behind manually in: > Pardon me, but would you please either stop top posting or delete what you are replying to - this thread is almost impossible to follow. Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to debug ssh slow connection issues.
On Fri, 23 May 2008, Jason Pyeron wrote: I do not have any ideas on this. Where should I start. [... lots and lots of snippage ...] When sshd looks to be the culprit, my troubleshooting begins by launching it in foreground mode on a non-standard port on the server: sshd -ddd -p On the client, do ssh -p your.server If that doesn't provide good info, wrap sshd in strace: strace -o /tmp/sshd-trace.txt sshd -d -p The strace output will show where the delays are occuring. (You can modify timestamp info in the strace output. See the man page for details.) -- Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
Stephen Harris wrote: On Fri, May 23, 2008 at 06:02:29PM +0200, Mihai T. Lazarescu wrote: On Fri, May 23, 2008 at 08:41:19AM -0700, Scott McClanahan wrote: 1.1.1.1foo 10.10.10.10bar bar2 100.100.100.100foobar foobar2 foobar3 == After == 1.1.1.1foo.contoso.com 10.10.10.10bar.contoso.com bar2 100.100.100.100foobar.contoso.com foobar2 foobar3 Any advice on how to pull this off? Thanks. sed 's/ /.contoso.com ' That works because we've explicity been told so the first space is a good place to switch. More generally, if there's possibly multiple spaces or tabs in multiple places this might work: sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' (where there's a space *and* a TAB inside each of the [ ] ) The above version easier to read and "copy paste". Space is space and tabe is \t sed 's/^\([^ \t]*[ \t]*[^ \t]*\)\([ \t]*.*\)$/\1.contoso.com\2/' ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] how to debug ssh slow connection issues.
I do not have any ideas on this. Where should I start. [EMAIL PROTECTED] security]# date && time ssh -v 192.168.1.21 date Fri May 23 11:43:53 EDT 2008 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /root/.ssh/config debug1: Applying options for 192.168.1.21 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.21 [192.168.1.21] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6 debug1: match: OpenSSH_4.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.1.21' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:4 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received Paused 9 seconds. debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Offering public key: /root/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA Paused 9 seconds. debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Paused 16 seconds. debug1: Sending command: echo debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 13.5 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 0 real0m34.027s user0m0.014s sys 0m0.083s Fri May 23 11:51:32 EDT 2008 [EMAIL PROTECTED] security]# And the log from 192.168.1.21 (different run so the dates won't match): ==> /var/log/secure <== May 23 12:01:56 192.168.1.21 pam_stack[23836]: called for "PAM_ACCOUNT" May 23 12:01:56 192.168.1.21 pam_stack[23836]: called from "sshd" May 23 12:01:56 192.168.1.21 pam_stack[23836]: initializing May 23 12:01:56 192.168.1.21 pam_stack[23836]: creating child stack `system-auth' May 23 12:01:56 192.168.1.21 pam_stack[23836]: creating environment May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_AUTHTOK to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_CONV to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_FAIL_DELAY to child: source not set May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_OLDAUTHTOK to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_USER to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_USER_PROMPT to child: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing data to child May 23 12:01:56 192.168.1.21 pam_stack[23836]: calling substack May 23 12:01:56 192.168.1.21 pam_stack[23836]: substack returned 0 (Success) May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_AUTHTOK to parent: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_CONV to parent May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_FAIL_DELAY to parent: source not set May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_RHOST to parent May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_RUSER to parent: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_SERVICE to parent May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_TTY to parent May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing PAM_USER to parent May 23 12:01:56 192.168.1.21 pam_stack[23836]: NOT passing PAM_USER_PROMPT to parent: source is NULL May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing data back May 23 12:01:56 192.168.1.21 pam_stack[23836]: passing f
Re: [CentOS] sed
On Fri, May 23, 2008 at 06:02:29PM +0200, Mihai T. Lazarescu wrote: > On Fri, May 23, 2008 at 08:41:19AM -0700, Scott McClanahan wrote: > > 1.1.1.1foo > > 10.10.10.10bar bar2 > > 100.100.100.100foobar foobar2 foobar3 > > == After == > > 1.1.1.1foo.contoso.com > > 10.10.10.10bar.contoso.com bar2 > > 100.100.100.100foobar.contoso.com foobar2 foobar3 > > > > Any advice on how to pull this off? Thanks. > > sed 's/ /.contoso.com ' That works because we've explicity been told so the first space is a good place to switch. More generally, if there's possibly multiple spaces or tabs in multiple places this might work: sed 's/^\([^]*[ ]*[^]*\)\([ ]*.*\)$/\1.contoso.com\2/' (where there's a space *and* a TAB inside each of the [ ] ) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables help
Fajar, I really appreciate all the detailed help here! I have some questions. >Hi JLC, >There are 2 ways to implement firewall: negative list and positive list. Looks >like you want a very strict one that is positive list. > >Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please mind >the word wrap): >#Clear all rules and policies first: >iptables -P INPUT ACCEPT >iptables -P OUTPUT ACCEPT >iptables -P FORWARD ACCEPT >iptables -F >iptables -t nat -F I misunderstand this, if the default policy is to accept, then how does this work (I thought it was wise to make it Drop)? In terms of Cisco ACL's, how does iptables work, does it simply continue processing until it sees something explicitly denying if the default policy is ACCEPT, versus DROP, will it continue processing until it sees something explicitly allowing? >#Finally dropping all other traffic (positive list firewall): >iptables -P INPUT DROP >iptables -P OUTPUT DROP >iptables -P FORWARD DROP So here you know restate the default policy? I thought you could only define this once? >If for some reason you want to clear the iptables, run this command: >iptables -P INPUT ACCEPT >iptables -P OUTPUT ACCEPT >iptables -P FORWARD ACCEPT >iptables -F Does this -F not reset the above stated policy? >iptables -t nat -F >service iptables save Thanks so much! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
On Fri, May 23, 2008 at 08:41:19AM -0700, Scott McClanahan wrote: > Not specific to CentOS but I know you guys would be really helpful anyhow. > Basically, I have a file which has been editted in the past very similarly to > the hosts file only now I want to use it as a hosts file and need to run some > fancy sed to massage the data into shape. Currently, the data in the file is > in the form of alias>. In some cases there may not be any aliases so the end of line would > be > right after the short hostname (no space at the end either). In other cases > there could be many space separated short hostname aliases. What I have been > trying to do without success is add our domain name to the first string after > the ip address and tab character. As an example, > > == Before == > > 1.1.1.1foo > 10.10.10.10bar bar2 > 100.100.100.100foobar foobar2 foobar3 > > > == After == > > 1.1.1.1foo.contoso.com > 10.10.10.10bar.contoso.com bar2 > 100.100.100.100foobar.contoso.com foobar2 foobar3 > > Any advice on how to pull this off? Thanks. sed 's/ /.contoso.com ' Cheers, Mihai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sed
On Fri, May 23, 2008 at 11:41 AM, Scott McClanahan <[EMAIL PROTECTED]> wrote: > Not specific to CentOS but I know you guys would be really helpful anyhow. > Basically, I have a file which has been editted in the past very similarly > to the hosts file only now I want to use it as a hosts file and need to run > some fancy sed to massage the data into shape. Currently, the data in the > file is in the form of hostname alias>. In some cases there may not be any aliases so the end of > line would be right after the short hostname (no space at the end either). > In other cases there could be many space separated short hostname aliases. > What I have been trying to do without success is add our domain name to the > first string after the ip address and tab character. As an example, > > == Before == > > 1.1.1.1foo > 10.10.10.10bar bar2 > 100.100.100.100foobar foobar2 foobar3 > > > == After == > > 1.1.1.1foo.contoso.com > 10.10.10.10bar.contoso.com bar2 > 100.100.100.100foobar.contoso.com foobar2 foobar3 > > Any advice on how to pull this off? Thanks. I'd use awk. Put the lines in a file, then do this cat test.txt | awk '{ print $1 "\t" $2 ".centos.com\t" $3 "\t" $4 }' -- -matt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to move my MBR
I also do not see an CentOS 4.x x86_64 Live CD; only i386. Is it not really going to matter, 64b vs 32b, when using that? Thanks, Scott > > Do I need to move the MBR, remove the old drive, and reboot from > a LiveCD in order to have a reconfigure of grub correctly see which > drive it should find to boot from? Or can I do this before taking the > system down for the drive removal? > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
On May 22, 2008, at 11:32 PM, Paul wrote: On Thu, 2008-05-22 at 15:42 -0400, Matt Hyclak wrote: On Thu, May 22, 2008 at 12:03:23PM -0700, Florin Andrei enlightened us: Anybody knows when CentOS 5.2 will be made available? http://www.linux.com/feature/135980 When it's done. For crying out loud, upstream has only released 5.2 less than 24 hours ago. It will be at least a couple of weeks for the builds to finish and preliminary QA to take place. Can we please hold off on these questions until June at the very least? LOL, it's *almost* funny how quick people start asking when the next version will come out when after upstream has released a new version. I'm looking forward to some of the new apps & features, but I can wait the 2-3 weeks it usually takes. I wasn't expecting RHEL 5.2 yesterday, hadn't been giving it much thought. Then, saw report about a vulnerable SSL, saw that Red Hat had released a fix a couple days ago, and did a quick yum update, and got 685MB worth of updates :) So I expect that I'll have nearly that many updates in a few weeks when the CentOS group can finalize their update. Best wishes, don't work too hard this holiday weekend (in US). Kevin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sed
Not specific to CentOS but I know you guys would be really helpful anyhow. Basically, I have a file which has been editted in the past very similarly to the hosts file only now I want to use it as a hosts file and need to run some fancy sed to massage the data into shape. Currently, the data in the file is in the form of . In some cases there may not be any aliases so the end of line would be right after the short hostname (no space at the end either). In other cases there could be many space separated short hostname aliases. What I have been trying to do without success is add our domain name to the first string after the ip address and tab character. As an example, == Before == 1.1.1.1foo 10.10.10.10bar bar2 100.100.100.100foobar foobar2 foobar3 == After == 1.1.1.1foo.contoso.com 10.10.10.10bar.contoso.com bar2 100.100.100.100foobar.contoso.com foobar2 foobar3 Any advice on how to pull this off? Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
