Re: [CentOS-docs] Broadcom's BCM4311-, BCM4312-, BCM4321-, and BCM4322-based hardware install manual
Hi, this looks fine for me, thanks for your efforts! I don't have the laptop with the Broadcom card here but I'll test your procedure point by point in a few days when I'll upgrade the kernel there. Just one remark: I had to deactivate the 'network' service and activate the 'NetworkManager' service in order to easily have wireless working. I also do the them on my other laptop (which thankfully doesn't have a Broadcom card :). Is there another (simple) way? Or should this be added somewhere as well? Cheers, Mathieu On Fri, Dec 18, 2009 at 01:40, Milos Blazevic milos.blaze...@sbb.rs wrote: Hi all, consider the manual completed. It's still only published as a draft on my CentOS Wiki homepage http://wiki.centos.org/MilosBlazevic?action=show so I was hoping for some additional critical input and comments (if you find any typos, anything I missed, suggestions ...) before actually publishing this manual on the Making wireless work page. Alan has already given some very nice remarks and suggestions which I happily followed and incorporated. Thanks Alan! Also, do you think this should be published on http://wiki.centos.org/HowTos/Laptops/Wireless or a separate page linked to the former? Regards, Milos -- * * ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2009:1671 Important CentOS 4 i386 kernel - security and bug fix update
CentOS Errata and Security Advisory CESA-2009:1671 kernel security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1671.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/kernel-2.6.9-89.0.18.EL.i586.rpm updates/i386/RPMS/kernel-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.0.18.EL.i586.rpm updates/i386/RPMS/kernel-devel-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.0.18.EL.i586.rpm updates/i386/RPMS/kernel-smp-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.0.18.EL.i586.rpm updates/i386/RPMS/kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-xenU-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm updates/i386/RPMS/kernel-doc-2.6.9-89.0.18.EL.noarch.rpm source: updates/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update kernel\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpccMzXuDT4Z.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1671 Important CentOS 4 x86_64 kernel - security and bug fix update
CentOS Errata and Security Advisory CESA-2009:1671 kernel security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1671.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/kernel-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-doc-2.6.9-89.0.18.EL.noarch.rpm updates/x86_64/RPMS/kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm updates/x86_64/RPMS/kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm source: updates/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update kernel\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpUO0l3CEJVm.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1673 Critical CentOS 4 i386 seamonkey - security update
CentOS Errata and Security Advisory CESA-2009:1673 seamonkey security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1673.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/seamonkey-1.0.9-51.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-chat-1.0.9-51.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-devel-1.0.9-51.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-dom-inspector-1.0.9-51.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-js-debugger-1.0.9-51.el4.centos.i386.rpm updates/i386/RPMS/seamonkey-mail-1.0.9-51.el4.centos.i386.rpm source: updates/SRPMS/seamonkey-1.0.9-51.el4.centos.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update seamonkey\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpUulTap2Sx3.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1673 Critical CentOS 4 x86_64 seamonkey - security update
CentOS Errata and Security Advisory CESA-2009:1673 seamonkey security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1673.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/seamonkey-1.0.9-51.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-chat-1.0.9-51.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-devel-1.0.9-51.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-dom-inspector-1.0.9-51.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-js-debugger-1.0.9-51.el4.centos.x86_64.rpm updates/x86_64/RPMS/seamonkey-mail-1.0.9-51.el4.centos.x86_64.rpm source: updates/SRPMS/seamonkey-1.0.9-51.el4.centos.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update seamonkey\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpwxtuTH0Jrs.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1674 Critical CentOS 4 i386 firefox - security update
CentOS Errata and Security Advisory CESA-2009:1674 firefox security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1674.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/firefox-3.0.16-4.el4.centos.i386.rpm source: updates/SRPMS/firefox-3.0.16-4.el4.centos.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update firefox Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpktyVRgP5OU.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1674 Critical CentOS 4 x86_64 firefox - security update
CentOS Errata and Security Advisory CESA-2009:1674 firefox security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1674.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/firefox-3.0.16-4.el4.centos.x86_64.rpm source: updates/SRPMS/firefox-3.0.16-4.el4.centos.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update firefox Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpn8etzcm8GU.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1680 Important CentOS 4 i386 xpdf - security update
CentOS Errata and Security Advisory CESA-2009:1680 xpdf security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1680.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/xpdf-3.00-23.el4_8.1.i386.rpm source: updates/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update xpdf Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgp8gaWv18Uer.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1680 Important CentOS 4 x86_64 xpdf - security update
CentOS Errata and Security Advisory CESA-2009:1680 xpdf security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1680.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/xpdf-3.00-23.el4_8.1.x86_64.rpm source: updates/SRPMS/xpdf-3.00-23.el4_8.1.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update xpdf Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgp8fxkVPLNxv.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1681 Important CentOS 4 i386 gpdf - security update
CentOS Errata and Security Advisory CESA-2009:1681 gpdf security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1681.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/gpdf-2.8.2-7.7.2.el4_8.6.i386.rpm source: updates/SRPMS/gpdf-2.8.2-7.7.2.el4_8.6.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update gpdf Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgp5cUMjX6Hyb.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1682 Important CentOS 4 i386 kdegraphics - security update
CentOS Errata and Security Advisory CESA-2009:1682 kdegraphics security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2009-1682.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/kdegraphics-3.3.1-17.el4_8.1.i386.rpm updates/i386/RPMS/kdegraphics-devel-3.3.1-17.el4_8.1.i386.rpm source: updates/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update kdegraphics\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgp4HgfaXpnWZ.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2009:1682 Important CentOS 4 x86_64 kdegraphics - security update
CentOS Errata and Security Advisory CESA-2009:1682 kdegraphics security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2009-1682.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/kdegraphics-3.3.1-17.el4_8.1.x86_64.rpm updates/x86_64/RPMS/kdegraphics-devel-3.3.1-17.el4_8.1.x86_64.rpm source: updates/SRPMS/kdegraphics-3.3.1-17.el4_8.1.src.rpm You may update your CentOS-4 x86_64 installations by running the command: yum update kdegraphics\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpUbbWKFHxV6.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] Migrar / y /home de ext3 a XFS (Dudas sobre la mejor forma de copiar los datos)
En teoría copie todo desde un Live-CD (se me olvido decirlo) a si que supongo que no debería haber diferencias entre el original y la copia (en cuanto a contenido),al no estar el sistema en uso. No excluí directorios como /dev o /proc u otros directorios que se podrían excluir, y puede que a lo mejor fuera en parte el origen del problema, no lo se. Solo me extrañaban las diferencias entre la copia y el original y el posible hecho de que no se hubiera copiado algo necesario para el uso del sistema. Realmente el usar xfs es debido a que lo recomiendan cuando usas discos duros de estado solido (SSD,solid state disk) y debido a su mayor rendimiento con ficheros grandes. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Ayuda con mysql
tengo problemas con el servicio de mysql y revise los log y me dicen que falta un fichero mysqld.sock Alguien tiene idea como se crea este fichero. Mauricio Yañes Cervantes ® Administrador de Red Escuela Formadora de Trabajadores Sociales de Santiago de Cuba. e_mail: mauri...@efts.uo.edu.cu Tel: 645404 Ext 135 137 -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. For all your IT requirements visit: http://www.transtec.co.uk ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] [OT] Urgent request
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of John R. Dennison Sent: Friday, December 18, 2009 12:00 AM To: John R Pierce Cc: CentOS mailing list Subject: Re: [CentOS] [OT] Urgent request On Thu, Dec 17, 2009 at 02:37:52PM -0800, John R Pierce wrote: what I meant was, without working video, how does he know what the error is? POST beep codes I would think. Yupp, very lo-tech, but quite handy at times like the OP described. Beep-beep-beep-beep. Sound familiar? Bad RAM on video card, or otherwise bad video card. I've seen this plenty on oldish mobo's that more or less all of them were of the MSI variety and with S3 Trio or ATI Rage graphics cards. Bad combo apparantely, but oh-so-popular at the time. OP, although you might not like hearing it, your best bet is probably going to be to try to migrate the data to something more contemporary. More often than not, the motherboard's given up its breath as well. Check any caps, do they look swollen or are even leaking maybe? -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Urgent request
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Thomas Dukes Sent: Friday, December 18, 2009 12:53 AM To: 'CentOS mailing list' Subject: Re: [CentOS] [OT] Urgent request We have backups but its only database files. C-Systems got us good, but its our fault for relying on a 12 year old server. Their newer sytems run on fedora 9 and we may have to bite the bullet for a new server. Maybe we can patch this one up till spring. Fedora?? You're joking, right? This is this a production server? -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Urgent request
On Fri, Dec 18, 2009 at 09:21:32AM +0100, Sorin Srbu wrote: Fedora?? You're joking, right? This is this a production server? Note he mentioned Fedora 9, support for which has been EOL'd how long ago? :( John -- If the world were a village of 100 people 6 people (all in the USA) would own 59% of all the village's wealth, 74 people would share another 39%, and 20 people would share the remaining 2%. -- David Copeland, in Value Earth pgpCkyLxEn60V.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NIS failover
After dealing with a couple of issues with OpenLDAP, I'd say it beats the piss out of NIS all day long. NIS is ancient and decrepit. Hard to believe, but certain very well known organizations refuse to get off NIS for critical and secure systems. Peter On Thu, Dec 17, 2009 at 11:50 AM, John R. Dennison j...@gerdesas.com wrote: On Thu, Dec 17, 2009 at 12:44:54PM -0700, m.r...@5-cent.us wrote: Not one you want to hear: ditch NIS. It's known to have a *lot* of security holes. At the very least, NIS+. Better would be either RH Out of curiousity, can you point me to writeups of known working exploits against current yp-family versions on CentOS? NIS+ is not, the last time I checked, available for Linux; if my understanding is in error I would very much welcome correction. John -- We cannot do everything at once, but we can do something at once. -- Calvin Coolidge (1872-1933), 30th president of the United States ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Peter Serwe http://truthlightway.blogspot.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] i386 and x86_64 packages on an 64bit system after fresh install - why?
Hi, I recetly set up a brand new fres Centos 5.4 64 bit system and found a lot of i386 packages installed along with the x86_64 packages. My questions: Why is this done? May I remove the i386 packages? (rpm -e ) I wanted to update today the installed packages and do get some dep messages: -- Finished Dependency Resolution glibc-2.5-42.i686 from installed has depsolving problems -- Missing Dependency: glibc-common = 2.5-42 is needed by package glibc-2.5-42.i686 (installed) Error: Missing Dependency: glibc-common = 2.5-42 is needed by package glibc-2.5-42.i686 (installed) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles --nodigest The program package-cleanup is found in the yum-utils package. Thanks for any suggestion and best regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gcc version
gcc 4.3 was a technology preview in 5.3. It became 4.4 in 5.4. 4.1.2 is the supported version in 5.x. Laurent. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] google gears on 64 bit centos 5.4?
Google doesn't do it... I have an RPM package for a default firefox profile I deploy to our boxes - that contains a 64bit gears install from somewhere. google linux 64bit gears - there's plenty of places with it compiled to XPI thing it is r3409 or something like that which is most recent working version - 0.5.33 if you need it let me know and I'll mail my XPI 2009/12/18 Dave tdbtdb+cen...@gmail.com tdbtdb%2bcen...@gmail.com On Thu, Dec 17, 2009 at 9:15 AM, James Hogarth james.hoga...@gmail.com wrote: I have google gears installed on our 64bit firefoxes on firefox 3.5.5 in centos 5.4 with flash 10 - all from rpm ;) Works very nicely.. Sorry, I think I am missing something. What is the rpm/package called? So is it i386 installed on x8664, or what? Google's website still claims it requires a 32 bit OS. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Security advice, please
I run chkrootkit daily. For the first time I've got reports of a problem - Checking `bindshell'... INFECTED (PORTS: 1008) The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected- ports-1008/ suggests that this might be a false positive, so I ran 'netstat - tanup' but unlike the report, it wasn't famd on the port. It was tcp0 0 0.0.0.0:10080.0.0.0:* LISTEN 3797/rpc.mountd It looks as though certain services are marked as suspicious when they grab port 1008. I tried to find how to restart the service, but without success, but a reboot put rpc.mountd onto another port, and chkrootkit no longer reports a problem. (I had rebooted last evening after an update including a kernel version.) I think that it really was a false alarm, but I would really like to know how I could restart that service without rebooting. system-config-services didn't do the trick, and I simply didn't know what else to try. In case I meet this again, can you please advise me? Anne -- KDE Community Working Group New to KDE4? - get help from http://userbase.kde.org signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Optimizing CentOS for gigabit firewall
Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets?___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Urgent request
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Sorin Srbu Sent: Friday, December 18, 2009 3:22 AM To: 'CentOS mailing list' Subject: Re: [CentOS] [OT] Urgent request -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Thomas Dukes Sent: Friday, December 18, 2009 12:53 AM To: 'CentOS mailing list' Subject: Re: [CentOS] [OT] Urgent request We have backups but its only database files. C-Systems got us good, but its our fault for relying on a 12 year old server. Their newer sytems run on fedora 9 and we may have to bite the bullet for a new server. Maybe we can patch this one up till spring. Fedora?? You're joking, right? This is this a production server? That's pretty much what I told c-systems on the phone! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NIS failover
On Fri, 18 Dec 2009, Peter Serwe wrote: After dealing with a couple of issues with OpenLDAP, I'd say it beats the piss out of NIS all day long. NIS is ancient and decrepit. Agreed. Hard to believe, but certain very well known organizations refuse to get off NIS for critical and secure systems. Astonishing. -s ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] latest kernel (-164.9.1) not seen by yum
Akemi Yagi wrote: On Thu, Dec 17, 2009 at 8:25 PM, Rob Kampen rkam...@kampensonline.com wrote: I have updated my local repo and see that centos.plus has the new kernel available. yum update does not get it yum clean all and another try and still it does not find it what am I missing?? Check to see if the metadata files are also updated in your local repo. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Duh, no they are not - should have checked, sorry for the noise attachment: rkampen.vcf___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security advice, please
Anne Wilson wrote: I run chkrootkit daily. For the first time I've got reports of a problem - Checking `bindshell'... INFECTED (PORTS: 1008) The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected- ports-1008/ suggests that this might be a false positive, so I ran 'netstat - tanup' but unlike the report, it wasn't famd on the port. It was tcp0 0 0.0.0.0:10080.0.0.0:* LISTEN 3797/rpc.mountd It looks as though certain services are marked as suspicious when they grab port 1008. I tried to find how to restart the service, but without success, but a reboot put rpc.mountd onto another port, and chkrootkit no longer reports a problem. (I had rebooted last evening after an update including a kernel version.) I think that it really was a false alarm, but I would really like to know how I could restart that service without rebooting. system-config-services didn't do the trick, and I simply didn't know what else to try. In case I meet this again, can you please advise me? Anne ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Anne, I believe an nfs restart should do it - you may consider setting rpc to a specific port in /etc/sysconfig/nfs - plenty of comments in the file to help - this is also useful if you firewall and need to use nfs. HTH Rob attachment: rkampen.vcf___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP update?
On Fri, Dec 18, 2009 at 12:37 AM, Christoph Maser c...@financial.com wrote: Am Freitag, den 18.12.2009, 06:42 +0100 schrieb Gilbert Sebenste: Excellent. We're all caught up on updates now, except... I didn't see the NTP update. That's a big one, with an easy denial of sservice attack. Is that planning to be released? I know there was an issue with it for awhile... I did get ntp updates 2 days ago. That was for CentOS-4. The update for CentOS-5 is indeed unavailable as of today. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP update?
On 18/12/09 13:11, Akemi Yagi wrote: That was for CentOS-4. The update for CentOS-5 is indeed unavailable as of today. ntp and conga should both be available at some point today. I need to run some tests first, lets see if I can get those done during my lunch break at work. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security advice, please
From: Anne Wilson cannewil...@googlemail.com I run chkrootkit daily. For the first time I've got reports of a problem - Checking `bindshell'... INFECTED (PORTS: 1008) The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected- ports-1008/ suggests that this might be a false positive, so I ran 'netstat - tanup' but unlike the report, it wasn't famd on the port. It was tcp0 0 0.0.0.0:10080.0.0.0:* LISTEN 3797/rpc.mountd It looks as though certain services are marked as suspicious when they grab port 1008. I tried to find how to restart the service, but without success, but a reboot put rpc.mountd onto another port, and chkrootkit no longer reports a problem. (I had rebooted last evening after an update including a kernel version.) I think that it really was a false alarm, but I would really like to know how I could restart that service without rebooting. system-config-services didn't do the trick, and I simply didn't know what else to try. In case I meet this again, can you please advise me? # grep -l rpc.mountd /etc/init.d/* /etc/init.d/nfs # man rpc.mountd | grep -C 1 bind -p or --port num Force rpc.mountd to bind to the specified port num, instead of using the random port number assigned by the portmapper. random port... 1008 seems to be associated with a trojan (lion)... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i386 and x86_64 packages on an 64bit system after fresh install - why?
Akemi Yagi schrieb: On Fri, Dec 18, 2009 at 1:12 AM, Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de wrote: Hi, I recetly set up a brand new fres Centos 5.4 64 bit system and found a lot of i386 packages installed along with the x86_64 packages. My questions: Why is this done? May I remove the i386 packages? (rpm -e ) The answer is in the FAQ :) http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9 :-) Thanks *kotau* /Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium Geschäftsführer: Prof. Thomas Schadt ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP update?
On Fri, 18 Dec 2009, Karanbir Singh wrote: On 18/12/09 13:11, Akemi Yagi wrote: That was for CentOS-4. The update for CentOS-5 is indeed unavailable as of today. ntp and conga should both be available at some point today. I need to run some tests first, lets see if I can get those done during my lunch break at work. - KB Thanks, Karanbir. Hey, you and the CentOS team have a wonderful Christmas and a happy new year. And as always, thank you and the team so much for all your hard work again this year! Take care. Gilbert *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fetchmail question
Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
On Fri, December 18, 2009 10:29 am, Davy Leon wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David __ POP3 is the way to go for this situation. Its also a bit easier to use than IMAP. Bo Lynch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
Actually I'm using POP3, but just looking for improvements in speed. Plus, fetchm,ail doesn't allow fetch more than one account at a time, and it's kind slow in the secure handshaking. There is another package should I explore using it to improve speed? Thanks for your answer David - Original Message - From: Brian Mathis brian.mat...@gmail.com To: CentOS mailing list centos@centos.org Sent: Friday, December 18, 2009 10:27 AM Subject: Re: [CentOS] Fetchmail question On Fri, Dec 18, 2009 at 10:29 AM, Davy Leon d...@scu.escambray.com.cu wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David Not sure I could say which is faster, but POP3 is more simple and is intended for what you are doing. IMAP is meant to have all messages stored on the server and thus supports folders and other more advanced features. Based on what you are trying to accomplish, I would use POP3. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
You can configure fetchmail to grab email from more than one server - I'm doing that now at home. I have a workstation VM that runs fetchmail - one to pull mail from my mailserver and the other from Road Runner - one config file, 2 different remote email accounts - 1 local user account... On Fri, 18 Dec 2009, Davy Leon wrote: Actually I'm using POP3, but just looking for improvements in speed. Plus, fetchm,ail doesn't allow fetch more than one account at a time, and it's kind slow in the secure handshaking. There is another package should I explore using it to improve speed? Thanks for your answer David - Original Message - From: Brian Mathis brian.mat...@gmail.com To: CentOS mailing list centos@centos.org Sent: Friday, December 18, 2009 10:27 AM Subject: Re: [CentOS] Fetchmail question On Fri, Dec 18, 2009 at 10:29 AM, Davy Leon d...@scu.escambray.com.cu wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David Not sure I could say which is faster, but POP3 is more simple and is intended for what you are doing. IMAP is meant to have all messages stored on the server and thus supports folders and other more advanced features. Based on what you are trying to accomplish, I would use POP3. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Scot P. Floess 27 Lake Royale Louisburg, NC 27549 252-478-8087 (Home) 919-890-8117 (Work) Chief Architect JPlate http://sourceforge.net/projects/jplate Chief Architect JavaPIM http://sourceforge.net/projects/javapim Architect Keros http://sourceforge.net/projects/keros ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
[Top post moved to bottom] On Fri, Dec 18, 2009 at 10:39 AM, Davy Leon d...@scu.escambray.com.cu wrote: - Original Message - From: Brian Mathis brian.mat...@gmail.com To: CentOS mailing list centos@centos.org Sent: Friday, December 18, 2009 10:27 AM Subject: Re: [CentOS] Fetchmail question On Fri, Dec 18, 2009 at 10:29 AM, Davy Leon d...@scu.escambray.com.cu wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David Not sure I could say which is faster, but POP3 is more simple and is intended for what you are doing. IMAP is meant to have all messages stored on the server and thus supports folders and other more advanced features. Based on what you are trying to accomplish, I would use POP3. Actually I'm using POP3, but just looking for improvements in speed. Plus, fetchm,ail doesn't allow fetch more than one account at a time, and it's kind slow in the secure handshaking. There is another package should I explore using it to improve speed? Thanks for your answer David You could probably make different fetchmailrc files for each account you have, and then use the -f option to read each separate file. Then launch multiple fetchmail processes for each account. That would allow you to fetch multiple accounts at once. As for gaining additional speed, it sounds like you may be using the wrong solution to accomplish something that you have not yet explained. High speed is typically not the main goal of email in general. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] unverified files in 5.4
On Friday 18 December 2009, ken wrote: Hey, Gang! To ensure that a file hasn't been corrupted or tampered with, you can use rpm to verify the package it came from. Well, I found this: rpm -Vv util-linux /usr/bin/cal S.?./usr/bin/chfn /usr/bin/chrt S.?./usr/bin/chsh I didn't see this on a clean install, but.. S means size differs from rpmdb entry, ? means the md5sum test could not be done. I'm guessing interference from prelink. If you can, turn it off(*) and re-run the test. (*) change to PRELINKING=no in /etc/sysconfig/prelink and run /etc/cron.daily/prelink. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
You can definitely use the -f option to fetchmail. But the neat thing is, you can supply multiple accounts - and multiple local users. For me I supply 2 different pop servers and one local user - works great. On Fri, 18 Dec 2009, Brian Mathis wrote: [Top post moved to bottom] On Fri, Dec 18, 2009 at 10:39 AM, Davy Leon d...@scu.escambray.com.cu wrote: - Original Message - From: Brian Mathis brian.mat...@gmail.com To: CentOS mailing list centos@centos.org Sent: Friday, December 18, 2009 10:27 AM Subject: Re: [CentOS] Fetchmail question On Fri, Dec 18, 2009 at 10:29 AM, Davy Leon d...@scu.escambray.com.cu wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David Not sure I could say which is faster, but POP3 is more simple and is intended for what you are doing. IMAP is meant to have all messages stored on the server and thus supports folders and other more advanced features. Based on what you are trying to accomplish, I would use POP3. Actually I'm using POP3, but just looking for improvements in speed. Plus, fetchm,ail doesn't allow fetch more than one account at a time, and it's kind slow in the secure handshaking. There is another package should I explore using it to improve speed? Thanks for your answer David You could probably make different fetchmailrc files for each account you have, and then use the -f option to read each separate file. Then launch multiple fetchmail processes for each account. That would allow you to fetch multiple accounts at once. As for gaining additional speed, it sounds like you may be using the wrong solution to accomplish something that you have not yet explained. High speed is typically not the main goal of email in general. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Scot P. Floess 27 Lake Royale Louisburg, NC 27549 252-478-8087 (Home) 919-890-8117 (Work) Chief Architect JPlate http://sourceforge.net/projects/jplate Chief Architect JavaPIM http://sourceforge.net/projects/javapim Architect Keros http://sourceforge.net/projects/keros___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
Davy Leon wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is wich way is faster for fetchmail... using POP3 or IMAP? Thanks David ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I know I'm avoiding the direct question, but I use getmail to retrieve mail from a pop3 account and run it through procmail to distribute it to local imap folders. I'm not sure how well it works for multiple accounts, as I only use it for one account. It's been a while since I've set it up, so I don't remember too many details. Perhaps check it out if you feel you need an alternative to fetchmail, and if you need any help, I can go back and see how it's set up. -Brian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
D'oh... Sorry about that... I was quickly reading through the post. My foot so easily fits into my mouth I sometimes forget its there :) On Fri, 18 Dec 2009, Brian Mathis wrote: [Top post again moved to the bottom] On Fri, Dec 18, 2009 at 10:55 AM, Scot P. Floess sflo...@nc.rr.com wrote: On Fri, 18 Dec 2009, Brian Mathis wrote: [Top post moved to bottom] On Fri, Dec 18, 2009 at 10:39 AM, Davy Leon d...@scu.escambray.com.cu wrote: - Original Message - From: Brian Mathis brian.mat...@gmail.com To: CentOS mailing list centos@centos.org Sent: Friday, December 18, 2009 10:27 AM Subject: Re: [CentOS] Fetchmail question On Fri, Dec 18, 2009 at 10:29 AM, Davy Leon d...@scu.escambray.com.cu wrote: Hi folks This question is about fetchmail running on my Centos 5.3 box. I need to fetch my email from different accounts living on remote servers and drop it on my local mailbox. The question is which way is faster for fetchmail... using POP3 or IMAP? Thanks David Not sure I could say which is faster, but POP3 is more simple and is intended for what you are doing. IMAP is meant to have all messages stored on the server and thus supports folders and other more advanced features. Based on what you are trying to accomplish, I would use POP3. Actually I'm using POP3, but just looking for improvements in speed. Plus, fetchmail doesn't allow fetch more than one account at a time, and it's kind slow in the secure handshaking. There is another package should I explore using it to improve speed? Thanks for your answer David You could probably make different fetchmailrc files for each account you have, and then use the -f option to read each separate file. Then launch multiple fetchmail processes for each account. That would allow you to fetch multiple accounts at once. As for gaining additional speed, it sounds like you may be using the wrong solution to accomplish something that you have not yet explained. High speed is typically not the main goal of email in general. You can definitely use the -f option to fetchmail. But the neat thing is, you can supply multiple accounts - and multiple local users. For me I supply 2 different pop servers and one local user - works great. Scot P. Floess Scott, You may notice that in the OPs 1st reply that the requirement is to retrieve multiple accounts *at the same time* to increase speed. AFAIK, if you use 1 file with fetchmail it will retrieve messages sequentially from each account. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Scot P. Floess 27 Lake Royale Louisburg, NC 27549 252-478-8087 (Home) 919-890-8117 (Work) Chief Architect JPlate http://sourceforge.net/projects/jplate Chief Architect JavaPIM http://sourceforge.net/projects/javapim Architect Keros http://sourceforge.net/projects/keros___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
On Fri, Dec 18, 2009 at 10:55:54AM -0500, Scot P. Floess wrote: You can definitely use the -f option to fetchmail. But the neat thing is, you can supply multiple accounts - and multiple local users. For me I supply 2 different pop servers and one local user - works great. Yup, this is my (redacted) fetchmailrc file: defaults proto pop3 set invisible poll server1 via mail.server1.net user remote_user1 is localuser1 here fetchall password hahahahaha poll server2 via pop.server2.com user remote_user2 is localuser2 here fetchall password hahahahaha ssl poll server3 via mail.server3.net user remote_user3 is localuser3 here fetchall password hahahahahaha This polls from 3 different servers and stores the results in 3 different mailboxes on my local machine. % fetchmail fetchmail: No mail for remote_user1 at server1 fetchmail: No mail for remote_user2 at server2 fetchmail: No mail for remote_user3 at server3 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fetchmail question
On Fri, Dec 18, 2009 at 11:05:17AM -0500, Brian Mathis wrote: You may notice that in the OPs 1st reply that the requirement is to retrieve multiple accounts *at the same time* to increase speed. AFAIK, if you use 1 file with fetchmail it will retrieve messages sequentially from each account. You can always run multiple copies of fetchmail in the background if you want parallel fetching #!/bin/sh fetchmail -f configfile1 fetchmail -f configfile2 fetchmail -f configfile3 -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DRBD
Would any of you be comfortable running the drbd packages from the extras repo? If so, any particular version .. I notice 8.0, 8.2, 8.3. I'll do my own due diligence but just curious if the list has any implementation based feedback. Thanks. I've been running 8.0 for a year or more from extras. I think I used 8.0 when I set up the box because it was the only drbd available in the extras. I use it as the backend of a ha mysql setup. I've yet to have any problems with it. Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 58, Issue 5
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2009:1641 CentOS 5 i386 samba Update (Karanbir Singh) 2. CEBA-2009:1641 CentOS 5 x86_64 samba Update (Karanbir Singh) 3. CESA-2009:1625 Moderate CentOS 5 i386 expat Update (Karanbir Singh) 4. CESA-2009:1625 Moderate CentOS 5 x86_64 expat Update (Karanbir Singh) 5. CESA-2009:1642 Important CentOS 5 i386 acpid Update (Karanbir Singh) 6. CESA-2009:1642 Important CentOS 5 x86_64 acpidUpdate (Karanbir Singh) 7. CESA-2009:1646 Moderate CentOS 5 x86_64 libtool Update (Karanbir Singh) 8. CESA-2009:1646 Moderate CentOS 5 i386 libtool Update (Karanbir Singh) 9. CEBA-2009:1645 CentOS 5 x86_64device-mapper-multipath Update (Karanbir Singh) 10. CEBA-2009:1645 CentOS 5 i386 device-mapper-multipath Update (Karanbir Singh) 11. CEBA-2009:1664 CentOS 5 x86_64 vsftpd Update (Karanbir Singh) 12. CEBA-2009:1664 CentOS 5 i386 vsftpd Update (Karanbir Singh) 13. CEBA-2009:1668 CentOS 5 i386 openssh Update (Karanbir Singh) 14. CEBA-2009:1668 CentOS 5 x86_64 openssh Update (Karanbir Singh) 15. CESA-2009:1659 Moderate CentOS 5 x86_64 kvm Update (Karanbir Singh) 16. CESA-2009:1674 Critical CentOS 5 i386 firefox Update (Karanbir Singh) 17. CESA-2009:1674 Critical CentOS 5 x86_64 firefox Update (Karanbir Singh) -- Message: 1 Date: Fri, 18 Dec 2009 01:30:22 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CEBA-2009:1641 CentOS 5 i386 samba Update To: centos-annou...@centos.org Message-ID: 20091218013022.ga25...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2009:1641 Upstream details at : https://rhn.redhat.com/errata/RHBA-2009-1641.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 981538b986543ca13f301eade934817c samba-3.0.33-3.15.el5_4.1.i386.rpm f1a3821b13c5e294fe854a5177f4e4c0 samba-client-3.0.33-3.15.el5_4.1.i386.rpm f62bca30ab10982dd6c530df663c3dab samba-common-3.0.33-3.15.el5_4.1.i386.rpm 5fa2c978cfa6b3a08a3e20f147c19488 samba-swat-3.0.33-3.15.el5_4.1.i386.rpm Source: b26bc4ba43a2fe3785789a8789989674 samba-3.0.33-3.15.el5_4.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net -- Message: 2 Date: Fri, 18 Dec 2009 01:30:22 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CEBA-2009:1641 CentOS 5 x86_64 samba Update To: centos-annou...@centos.org Message-ID: 20091218013022.ga25...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2009:1641 Upstream details at : https://rhn.redhat.com/errata/RHBA-2009-1641.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 34b9389bae34cd80b3bc8dd64edca190 samba-3.0.33-3.15.el5_4.1.x86_64.rpm 6b65931f7bc500fbd7fb87eac8a7ec15 samba-client-3.0.33-3.15.el5_4.1.x86_64.rpm 6da7bb85391bad3ff91de630f84b8b0f samba-common-3.0.33-3.15.el5_4.1.i386.rpm b6ebf87116f22323bc30c48991b8a8c4 samba-common-3.0.33-3.15.el5_4.1.x86_64.rpm 23ef1c00554ecba7931e0ab487b3910f samba-swat-3.0.33-3.15.el5_4.1.x86_64.rpm Source: b26bc4ba43a2fe3785789a8789989674 samba-3.0.33-3.15.el5_4.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net -- Message: 3 Date: Fri, 18 Dec 2009 01:32:48 + From: Karanbir Singh kbsi...@centos.org Subject: [CentOS-announce] CESA-2009:1625 Moderate CentOS 5 i386 expat Update To: centos-annou...@centos.org Message-ID: 20091218013248.ga25...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2009:1625 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2009-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 966bf90b58dc3cb0af1806b402def6cd expat-1.95.8-8.3.el5_4.2.i386.rpm 81ac5f28117ee422e938f86dd83d452d expat-devel-1.95.8-8.3.el5_4.2.i386.rpm Source: 2b584732230d59f4097200c9a0c1fbc6 expat-1.95.8-8.3.el5_4.2.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net
Re: [CentOS] Optimizing CentOS for gigabit firewall
sadas sadas wrote: Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? iptables makes a TERRIBLE firewall, use pf instead http://www.openbsd.org/faq/pf/index.html Also consider how your going to provide redundancy, if you have a web server farm you want to protect them with at least two firewalls, not one. http://www.openbsd.org/faq/pf/carp.html I haven't used CARP myself but did setup a pair of pf firewalls about 5 years ago in a large network in bridging mode, the layer 3 fault tolerance was provided by OSPF on the core switches, the firewalls were active-active(with pfsync) since they were layer 2 only. Maybe someday linux will fix the overly complex iptables system to something that is more manageable, not holding my breath though. If you want really high speed(say multi GbE) though you'll want/need to go with an appliance based solution. Also since your referring to a web server farm, it is perfectly acceptable to not use firewalls these days, if you have a good load balancer that serves the same role as a firewall in that it only passes traffic that you specifically configure it to pass. Also in high traffic environments the performance of load balancers destroys most firewalls, making investing in a high end firewall a very expensive proposition. I've worked for the better part of the last 10 years with companies who did not have firewalls in front of their web servers for this reason, it didn't make sense $$ wise, because the benefit wasn't there, and the added complexity, and performance implications wasn't worth it either. Talk to most load balancing companies and they'll tell you this themselves. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DRBD
I am currently playing with the 8.3 package (8.2 redirects to 8.3 btw). so far I haven't had any issues with it. Jacob Bresciani Linux Systems Administrator Advanced Economic Research Systems / Terapeak Cell: 250 418-5412 On 2009-12-18, at 8:53 AM, Flaherty, Patrick wrote: Would any of you be comfortable running the drbd packages from the extras repo? If so, any particular version .. I notice 8.0, 8.2, 8.3. I'll do my own due diligence but just curious if the list has any implementation based feedback. Thanks. I've been running 8.0 for a year or more from extras. I think I used 8.0 when I set up the box because it was the only drbd available in the extras. I use it as the backend of a ha mysql setup. I've yet to have any problems with it. Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
I'll second damn near everything nate said, and hopefully add a tidbit or two. If you're new to BSD, you may want to consider the pfsense project in the aforementioned active-active configuration. It gives you a nice, intuitive gui to manage your failover firewalls, if you insist on putting a firewall in front of your web servers. Better to secure the box, leave only the ports you need open on the public interfaces, and don't firewall them. Also, I'd strongly consider running your firewalls with no disk at all. A Live CD, CF card or USB Flash to boot off of, remote syslog and one less subsystem (disks) to buy/fail makes for some mighty cheap 1U servers. A single dual-core with core speeds above 3.0Ghz and 4GB of RAM is to pass Gb @ line rate - ethernet overhead. Truth be told, it's already being done on much less than that. You can also load balance your traffic, albiet somewhat primitively with it. If you really want massive throughput, consider toying around with extremely expensive 10G gear, size RAM appropriately, and see how PF performs under multi-processor, high-core speed. but if you're handling over a Gb of traffic and you can't split the application into multiple farms, that's the best move. Akamai, for instance, runs 10G to each rack, each rack has around 20-24 servers, and they run GB to the server. pfsense.org has extensive information about hardware requirements, features, and what you're looking to do. https://calomel.org/network_performance.html is an excellent BSD firewall performance site. One thing to note, you are claiming to want to deploy this as a passive bridge. You cannot do what you want to do running anything in bridge mode. The packets need to route somehow. Get a /29 from your colo provider and ask to have your existing block routed through it once you've tested it. Another option for a seamless failover, is to alias a different range of IP's to the server interfaces, put a /29 and whatever netblock you want to end up being your public IP block on the PFSense hardware. When you're convinced everything's working through rigorous testing, put a test domain up pointing to that block, modify virtualhost entries on the servers to respond to that domain with your production web site, and test some more. Once you're convinced that's working perfectly, make the changes in DNS to point your production domain at the IP's you want, and failover will happen with DNS convergence. Peter On Fri, Dec 18, 2009 at 9:06 AM, nate cen...@linuxpowered.net wrote: sadas sadas wrote: Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? iptables makes a TERRIBLE firewall, use pf instead http://www.openbsd.org/faq/pf/index.html Also consider how your going to provide redundancy, if you have a web server farm you want to protect them with at least two firewalls, not one. http://www.openbsd.org/faq/pf/carp.html I haven't used CARP myself but did setup a pair of pf firewalls about 5 years ago in a large network in bridging mode, the layer 3 fault tolerance was provided by OSPF on the core switches, the firewalls were active-active(with pfsync) since they were layer 2 only. Maybe someday linux will fix the overly complex iptables system to something that is more manageable, not holding my breath though. If you want really high speed(say multi GbE) though you'll want/need to go with an appliance based solution. Also since your referring to a web server farm, it is perfectly acceptable to not use firewalls these days, if you have a good load balancer that serves the same role as a firewall in that it only passes traffic that you specifically configure it to pass. Also in high traffic environments the performance of load balancers destroys most firewalls, making investing in a high end firewall a very expensive proposition. I've worked for the better part of the last 10 years with companies who did not have firewalls in front of their web servers for this reason, it didn't make sense $$ wise, because the benefit wasn't there, and the added complexity, and performance implications wasn't worth it either. Talk to most load balancing companies and they'll tell you this themselves. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Peter Serwe http://truthlightway.blogspot.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security advice, please
On Friday 18 December 2009 16:55:04 nate wrote: Anne Wilson wrote: do the trick, and I simply didn't know what else to try. In case I meet this again, can you please advise me? Are you doing anything with NFS? If not then turn off the nfs service, and the rpc services [r...@dc1-rhel5-32build001:~]# chkconfig --list | grep \(nfs\|rpc\) nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off nfslock 0:off 1:off 2:on3:on4:on5:on6:off rpcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off rpcidmapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off rpcsvcgssd0:off 1:off 2:off 3:off 4:off 5:off 6:off If you are using NFS, then stop using it before restarting the services. Thanks, all of you. Yes, I have some directories exported, with folderviews on my laptop to give quick access to them. I'll check out /etc/sysconfig/nfs as Rob suggested, too. It's the first time I've seen this, but it would be sensible to avoid the problem. Thanks again Anne -- KDE Community Working Group New to KDE4? - get help from http://userbase.kde.org signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] google gears on 64 bit centos 5.4?
On Fri, Dec 18, 2009 at 12:12 AM, James Hogarth james.hoga...@gmail.com wrote: I have an RPM package for a default firefox profile I deploy to our boxes - that contains a 64bit gears install from somewhere. google linux 64bit gears - there's plenty of places with it compiled to XPI thing it is r3409 or something like that which is most recent working version - 0.5.33 if you need it let me know and I'll mail my XPI Having a copy of your rpm to look at would be nice. But understanding what is in it and how it was constructed would be even better. Maybe I am out of my depth, I have no idea what XPI is, need rtfm. mahalo, Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
I will explain more deeply. I need to deploy a firewall(s) in front of web server farm because I need to do billing - I will use CentOS with iptables + ipset to store a list if my clients so when client doesn't pay his server's IP is out of the list and he can't access the web server. Second - I know that iptables is very heavy and it's not recommended to use it in gigabit firewall but I don't have a choice as far as I know only ipset works with iptables. I don't know can pf store 500 IPs in one list. Ipset is written for that purpose. I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? regards I'll second damn near everything nate said, and hopefully add a tidbit or two. If you're new to BSD, you may want to consider the pfsense project in the aforementioned active-active configuration. It gives you a nice, intuitive gui to manage your failover firewalls, if you insist on putting a firewall in front of your web servers. Better to secure the box, leave only the ports you need open on the public interfaces, and don't firewall them. Also, I'd strongly consider running your firewalls with no disk at all. A Live CD, CF card or USB Flash to boot off of, remote syslog and one less subsystem (disks) to buy/fail makes for some mighty cheap 1U servers. A single dual-core with core speeds above 3.0Ghz and 4GB of RAM is to pass Gb @ line rate - ethernet overhead. Truth be told, it's already being done on much less than that. You can also load balance your traffic, albiet somewhat primitively with it. If you really want massive throughput, consider toying around with extremely expensive 10G gear, size RAM appropriately, and see how PF performs under multi-processor, high-core speed. but if you're handling over a Gb of traffic and you can't split the application into multiple farms, that's the best move. Akamai, for instance, runs 10G to each rack, each rack has around 20-24 servers, and they run GB to the server. pfsense.org has extensive information about hardware requirements, features, and what you're looking to do. https://calomel.org/network_performance.html is an excellent BSD firewall performance site. One thing to note, you are claiming to want to deploy this as a passive bridge. You cannot do what you want to do running anything in bridge mode. The packets need to route somehow. Get a /29 from your colo provider and ask to have your existing block routed through it once you've tested it. Another option for a seamless failover, is to alias a different range of IP's to the server interfaces, put a /29 and whatever netblock you want to end up being your public IP block on the PFSense hardware. When you're convinced everything's working through rigorous testing, put a test domain up pointing to that block, modify virtualhost entries on the servers to respond to that domain with your production web site, and test some more. Once you're convinced that's working perfectly, make the changes in DNS to point your production domain at the IP's you want, and failover will happen with DNS convergence. Peter On Fri, Dec 18, 2009 at 9:06 AM, nate cen...@linuxpowered.net wrote: sadas sadas wrote: Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? iptables makes a TERRIBLE firewall, use pf instead http://www.openbsd.org/faq/pf/index.html Also consider how your going to provide redundancy, if you have a web server farm you want to protect them with at least two firewalls, not one. http://www.openbsd.org/faq/pf/carp.html I haven't used CARP myself but did setup a pair of pf firewalls about 5 years ago in a large network in bridging mode, the layer 3 fault tolerance was provided by OSPF on the core switches, the firewalls were active-active(with pfsync) since they were layer 2 only. Maybe someday linux will fix the overly complex iptables system to something that is more manageable, not holding my breath though. If you want really high speed(say multi GbE) though you'll want/need to go with an appliance based solution. Also since your referring to a web server farm, it is perfectly acceptable to not use firewalls these days, if you have a good load balancer that serves the same role as a firewall in that it only passes traffic that you specifically configure it to pass. Also in high traffic environments the performance of load balancers destroys most firewalls, making investing in a high end firewall a very expensive proposition. I've worked for the better part of the last 10 years with companies who did not have firewalls in front of their web servers for this reason, it didn't
Re: [CentOS] Optimizing CentOS for gigabit firewall
On Fri, Dec 18, 2009 at 2:36 PM, sadas sadas mai...@abv.bg wrote: I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? I think you'll find that this kind of thing can be handled by pf without pf breaking a sweat. And you can ask 100 people what they think you'll find and get 100 different answers. What you really need to do is configure this setup for a controlled test. Only then will you have a good idea what to expect when you go into production. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
sadas sadas wrote: I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
after quick search in google: http://postfactum.pl.ua/pf/ I will test to patch latest linux kernel with pf. What do you thing? sadas sadas wrote: I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. I can back this; during 2009, I deployed a bunch of load balancers running OpenBSD (using pf, carpd, and relayd). I used to be a super die hard BSD guy, but through the years and having used/deployed/propagated NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my usual once-a-year looks at GNU/Linux (this time, it was CentOS, after having worked with RHEL for some years), I got settled here. Long story short: I'd really recommend OpenBSD for your task. iptables really sucks. I recently deployed some machines running several virtual instances (however still the cheapest *proven* way to get several IP stacks in Linux) doing L2 routing, I threw iptables off of that machines because it just can't handle stuff at that rate. OpenBSD rocks, I even have a setup running (active-active, load balanced) at about 40Mbps using Alix boards [0] -- they rock, and they are no way busy. OpenBSDs documentation is the best out there, it's documentational quality is what I really really badly miss in the Linux world. However, the community is a bunch of (sorry in advance) assholes. But this is well known throughout the internet, so: You have been warned. Great product, totally lame vendor. ;) Timo [0] -- http://pcengines.ch/alix.htm nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
after quick search in google: http://postfactum.pl.ua/pf/ I will test to patch latest linux kernel with pf. What do you thing? Get OpenBSD. Honestly -- all the porting stuff of relatively kernel-close stuff is just braindead. Timo sadas sadas wrote: I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RHEL 6 won't support Itanic, will support PowerPC, though
Hi list, after some discussion on #IRC on PowerPC I was waiting for some commitment on supported architectures in RHEL 6. As I just learnt, Itanic will be dumped, but there will be a PowerPC release: http://www.theregister.co.uk/2009/12/18/redhat_rhel6_itanium_dead/ Best, Timo (happy PowerPC enthusiast :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
What about NetBSD? I heard that NetBSD has the best network stack out there. Maybe NetBSD with pf is the best choice? I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. I can back this; during 2009, I deployed a bunch of load balancers running OpenBSD (using pf, carpd, and relayd). I used to be a super die hard BSD guy, but through the years and having used/deployed/propagated NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my usual once-a-year looks at GNU/Linux (this time, it was CentOS, after having worked with RHEL for some years), I got settled here. Long story short: I'd really recommend OpenBSD for your task. iptables really sucks. I recently deployed some machines running several virtual instances (however still the cheapest *proven* way to get several IP stacks in Linux) doing L2 routing, I threw iptables off of that machines because it just can't handle stuff at that rate. OpenBSD rocks, I even have a setup running (active-active, load balanced) at about 40Mbps using Alix boards [0] -- they rock, and they are no way busy. OpenBSDs documentation is the best out there, it's documentational quality is what I really really badly miss in the Linux world. However, the community is a bunch of (sorry in advance) assholes. But this is well known throughout the internet, so: You have been warned. Great product, totally lame vendor. ;) Timo [0] -- http://pcengines.ch/alix.htm nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fetchmail question
On Fri, 18 Dec 2009, Stephen Harris wrote: You can always run multiple copies of fetchmail in the background if you want parallel fetching or run just one tenth of those RC files (when well numbered) present each time a script is invoked, if you are not in a hurry to retrieve email from side accounts, and want to be kind to the remote pop hosts -- Russ herrold #!/bin/sh # # ~/bin/get-stray-email.sh # $Id: get-stray-fetchmail.sh,v 1.3 2009/10/23 13:48:47 herrold Exp herrold $ # License: GPLv3+ # bug reports to: i...@owlriver.com # # use fetchmail with custom rc files, and pull # upgrade to use a 0-9 rotor to spread load # export PATH='/usr/java/latest/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:~/bin/:/home/herrold/bin:~/bin/' # # the config files live in a protected directory export FETCHRC=.fetchmail cd [ ! -d $FETCHRC/ ] { mkdir $FETCHRC/ chmod 700 $FETCHRC } # # defaults, and options parsing # need to more into a while loop, and add a scan exit QUIET=--silent DEBUG= [ x$1 = x-d ] { export DEBUG=y shift 1 } [ x$1 = x-v ] { export QUIET= export VERBOSE=--verbose shift 1 } [ x${QUIET} = x ] { export QUIET= export VERBOSE=--verbose } # # option $1 support being refactored; out for the moment # Remembering Jimi ... [ xsix = x9 ] { # # SUFFIX works when we cd into $FETCHRC and have the file naming set up # right SUFFIX=.fetchmailrc-gmail [ x$1 != x ] { export SUFFIX=`echo .fetchmailrc-gmail$1` # make sure we have one [ ! -e ~/$FETCHRC/$SUFFIX ] export SUFFIX= # # actually we need to stop scanning options here shift 1 } } # # main body # New model is to run a rotor [ ! -e $FETCHRC/.fetch-rotor ] touch $FETCHRC/.fetch-rotor LASTRUN=` ( echo -n 0 ; cat $FETCHRC/.fetch-rotor | \ perl -p -e tr/[0-9]//cd ) ` [ 0$LASTRUN -lt 1 ] echo 00 $FETCHRC/.fetch-rotor LASTRUN=` ( ( cat $FETCHRC/.fetch-rotor | \ perl -p -e tr/[0-9]//cd ; echo + 0 ) | bc ) ` [ x${DEBUG} != x ] echo Rotor is: $LASTRUN 12 # # main loop for i in ` ls -1 $FETCHRC/.fetchmailrc-*[0-9] | grep ${LASTRUN}$ `; do [ x${VERBOSE} != x ] { echo i: $i 12 } [ -e ${i} ] fetchmail -f ${i} -a ${QUIET} ${VERBOSE} || { echo Error: non-zero return code on: $i 12 grep -v ^# $i | grep -v [ ] 12 grep user $i 12 } sleep 3 # sleep 30 done # LASTRUN=` echo ${LASTRUN} + 1 | bc | rev | cut -c 1 | rev` # echo new LASTRUN: $LASTRUN echo $LASTRUN $FETCHRC/.fetch-rotor # # exit 0 # # # This is a sample ~/.fetchmail/. cat - END /dev/null # # gmail pop works # sample fetchmail -f config file poll pop.gmail.com with proto pop3: port 995 timeout 60 user gmailuse...@gmail.com there with password GMAILPASSWORD is LOCALUSERID here fetchall expunge 50 options ssl # END # get-stray-fetchmail.sh Description: Bourne shell script ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
What about NetBSD? I heard that NetBSD has the best network stack out there. Maybe NetBSD with pf is the best choice? NetBSD is a very nice OS, I personally like it most (out of all BSDs out there); however, as can be read on http://www.netbsd.org/docs/network/pf.html there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some time to see it implemented elsewhere. One of the biggest strengths of OpenBSD is that it's really a completely rounded piece of work. Keep it that way. pf will perform best on OpenBSD, with all the nice features it has. HTH, Timo I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? Hundreds? http://www.openbsd.org/faq/pf/tables.html A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: * source and/or destination address in filter, NAT, and redirection rules. * translation address in NAT rules. * redirection address in redirection rules. * destination address in route-to, reply-to, and dup-to filter rule options. nuff said ? I love linux, I've been using it for almost 15 years now, I absolutely hate iptables(and ipchains, and ipfwadm). By contrast I absolutely hate everything about OpenBSD except for pf(which I love, ipfw and ipf aren't too bad either, at least for the era), so I use OpenBSD for firewalls, and linux for everything else. I can back this; during 2009, I deployed a bunch of load balancers running OpenBSD (using pf, carpd, and relayd). I used to be a super die hard BSD guy, but through the years and having used/deployed/propagated NetBSD, then FreeBSD, then OpenBSD, then NetBSD again, I took one of my usual once-a-year looks at GNU/Linux (this time, it was CentOS, after having worked with RHEL for some years), I got settled here. Long story short: I'd really recommend OpenBSD for your task. iptables really sucks. I recently deployed some machines running several virtual instances (however still the cheapest *proven* way to get several IP stacks in Linux) doing L2 routing, I threw iptables off of that machines because it just can't handle stuff at that rate. OpenBSD rocks, I even have a setup running (active-active, load balanced) at about 40Mbps using Alix boards [0] -- they rock, and they are no way busy. OpenBSDs documentation is the best out there, it's documentational quality is what I really really badly miss in the Linux world. However, the community is a bunch of (sorry in advance) assholes. But this is well known throughout the internet, so: You have been warned. Great product, totally lame vendor. ;) Timo [0] -- http://pcengines.ch/alix.htm nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
after quick search in google: http://postfactum.pl.ua/pf/ I will test to patch latest linux kernel with pf. Hey! Wait: The name of this patchset is not connected with BSD Packet Filter. «pf» means «post-factum» in the short form. What do you thing? Get OpenBSD. Honestly -- all the porting stuff of relatively kernel-close stuff is just braindead. If you need PF, get OpenBSD. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Peter On Fri, Dec 18, 2009 at 11:36 AM, sadas sadas mai...@abv.bg wrote: I will explain more deeply. I need to deploy a firewall(s) in front of web server farm because I need to do billing - I will use CentOS with iptables + ipset to store a list if my clients so when client doesn't pay his server's IP is out of the list and he can't access the web server. Second - I know that iptables is very heavy and it's not recommended to use it in gigabit firewall but I don't have a choice as far as I know only ipset works with iptables. I don't know can pf store 500 IPs in one list. Ipset is written for that purpose. I can't find information is there linux or BSD distribution with effective firewall that uses optimized algorithm to store hundreds of IPs and to forward huge traffic. Any idea? regards I'll second damn near everything nate said, and hopefully add a tidbit or two. If you're new to BSD, you may want to consider the pfsense project in the aforementioned active-active configuration. It gives you a nice, intuitive gui to manage your failover firewalls, if you insist on putting a firewall in front of your web servers. Better to secure the box, leave only the ports you need open on the public interfaces, and don't firewall them. Also, I'd strongly consider running your firewalls with no disk at all. A Live CD, CF card or USB Flash to boot off of, remote syslog and one less subsystem (disks) to buy/fail makes for some mighty cheap 1U servers. A single dual-core with core speeds above 3.0Ghz and 4GB of RAM is to pass Gb @ line rate - ethernet overhead. Truth be told, it's already being done on much less than that. You can also load balance your traffic, albiet somewhat primitively with it. If you really want massive throughput, consider toying around with extremely expensive 10G gear, size RAM appropriately, and see how PF performs under multi-processor, high-core speed. but if you're handling over a Gb of traffic and you can't split the application into multiple farms, that's the best move. Akamai, for instance, runs 10G to each rack, each rack has around 20-24 servers, and they run GB to the server. pfsense.org has extensive information about hardware requirements, features, and what you're looking to do. https://calomel.org/network_performance.html is an excellent BSD firewall performance site. One thing to note, you are claiming to want to deploy this as a passive bridge. You cannot do what you want to do running anything in bridge mode. The packets need to route somehow. Get a /29 from your colo provider and ask to have your existing block routed through it once you've tested it. Another option for a seamless failover, is to alias a different range of IP's to the server interfaces, put a /29 and whatever netblock you want to end up being your public IP block on the PFSense hardware. When you're convinced everything's working through rigorous testing, put a test domain up pointing to that block, modify virtualhost entries on the servers to respond to that domain with your production web site, and test some more. Once you're convinced that's working perfectly, make the changes in DNS to point your production domain at the IP's you want, and failover will happen with DNS convergence. Peter On Fri, Dec 18, 2009 at 9:06 AM, nate cen...@linuxpowered.net wrote: sadas sadas wrote: Hi, I want to configure CentOS on powerful server with gigabit adapters as transparent bridge and deploy it in front of server farm. Can you tell how to optimize the OS for hight packet processing? What configurations I need to do to achieve very hight speeds and thousands of packets? iptables makes a TERRIBLE firewall, use pf instead http://www.openbsd.org/faq/pf/index.html Also consider how your going to provide redundancy, if you have a web server farm you want to protect them with at least two firewalls, not one. http://www.openbsd.org/faq/pf/carp.html I haven't used CARP myself but did setup a pair of pf firewalls about 5 years ago in a large network in bridging mode, the layer 3 fault tolerance was provided by OSPF on the core
Re: [CentOS] Optimizing CentOS for gigabit firewall
Timo Schoeler wrote: What about NetBSD? I heard that NetBSD has the best network stack out there. Maybe NetBSD with pf is the best choice? NetBSD is a very nice OS, I personally like it most (out of all BSDs out there); however, as can be read on http://www.netbsd.org/docs/network/pf.html there's the 'usual lag': OpenBSD implements feature X in 4.6, wait some time to see it implemented elsewhere. One of the biggest strengths of OpenBSD is that it's really a completely rounded piece of work. Keep it that way. pf will perform best on OpenBSD, with all the nice features it has. Has anyone used Firewall Builder to create a complex set of iptables rules? Or compared performance where it built the same thing for linux/iptables and bsd/pf? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it. and... Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux. If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else. I don't care how you pretty up iptables and it's predecessor, ipchains, it's still a black eye on Linux comparatively speaking. Berkeley invented TCP/IP, the Berkeley TCP/IP stack is implemented on just about every platform/OS combination there is. Berkeley *is* networking. And yes, the community around BSD are assholes, but they are semi-entitled. Their shit is way better documented than just about anything else in Open Source, including most things Linux. Peter On Fri, Dec 18, 2009 at 12:16 PM, sadas sadas mai...@abv.bg wrote: after quick search in google: http://postfactum.pl.ua/pf/ I will test to patch latest linux kernel with pf. What do you thing? -- Peter Serwe http://truthlightway.blogspot.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] don't understand this command
Hi I mistype this shell#/rm a.tar.gz it works but it won't confirm and the file is remove why? Thank you Send instant messages to your online friends http://uk.messenger.yahoo.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
On 12/18/2009 10:05 PM, Peter Serwe wrote: I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Peter Just as recommendation: Besides OpenBSD's really phantastis documentation, there are some books that are really great: The Book of PF: A No-Nonsense Guide to the BSD Firewall (by Peter N. M. Hansteen) The Openbsd Pf Packet Filter Book (by Jeremy C. Reed) HTH, Timo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
On 12/18/2009 10:12 PM, Peter Serwe wrote: You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it. and... Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux. If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else. I don't care how you pretty up iptables and it's predecessor, ipchains, it's still a black eye on Linux comparatively speaking. Berkeley invented TCP/IP, the Berkeley TCP/IP stack is implemented on just about every platform/OS combination there is. Berkeley *is* networking. And yes, the community around BSD are assholes, (I'd like to say that all other BSD communities are very friendly; the one exception is the OpenBSD guys. OTOH, they're sometimes more than on the right track: E.g., when they say 'open source', they mean it. GNU/Linux is as lame as the FreeBSD guys, as both allow tainted stuff, as binary-only drivers (nVidia, e.g.). NetBSD is neither nor. Timo but they are semi-entitled. Their shit is way better documented than just about anything else in Open Source, including most things Linux. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] don't understand this command
adrian kok wrote: Hi I mistype this shell#/rm a.tar.gz it works but it won't confirm and the file is remove why? rm never asks for confirmation by default. The reason you think it does is that you normally execute an alias instead of the real command when running as root. You must have become root in a way that did not load the shell aliases. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
On 12/18/2009 4:12 PM, Peter Serwe wrote: You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it. and... Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux. If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else. Or wrap it up using Shorewall or one of the other meta tools that manage the iptable chains for you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mountd and statd at specific ports - nfs firewall
Hi, I am configuring firewall for NFS. I see that statd and mountd start at random port. Is there any way to force it to start at specific port each time. The '-p ' option would work, but how do I configure it to start at specific port number each time. I mean where do statd and mountd look for default configuration options? Any clues? - CS. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mountd and statd at specific ports - nfs firewall
Hi, I see that statd and mountd start at random port. Is there any way to force it to start at specific port each time. The '-p ' option would work, but how do I configure it to start at specific port number each time. I mean where do statd and mountd look for default configuration options? Any clues? look into the init scripts /etc/init.d/nfs (for mountd) and /etc/init.d/nfslock (for statd). Both scripts source the file /etc/sysconfig/nfs. There you can set the variables MOUNTD_PORT and STATD_PORT (among others). Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
On Friday 18 December 2009 16:05, Peter Serwe wrote: I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. IPTALES is the same; iptables -A [INPUT/FORWARD] -d ip address -j [REJECT/DROP] The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. I beg to differ here. IPTABLES is not that hard when you understand it. Like anything else, once you know what you are doing it isn't that hard. And no, I have never used any GUI program to configure my firewalls. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. This is all subjective to the user. I would say that PF is a nightmare and IPTABLES is easier to use. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Again this is all subjective to the user. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mountd and statd at specific ports - nfs firewall
Great..! Thats helpful.. Thanks, CS. On Fri, Dec 18, 2009 at 4:38 PM, Christoph Neuhaus nihi...@gmail.com wrote: Hi, I see that statd and mountd start at random port. Is there any way to force it to start at specific port each time. The '-p ' option would work, but how do I configure it to start at specific port number each time. I mean where do statd and mountd look for default configuration options? Any clues? look into the init scripts /etc/init.d/nfs (for mountd) and /etc/init.d/nfslock (for statd). Both scripts source the file /etc/sysconfig/nfs. There you can set the variables MOUNTD_PORT and STATD_PORT (among others). Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NIS failover
Hard to believe, but certain very well known organizations refuse to get off NIS for critical and secure systems. {{citation needed}} :-) -- Drew Nothing in life is to be feared. It is only to be understood. --Marie Curie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] College student printer for CentOS 5.4 x86_64?
Oldest son came back from college and wants a printer for his Dell laptop. I built it with CentOS 5.3 x86_64 several months ago and will upgrade it to 5.4 The Cannon printer he now has (bought with the laptop and Vista through the university book store), doesn't seem to have linux drivers. I built the machine with Vista and CentOS in dual-boot, so he could manage his iTunes and use the printer under Vista. He does almost all his college work under CentOS. Most of his papers are submitted electronically, but occasionally he has to print one. What would the community recommend? His needs are simple...mostly BW papers. On rare occasions he needs to print a paper with color photos/graphs embedded. Not looking to spend a lot, just enough to satisfy the requirement. DaveM ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] College student printer for CentOS 5.4 x86_64?
What would the community recommend? His needs are simple...mostly BW papers. On rare occasions he needs to print a paper with color photos/graphs embedded. Not looking to spend a lot, just enough to satisfy the requirement. Install cups-pdf and have pdfs created by any application that can print. Save those somewhere that can be used by both (fat partition, usb stick, send email to himself, etc) and then print in Vista. cups-pdf is available from epel repo. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] don't understand this command
adrian kok wrote: Hi I mistype this shell#/rm a.tar.gz it works but it won't confirm and the file is remove why? And now you mistyped your mistyping. That would be a backslash (\) not a forward slash (/). Escaping the command name with a backslash bypasses the alias rm='rm -i' that is commonly set up in root's .bashrc file. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Donation programme
Is there any decision about the donation programme? The Web page still says: If you are looking to make a cash dontation to the CentOS Project, please check back here after August 15th, 2009. I assume that donations aren't refused, but is there a suggested amount, as there used to be? -- Yves Bellefeuille y...@storm.ca Yves Bellefeuille: Eterna malvenkanto en UEA -- Heroldo Komunikas, n-ro 389 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] College student printer for CentOS 5.4 x86_64?
rai...@ultra-secure.de wrote: If I'd have to buy one now, I'd look for an appropriate Brother model. They seem to have decent support for Linux. indeed, Brother BW laser printers have some of the best price oer page printed too. they work fine with aftermarket toner and drums (mine uses a $30 toner ever ~2000 pages, and a $60 drum kit every 7000-8000 pages. I'm also a fan of ethernet printers, but I can see how that might not work well in a dorm as they arent allowed to use hubs or switches, just direct connect registered computers to the building network. I will also say, don't get the really cheapest of the cheap printers, they ere just too cheaply built, and will have more problems with paper jams, and likely fail sooner. price toner supplies and figure the per page cost amortized over 30,000 pages or whatever. a reasonable printer is like $100 or $150. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
The syntax is not a problem. The problem is in the performance. I suppose that if I configure OpenBSD to process the in/out packets only to layer 2 the performance will be much more than linux with iptables. I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. IPTALES is the same; iptables -A [INPUT/FORWARD] -d -j [REJECT/DROP] The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. I beg to differ here. IPTABLES is not that hard when you understand it. Like anything else, once you know what you are doing it isn't that hard. And no, I have never used any GUI program to configure my firewalls. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. This is all subjective to the user. I would say that PF is a nightmare and IPTABLES is easier to use. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Again this is all subjective to the user. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Optimizing CentOS for gigabit firewall
So basically, you're saying you'd want to allow or disallow traffic based on mac address? Seems like you could put mac filters on a number switches, Cisco being the most easily documented by Mr. Google. Be a lot faster than any kernel, and a total waste of BSD. If you can do it on Linux via some other mechanism, go for it. The fact is, PF will do line rate layer 3 packet filtering if you've got the hardware to support it. Try and and see. Peter On Fri, Dec 18, 2009 at 10:49 PM, sadas sadas mai...@abv.bg wrote: The syntax is not a problem. The problem is in the performance. I suppose that if I configure OpenBSD to process the in/out packets only to layer 2 the performance will be much more than linux with iptables. I don't know jack about IPSet, but I know enabling or disabling hosts in bare stock PF without the gui in front of it is about as easy as it gets. IPTALES is the same; iptables -A [INPUT/FORWARD] -d -j [REJECT/DROP] The PF configuration file syntax was designed from the ground up to be sane, unlike iptables, which typically needs some decent sysadmin scripting or using fwbuilder to make any good sense of. I beg to differ here. IPTABLES is not that hard when you understand it. Like anything else, once you know what you are doing it isn't that hard. And no, I have never used any GUI program to configure my firewalls. There is no finer opensource firewall product on the market, in terms of performance, ease of configuration and use, and other issues. This is all subjective to the user. I would say that PF is a nightmare and IPTABLES is easier to use. If you're not opposed to vi, for what you're looking to accomplish, moving to BSD and pf is a no-brainer. PF can definitely handle a list of 500 hosts and anything else you've mentioned. It's absolutely capable, easier, and in general, for anything that involves packet filtering at all, about as good as it gets. Again this is all subjective to the user. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Peter Serwe http://truthlightway.blogspot.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos