[CentOS-announce] CEBA-2011:1421 CentOS 5 i386 conga Update
CentOS Errata and Bugfix Advisory 2011:1421
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1421.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
7e289ecd07ab49820048967b0c7b9b5d luci-0.12.2-32.el5.centos.1.i386.rpm
72767ca3002f9920c6940f154c9f944e ricci-0.12.2-32.el5.centos.1.i386.rpm
Source:
4ceb13168107e0253d5bf366fbedcf91 conga-0.12.2-32.el5.centos.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011:1421 CentOS 5 x86_64 conga Update
CentOS Errata and Bugfix Advisory 2011:1421
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1421.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
ed9dd283b2c3e9d66a3dc22b9a524513 luci-0.12.2-32.el5.centos.1.x86_64.rpm
0b1d61e50f3e273e8a151049325556aa ricci-0.12.2-32.el5.centos.1.x86_64.rpm
Source:
4ceb13168107e0253d5bf366fbedcf91 conga-0.12.2-32.el5.centos.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] Apache-Chroot
Hola amigos, alguien tiene una guia para poner el apache en una jaula chroot..?? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Archive mail format?
From: Les Mikesell lesmikes...@gmail.com I have a bunch of old mail spread variously across dovecot maildirs and mbox format files on several machines that are headed for the trash. Is there anything considered to be a portable archive format for mail messages, and if so are there tools to copy into it - or do I have to pick a client and copy to its local storage? Maybe as .eml files? http://en.wikipedia.org/wiki/E-mail#Filename_extensions JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Archive mail format?
Les Mikesell wrote: I have a bunch of old mail spread variously across dovecot maildirs and mbox format files on several machines that are headed for the trash. Is there anything considered to be a portable archive format for mail messages, and if so are there tools to copy into it - or do I have to pick a client and copy to its local storage? I have a much more naive question along the same lines. Apologies if it is too far from the original query. I'm running an IMAP (dovecot) server, with my mail stored in ~/maildir . I'm using KMail on my laptop to access the server (on another machine). I'd like to archive some of my older email, ie transfer it to another disk on the server, but I don't understand exactly what will happen if I run Folder=Archive Folder on my laptop, and don't like to try it without more knowledge. Will the folder disappear from the list I see in KMail? Will the archive be saved on my laptop or on the server? In what format? Will I be able to un-archive it if I wish? Will the various dovecot index files be updated appropriately? I suppose my problem basically is that I don't know how kmail on my laptop and dovecot on my server interact. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm=smartd
name=megadev0 dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves the
problem, but is this the best solution ?
Thanks,
--
Philippe Naudin
UMR MISTEA : Mathématiques, Informatique et STatistique pour
l'Environnement et l'Agronomie
INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2
tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
El 03/11/11 11:16, News escribió: Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use Firewall Builder http://www.fwbuilder.org to manage the ruleset and I am very happy with it. For spanish list subscribers, here you have a post I have written for my blog: http://www.securitybydefault.com/2011/09/firewall-builder-la-gui-para-tu.html -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VirtualBox on CentOS 6.0?
On Thu, 3 Nov 2011, Christopher Chan wrote: How many cores assigned? VT-X/AMD-V enabled? Hardware? Typically 1, yes VT-X is enabled, Core2Duo/Core2Quad and some newer Nehalem based Xeons. IO-apic is enabled as Win7 64bit wouldn't boot with our image without it. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Archive mail format?
On Thu, Nov 3, 2011 at 6:51 AM, Timothy Murphy gayle...@eircom.net wrote: Les Mikesell wrote: I have a bunch of old mail spread variously across dovecot maildirs and mbox format files on several machines that are headed for the trash. Is there anything considered to be a portable archive format for mail messages, and if so are there tools to copy into it - or do I have to pick a client and copy to its local storage? I have a much more naive question along the same lines. Apologies if it is too far from the original query. I'm running an IMAP (dovecot) server, with my mail stored in ~/maildir . I'm using KMail on my laptop to access the server (on another machine). I'd like to archive some of my older email, ie transfer it to another disk on the server, but I don't understand exactly what will happen if I run Folder=Archive Folder on my laptop, and don't like to try it without more knowledge. Will the folder disappear from the list I see in KMail? Will the archive be saved on my laptop or on the server? In what format? Will I be able to un-archive it if I wish? Will the various dovecot index files be updated appropriately? I suppose my problem basically is that I don't know how kmail on my laptop and dovecot on my server interact. I'd expect it to ask some more questions and give you choices about those things, but you could make a new folder on the server with a few messages to experiment with. With imap, you should be able to copy/move messages back from local storage to the server or between folders on different servers if you have multiple accounts. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-5.7 + megaraid + SELinux : update problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/2011 08:28 AM, Philippe Naudin wrote:
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined (in
/etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail : avc: denied { read write } for
pid=2847 comm=smartd name=megadev0 dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves
the problem, but is this the best solution ?
Thanks,
Should medadev0 be labeled as removable_device_t? This is usually the
label of cdrom/dvdrives drives.
grep removable_device_t
/etc/selinux/targeted/contexts/files/file_contexts
/dev/p[fg][0-3] -b system_u:object_r:removable_device_t:s0
/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t:s0
/dev/pg[0-3]-c system_u:object_r:removable_device_t:s0
/dev/fd[^/]+-b system_u:object_r:removable_device_t:s0
/dev/ub[a-z][^/]+ -b system_u:object_r:removable_device_t:s0
/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t:s0
/dev/cdu.* -b system_u:object_r:removable_device_t:s0
/dev/pcd[0-3] -b system_u:object_r:removable_device_t:s0
/dev/mcdx? -b system_u:object_r:removable_device_t:s0
/dev/cm20.* -b system_u:object_r:removable_device_t:s0
/dev/sbpcd.*-b system_u:object_r:removable_device_t:s0
/dev/mmcblk.* -b system_u:object_r:removable_device_t:s0
/dev/mspblk.* -b system_u:object_r:removable_device_t:s0
/dev/megadev.* -c system_u:object_r:removable_device_t:s0
/dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0
/dev/sjcd -b system_u:object_r:removable_device_t:s0
/dev/gscd -b system_u:object_r:removable_device_t:s0
/dev/bpcd -b system_u:object_r:removable_device_t:s0
/dev/optcd -b system_u:object_r:removable_device_t:s0
/dev/hitcd -b system_u:object_r:removable_device_t:s0
/dev/aztcd -b system_u:object_r:removable_device_t:s0
/dev/sonycd -b system_u:object_r:removable_device_t:s0
/dev/hwcdrom-b system_u:object_r:removable_device_t:s0
/dev/usb/rio500 -c system_u:object_r:removable_device_t:s0
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb26wX7vQdBLhBJrW
RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml
=XeFd
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
Vreme: 11/03/2011 11:16 AM, News piše: Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html +1 You also need to be sure what you want to do exactly. If subnets need to be behind hat firewall, but routed and not NATed, then you are not to use Virtual IP's, but to implement pass-through/routing. Virtual IP's are only used for NAT-ing, not for routing subnets. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Archive mail format?
On Wed, 2 Nov 2011, John R Pierce wrote: On 11/02/11 3:43 PM, Les Mikesell wrote: I understand the file types and contents - but was hoping that by now there would be a standard file type that didn't have to be 'imported' to a mail reader's message store before being accessed. well that depends on your mail program. if they use maildir or mbox, then you can just copy/move the appropriate format files into the apps message store and move on. of course, if the app has any other metadata like indexing and you want to merge your new stuff with some existing old stuff, you have to deal with that too. I've never used OfflineIMAP, offlineimap.org, but it looks like an interesting tool for maintaining a set of Maildir folders. -- Paul Heinlein heinl...@madboa.com http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Archive mail format?
On 11/2/2011 4:42 PM, Les Mikesell wrote: On Wed, Nov 2, 2011 at 2:23 PM, Ljubomir Ljubojevicoff...@plnet.rs wrote: Vreme: 11/02/2011 07:53 PM, Phoenix, Merka piše: I have a bunch of old mail spread variously across dovecot maildirs and mbox format files on several machines that are headed for the trash. Is there anything considered to be a portable archive format for mail messages, and if so are there tools to copy into it - or do I have to pick a client and copy to its local storage? -- The mbox format and mail messages in the dovecot maildirs can be copied as is to another server (or directory). The only thing that you don't need (or probably don't want) to copy would be the index files that live in the directory above the maildirs. The index files are in the form: dovecot-* and dovecot.index* and usually live above the actual directory where the messages are stored. Also, most of the sub-folders have a leading '.' so would be hidden unless you use 'ls -la' to view the directory contents. There is simple script to convert maildir to mailbox format: http://www.linuxquestions.org/questions/linux-general-1/a-script-to-convert-maildir-to-mailbox-format-381568/ and scripts to convert mailbox to maildir: http://batleth.sapienti-sat.org/projects/mb2md/ http://perfectmaildir.home-dn.net/ There are many more, but this ones come at the top of the google search. Thanks - I think most of what I'd want to keep is still accessible via imap. What I'm wondering is if there is a general consensus about the file format for long term storage that would be most likely to permit direct search and access from some future mail reader, possibly on some other OS. I suppose I could make a VM image that I could fire up as an imap server again, but that seems kind of cumbersome. If you are interested in local storage readable on multiple platforms then mbox format can be useful. There are many Linux/UNIX clients that can read it, and so can MSWin clients like Thunderbird. Best Regards, Dave Windsor Robert Bosch LLC Team Leader, MES Database Infrastructure Group (AdP/TEF7.1) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 81, Issue 3
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CESA-2011:1422 Moderate CentOS 5 i386 openswanUpdate
(Johnny Hughes)
2. CESA-2011:1422 Moderate CentOS 5 x86_64 openswan Update
(Johnny Hughes)
3. CESA-2011:1423 Moderate CentOS 5 i386 php53 Update (Johnny Hughes)
4. CESA-2011:1423 Moderate CentOS 5 x86_64 php53 Update
(Johnny Hughes)
5. CEBA-2011:1421 CentOS 5 i386 conga Update (Johnny Hughes)
6. CEBA-2011:1421 CentOS 5 x86_64 conga Update (Johnny Hughes)
--
Message: 1
Date: Thu, 3 Nov 2011 03:50:42 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2011:1422 Moderate CentOS 5 i386
openswanUpdate
To: centos-annou...@centos.org
Message-ID: 2003035042.ga18...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2011:1422 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1422.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
ffbe79dac3ca8237d6cc0afbe994ff47 openswan-2.6.21-5.el5_7.6.i386.rpm
1027380ac9d5416f027ac88a0bd928c5 openswan-doc-2.6.21-5.el5_7.6.i386.rpm
Source:
fae806dd1fcdaf183413445afc6160a0 openswan-2.6.21-5.el5_7.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Thu, 3 Nov 2011 03:50:42 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2011:1422 Moderate CentOS 5 x86_64
openswanUpdate
To: centos-annou...@centos.org
Message-ID: 2003035042.ga18...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2011:1422 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1422.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
b130e51e1127f37e1ff46c0ae9e354d8 openswan-2.6.21-5.el5_7.6.x86_64.rpm
374fb037d9ac429e8ef36815023fc77a openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm
Source:
fae806dd1fcdaf183413445afc6160a0 openswan-2.6.21-5.el5_7.6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Thu, 3 Nov 2011 03:59:22 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2011:1423 Moderate CentOS 5 i386 php53
Update
To: centos-annou...@centos.org
Message-ID: 2003035922.ga18...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2011:1423 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-1423.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
223af9e4f04f1d42d3508ada752cdb02 php53-5.3.3-1.el5_7.3.i386.rpm
d925a7a20ea6f56cc5cc555dd4e24002 php53-bcmath-5.3.3-1.el5_7.3.i386.rpm
09d003a1bc50e31931c24aada21f8d2b php53-cli-5.3.3-1.el5_7.3.i386.rpm
9d851c175d18b67663dccceadb410ed5 php53-common-5.3.3-1.el5_7.3.i386.rpm
91e203e51bbaf64c5957dc942b3c2770 php53-dba-5.3.3-1.el5_7.3.i386.rpm
c095bc8f5f2f0ea7545d11180983b197 php53-devel-5.3.3-1.el5_7.3.i386.rpm
42fa169093034a237bb2ca300321a07d php53-gd-5.3.3-1.el5_7.3.i386.rpm
8ab1ece71e20942b91af4aa1d0442e6b php53-imap-5.3.3-1.el5_7.3.i386.rpm
d53e749d8668d34fc9ba8be571c1ca4c php53-intl-5.3.3-1.el5_7.3.i386.rpm
0d2bcc72fd7ec16517107c750c0dfd90 php53-ldap-5.3.3-1.el5_7.3.i386.rpm
23bc265b655eff64f8568897be9fb0f0 php53-mbstring-5.3.3-1.el5_7.3.i386.rpm
9c090d367b1f2241a6c80069026c7e90 php53-mysql-5.3.3-1.el5_7.3.i386.rpm
a64331e50a8f851e1d5f7cb7254e php53-odbc-5.3.3-1.el5_7.3.i386.rpm
962c836f8ae8e2751c515e8aed7f1b12 php53-pdo-5.3.3-1.el5_7.3.i386.rpm
26f5c1da4763cb6c053710b540bdef61 php53-pgsql-5.3.3-1.el5_7.3.i386.rpm
3412e9ce0604fc737d4cab307e77ea3b php53-process-5.3.3-1.el5_7.3.i386.rpm
dbe446c4afb7fd56a1c821726eed857f php53-pspell-5.3.3-1.el5_7.3.i386.rpm
9aa33f6207cea07886a2e33e161e6c34 php53-snmp-5.3.3-1.el5_7.3.i386.rpm
42539efb05ae5e076d70c4101aaeb615 php53-soap-5.3.3-1.el5_7.3.i386.rpm
3d930dc70145d6925b4d7781ab31cbf6 php53-xml-5.3.3-1.el5_7.3.i386.rpm
f100b35c71e16d4c8551b8b8ae40cc96 php53-xmlrpc-5.3.3-1.el5_7.3.i386.rpm
Source:
bfa56ce9d335b242e3e733431872e410
Re: [CentOS] Intel wireless firmware
on 10/29/2011 10:41 AM Ron Loftin spake the following: This may not be the best place to ask, but Google hasn't given me any useful information. I have an older laptop that is using the Intel 2200 wireless interface. I installed CentOS 5 on it some time ago and everything is fine. When I was reviewing my kickstart setups I found that the ipw2200 firmware package is no longer available in RPMForge. The CentOS site's how-to page for this interface still refers to RPMForge, so that now seems out of date. What happened to the Intel firmware packages on RPMForge and where else should I be looking for them ? I tried ELRepo and didn't see them there. Suggestions and pointers are welcome, and thanks in advance. http://packages.atrpms.net/dist/el5/ipw2200/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Thu, 3 Nov 2011, Lorenzo Martínez Rodríguez wrote: El 03/11/11 11:16, News escribió: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. I would not know why there would be a problem. My external interface on my iptables firewall has 30 ip addresses on it. Been running it that way for 8 or 10 years. I use Firewall Builder http://www.fwbuilder.org to manage the ruleset and I am very happy with it. +1 for fwbuilder. I have been using it since it was version 1.x. It is now 5.x and you would be hard pressed to pry it out of my cold dead hands. :-) Besides the fact that the program does a very good job of managing iptables firewalls, the devs are very responsive to bug fixes and feature enhancements. Regards, -- Tom m...@tdiehl.org Spamtrap address me...@tdiehl.org___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/02/11 7:34 PM, Fajar Priyanto wrote: I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. now, when you say 'virtual IP', do you mean alias IPs on your WAN (outside) interface(s), or multiple private subnets on the LAN (inside) interface(s) ? none of those are 'virtual' in any sense I'd use that adjective. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Fri, Nov 4, 2011 at 6:59 AM, John R Pierce pie...@hogranch.com wrote: On 11/02/11 7:34 PM, Fajar Priyanto wrote: I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. now, when you say 'virtual IP', do you mean alias IPs on your WAN (outside) interface(s), or multiple private subnets on the LAN (inside) interface(s) ? none of those are 'virtual' in any sense I'd use that adjective. Hi John, thanks for asking. My firewall setup is like this: Physical NIC: eth0 - to outside world eth1 - to LAN There is masquerading in eth0 so LAN can go to internet Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. My concern comes from question... how does the MAC addressing is handled (by the switches and the OS)? Because wouldn't eth1:0, etc be sharing the same MAC address as eth1? Will there be any problem or confusion in the network? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/11 5:43 PM, Fajar Priyanto wrote: Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. whats the point of having multiple subnets on the same physical LAN segment ? if you want to isolate separate local networks, you really should use separate physical adapters with separate switches... or VLAN switching if you have a switch that supports VLAN trunking. anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/2011 06:54 PM, John R Pierce wrote: On 11/03/11 5:43 PM, Fajar Priyanto wrote: Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. whats the point of having multiple subnets on the same physical LAN segment ? if you want to isolate separate local networks, you really should use separate physical adapters with separate switches... or VLAN switching if you have a switch that supports VLAN trunking. anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) -- KevinO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Can't run fail2ban 0.8.4 [CentOS 6]
Hi, To begin I'm sorry for my poor English level, that's not my first language. On CentOS 6 I've installed fail2ban 0.8.4 from EPEL repository. I've configured it with this page : http://centoshelp.org/security/fail2ban/ Then I've tried this command : chkconfig --level 23 fail2ban on service fail2ban start but the output says it fallen, nothing more. The status option says is stopped. Also I don't have log for it and no manual page (for the latest, this is normal ?). This is my /etc/fail2ban/jail.conf : http://pastebin.com/j5FhJzKY I'm asking here because I don't find help on Google, #centos and forums. Cordially, Kévin Koshie GASPARD. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On Fri, Nov 4, 2011 at 10:15 AM, KevinO ke...@kevino.org wrote: anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that: - Create the rules. - Create atd job to delete the rule based on the defined time. - Log it. It works, but not elegant :) Does fwbuilder have that function? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Knowledge Base Software
Alle, We recently received a requirement to implement a KB/FAQ solution that must: Web based Be searchable Allow registration of users Keep a history of user queries Allow new queries sent to subject matter experts via email and receive email updates when answers have been posted. Something along the lines of what CAP does using RightNow. Does anyone have any opensource suggestions for this kind of solution? Best Regards, Camron -- Camron W. Fox Hilo Office High Performance Computing Group Fujitsu Management Services of America, Inc. E-mail: cw...@us.fujitsu.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
On 11/03/2011 08:03 PM, Fajar Priyanto wrote: On Fri, Nov 4, 2011 at 10:15 AM, KevinO ke...@kevino.org wrote: anyways, whatever, yes, you can do it with iptables, but not all off the shelf firewall script generators will support multiple LAN subnets. I usually write my own iptables rulesets. I can say first hand that fwbuilder easily handles managing scripts for multiple subnets and aliased addressing on NIC's. I use separate interface cards for each subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external facing NIC) Hi Kevin, Expanding my original question. I have a need to open and close iptables rules based on particular time, say 1 week later, 1 month later, etc. Currently I have a simple script to do that: - Create the rules. - Create atd job to delete the rule based on the defined time. - Log it. It works, but not elegant :) Does fwbuilder have that function? I'm not sure, and I don't have time to fire it up and check right now. I don't have the latest version, anyway. I think there is an extensive manual on the project's website and that will give you all of the details. -- KevinO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