Ray Van Dolson wrote: > > So, does anyone know, off the top of their heads, or where I can look this > > up? > > > > My RHEL 5.2 machines show Gnome 2.16.0 still. Yes, but it will have a more current Evolution :) Cheers, Ralph pgpABWbfryo4s.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
On Fri, May 23, 2008 at 9:11 AM, MHR <[EMAIL PROTECTED]> wrote: > On Fri, May 23, 2008 at 2:41 AM, Ralph Angenendt <[EMAIL PROTECTED]> wrote: >> >> Answer: When it's ready. > > Suits me - I have a different question (and it's probably up somewhere > I don't have time to look at the moment - I'll check when I get to > work, but by then I'll have forgotten this question again). > > Does 5.2 have an updated release of GDE with it? > > Every so often, among other things, when I exit Evolution, it crashes, > but Bug Buddy says it can't report the bug because my GDE is too old. > > 5.0 came with GDE 2.16.0. Gnome development is up to 2.23.1 (or later > - I lost track). > RHEL-5 will probably be 2.16 til its end of life. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
On Fri, May 23, 2008 at 08:11:10AM -0700, MHR wrote: > On Fri, May 23, 2008 at 2:41 AM, Ralph Angenendt <[EMAIL PROTECTED]> wrote: > > > > Answer: When it's ready. > > Suits me - I have a different question (and it's probably up somewhere > I don't have time to look at the moment - I'll check when I get to > work, but by then I'll have forgotten this question again). > > Does 5.2 have an updated release of GDE with it? > > Every so often, among other things, when I exit Evolution, it crashes, > but Bug Buddy says it can't report the bug because my GDE is too old. > > 5.0 came with GDE 2.16.0. Gnome development is up to 2.23.1 (or later > - I lost track). > > So, does anyone know, off the top of their heads, or where I can look this up? > My RHEL 5.2 machines show Gnome 2.16.0 still. Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with rsync. [solved]
On Friday 23 May 2008 01:46:33 James B. Byrne wrote: > Dealings with SELinux issues typically do not lend themselves to short > answers. SELinux is like an onion, each each exception blocks access until > resolved. Thus each policy change has to be made individually and then the > process retested so that the next impediment evidences itself. > Note that simply overriding what SELinux is prohibiting is not what I am > advocating here. Sometimes the problem is that the software needs its file > system access expectations trimmed back and that requires filing a bug > report with the maintainers. However, in a production environment you > normally just have to get things working and what I usually do is weigh > what the program is requesting against what I want it to do for me. Often > the problem is that the default policy is simply too restrictive. On rare > occasions I do actually file a bug report but almost always override the > local policy anyway just to get on with the job. > > I hope this helps. Hello James, Thank you very much for the sharing. It's very informative. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 22:12:49 up 2:45, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
On Fri, May 23, 2008 at 2:41 AM, Ralph Angenendt <[EMAIL PROTECTED]> wrote: > > Answer: When it's ready. Suits me - I have a different question (and it's probably up somewhere I don't have time to look at the moment - I'll check when I get to work, but by then I'll have forgotten this question again). Does 5.2 have an updated release of GDE with it? Every so often, among other things, when I exit Evolution, it crashes, but Bug Buddy says it can't report the bug because my GDE is too old. 5.0 came with GDE 2.16.0. Gnome development is up to 2.23.1 (or later - I lost track). So, does anyone know, off the top of their heads, or where I can look this up? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Thursday 22 May 2008 22:30:29 Joseph L. Casale wrote: > I have a dual homed server in an install for someone who is very cost > sensitive. This server originally is being setup as an Asterisk server, but > now the simplest thing for me to do is also set it up to provide internet > access for the small shop as well. > > So it will have one external, WAN facing nic that needs all incoming ports > except UDP 5060 and 1 -> 6 blocked for all but two ips. > > The internal, LAN facing NIC will need all ports except voip/dns/http > blocked to it, and need to provide masquerading. > > I have limited experience with iptables and would love some guidelines. Any > pointers would be greatly appreciated! Hi JLC, There are 2 ways to implement firewall: negative list and positive list. Looks like you want a very strict one that is positive list. Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please mind the word wrap): #Clear all rules and policies first: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -t nat -F #Give access for localhost: iptables -I INPUT -i lo -j ACCEPT iptables -I OUTPUT -o lo -j ACCEPT #To make life easier: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #Allowing needed ports: iptables -A INPUT -i eth0 -m multiport -p udp --dport 5060,1:6 -s ipthatyouwantallow -j ACCEPT iptables -A INPUT -i eth1 -m multiport -p udp --dport 53,80,5060,1:6 -j ACCEPT iptables -A OUTPUT -m multiport -p udp --dport 53 -j ACCEPT iptables -A FORWARD -m multiport -p udp --dport 53,5060,1:6 -s ipthatyouallow -j ACCEPT iptables -A FORWARD -m multiport -p tcp --dport 80 -j ACCEPT #For masquerading: iptables -t nat -A POSTROUTING -o eth0 -d ! 192.168.0.0/24 -j MASQUERADE #For logging (troubleshooting): iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** INPUT DROP ** ' iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** FORWARD DROP ** ' iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** OUTPUT DROP ** ' #Finally dropping all other traffic (positive list firewall): iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP #Don't forget to save it: service iptables save I might make some mistakes up there, so the logging is very important. You can just monitor the log file: tail -f /var/log/messages and look for any miss ports and open them. If for some reason you want to clear the iptables, run this command: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -t nat -F service iptables save Goodluck, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 22:03:54 up 2:37, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Linux wrote: On Fri, May 23, 2008 at 8:28 AM, Guy Boisvert <[EMAIL PROTECTED]> wrote: "More intelligently designed" -> Could you please tell us more on this one? Simple answer: Open Source (and for a long time) I guess you know what it means. But I wander if source of Adaptec raid controller's firmware is opened in recent years. Well, i respect Open Source (and your opinion) very much but your comparison imply that you had access to Adaptec's code! Maybe you really had access, i don't know. If it's the case, then thanks you for having shared this knowledge. Not easily recoverable? I did recovery many time without a hitch (Adaptec, 3Ware, LSI, PERC)! Try recovering 3Ware failed disks with Adaptec then. Nearly every vendor has his own way in details. Yes, mostly documented but not interchangable. And I do not mean only RAID-1. You're talking about failed disks or controller? With controller, easy with my backups (or backup card). People with no tolerance to failing controller arrange things accordingly like i do. With disks, irrelevant. As for RAID 10 with 3 disks, mmm... go see: http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks mdadm Raid-10 is neither 1+0 nor 0+1. So 3 disks is enough to supply a minimum level of redundancy. You should have 2 copies of each stripes on either 2 of 3 disks. But in 3 disk configuration loss of 2 disk means total loss. Go check with man mdadm. Well, educate me (and maybe others) M8. I learn things everyday and i like it. How would you do RAID10 with 3 disks? I know how to do it with at least 4, then 6 and so on. As for RAID-10, more below. Well, my parents taught me understanding what I read better than you (although I'm not a native English speaker) Well, english is neither my native language! As for reading, i'm not that bad but i may have misunderstood what you really meant. In that case, please forgive me! I didn't meant to be rude or anything. Hey, have a nice day "Linuxito" ! Thanks buddy. And for referance, try reading this [1] I do not want to start a flame, just sharing my experience with different hardwares. This comparison about software-hardware raid excludes SAN and other external RAID solutions. Externally attached storage is outside the scope of this discussion. Externally connected solutions can obviously be SAN, software RAID, hardware RAID, or a combination thereof. [1] [1] http://linux.yyz.us/why-software-raid.html I agree that the compatibility is great with software RAID. However, there are some limitations at least in performance (Bus saturation, etc). I "tried to read" your reference (the URL you kindly provided me, thanks) and, quote: "When the top array is a RAID 0 (such as in RAID 10 and RAID 50) most vendors omit the "+", though RAID 5+0 is clearer." "RAID 1+0: mirrored sets in a striped set (minimum four disks; even number of disks) provides fault tolerance and improved performance but increases complexity. The key difference from RAID 0+1 is that RAID 1+0 creates a striped set from a series of mirrored drives. In a failed disk situation RAID 1+0 performs better because all the remaining disks continue to be used. The array can sustain multiple drive losses so long as no mirror loses both its drives." So they say, and correct me if i'm wrong, that RAID10 is a RAID 1 of RAID 0. A mirror of stripe sets. You said it's not that, i lost you on this one. |-- Mirror | | | -- D1a-- D1b | | | Striped | Striped | | -- D2a-- D2b | | ... ... | | -- Dna-- Dnb So that's why i don't get what you mean by RAID10 with 3 disks. Please explain. Guy Boisvert, ing. IngTegration inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to move my MBR
> The BIOS determines which disk (the first) will be chosen to boot from. I have no problems configuring the boot order in the BIOS. I must have the MBR on /dev/hdc (which is being removed). The /boot partition is on /dev/sda (where I want to move MBR). > To make a plain bootsector copy: > dd if=/dev/sda of=/dev/sdb bs=512 count=1 sda = old MBR source and sdb = new MBR source, I assume? So, in my instance, I'm going to want to run it in this syntax: dd if=/dev/hdc of=/dev/sda bs=512 count=1 I'm assuming the first 512 bytes are allocated purely for MBR and won't hold any data that could be overwritten? Would that be true? > grub > root (hd0,1) # press tab for command completion > setup (hd0) Do I need to move the MBR, remove the old drive, and reboot from a LiveCD in order to have a reconfigure of grub correctly see which drive it should find to boot from? Or can I do this before taking the system down for the drive removal? Thanks, Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blocking external usb storage
On Friday 23 May 2008 14:16:45 whoami i wrote: > This is my first mail to this mailing list.I want to block external usb > storage completly on my server running on centos 5 having confidiential > data. 1. unplug any usb storage 2. rmmod ehci_hcd 3. add a line in /etc/modprobe.d/blacklist blacklist ehci_hcd -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 20:50:59 up 1:24, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Interface bonding?
On Fri, May 23, 2008 at 6:23 AM, James Pearson <[EMAIL PROTECTED]> wrote: > Mag Gam wrote: >> Thanks Jim. Since, 802.3ad requires switch settings does it perform better >> than other modes? Does anyone have any benchmarks? > > I haven't done any benchmarks - but as I've managed to get 200+Mbyte/s read > speeds using mode 6 with a dual link - I can't see it would be any faster > with 802.3ad Mode 6 (AFAIR) requires you to connect both cables to the same switch. 802.3ad allows you to get link aggregation while connecting to different switches, which means you're still up if one of the switches dies (providing you connect all the hosts to both switches). The switches themselves need to be interconnected (in 3COM switches, with a proprietary cable) to be able to span 802.3ad links between switches, but it's a very useful feature anyway. Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 39, Issue 11
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2008:0492 Important CentOS 4 i386 gnutls Update (Johnny Hughes) 2. CESA-2008:0492 Important CentOS 4 x86_64 gnutls Update (Johnny Hughes) 3. CESA-2008:0287 Important CentOS 4 i386 libxsltUpdate (Johnny Hughes) 4. CESA-2008:0287 Important CentOS 4 x86_64 libxslt Update (Johnny Hughes) 5. CEEA-2008:0274 CentOS 5 i386 xenpv Update (Karanbir Singh) 6. CEEA-2008:0274 CentOS 5 x86_64 xenpv Update (Karanbir Singh) -- Message: 1 Date: Thu, 22 May 2008 08:49:09 -0500 From: Johnny Hughes <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0492 Important CentOS 4 i386 gnutls Update To: CentOS-Announce <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" CentOS Errata and Security Advisory 2008:0492 Imporant Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0492.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-devel-1.0.20-4.el4_6.i386.rpm src: gnutls-1.0.20-4.el4_6.src.rpm -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080522/55a72e7a/signature-0001.bin -- Message: 2 Date: Thu, 22 May 2008 08:49:27 -0500 From: Johnny Hughes <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0492 Important CentOS 4 x86_64 gnutls Update To: CentOS-Announce <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" CentOS Errata and Security Advisory 2008:0492 Imporant Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0492.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: gnutls-1.0.20-4.el4_6.i386.rpm gnutls-1.0.20-4.el4_6.x86_64.rpm gnutls-devel-1.0.20-4.el4_6.x86_64.rpm src: gnutls-1.0.20-4.el4_6.src.rpm -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080522/3a3e3253/signature-0001.bin -- Message: 3 Date: Thu, 22 May 2008 08:53:51 -0500 From: Johnny Hughes <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0287 Important CentOS 4 i386 libxslt Update To: CentOS-Announce <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" CentOS Errata and Security Advisory 2008:0287 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0287.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-devel-1.1.11-1.el4_6.1.i386.rpm libxslt-python-1.1.11-1.el4_6.1.i386.rpm src: libxslt-1.1.11-1.el4_6.1.src.rpm -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080522/b93ccc05/signature-0001.bin -- Message: 4 Date: Thu, 22 May 2008 08:53:59 -0500 From: Johnny Hughes <[EMAIL PROTECTED]> Subject: [CentOS-announce] CESA-2008:0287 Important CentOS 4 x86_64 libxslt Update To: CentOS-Announce <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" CentOS Errata and Security Advisory 2008:0287 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0287.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: libxslt-1.1.11-1.el4_6.1.i386.rpm libxslt-1.1.11-1.el4_6.1.x86_64.rpm libxslt-devel-1.1.11-1.el4_6.1.x86_64.rpm libxslt-python-1.1.11-1.el4_6.1.x86_64.rpm src: libxslt-1.1.11-1.el4_6.1.src.rpm -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080522/752384fd/signature-0001.bin --
[CentOS] Chip set support
Hi folks. I,m thinking of purchasing an ASUS mother board with this chip set in it. NVIDIA® nForce® 430 MCP Lan= NVIDIA® nForce® 430 MCP built-in Gigabit MAC with external Attansic PHY. Any one know how well the chip set is supported. Any comments? Thanks John -- Guy Fawkes, the only man to enter the houses of Parliament with honest intentions, (he was going to blow them up!) Registered Linux user number 414240 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
> > > Anybody knows when CentOS 5.2 will be made available? > LOL, it's *almost* funny how quick people start asking when the next > version will come out when after upstream has released a new version. > Paul What's so funny? I think it's a very relevant question. There are preparations to made. Mirror-disks should have enough space. Kickstart have to be modified. Users should be notified. Vacations should be put on hold... And not all of us have been on this list and have had this discussion every time a new release is due. Tim Verhoeven did the right thing and put a good answer at http://planet.centos.org/. Thanks! /jens -- Jens Larsson, NSC, Linköpings universitet, SE-58183 LINKÖPING, SWEDEN Phone: +46-13-281432, Mobile: +46-709-521432, E-mail: [EMAIL PROTECTED] GPG/PGP Key: 1024D/C21BB2C7 2001-02-27 Jens Larsson <[EMAIL PROTECTED]> Key Fingerprint: BAEF 85CF BF1D 7A69 C965 2EE6 C541 D57F C21B B2C7___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
I've created a blog entry about the upcoming 5.2 release and when it well be ready. You can find it at http://planet.centos.org/. Regards, Tim -- Tim Verhoeven - [EMAIL PROTECTED] - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
Joseph L. Casale wrote: This CentOS wiki may help: http://wiki.centos.org/HowTos/Network/IPTables Akemi Akemi, That was helpful (I should have checked the wiki:>). After reading that and the RH related links, I think I have what I need but I am unclear about one aspect. What is the correlation between filtering LAN based connections destined to be masqueraded out and what can even get to the internal NIC? I see the chains are obviously distinct from each other, and I assume the tables are as well. So to control what may ingress an interface destined for the server itself, you write a rule for the default table's INPUT chain, to control what may be masqueraded/DNAT'ed, you write a rule for the either the NAT tables PREROUTING chain or the default table's FORWARD chain, or both? The norm is to add rules to the FORWARD chain of the default filter table. In looking at examples for setting up NAT, I don't see people typically lockdown what may masqueraded, so I am not seeing how to do this. Buy my inclusion of at least one rule, am I properly prohibiting anything else? Is there any significance to the order in which I setup masquerading and then lockdown what hits the FORWARD chain? Do you not need to setup default policies for the chains on the nat table? By default (once forwarding is enabled), masquerading will allow all outgoing connections and block all new incoming connections. Finer control is applied via the FORWARD chain. You can see the default policy of the FORWARD chain with the command 'iptables -L' and you can set the policy of the FORWARD chain in exactly the same manner as you would for the INPUT and OUTPUT chains. The Linux documentation project has a HOWTO on masquerading here which is probably the definitive documentation on the subject: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/ Ned Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
On Thu, 2008-05-22 at 14:18 -0700, Florin Andrei wrote: > Matt Hyclak wrote: > > > > For crying out loud, upstream has only released 5.2 less > > than 24 hours ago. > > I was just curious, I was not "demanding it right now" or anything like > that. > > Sorry if my inquiry seemed inconsiderate. It didn't. Matt, and most of us I imagine, forget that we are in the "Now Generation" and have seen this "when will... be available" process so many times that it has become simultaneously laughable and irritating. Having said that, there have been many discussions of this in the past and a quick google of site:centos.org would have yielded the "traditional" answer of 3 or four weeks after upstream release. > -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
On Fri, May 23, 2008 at 4:19 AM, Christopher Chan <[EMAIL PROTECTED]> wrote: > >> And stick with md-raid 10 (also known as software raid) because it is >> much more intelligently designed than any >> closed-source-embedded-raid-controller. > > This was valid until...quite a few years ago. Has hardware-raid vendors open-sourced their firmware then? >> Nowadays hardware raid frightens me because of the need to have spare >> raid-controllers for every hardware-raid-configuration I have. They >> are neither interchangable nor easily recoverable. > > You seem to have been living under a rock for the last half decade. For each hardware-raid configuration I keep a redundant raid-controller. In case of controller failure it's the best way to recover my data on disks. I tried simple test cases once (yes, on the last half decade) and most failed except simple RAID-1 configurations. >> md-raid 10 can be established with any number of disks (at least 3 but >> better check with google) > > Hmm, I think your advice must be taken with a grain of salt. Have you > actually tried to do what you suggest? In any case, I will give you the > benefit of the doubt that you just did a typo. mdadm raid10 is neither raid 1+0 nor raid 0+1. Go check with man mdadm or google. Each stripe is written on 2 different disks with a rolling frame and loss of 1 disk in 3 disk configuration can be recovered online. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Interface bonding?
Mag Gam wrote: Thanks Jim. Since, 802.3ad requires switch settings does it perform better than other modes? Does anyone have any benchmarks? I haven't done any benchmarks - but as I've managed to get 200+Mbyte/s read speeds using mode 6 with a dual link - I can't see it would be any faster with 802.3ad James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
On Fri, May 23, 2008 at 8:28 AM, Guy Boisvert <[EMAIL PROTECTED]> wrote: >> And stick with md-raid 10 (also known as software raid) because it is >> much more intelligently designed than any >> closed-source-embedded-raid-controller. > > "More intelligently designed" -> Could you please tell us more on this one? Simple answer: Open Source (and for a long time) I guess you know what it means. But I wander if source of Adaptec raid controller's firmware is opened in recent years. >> Nowadays hardware raid frightens me because of the need to have spare >> raid-controllers for every hardware-raid-configuration I have. They >> are neither interchangable nor easily recoverable. >> >> md-raid 10 can be established with any number of disks (at least 3 but >> better check with google) > > > Not easily recoverable? I did recovery many time without a hitch (Adaptec, > 3Ware, LSI, PERC)! Try recovering 3Ware failed disks with Adaptec then. Nearly every vendor has his own way in details. Yes, mostly documented but not interchangable. And I do not mean only RAID-1. > As for RAID 10 with 3 disks, mmm... go see: > > http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks mdadm Raid-10 is neither 1+0 nor 0+1. So 3 disks is enough to supply a minimum level of redundancy. You should have 2 copies of each stripes on either 2 of 3 disks. But in 3 disk configuration loss of 2 disk means total loss. Go check with man mdadm. > Lastly, it's kinda strange that your name is "Linux": Maybe you're young and > your parents decided to honor this great OS! Well, i may name my next > children "Cento" !!! ;-) Well, my parents taught me understanding what I read better than you (although I'm not a native English speaker) > Hey, have a nice day "Linuxito" ! Thanks buddy. And for referance, try reading this [1] I do not want to start a flame, just sharing my experience with different hardwares. This comparison about software-hardware raid excludes SAN and other external RAID solutions. Externally attached storage is outside the scope of this discussion. Externally connected solutions can obviously be SAN, software RAID, hardware RAID, or a combination thereof. [1] [1] http://linux.yyz.us/why-software-raid.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kaffeine installation
[EMAIL PROTECTED] wrote: > Anyone got kaffeine installed. When I do a > > #yum install kaffeine > > I get a transaction check error with kde-libs. > > Is this a known issue and is their a workaround? If you don't tell us which error you got, we will not tell you about any workarounds. Mostly because the CentOS crystal ball needs repairing. Ralph pgpvR67xydcNF.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.2 ?
Florin Andrei wrote: > Anybody knows when CentOS 5.2 will be made available? I wanted to unsubscribe the first person who asks that question from this mailing list >:) Do you have a good reason why I shouldn't do that to you? =:D Okay, joking aside: Answer: When it's ready. Longer answer: Up to now we always came out with a new version three to four weeks after upstream did the release. We need to rebuild the packages, do some basic QA, maybe do some more thorough QA after that, need to spin the ISOs, test those ISOs, push them out to our mirrors - and then the release will be there. Cheers, Ralph pgpsmenJjmbfd.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID5 or RAID50 for database?
Warren Young wrote: Rudi Ahlers wrote: So, how does it perform with 6 discs for example? Say I have 3 HDD's in RAID-0, and another 3 in RAID-0, then RAID-1 the 2 RAID-0 stripes. There's actually two kinds of RAID-10. Some like to say RAID-01 or RAID-1+0 or things like that to distinguish them. It's a matter of whether it's mirrors over stripes or stripes over mirrors. You're talking about mirrors over stripes, but I'm talking about doing it the other way around. Your way has the advantage of letting you add disks in pairs, but to get that you get only single-disk redundancy: if a second disk goes out, your array is gone, no matter which disk it is. If you do it the other way, you have to use groups of 4 (two mirrors striped together) but you get the advantage that with a single disk missing, you can lose another if it's in the other mirror. Of course, if you lose two in the same mirror, you're toast. And what would you recommend on 8 / 10 HDD's? As I said, usually RAID-5 or -6 usually makes more sense with so many spindles. If you're talking RAID-10 (my way) with so many disks, it starts getting expensive with 8, 12, etc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Ok, so it stripping a mirror more redundant then, from what you say? But, it's limited to pairs of 4 HDD's, which means a bigger chassis, and a mobo / PCI controller that can support 8 HDD's if I want to add more? But, if I want to use 6+ drives, rather use RAID 6? How does RAID-6 perform in relation to RAID-5 or RAID-10 (RAID-01)? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba question
On 5/23/08, Christopher Chan <[EMAIL PROTECTED]> wrote: > > Do you have netbios over tcp/ip enabled on your windows xp box? > If I can ping to other windows xp boxes by name, does it mean I have netbios over tcp/ip enabled? C:\Documents and Settings\user>ping ws03 Pinging ws03 [192.168.0.33] with 32 bytes of data: Reply from 192.168.0.33: bytes=32 time<1ms TTL=128 Reply from 192.168.0.33: bytes=32 time<1ms TTL=128 Reply from 192.168.0.33: bytes=32 time<1ms TTL=128 Reply from 192.168.0.33: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.0.33: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Thanks David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba question
david chong wrote: On 5/23/08, John <[EMAIL PROTECTED]> wrote: Can you ping the Samba Server by the Server name? Pinging server name, From the server itself can ping. Irrevelant to network problems FYI. However from winxp client cannot ping by server name, can only ping by ip address. Okay, no network problems it seems. Do you have netbios over tcp/ip enabled on your windows xp box? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blocking external usb storage
whoami i wrote: HI, This is my first mail to this mailing list.I want to block external usb storage completly on my server running on centos 5 having confidiential data. For that i used udev and blocked the external usb storage by creating the udev rule mentioning any usb storage will get mounted to /dev/null so that users cant mount as well. But in the mean time i am getting below logs in my /var/log/messages file when i insert any usb storage device. ## May 23 12:24:02 localhost kernel: usb 1-4: new high speed USB device using ehci_hcd and address 4 May 23 12:24:02 localhost kernel: usb 1-4: configuration #1 chosen from 1 choice May 23 12:24:02 localhost kernel: scsi3 : SCSI emulation for USB Mass Storage devices May 23 12:24:07 localhost kernel: scsi 3:0:0:0: Direct-Access USB Flash Disk 1100 PQ: 0 ANSI: 0 CCS May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sdb: sdb1 May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Attached SCSI removable disk May 23 12:24:07 localhost kernel: sd 3:0:0:0: Attached scsi generic sg2 type 0 ## I want to know how device name sdb1[see above log] was allocated and is it possible to block the device node creation,if so wht i can do to block the same in my messages log. Regards lingu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Why do you want to block? Why not rather disallow users to use the mount command altogether? If it's a server, why do you have normal users accessing it? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Blocking external usb storage
HI, This is my first mail to this mailing list.I want to block external usb storage completly on my server running on centos 5 having confidiential data. For that i used udev and blocked the external usb storage by creating the udev rule mentioning any usb storage will get mounted to /dev/null so that users cant mount as well. But in the mean time i am getting below logs in my /var/log/messages file when i insert any usb storage device. ## May 23 12:24:02 localhost kernel: usb 1-4: new high speed USB device using ehci_hcd and address 4 May 23 12:24:02 localhost kernel: usb 1-4: configuration #1 chosen from 1 choice May 23 12:24:02 localhost kernel: scsi3 : SCSI emulation for USB Mass Storage devices May 23 12:24:07 localhost kernel: scsi 3:0:0:0: Direct-Access USB Flash Disk 1100 PQ: 0 ANSI: 0 CCS May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sdb: sdb1 May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Attached SCSI removable disk May 23 12:24:07 localhost kernel: sd 3:0:0:0: Attached scsi generic sg2 type 0 ## I want to know how device name sdb1[see above log] was allocated and is it possible to block the device node creation,if so wht i can do to block the same in my messages log. Regards lingu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba question
On 5/23/08, John <[EMAIL PROTECTED]> wrote: > > Can you ping the Samba Server by the Server name? > Pinging server name, From the server itself can ping. However from winxp client cannot ping by server name, can only ping by ip address. [EMAIL PROTECTED] david]# ping -c3 antioch PING antioch.mc (127.0.0.1) 56(84) bytes of data. 64 bytes from antioch.mc (127.0.0.1): icmp_seq=1 ttl=64 time=0.094 ms 64 bytes from antioch.mc (127.0.0.1): icmp_seq=2 ttl=64 time=0.068 ms 64 bytes from antioch.mc (127.0.0.1): icmp_seq=3 ttl=64 time=0.048 ms --- antioch.mc ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.048/0.070/0.094/0.018 ms ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] samba question
> > Run testparm and tell us what your share definitions are...if any. > [EMAIL PROTECTED] david]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[samba]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP security = SHARE [samba] path = /home/samba guest ok = Yes Thanks David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos