Re: [CentOS] firewalld management on a headless server

[Mark Milhollan]

On Wed, 29 Mar 2017, Robert Moskowitz wrote:
>On 03/29/2017 07:38 AM, Leon Fauster wrote:

>>We have good results with http://www.shorewall.net/ an iptables
>>"abstraction".
>>Despite its not a GUI, the streamlined configuration helps to be effective.
>
>From what I can determine, it is still iptables.  Not firewalld.

That's what Leon said, shorewall is an iptables abstraction, and 
iptables is a command that manipulates netfilter.

FirewallD is similar in that it abstracts and simplifies using netfilter 
without using the iptables command.  Which has a GUI that can be used 
remotely but it is not web based as requested.  Fedora's CoPilot 
probably has a module for it, but I don't know that it can be used with 
a CentOS based server.  Webmin likely has a module for it by now.


/mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Xen 4.6.3-9 release

[Brandon Shoemaker]

Hi list,

 

Xen 4.6.3-9 will be general release soon? 

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Network isolation for KVM guests

[Nux!]

Use libvirt with mac/ip spoofing enabled.

https://libvirt.org/formatnwfilter.html

https://libvirt.org/firewall.html

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "C. L. Martinez" 
> To: centos-virt@centos.org
> Sent: Thursday, 30 March, 2017 15:06:58
> Subject: [CentOS-virt] Network isolation for KVM guests

> Hi all,
> 
> What options exists under CentOS hosts to work with isolated networks?. For
> example, on BSD systems it is really trivial. In FreeBSD you can use setfib
> tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is
> possible to work with isolated networks and assign process, ip address and
> routes (hidden from the main route table and ip addresses), etc.
> 
> But I can't find a similar solution for CentOS environments. I have found two
> similar options:
> 
> a/ Network namespaces (but doesn't provides a real network isolation)
> b/ VRF (but it is supported only for kernels 4.8 and up)
> 
> Any ideas?
> 
> Thanks.
> 
> --
> Greetings,
> C. L. Martinez
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Network isolation for KVM guests

[Kristián Feldsam]

for KVM guests I use VLANs

S pozdravem Kristián Feldsam
Tel.: +420 773 303 353
E-mail.: ad...@feldhost.cz

www.feldhost.cz - FeldHost poskytuje kvalitní hostingové a serverové služby za 
příznivou cenu.

FELDSAM s.r.o.
V rohu 434/3
Praha 4 – Libuš, PSČ 142 00
IČ: 290 60 958, DIČ: CZ290 60 958
C 200350 vedená u Městského soudu v Praze

Banka: Fio banka a.s.
Číslo účtu: 2400330446/2010
BIC: FIOBCZPPXX
IBAN: CZ82 2010  0024 0033 0446

> On 30 Mar 2017, at 16:06, C. L. Martinez  wrote:
> 
> Hi all,
> 
> What options exists under CentOS hosts to work with isolated networks?. For 
> example, on BSD systems it is really trivial. In FreeBSD you can use setfib 
> tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is 
> possible to work with isolated networks and assign process, ip address and 
> routes (hidden from the main route table and ip addresses), etc.
> 
> But I can't find a similar solution for CentOS environments. I have found two 
> similar options:
> 
> a/ Network namespaces (but doesn't provides a real network isolation)
> b/ VRF (but it is supported only for kernels 4.8 and up)
> 
> Any ideas?
> 
> Thanks.
> 
> -- 
> Greetings,
> C. L. Martinez
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Network isolation for KVM guests

[C. L. Martinez]

Hi all,

 What options exists under CentOS hosts to work with isolated networks?. For 
example, on BSD systems it is really trivial. In FreeBSD you can use setfib 
tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is 
possible to work with isolated networks and assign process, ip address and 
routes (hidden from the main route table and ip addresses), etc.

 But I can't find a similar solution for CentOS environments. I have found two 
similar options:

 a/ Network namespaces (but doesn't provides a real network isolation)
 b/ VRF (but it is supported only for kernels 4.8 and up)

 Any ideas?

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] sound problems... config?

[ken]

On 03/29/2017 12:08 PM, Alice Wonder wrote:

On 03/29/2017 04:05 AM, ken wrote:

On 03/28/2017 11:40 PM, Alice Wonder wrote:

On 03/28/2017 05:53 PM, ken wrote:

The www has failed me with this, so I'm trying you guys.  Sound worked
great out of the box when I installed 7.2... Yay!  I could watch all
kinds of videos, like on facebook and youtube.  And I could listen to
most podcasts too.  But then something happened. It was either a 
kernel

upgrade or that I installed vlc (for watching videos on DVD) and the
whole stack of codecs for it... I don't know exactly when, but at some
point I no longer had sound with youtube  and other web videos. The
videos played fine, just no sound.  Note that using vlc, both video 
and

the audio with it play just fine.  I need to select the audio driver
(from a list in a vlc menu), however, else the sound won't work in vlc
either.

If I go into the Applications menu, then System Tools -> Settings ->
Sound, under "Choose a device for sound output:" there are no devices
listed.  There used to be.

If I run "aplayer file.wav", nothing plays (no sound at all) and I get
the error "main:786: audio open error: No such file or directory".  
If,

on the other hand, I run "aplay file.wav -D plughw:0" (i.e., specify
the/a device), I do get sound, the file does play.

I ran alsa-info.sh and it posted tons of info from it on my setup at
http://www.alsa-project.org/db/?f=1dba91886be054df4816000768a0f5b109947a48. 



Yet it still doesn't tell me what's missing.

Anyone here have an idea...? or thoughts about where to look next?

tia,
ken


I have similar issue with USB headphones. Worked fine in 7.2 but in
7.3 I frequently have to unplug and plug them back in before it
finally is able to be selected from the menus as my output.

Once it is selected, it stays selected until next reboot.


Alice,

Thanks for your reply.  I believe you and I are looking at two separate
problems.  My system is capable of switching between the onboard
speakers and the headphones with no problem at all (when the sound is
working at all).  That is, when there's sound out of the onboards, I can
plug in the headphones and sound instantly comes out of them, and vice
versa... even in the middle of one and the same video.

In your case the problem may have more to do with USB.  USB is
notoriously slow... at least it used to be.  This is due to timing,
i.e., after loading the USB sub-system, the system has to query the USB
device to find out what it is (e.g., mouse, joystick, headphones,
touchpad, etc.) and there are a bazillion different kinds of USB
devices... a long list of things to query.  Not only that, but a single
query takes time: the system has to give the device time to respond-- it
used to be a second or two.   And there are ever more USB devices.
Maybe too your headphones are near the bottom of the long list of USB
devices.

I don't know that this is your situation.  It could be something else (a
half dozen other hang-ups).  But you might want to test by plugging in
your USB headphones and then leaving the plug in, waiting a couple
minutes to see if they start to work.

Alice, could you please post the output of these three commands (for
comparison purposes):

uname -r
ps -ef|grep -i alsa
aplayer -L

Thanks.




[alice@localhost ~]$ uname -r
3.10.0-514.6.2.el7.x86_64


It looks like either you need to do a kernel upgrade or you haven't 
rebooted since the most recent.  I have 3.10.0-514.10.2.el7.x86_64.



[alice@localhost ~]$ ps -ef |grep -i alsa
root   858 1  0 Feb27 ?00:00:00 /usr/sbin/alsactl -s 
-n 19 -c -E ALSA_CONFIG_PATH=/etc/alsa/alsactl.conf 
--initfile=/lib/alsa/init/00main rdaemon




This is the same as what I have.  So the same command is fired up to run 
alsa.  I looked at the two files (both text files) and they're both, to 
me, inscrutable.  The second one, is actually a program, code which 
programmatically configures alsactl.  The programming language it uses 
is fairly normal and simple, but even with that, with all the variables 
and other files it uses and various operations it invokes, and then all 
the knowledge of internals of audio and the sound card it entails, it 
would take quite a bit of study to get a grip on it.  Getting some human 
help there or a good doc or two  (in addition to its man page) might 
even make it possible to fathom...  :)  then possibly happen onto the fix.



[alice@localhost ~]$ aplayer -L
bash: aplayer: command not found...



Sorry, Alice.  I shouldn't have trusted memory.  The actual command is 
"aplay -L".




-=-

Intel xeon on supermicro board


Nice.



No onboard sound but unfortunately the video card has Intel HD audio 
associated with the HDMI out that for some reason the system always 
defaults to after boot even though there is no audio out on the video 
card (nvidia card) other than the HDMI which I only use for video.


Your system doesn't have a plug (typically a three- or four-connector 
(sub)mini-D) for analog sound?

[CentOS] have udev to ignore/hide a scsi disk - but how?

[lejeczek]

hi everyone

I've been playing and trying to tell udev to ignore and not 
create symlinks in /dev but I fail.

Hoping this is the one: ENV{ID_SERIAL}== I've tried:
ENV{SYSTEMD_READY}:="0"
OPTIONS+="last_rule"
even
ENV{UDISKS_IGNORE}="1"

but udev tests would still show:  ACTION=add and symlinks 
created.


Would share an advice?
many thanks,
L.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] 2.6.0-28.el7_3.6.1 e1000 problem

[Dmitry Melekhov]

30.03.2017 10:52, Dmitry Melekhov пишет:

Hello!

We tried to move Windows 2003 VM with e1000 driver from Centos 7 which 
runs qemu-kvm-0.12.1.2-2.491.el6_8.7.x86_64
to Centos 7 with qemu-kvm-ev-2.6.0-28.el7_3.6.1.x86_64 and we got 
problems-

tcp sessions, namely smb connections, randomly drops.

We didn't test previous qemu-rhev with this VM, so we don't know how 
it works in them.


Could you tell me is this known problem? Any workaround except 
switching to virtio?


Thank you!


Sorry, previous host system was Centos 6 with default qemu...


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] 2.6.0-28.el7_3.6.1 e1000 problem

[Dmitry Melekhov]

Hello!

We tried to move Windows 2003 VM with e1000 driver from Centos 7 which 
runs qemu-kvm-0.12.1.2-2.491.el6_8.7.x86_64

to Centos 7 with qemu-kvm-ev-2.6.0-28.el7_3.6.1.x86_64 and we got problems-
tcp sessions, namely smb connections, randomly drops.

We didn't test previous qemu-rhev with this VM, so we don't know how it 
works in them.


Could you tell me is this known problem? Any workaround except switching 
to virtio?


Thank you!

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt