Re: [CentOS] Build a Firewall (Can I learn to do this...)
If you want a simple packet filtering firewall then CentOS or one of the purpose built linux firewall distro's will suit you well. If you want more then just packet filtering, there are better options. You haven't mentioned what sort of business applications you are running. How vital to your business are those servers? Which ones are internet facing & what apps do you plan to run? Do you also plan to run the office's general internet connection through this same unit? The company I work for is in the process of replacing our aging PIX firewalls and one option we're testing, and are quite pleased with so far, is Astaro's Security Gateway products. They're linux based so use the iptables firewall but also offer more then just packet filtering. There is a cost, around $1500 for a 120, plus subscriptions for updating the signatures databases on the various filters. -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems getting scanner to work from xsane (from Gnome Menu or GIMP)
At Thu, 01 Oct 2009 18:54:52 -0400 CentOS mailing list wrote: > > > On Thu, 2009-10-01 at 18:41 -0400, Robert Heller wrote: > > At Thu, 01 Oct 2009 17:58:32 -0400 CentOS mailing list > > wrote: > > > < trimmed > > > > > The beast works just fine as both a printer and a scanner (I have not > > tried to send or receive a fax). xsane, if given the hpaio: > > url on the command line, works just fine and scanimage is perfectly > > happy to use the URL defined in the SANE_DEFAULT_DEVICE environment > > variable. The problem is that the people who will be using it are > > non-techies and want to be able to just click on the Gnome menu (or use > > Gimp's File=>Acquire=>scan menu item). This is where it does not work. > > Somehow, sane/xscan is not finding the device by scanning for it, > > which seems to be what is needed, since xscan seems to be ignoring > > SANE_DEFAULT_DEVICE, if the device is not found first by scanning for it. > > > Maybe your issue is that the environment variable is not set when the > Gnome session starts up, so the Gnome menu item doesn't see it. How are > you specifying the SANE_DEFAULT_DEVICE value? *I* am just trying it from the command line (I have not gotten as far as trying it with gnome: server1.wendellfreelibrary.org% SANE_DEFAULT_DEVICE="hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253" server1.wendellfreelibrary.org% export SANE_DEFAULT_DEVICE server1.wendellfreelibrary.org% xsane xsane that pops up its "scanning for devices" window, then its "no devices available" dialog doing: server1.wendellfreelibrary.org% xsane "hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253" works fine -- xsane brings up the preview window and its main window and is perfectly happy to 'Acquire Preview' (and the preview looks like it is supposed to, so I know the scanner is really scanning). and scanimage properly uses the value of SANE_DEFAULT_DEVICE with no complaints, except that scanimage -L tells me that no devices were found (as does scan-find-scanner, which does not seem to be checking for networked scanners). I'm *tempted* to just hack the GNome system menu file to hardwire in the command line argument, except that when an update to GNome will clobber it. > > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
ML wrote: > > I used to work with PIX 525's so I have knowledge, I just dont quite > know how to do this with CentOS and such. Firewall Builder. http://www.fwbuilder.org/ But if you've configured the PIX in command-line mode, iptables is not that hard. You could setup a local firewall right on your webserver and it's going to be rock-solid. It's not an "enterprise" type of setup, but for a small installation I see no problem whatsoever with it. Trust iptables, it's a very good firewall. I use it all the time, even for purposes that firewalls are normally not intended to serve. :-) http://www.netfilter.org/documentation/index.html#documentation-howto There's a lot of info there, but you don't need everything. This is the 10% info that you will use 90% of the time: - the main tables (filter, nat), what can they do - the built-in chains (INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING) - the main targets (ACCEPT, DROP, REJECT) - user-defined chains and how to insert them into the built-ins. Also, hardcopy this diagram and put it on the wall, it will make things very clear for you: http://developer.gauner.org/doc/iptables/images/nfk-traversal.png For a former PIXer, the learning curve should be peachy. By the way, netfilter/iptables is a lot more expressive and flexible than PIX. You'll be amazed by what you can do with it. "man iptables" also helps. Go ahead, do "service iptables stop" to clean everything up, then apply some rules of your own. Do "service iptables save" to save them. "service iptables restart" to restart from the saved version (if you mess up the running one). All rules are saved in /etc/sysconfig/iptables (you may want to backup the original version before you start messing with the firewall). Other commands: See current running state: iptables [-t nat] -L -n [-v]# I do recommend using -v often or service iptables status See current saved state: less /etc/sysconfig/iptables Flush and delete everything, fall back to a "permit all" firewall: iptables [-t nat] -F; iptables [-t nat] -X or service iptables stop See if the iptables service is enabled: chkconfig --list iptables Tip: if the FORWARD chain doesn't seem to work, check net.ipv4.ip_forward in /etc/sysctl.conf, it's probably set to 0. That's it, you're good to go. -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems getting scanner to work from xsane (from Gnome Menu or GIMP)
On Thu, 2009-10-01 at 18:41 -0400, Robert Heller wrote: > At Thu, 01 Oct 2009 17:58:32 -0400 CentOS mailing list > wrote: > < trimmed > > > The beast works just fine as both a printer and a scanner (I have not > tried to send or receive a fax). xsane, if given the hpaio: > url on the command line, works just fine and scanimage is perfectly > happy to use the URL defined in the SANE_DEFAULT_DEVICE environment > variable. The problem is that the people who will be using it are > non-techies and want to be able to just click on the Gnome menu (or use > Gimp's File=>Acquire=>scan menu item). This is where it does not work. > Somehow, sane/xscan is not finding the device by scanning for it, > which seems to be what is needed, since xscan seems to be ignoring > SANE_DEFAULT_DEVICE, if the device is not found first by scanning for it. > Maybe your issue is that the environment variable is not set when the Gnome session starts up, so the Gnome menu item doesn't see it. How are you specifying the SANE_DEFAULT_DEVICE value? > -- Ron Loftin relof...@twcny.rr.com "God, root, what is difference ?" Piter from UserFriendly ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems getting scanner to work from xsane (from Gnome Menu or GIMP)
At Thu, 01 Oct 2009 17:58:32 -0400 CentOS mailing list wrote: > > Robert Heller wrote: > > We have a networked HP OfficeJet All-In-One. I have the scanner working > > with the CentOS 5.3, except xsane is ignoring SANE_DEFAULT_DEVICE. > > scanimage does however take this environment variable just fine: > > > > server1.wendellfreelibrary.org% scanimage -L > > > > No scanners were identified. If you were expecting something different, > > check that the scanner is plugged in, turned on and detected by the > > sane-find-scanner tool (if appropriate). Please read the documentation > > which came with this software (README, FAQ, manpages). > > default device is `hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253' > > server1.wendellfreelibrary.org% scanimage -T > > scanimage: scanning image of size 638x1125 pixels at 24 bits/pixel > > scanimage: acquiring RGB frame, 8 bits/sample > > scanimage: reading one scanline, 1914 bytes... PASS > > scanimage: reading one byte... PASS > > scanimage: stepped read, 2 bytes... PASS > > scanimage: stepped read, 4 bytes... PASS > > scanimage: stepped read, 8 bytes... PASS > > scanimage: stepped read, 16 bytes...PASS > > scanimage: stepped read, 32 bytes...PASS > > scanimage: stepped read, 64 bytes...PASS > > scanimage: stepped read, 128 bytes... PASS > > scanimage: stepped read, 256 bytes... PASS > > scanimage: stepped read, 512 bytes... PASS > > scanimage: stepped read, 1024 bytes... PASS > > scanimage: stepped read, 2048 bytes... PASS > > scanimage: stepped read, 2047 bytes... PASS > > scanimage: stepped read, 1023 bytes... PASS > > scanimage: stepped read, 511 bytes... PASS > > scanimage: stepped read, 255 bytes... PASS > > scanimage: stepped read, 127 bytes... PASS > > scanimage: stepped read, 63 bytes...PASS > > scanimage: stepped read, 31 bytes...PASS > > scanimage: stepped read, 15 bytes...PASS > > scanimage: stepped read, 7 bytes... PASS > > scanimage: stepped read, 3 bytes... PASS > > server1.wendellfreelibrary.org% echo "$SANE_DEFAULT_DEVICE" > > hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253 > > > > xsane just pops up a little window "scanning for devices", the "no > > devices available". > > > > I believe I have things properly setup with cups: > > > > In /etc/cups/printers.conf: > > > > > > Info > > Location Printer Area > > #DeviceURI socket://192.168.1.253:9100 > > DeviceURI hp:/net/Officejet_Pro_L7700?ip=192.168.1.253 > > State Idle > > StateTime 1211313246 > > Accepting Yes > > Shared Yes > > JobSheets none none > > QuotaPeriod 0 > > PageLimit 0 > > KLimit 0 > > OpPolicy default > > ErrorPolicy retry-job > > > > > > > > > I am very interested in this problem as I seem to have it myself. My > Printer/Scanner is HPc6180. > Do you have HPLIP installed? > The version that comes with CentOS is so old that (1.67, I think) that > if you have a printer newer than > about four years old it won't be supported. I seem to be able to fake > the printing part by selecting another > printer that should be similar. The scanning part however is not so > simple it seems. I installed HPLIP > version 3.9.8 and after a grueling effort to satisfy the dependencies, > except for dbus-python or python-dbus, > it seems to be referred to both ways. HPLIP still claims that it is not > installed even though it is. Perhaps my version, > although up to date according to yum, is too old. In any case my > printer is supported and I was able to scan > one frame and then it never worked again. On any attempt to scan xsane > puts up a dialog that says "Failed to open device 'v4l:/dev/video': > Invalid argument" and then quits. That device I think is the camera > which was there and working fine when the single scan succeeded. My > Windows XP computer is able to scan so I am confident that the printer > hardware is > not at fault. The beast works just fine as both a printer and a scanner (I have not tried to send or receive a fax). xsane, if given the hpaio: url on the command line, works just fine and scanimage is perfectly happy to use the URL defined in the SANE_DEFAULT_DEVICE environment variable. The problem is that the people who will be using it are non-techies and want to be able to just click on the Gnome menu (or use Gimp's File=>Acquire=>scan menu item). This is where it does not work. Somehow, sane/xscan is not finding the device by scanning for it, which seems to be what is needed, since xscan seems to be ignoring SANE_DEFAULT_DEVICE, if the device is not found first by scanning for it. > > Every time I install a newer version of CentOS (now Linux rwells-cts > 2.6.18-128.7.1.el5.centos.plus #1 SMP Mon Aug 24 10:03:38 EDT 2009 > x86_64 x86_64 x86_64 GNU/Linux) on a Lenovo X200 Thinkpad this scanner > setup is a real > PITA. > Any way I am looking forward to anything you learn as we go forward. > > cheers, > roger wells > -- Robert Heller -- 978-544-6933 Deepwo
Re: [CentOS] Problems getting scanner to work from xsane (from Gnome Menu or GIMP)
Robert Heller wrote: > We have a networked HP OfficeJet All-In-One. I have the scanner working > with the CentOS 5.3, except xsane is ignoring SANE_DEFAULT_DEVICE. > scanimage does however take this environment variable just fine: > > server1.wendellfreelibrary.org% scanimage -L > > No scanners were identified. If you were expecting something different, > check that the scanner is plugged in, turned on and detected by the > sane-find-scanner tool (if appropriate). Please read the documentation > which came with this software (README, FAQ, manpages). > default device is `hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253' > server1.wendellfreelibrary.org% scanimage -T > scanimage: scanning image of size 638x1125 pixels at 24 bits/pixel > scanimage: acquiring RGB frame, 8 bits/sample > scanimage: reading one scanline, 1914 bytes... PASS > scanimage: reading one byte... PASS > scanimage: stepped read, 2 bytes... PASS > scanimage: stepped read, 4 bytes... PASS > scanimage: stepped read, 8 bytes... PASS > scanimage: stepped read, 16 bytes...PASS > scanimage: stepped read, 32 bytes...PASS > scanimage: stepped read, 64 bytes...PASS > scanimage: stepped read, 128 bytes... PASS > scanimage: stepped read, 256 bytes... PASS > scanimage: stepped read, 512 bytes... PASS > scanimage: stepped read, 1024 bytes... PASS > scanimage: stepped read, 2048 bytes... PASS > scanimage: stepped read, 2047 bytes... PASS > scanimage: stepped read, 1023 bytes... PASS > scanimage: stepped read, 511 bytes... PASS > scanimage: stepped read, 255 bytes... PASS > scanimage: stepped read, 127 bytes... PASS > scanimage: stepped read, 63 bytes...PASS > scanimage: stepped read, 31 bytes...PASS > scanimage: stepped read, 15 bytes...PASS > scanimage: stepped read, 7 bytes... PASS > scanimage: stepped read, 3 bytes... PASS > server1.wendellfreelibrary.org% echo "$SANE_DEFAULT_DEVICE" > hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253 > > xsane just pops up a little window "scanning for devices", the "no > devices available". > > I believe I have things properly setup with cups: > > In /etc/cups/printers.conf: > > > Info > Location Printer Area > #DeviceURI socket://192.168.1.253:9100 > DeviceURI hp:/net/Officejet_Pro_L7700?ip=192.168.1.253 > State Idle > StateTime 1211313246 > Accepting Yes > Shared Yes > JobSheets none none > QuotaPeriod 0 > PageLimit 0 > KLimit 0 > OpPolicy default > ErrorPolicy retry-job > > > > I am very interested in this problem as I seem to have it myself. My Printer/Scanner is HPc6180. Do you have HPLIP installed? The version that comes with CentOS is so old that (1.67, I think) that if you have a printer newer than about four years old it won't be supported. I seem to be able to fake the printing part by selecting another printer that should be similar. The scanning part however is not so simple it seems. I installed HPLIP version 3.9.8 and after a grueling effort to satisfy the dependencies, except for dbus-python or python-dbus, it seems to be referred to both ways. HPLIP still claims that it is not installed even though it is. Perhaps my version, although up to date according to yum, is too old. In any case my printer is supported and I was able to scan one frame and then it never worked again. On any attempt to scan xsane puts up a dialog that says "Failed to open device 'v4l:/dev/video': Invalid argument" and then quits. That device I think is the camera which was there and working fine when the single scan succeeded. My Windows XP computer is able to scan so I am confident that the printer hardware is not at fault. Every time I install a newer version of CentOS (now Linux rwells-cts 2.6.18-128.7.1.el5.centos.plus #1 SMP Mon Aug 24 10:03:38 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux) on a Lenovo X200 Thinkpad this scanner setup is a real PITA. Any way I am looking forward to anything you learn as we go forward. cheers, roger wells -- Roger Wells, P.E. SAIC 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.we...@saic.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
Hi All, > I've also looked at Vyatta, and heard good things about pfsense. Some have also recommended IPcop or pfsense. Has anyone used Untangle? http://www.untangle.com/ What are the differences between these... -ML ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
On 1 Oct 2009, at 21:56, ML wrote: > So I am wanting to build a firewall to front end my traffic. Assign > one of my statics to it and have Comcast statically route my traffic > to this IP. You don't need to do this. You can run all the IPs on the firewall box, and route them to machines on a private subnet behind the firewall. > Can anyone offer advice? I've had good results doing what you describe - but it's fairly slow to get it up and running and the process is very detail oriented, and you end up having to do quite a bit of spadework to get a config that is as hardened and reliable as a commercial firewall product. There are some reasonable graphical tools that can help you. The one I've used is fwbuilder (http://www.fwbuilder.org/). I've also looked at Vyatta, and heard good things about pfsense. S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
On Thursday 01 October 2009 16:56, ML wrote: > I have a home business circuit and I am gearing up to host my business > affairs in my place. I have Comcast and 13 static IP's. > > I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. If you can, I would place a 3rd NIC into this device and use it for a DMZ and place all servers into that space keeping the internet facing server away from everything else. A lot easier to control thing. I have a box here with 4 NICs working nicely. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
ML wrote: > Can anyone offer advice? > pfSense. can even boot it off a CD and use a USB flash stick for configuration storage so you don't need a hard drive. or boot it off a 128MB CF card. doesn't need a display after initial setup (actually, can even be configured with a serial terminal in a truly embeded configuration). once its up and running, its configured via web browser. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
On Thu, Oct 1, 2009 at 4:02 PM, Max Hetrick wrote: > ML wrote: > >> I used to work with PIX 525's so I have knowledge, I just dont quite >> know how to do this with CentOS and such. >> >> Can anyone offer advice? > > > Nothing against CentOS, but if this is going to be a dedicated firewall, > have you thought of using an appliance type OS/application? > +1 Check Pfsense, it has something too offer too... -- Linux User #452368 http://twitter.com/vpadro "Everything that irritates us about others can lead us to an understanding of ourselves" ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
Not that it's incredibly difficult to do by hand, but it is a complex undertaking fraught with some risk in doing it wrong. I believe you'd be much better served looking at some of the firewall applications out there, such as IPCop or Smoothwall. Another one to look at is Shorewall (http://www.shorewall.net/), which is not configured via Web GUI, but is purely text configuration. I've used Shorewall for several years and like it a lot... Tom Eastep did a pretty good job. -Alan ML wrote: > Hi All, > > I have a home business circuit and I am gearing up to host my business > affairs in my place. I have Comcast and 13 static IP's. > > I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. > > So I am wanting to build a firewall to front end my traffic. Assign > one of my statics to it and have Comcast statically route my traffic > to this IP. Then when traffic comes have it decide if it is allowed or > not and if allowed pass it to the right server based upon the rules. > > I used to work with PIX 525's so I have knowledge, I just dont quite > know how to do this with CentOS and such. > > Can anyone offer advice? > > Best, > -Jason > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
You don't need to have Comcast route all traffic to that IP. You just need to put two NICs in the server and place it between Comcast and your servers. Then using iptables you can configure CentOS to deny / allow traffic to IPs on specific ports. I know this is a CentOS list, but if you want something with a webGUI have a look at pfSense. I use this in front of my CentOS servers. Ryan On Thu, Oct 1, 2009 at 4:56 PM, ML wrote: > Hi All, > > I have a home business circuit and I am gearing up to host my business > affairs in my place. I have Comcast and 13 static IP's. > > I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. > > So I am wanting to build a firewall to front end my traffic. Assign > one of my statics to it and have Comcast statically route my traffic > to this IP. Then when traffic comes have it decide if it is allowed or > not and if allowed pass it to the right server based upon the rules. > > I used to work with PIX 525's so I have knowledge, I just dont quite > know how to do this with CentOS and such. > > Can anyone offer advice? > > Best, > -Jason > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
ML wrote: > I used to work with PIX 525's so I have knowledge, I just dont quite > know how to do this with CentOS and such. > > Can anyone offer advice? Nothing against CentOS, but if this is going to be a dedicated firewall, have you thought of using an appliance type OS/application? I've heard a lot of good things about IPCop. Here at my place of employment we run Vyatta. They have a community edition. Just a thought. Regards, Max ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Build a Firewall (Can I learn to do this...)
Hi All, I have a home business circuit and I am gearing up to host my business affairs in my place. I have Comcast and 13 static IP's. I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. So I am wanting to build a firewall to front end my traffic. Assign one of my statics to it and have Comcast statically route my traffic to this IP. Then when traffic comes have it decide if it is allowed or not and if allowed pass it to the right server based upon the rules. I used to work with PIX 525's so I have knowledge, I just dont quite know how to do this with CentOS and such. Can anyone offer advice? Best, -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems getting scanner to work from xsane (from Gnome Menu or GIMP)
We have a networked HP OfficeJet All-In-One. I have the scanner working with the CentOS 5.3, except xsane is ignoring SANE_DEFAULT_DEVICE. scanimage does however take this environment variable just fine: server1.wendellfreelibrary.org% scanimage -L No scanners were identified. If you were expecting something different, check that the scanner is plugged in, turned on and detected by the sane-find-scanner tool (if appropriate). Please read the documentation which came with this software (README, FAQ, manpages). default device is `hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253' server1.wendellfreelibrary.org% scanimage -T scanimage: scanning image of size 638x1125 pixels at 24 bits/pixel scanimage: acquiring RGB frame, 8 bits/sample scanimage: reading one scanline, 1914 bytes... PASS scanimage: reading one byte... PASS scanimage: stepped read, 2 bytes... PASS scanimage: stepped read, 4 bytes... PASS scanimage: stepped read, 8 bytes... PASS scanimage: stepped read, 16 bytes...PASS scanimage: stepped read, 32 bytes...PASS scanimage: stepped read, 64 bytes...PASS scanimage: stepped read, 128 bytes... PASS scanimage: stepped read, 256 bytes... PASS scanimage: stepped read, 512 bytes... PASS scanimage: stepped read, 1024 bytes... PASS scanimage: stepped read, 2048 bytes... PASS scanimage: stepped read, 2047 bytes... PASS scanimage: stepped read, 1023 bytes... PASS scanimage: stepped read, 511 bytes... PASS scanimage: stepped read, 255 bytes... PASS scanimage: stepped read, 127 bytes... PASS scanimage: stepped read, 63 bytes...PASS scanimage: stepped read, 31 bytes...PASS scanimage: stepped read, 15 bytes...PASS scanimage: stepped read, 7 bytes... PASS scanimage: stepped read, 3 bytes... PASS server1.wendellfreelibrary.org% echo "$SANE_DEFAULT_DEVICE" hpaio:/net/Officejet_Pro_L7700?ip=192.168.1.253 xsane just pops up a little window "scanning for devices", the "no devices available". I believe I have things properly setup with cups: In /etc/cups/printers.conf: Info Location Printer Area #DeviceURI socket://192.168.1.253:9100 DeviceURI hp:/net/Officejet_Pro_L7700?ip=192.168.1.253 State Idle StateTime 1211313246 Accepting Yes Shared Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 OpPolicy default ErrorPolicy retry-job -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software-- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database hel...@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asterisk and VOIP was Re: CentOS for non-tech user
Ron Blizzard wrote: On Wed, Sep 30, 2009 at 5:15 PM, Brian Mathis wrote: "Not connected to the Internet", and "not connected to a LAN" are very different things. I doubt VOIP would work if the server was not connected to a LAN. There could be quite a few things on the LAN, depending on it's size, such as viruses, malware, and even users doing scans of the network. Don't assume that "out there" is insecure, and "in here" is secure. That's one of the biggest mistakes to make when creating a secure environment. You're right. I was thinking like a phone tech -- that the VOIP system's wiring was still separate from the regular LAN. Just to set your minds at ease (or not). I have a separate D-Link switch that does PoE (to power the snom phones) and vlans and set it up so that all the phones are on one vlan called VOIP. The * server single eth0 is also on this vlan, but does also belong to the rest of the office on another vlan called LAN. So - the snom phones (linux based) can only see the * server. The * server can see the rest of the LAN - so in theory anyone on the local LAN can scan and see the CentOS based * server. We are however a very small office and I get to see all connected PCs in action. As I have some questions about SIP security I was not prepared to have the snom phones in any way being accessible to / from the LAN (let alone the internet). Tks for comments and suggestions. Rob <>___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS for boot.kernel.org
Hey Is there an initiative to get CentOS to work with boot.kernel ? Cheers Didi My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
On Thu, Oct 01, 2009 at 01:35:20PM -0400, Robert Heller wrote: > At Thu, 01 Oct 2009 10:13:26 -0400 CentOS mailing list > wrote: > > So what you're saying is something is mounted on to a directory that had > > data in it before the mount. How do I see the data being hidden without > > unmounting the point? > > You can't. You must unmount. You should be able to do this from Two options: 1) Try a bind mount to rebind the parent 2) NFS export the parent; NFS exports typically don't cross mount points and show the underlying filesystem -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Antwort: Re: du vs df size difference
Robert Heller schrieb am 01.10.2009 19:35:20: > At Thu, 01 Oct 2009 10:13:26 -0400 CentOS mailing list > wrote: > > > > > Peter Kjellstrom wrote: > > > One possibility is that the missing data is hiding under a > mount-point in the > > > normal case. > > > > > > /Peter > > > > So what you're saying is something is mounted on to a directory that had > > data in it before the mount. How do I see the data being hidden without > > unmounting the point? > > You can't. You must unmount. You should be able to do this from > single user mode if the file system cannot be unmounted under multiuser > mode (eg /usr, /var, etc.). Usually other mount points can be > unmounted, but depends on what is running on the system at the time. > Unmounting /home would require that you kick all users off for example, > unmounting /var/www would require stopping apache, etc. This is absolutely untested but it could work: mount / to /mnt and delete the data from there. Dig into mount(8) and test this somewhere outside the production area: --bind Remount a subtree somewhere else (so that its contents are available in both places). See above. But again, this is untested and nothing more but a wild guess. Frank. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
Robert Heller wrote: > You can't. You must unmount. You should be able to do this from > single user mode if the file system cannot be unmounted under multiuser > mode (eg /usr, /var, etc.). Usually other mount points can be > unmounted, but depends on what is running on the system at the time. > Unmounting /home would require that you kick all users off for example, > unmounting /var/www would require stopping apache, etc. > I mounted the partition to a directory under /mnt (simultaneously) and was able to see the hidden files. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
At Thu, 01 Oct 2009 10:13:26 -0400 CentOS mailing list wrote: > > Peter Kjellstrom wrote: > > One possibility is that the missing data is hiding under a mount-point in > > the > > normal case. > > > > /Peter > > So what you're saying is something is mounted on to a directory that had > data in it before the mount. How do I see the data being hidden without > unmounting the point? You can't. You must unmount. You should be able to do this from single user mode if the file system cannot be unmounted under multiuser mode (eg /usr, /var, etc.). Usually other mount points can be unmounted, but depends on what is running on the system at the time. Unmounting /home would require that you kick all users off for example, unmounting /var/www would require stopping apache, etc. > > Thanks, > > Ryan > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reply to ICMP echo request (type 8) on different (ethernet) interface
On Thu, Oct 1, 2009 at 2:02 PM, Timo Schoeler wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi list, > > I have a weird (?) problem here on a setup running CentOS 5.3 x86_64 > (and OpenVZ, and some home-brew L2TP daemons, RIPd, BGPd, etc). > > There's a (VE in OpenVZ speak) virtual machine that has two ethernet > interfaces, seen as eth0 and eth1, respectively. Those live in VLANs, > but it's not important here. > > The thing is that on eth1 the default route lives, while on eth0 all > traffic comes in. > > So, sending a ping to the IP address of eth0 tcpdump shows that the echo > request (type 8) packet arrives on the machine. However, the machine > does _not_ send an echo reply (type 0) back to the machine that pings > eth0, maybe because it would have to emerge from eth1. > > One exception (an obvious one) is that IPs on the /29 where eth0 lives > on _can_ ping eth0 and receive an answer -- this is because the packets > don't have to take 'the default route', which lives on the other > interface, eth1. > > This seems to me like decent behaviour. > > However, I really need eth0 to be able to be pinged from the outside > world, it's totally okay for me that eth1 would 'answer' and send the > echo replies instead of eth0. > > Is there anything I can tweak (via sysctl or whatever)? > You need a way to tell that packets originating from eth0 destined outside should be routed to eth0. This thread should help: http://lists.centos.org/pipermail/centos/2009-January/070828.html Giovanni P. Tirloni tirl...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Printing problems with Firefox
I have been having problems printing web pages with Firefox under CentOS 4.8: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009091009 CentOS/3.0.14-1.el4.centos Firefox/3.0.14 What happens is that some of the text is 'scrambled' (looks like somehow something is messed up with the font encoding of whatever font is being used). Sometimes the postscript (or PDF) code being generated is broken (the ghostscript print filter crashes because the postscript is broken or incomplete. For one page I get the console message "could not load glyph 321". When I print to a file and select 'PDF' format, I get sometimes PDF files that ghostview (gv-3.6.2-2.el4)/ghostscript (ghostscript-7.07-33.11.el4) find errors with. Xpdf (xpdf-3.00-20.el4) also does not like these PDF files (lots of errors of various sorts). Even Adobe's acroread does not like them sometimes. Sometimes, with enough fussing with I can get the PDF files to print. Sometimes I end up taking a screen shot with gimp of the Adobe acroread window and print that. :-( I have done two things: 1) Created a fresh profile and re-populated with my bookmarks, passwords, and addons. No difference. 2) Created a fresh profile and did not re-populate with with anything (basically a 'vanila' profile). I still have problems. It appears that there is some system setting or some package I have loaded (I have a bunch of packages from rpmforge and epel installed). I also have some extra fonts installed. I am not sure what the problem is. I have Seamonkey installed and Seamonkey *seems* to print at least some pages properly (not extensively tested). I like firefox and have it all setup the way I like. Everything *except* printing works just fine. Firefox *used* to print just fine. I *think* the problem with printing started with Firefox 3.0., but I am not sure exactly. Oh, I *don't* run either the Gnome or KDE desktop environment -- I use a plain window manager only (FVWM in MWM mode). -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Reply to ICMP echo request (type 8) on different (ethernet) interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I have a weird (?) problem here on a setup running CentOS 5.3 x86_64 (and OpenVZ, and some home-brew L2TP daemons, RIPd, BGPd, etc). There's a (VE in OpenVZ speak) virtual machine that has two ethernet interfaces, seen as eth0 and eth1, respectively. Those live in VLANs, but it's not important here. The thing is that on eth1 the default route lives, while on eth0 all traffic comes in. So, sending a ping to the IP address of eth0 tcpdump shows that the echo request (type 8) packet arrives on the machine. However, the machine does _not_ send an echo reply (type 0) back to the machine that pings eth0, maybe because it would have to emerge from eth1. One exception (an obvious one) is that IPs on the /29 where eth0 lives on _can_ ping eth0 and receive an answer -- this is because the packets don't have to take 'the default route', which lives on the other interface, eth1. This seems to me like decent behaviour. However, I really need eth0 to be able to be pinged from the outside world, it's totally okay for me that eth1 would 'answer' and send the echo replies instead of eth0. Is there anything I can tweak (via sysctl or whatever)? TIA, Timo -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFKxOC0O/2mgkVVV7kRAgjGAJ9B292FpBzUSS3rpUcZgPE+utWn5wCglptc dNUSD4i4iF4KaAiG1+jFdeg= =QTM+ -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
Ryan Pugatch wrote: > So what you're saying is something is mounted on to a directory that had > data in it before the mount. How do I see the data being hidden without > unmounting the point? > > Thanks, > > Ryan After thinking about this, I realized I could mount the partition to another point and then see what was being hidden under the mount point. I found 12G of data under one point. This explains the discrepancy. That solves the problem. Thank you all for your advice. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
Peter Kjellstrom wrote: > One possibility is that the missing data is hiding under a mount-point in the > normal case. > > /Peter So what you're saying is something is mounted on to a directory that had data in it before the mount. How do I see the data being hidden without unmounting the point? Thanks, Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: dmidecode data - what is maximum RAM capacity of this box?
On Wed, Sep 30, 2009 at 4:09 PM, nate wrote: > Lanny Marcus wrote: >> In Timo's thread about RAM today, I noticed dmidecode and I got the >> data for my Dell Dimension 2400 (Celeron CPU) box, which is below. I > > You running the latest bios for the system? > > According to dell 2GB is the max > > http://support.dell.com/support/edocs/systems/dim2400/en/sm_en/specs.htm And also according to Crucial.com 2 GB is the maximum. Nate: I just sent an email to the lady in Dell Latin America in Austin, TX who has helped us for the past 12 years. Naturally, she is away on vacation until the 12th and the guy who is covering for her is out of the office today. :-)Hopefully he will Forward the email I just sent, to someone who can check this out and give me the correct data. In fairness to Dell Latin America, I found an email from them (28 Feb 2005) where it states the max. is 1 GB, but that I needed to have the same amount of memory in each slot. It had 256 MB, so I bought another 256 MB DIMM at that time, knowing that 1 GB was the maximum RAM capacity. I'd forgotten that. I asked them to let me know if there's a later BIOS available, with larger RAM capacity and if so, where I get that and the installation instructions. Thanks again, for your time and research! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vncviewer and IPv6
I have a host that I have been accessing with vncviewer via its fqdn that had only an IPv4 A record. I just added a IPv6 record, and vncviewer via fqdn stopped working. But worked when I provided the IPv4 address instead. It LOOKS like vncviewer is trying the IPv6 address, eventhough all documentation indicates that it does not support IPv6. Definitely my server is only listening on the IPv4 interface. SSH has a nice -4 option to force using IPv4; there is no similar option for vncviewer. Does anyone have any idea on how to enforce IPv4 usage for IPv6-dead vncviewer? Yes, I DO want IPv6 on this server ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Enterprise IPA (Identity, Policy, and Audit) Server
On 10/01/2009 07:22 AM, Miguel Di Ciurcio Filho wrote: > Johnny Hughes wrote: >> >> I forgot to mention that the CentOS Directory Server is already part of >> the regular CentOS Extras repository, and should install from there as a >> dependency for CentOS EIPA >> > > Good to know! I was thinking that is was still available on testing > repository. > > By the way, any position about this issue? > http://bugs.centos.org/view.php?id=3719 I am not the lead guy for the Directory Server (hi Tim :D) ... however, my feeling on that bug is that you need to get Red Hat to do it that way and not to have us do it. Our goal is to make it just like upstream does it ... At least that is my initial take. Now, if upstream does release it that way and we somehow did not make it the same, then that is a different issue, and we will correct it. But I would think that is unlikely. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Enterprise IPA (Identity, Policy, and Audit) Server
Johnny Hughes wrote: > > I forgot to mention that the CentOS Directory Server is already part of > the regular CentOS Extras repository, and should install from there as a > dependency for CentOS EIPA > Good to know! I was thinking that is was still available on testing repository. By the way, any position about this issue? http://bugs.centos.org/view.php?id=3719 Regards, Miguel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any known problems with kernel-2.6.18-164.el5.x86_64 / x86_64 / 3ware?
Hi, So far after the downgrade of the kernel I've been able to surpass the last uptime (2 days). Perhaps too soon to say but it seems that the kernel is indeed responsible for that. The problem is that a new kernel was released yesterday by RH and I could not find any evidence that it has solved this issue. Does anybody have better info? Regards. On Tue, Sep 29, 2009 at 7:39 AM, mbneto wrote: > Hi John, > > Yes I am running nfs4 (NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 > state recovery directory). > > I'll try to boot with the previous kernel but the bugs mentioned reports > problems while using the nfs. In my case I get no error messages from nfs > as I can mount/read/write from the nfsclient to this server. > > Regards. > > > Hi >> >> Are you using nfs4 ? >> >> Could it be the fact that nfs4 does not work with this kernel ? >> >> This bit me hard >> Revert to the previous kernel or use nfs3 >> >> http://bugs.centos.org/view.php?id=3840 >> https://bugzilla.redhat.com/show_bug.cgi?id=524520 >> >> John >> >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
On Wed, Sep 30, 2009 at 06:30:08PM -0400, Ryan Pugatch wrote: > > > Luciano Rocha wrote: > > > Do this: > > mount /dev/xvda3 /mnt > > du -hc /mnt > > > > And see if you can find the other 12GB. > > > > I usually do: > > du -mc --max-depth 2 /mnt | sort -n > > > > Though I've recently learned: > > du -hc --max-depth 2 /mnt | sort --human-readable or some such, but that > > requires a very recent coreutils installation. > > > > > That's interesting.. du is showing the same amount as df when I do this. > I wonder why.. There's some data hidden by mount points. Check your mount points, /home, etc., and there's probably old data there that may be removed. -- lfr 0/0 pgpfXLfBXeQzf.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] du vs df size difference
On Thursday 01 October 2009, Ryan Pugatch wrote: > Florin Andrei wrote: > > Last time I saw this issue, no sparse files, nothing legit, it was a > > corrupted FS. :( > > Well, if I mount to another directory the size is right. My next step > will be to fsck probably. One possibility is that the missing data is hiding under a mount-point in the normal case. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS for non-tech user
> > On 09/29/2009 09:21 AM, Geoff Galitz wrote: > > Ubuntu has the LTS releases, which are long term stable releases. They > are > > supported for five years after release. > > you might want to look into exactly what is ubuntu-support and how that > compares with what you get with CentOS. Its not nearly the same thing. > To an extent that LTS is mostly considered a nonstarter in most > very > small business. Specially where the client is in a position to evaluate > their options and work out the implications of what they are getting. It > always surprises me how many are not. Would you mind elaborating on your views on that? I did some basic research on the LTS offerings and I don't see any significant differences with the exception of porting elements from Debian testing. What constitutes real LTS in your view? -geoff - Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asterisk and VOIP was Re: CentOS for non-tech user
Chan Chung Hang Christopher wrote: >> Ah, well, if you want to keep the landlines, then yeah, I guess asterisk is the way to go. If your goal is to replace keyline systems, then asterisk definitely has that kind of support which, it appears, even Cisco's solution does not (from the mouth of Datacraft Asia personnel selling the school Cisco's voip solution). << I replaced our PBX with an Asterisk box and Snom VoIP phones for just this reason. All calls are made over POTS lines, although I did have it working over IAX2 with FreeWorldDialup back when they offered a free service. The functionality is significantly better than the old PBX, with a menu system to connect callers to the right extension during business hours, conferencing, voicemail with forwarding by email, etc. I have an OpenVPN connection from my desktop machine at the university where I work back to my home office LAN and can use a softphone to answer my home phone while at the office, etc. Quite neat. I've even programmed it to fetch the area weather forecast and read it out when you dial one extension. This has been much more useful than I expected - when I get sales calls from people I really don't want to deal with, I just say, "Please hold the line - I'm going to transfer you to the right person" and then transfer the call to the weather forecast. The sales person now gets what sounds like Stephen Hawking reading them the weather. Easily the best use for Asterisk ever. My setup is running on Centos 4.8 and has been a breeze to maintain. Nothing is exposed to the outside world, so I haven't felt pressured to apply updates, etc. However, I did do a little experimenting and found that it's remarkably easy to record calls using Cain+Abel to conduct an ARP cache poisoning attack between any phone and the Asterisk server. The only defences against this are to implement SRTP (Secure Real-Time Protocol), but last time I looked, this required SIP over TCP, which Asterisk did not support (not to mention having to set up a PKI and issue certs to the phones), or the much simpler control of ensuring that all phones are on a separate VLAN from the computers. For any reasonable-sized setup this isn't too hard to achieve as you may well want to buy a PoE switch to power the phones (wall warts are a PITA). There's also an excellent publication on VoIP in the NIST 800-series Special Publications, which is worth looking at. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
