Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[J.Witvliet]

I gave you a lengthy description of the Fedora lists.
It's rather rude to see your question here again.


Met vriendelijke groet,
Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource
Coldenhovelaan 1 Maasland 3531RC Coldehovelaan 1, kamer B213

-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Turritopsis 
Dohrnii Teo En Ming
Sent: vrijdag 15 februari 2019 6:29
To: centos@centos.org
Subject: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 
TB of Data

Hi,

Could you recommend affordable and reliable cloud storage for 50 TB of data?




Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What on Centos is wiping out my eth0 IP address every 5 minutes?

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
m.r...@5-cent.us
Sent: Wednesday, July 24, 2013 4:07 PM
To: CentOS mailing list
Subject: Re: [CentOS] What on Centos is wiping out my eth0 IP address every 5 
minutes?

Rock wrote:
> On Tue, 23 Jul 2013 23:03:00 -0700, John R Pierce wrote:

> I think my "original" problem was what you guys sensed from
> the start.
>
> It was supremely frustrating having my manually typed eth0
> IP address being wiped out - but - apparently that was what
> Network Manager was supposed to do.
>
> Apparently Network Manager was set to pick up a DHCP address
> for eth0, and, when none were forthcoming, it wiped out the
> existing IP address.
>
> I only need to figure out now how to switch gracefully between
> using wlan0 connected to the home broadband router inside the
> house, and using eth0 wired to the Nanobridge M2 outside the
> house.

Several thoughts:
  on the router, see if it will accept a fixed IP, rather than one
assigned by DHCP; if so, you can set it on the laptop. I'd also check to
see if you need to deal with NetworkManager to do that. I don't know - I
*loathe* NM, and am majorly annoyed that upstream decided to put a tool
appropriate for a laptop as the default for *everything*... says the guy
dealing with 150 or more servers and workstations that are hardwired.

-Original Message-
I give servers a fixed address, but they are also defined in the dhcp server.
It might look overflues, but when doing an installation with PXE, you need dhcp.
Just gotta be careful that the hard coded and the dhcp ones are the same

Regarding N.M.: It is a wonderful tool.
At least for end-users on desktops/laptops with frequently changing WIFI or 
UMTS connections.

But for servers, without a GUI, but with vlans, load-balancing or H-A? Nah!

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What on Centos is wiping out my eth0 IP address every 5 minutes?

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Rock
Sent: Wednesday, July 24, 2013 4:01 PM
To: centos@centos.org
Subject: Re: [CentOS] What on Centos is wiping out my eth0 IP address every 5 
minutes?

On Tue, 23 Jul 2013 23:03:00 -0700, John R Pierce wrote:

> you should be able to get 300 feet of mostly open space with a simple 
> panel antenna

Understood. The Nanobridge M2 may be far more than I need.
But, it should work as it's advertised to go five miles.
All I need is a few hundred feet.

-Original Message-
Five miles?
Only with line of sight, no other stations on the same or neighboring channel, 
and no electric equipment (engines)..
Increasing power is hardly ever an good option, as it only do something for TX, 
nothing for RX.
If you have troubles with covering 300 feet, you need a 295 foot cable and an 
additional antenna...

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] web collaboration packages.

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Jason T. Slack-Moehrle
Sent: Tuesday, April 09, 2013 7:46 PM
To: CentOS mailing list
Subject: [CentOS] web collaboration packages.

Hello All,

Try as I might, I cannot get Zimbra 8.0.3 to install on CentOS 6.4, even
with --platform override. I followed some tutorials even that show the
result working and nada.

Can anyone suggest a good setup for e-mails erving, calendaring, web mail?
Web mail is particularly important for my wife so she can check e-mail when
she is at work.
-Original Message-

Thought about Kolab or tine ?

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 2way authentication for SSH?

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Rudi Ahlers
Sent: Monday, January 28, 2013 8:52 AM
To: CentOS
Subject: [CentOS] 2way authentication for SSH?

Hi,

Does anyone know of a stable / working "2way authentication" system for
SSH, and even web authentication services?

Most of the banks in South Africa have a system that, when you want to make
a payment, they send you an SMS and you need to verify the action with a
secret code which was SMS'd to you. gmail also has this.

Does anyone know of a "universal" plugin / application that can be used
with SSH and even websites like Wordpress / Joolma / Webmin / etc?


Any pointer would be appreciated.

-Original Message-
Is it really 2way (as in mutual) authentication or 2factor authentication?
Mutual authentication is normally done with ssl (server + client) certificates.
Most http engines (apache, tomcat) do support them.

For two factor (have, know) authentication "some assembly" is required, at 
least for openssh.
See: http://roumenpetrov.info/openssh/

Generally speaking, you _do_ want a trusted third party (like a CA) and 
certainly _not_ another additional unreliable man-in-the-middle. I mean: like 
google. But should I trust them with regards to security and availability???

HW




__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Good Anti-virus for Linux desktops and servers

[J.Witvliet]

-Original Message-
Hi.

I'm look for an enterprise quality Anti-virus / Malware for my Linux
machines . Mostly Ubuntu on the desktop, CentOS and RHEL servers. I
must have real time scanning, on demand scanning, and centralized
management.

Is there anything out there that can do this ?

GM
-Original Message-
Just a final remark,
Most AV-scanners are not capable of detecting everything.
If you really want to protect Microsoft desktops behind your Linux machine, you 
need multiple scanners serialized.

What's been said before, Kaspersky is really good specially compared with 
clamav.
Last time I tried clamav with a population of captured viri, it only detected 
60% of them.
BUT: ... it did detect the ones that Kasperky didn't.

So the combination of multiple different detectors (not specifically these two) 
is advisable.

Hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM as a desktop

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Les Mikesell
Sent: Tuesday, August 28, 2012 5:12 PM
To: CentOS mailing list
Subject: Re: [CentOS] KVM as a desktop

On Tue, Aug 28, 2012 at 9:23 AM, James B. Byrne  wrote:
> I am nearing the end of a project that moved our disparate services
> and hosts onto kvm virtualized servers.  What I am now contemplating
> is setting up my desktop as a virtual host and using one of the guests
> as my primary workstation.
>
> However, I am not sure how this would work in practice.  I am
> accustomed to working with virtual instances via ssh (a terminal
> window) and with my desktop system in a Gnome window manager.  Is
> there a reference somewhere that outlines the mechanics of logging
> into a virtual guest's graphical desktop directly from the physical
> console of the kvm host system?

I like to use freenx to host the desktop and the NX client to display
it.  That should work regardless of whether the desktop is a VM or not
and regardless of the OS or location of the display - and it wouldn't
surprise me if it performs better than whatever the built-in KVM
mechanism uses.   Even if you normally work locally, you may find it
handy to be able to pick up the display from elsewhere with everything
still running and have good performance.

-Original Message-

Not sure if freeNX is the best way to go.
How about x2go: http://www.x2go.org/
Or thinlink from http://www.cendio.com/

Hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] leap second

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Stephen Harris
Sent: Monday, July 02, 2012 6:24 PM
To: CentOS mailing list
Subject: Re: [CentOS] leap second

On Mon, Jul 02, 2012 at 11:09:41AM -0500, Les Mikesell wrote:
> I'm sort of curious about how a bug of this magnitude slips through
> the QA process (into java and RHEL, not CentOS).  With all the furor
> about y2k, did no one even bother to simulate a leap second ahead of
> the real occurrence?

The kernel bug is a race condition; simulations may not have detected
it.
-Original Message-

Very well, but this isn't the first leap second-insertion (2005, 2009), and 
certainly not the last.
I never heard of such consequences before.

Hans

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Optimal VPN

[J.Witvliet]

 

-Original Message-
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
My sense is that openvpn is the easiest to configure, the most robust and fault 
tolerant, as far as keeping connections up and reestablishing failed 
connections.  The downside of openvpn is incompatibility with most mobile 
devices, not relevant if you are able to install openvpn clients.  You can 
configure fixed IP addresses using either the ccd files or the client-connect 
script.

Based on other discussussions on the list my recollection is that IPSEC 
provides better performance if you need GigE or better data rates on your VPNs. 
 My sense is that IPSEC may be more difficult to configure and less robust at 
keeping connections up, but this has probably improved in recent years.

The main advantage to pptp that I see is compatibility with mobile devices.  A 
disadvantage of PPTP, as far as I know it cannot easily be tunneled through 
something like a linux firewall because it uses non-standard protocol packets 
(not TCP/UDP).

Both OPENVPN and IPSEC can easily be tunneled through most firewalls.

Though I have not researched this extensively, just based on watching list of 
security updates that get released for Centos, Fedora etc, It seems that 
OPENVPN has had very few security issues.  I have definely seen a few for 
strongswan and openswan (both are IPSEC implementations).  Again this is just 
gut feeling, not the result of any investigation.  I do note though that 
OPENVPN runs easily in a chroot 
environment, just by enabling options in the config file.   I'm not sure 
if openswan or strongswan can do this.

Nataraj

___

Hi,

If you don't use any fancy features, OpenVPN is rather easy to set up.
Additional effort is needed with:
-certificates
-routing
-smartcards

Exactly _the same troubles_ you will encounter with ipsec (though i have only 
used with strongswan)

If it is only master/slave configuration, openvpn will do, for a more complex 
topology (meshed) consider ipsec
Will you be confronted with IPv6 in the (not so) near future? Forget OpenVPN, 
it is still beta there, while it has been implemented in strongswan for ages, 
and part of there standard test plan.
Furthermore, openvpn is only compatible with openvpn, while using ipsec you 
might be able to connect to other boxes.
If you can install software on both ends, openvpn is available  for many 
platforms.

hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS in low RAM settings

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Bobby
Sent: Wednesday, September 15, 2010 3:11 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS in low RAM settings

On Wednesday, September 15, 2010 09:00:35 am Boris Epstein wrote:
> Hello listmates,
> 
> I have been playing with Xen VM's and was wondering what the minimum 
> RAM size in which you could run CentOS 5.5 (i386). So far I managed to 
> install in 256 MB or 512 MB and then shrink the VM's RAM to 128 MB and 
> still run the installation. Would anyone know why the install in a 128 
> MB VM fails (even in text mode)?
> 
> Thanks.
> 
> Boris.

Eh, not enough RAM. :)

-- 
Sometimes one can add swap during the installation.
But swap is slow and thus making the installation takes twice (or worse) longer.
Better is what you did, install with lots of mem, are reducing it afterwards.

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OpenVPN throughput

[J.Witvliet]

See below... 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Gordon Messmer
Sent: Saturday, August 21, 2010 12:03 AM
To: CentOS mailing list
Subject: Re: [CentOS] OpenVPN throughput

On 08/20/2010 10:19 AM, Bill Campbell wrote:
>
> Comparisons with gigabit networks seems a pointless given that most 
> VPNs will be used over the Internet which limits bandwidth, how fast 
> is fast enough?

Boris said in his first email that the link between the two networks was
1 Gps.
___

Perhaps a bit late on this thread, but i thought of adding my $0.02 ...

Last year i've been doing some experiments with openvpn.
Just as the O.P. I was curious about sustainable throughput, and was 
disapointed about the results

To obtain maximum resulst, i did:
- use two rather heavy machines (HP DL380-G6, dual quad core)
- two dedicated 10Gb-nic's
- cross-connect both nics
- DISABLE openvpn-debug (as it is VERY cpu expensive)
- raise MTU to 4K

Bottleneck was (in my case) the openvpn-process, that was running 100% on a 
single core,
While network was not saturated.

So for max throughput, it is probably strongswan (ipsec) or hw-encryption [or 
both]

hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where to download CENTOS 5.5 DVD version??

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Marcelo M. Garcia
Sent: Friday, June 11, 2010 6:40 PM
To: CentOS mailing list
Subject: Re: [CentOS] where to download CENTOS 5.5 DVD version??

Miguel Medalha wrote:
> ISOs here:
> 
> http://mirror.chpc.utah.edu/pub/centos/5.5/isos/x86_64/

That is interesting.

When I try to download, none of the mirrors in UK seems to have these isos, nor 
in the "nearby countries" mirrors.

mg.

Nearby countries aren't allways faster.
Better check for universities...

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] setup firewall with 3 nic cards

[J.Witvliet]

Hi Jerry,

Just a general remark.
When deploying a firewall, it is advisable to have (atleast for input, better 
for all) to have the general policy set to drop, and only allow in what you 
expect to be coming in. If you put a "-j log" line as a final line for each 
section, you'll see every packet you forgot about...

Now the default is "allow", and only doing some SNAT and DNAT rules...

hw

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Jerry Geis
Sent: Tuesday, May 11, 2010 12:10 AM
To: CentOS ML
Subject: [CentOS] setup firewall with 3 nic cards

I have a centos box with 3 nics. eth0 is internal, eth1 is T1 data and eth2 is 
cable data.
Everything is working on eth2 cable. External NAT is working just fine for eth2.
However external address 74.x.x.x on eth1 is not working.

Below is my iptables information.

I setup eth1 same as eth2 just a different IP address of course. What did I 
miss that
eth1 and NAT is not working?

Just looking for both public IP's incoming to NAT to the correct IP address. 
Only 1 is working at this time.


Thanks,

Jerry

---

Chain INPUT (policy ACCEPT)
target prot opt source   destination 
RH-Firewall-1-INPUT  all  --  0.0.0.0/00.0.0.0/0   

Chain FORWARD (policy ACCEPT)
target prot opt source   destination 
RH-Firewall-1-INPUT  all  --  0.0.0.0/00.0.0.0/0   

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination 

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source   destination 
ACCEPT all  --  0.0.0.0/00.0.0.0/0   
ACCEPT all  --  0.0.0.0/00.0.0.0/0   
ACCEPT all  --  0.0.0.0/00.0.0.0/0   
ACCEPT icmp --  0.0.0.0/00.0.0.0/0   icmp type 255 
ACCEPT esp  --  0.0.0.0/00.0.0.0/0   
ACCEPT ah   --  0.0.0.0/00.0.0.0/0   
ACCEPT udp  --  0.0.0.0/0224.0.0.251 udp dpt:5353 
ACCEPT udp  --  0.0.0.0/00.0.0.0/0   udp dpt:631 
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:631 
ACCEPT all  --  0.0.0.0/00.0.0.0/0   state 
RELATED,ESTABLISHED 
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp 
dpt:25 
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp 
dpt:22 
ACCEPT tcp  --  0.0.0.0/00.0.0.0/0   state NEW tcp 
dpt:80 
REJECT all  --  0.0.0.0/00.0.0.0/0   reject-with 
icmp-host-prohibited 


Chain PREROUTING (policy ACCEPT)
target prot opt source   destination 
DNAT   tcp  --  0.0.0.0/024.123.23.170   tcp dpt:22 
to:192.168.1.209:22 
DNAT   tcp  --  0.0.0.0/024.123.23.170   tcp dpt:25 
to:192.168.1.209:25 
DNAT   tcp  --  0.0.0.0/024.123.23.170   tcp dpt:80 
to:192.168.1.209:80 
DNAT   tcp  --  0.0.0.0/074.223.8.179tcp dpt:22 
to:192.168.1.58:22
DNAT   tcp  --  0.0.0.0/074.223.8.179tcp dpt:25 
to:192.168.1.58:25 
DNAT   tcp  --  0.0.0.0/074.223.8.179tcp dpt:80 
to:192.168.1.58:80 


Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination 
SNAT   all  --  192.168.1.0/24   0.0.0.0/0   to:24.123.23.170 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.209   to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1 
SNAT   all  --  0.0.0.0/0192.168.1.58to:192.168.1.1 


Chain OUTPUT (policy ACCEPT)
target prot opt source   destination 
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
24.123.23.168   0.0.0.0 255.255.255.248 U 0  00 eth2
74.223.8.1760.0.0.0 255.255.255.240 U 0  00 eth1
192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth2
0.0.0.0 24.123.2

Re: [CentOS] Where i download CentOS 4 iso for SPARC?

[J.Witvliet]

From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Luigi Castro Cardeles
Sent: Thursday, March 04, 2010 9:12 PM
To: CentOS list
Subject: [CentOS] Where i download CentOS 4 iso for SPARC?

Hi,

at http://www.centos.org/product.html show that centos support SPARC 
architecture. Where can i download a iso?
The only one i can find is this: 
http://beta.centos.org/centos/4.2beta/os/sparc/ and this link is broken.

Best Regard's
Luigi Castro Cardeles

I thought that the people from aurotalinux.org were the few still remaining to 
work on sparc
Not CentOS, but another RH-fork

hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Desperately need help with multi-core NIC performance

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
nate
Sent: Thursday, February 25, 2010 1:03 AM
To: centos@centos.org
Subject: Re: [CentOS] Desperately need help with multi-core NIC performance

Pete Kay wrote:
> Hi
>
> So is that the limit?  I have heard people being able to run like 10K 
> call channels before max out CPU cap.

I would verify the network throughput of your system to make sure the 
NIC/switch/etc are functioning normally, I use iperf to do this, really simple 
tool to use just need two systems.

On a good network you should be able to sustain roughly 900+Mbit/s with 
standard frame sizes and iperf on a single gigE link(hopefully with no tuning)


Just for reference...
On a slightly less-then-optimal network i could get 900Mbps between an HP DL380 
and an old IBM-T43, both with 1Gb nics and no tuning at all, through corporate 
network.

Between two DL380 with 10GB nics i got a performance boost (2500Mb -> 6500Mb) 
after i raised the MTU to 8K

hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS vs SMb vs iSCSI for remote backup mounts

[J.Witvliet]

At any rate... if I were in your shoes and really restricted to the options you 
propose, I would go with CIFS mounts through IPSEC tunnels.

Wouldn't IPSEC add more  overhead than an SSH tunnel?

-geoff

I would *certainly* not use ssh-tunnels, on a line that is not 100% error free 
or with high latency.
In general tcp-in-tcp tunneling is BAD. One likely gets the infamous 
snowbal-effect.

As ipsec is lower in the protocol-stack (then openvpn) it has probably the 
lowest overhead.
ssh-tunnels are the worst (just nice for a quick tunnel in SOHO-environments)

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS vs SMb vs iSCSI for remote backup mounts

[J.Witvliet]

From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Rudi Ahlers
Sent: Friday, January 29, 2010 12:23 AM
To: CentOS mailing list
Subject: Re: [CentOS] NFS vs SMb vs iSCSI for remote backup mounts



On Fri, Jan 29, 2010 at 1:18 AM, nate 
mailto:cen...@linuxpowered.net>> wrote:
Rudi Ahlers wrote:

> nate, why not? Is it simply unavoidable at all costs to mount on system on
> another, over a WAN? That's all I really want todo

If what you have now works, stick with it.. in general network
file systems are very latency sensitive.

CIFS might work best *if* your using a WAN optimization appliance,
I'm not sure how much support NFS gets from those vendors.

iSCSI certainly is the worst, block devices are very intolerant of
latency.

AFS may be another option though quite a bit more complicated, as
far as I know it's a layer on top of an existing file system that
is used for things like replication

http://www.openafs.org/

I have no experience with it myself.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Thanx nate, this is what I wanted to hear :)

So, is there any benefit in using NFS over SMB in this case?


Can't speak for NFS(3/4), but i can tell you that that smb-protocol combined 
with high latency is a recepy for disaster.
We tried it from europe to the carribean (both sat or fibre) but users spent 
their time more complaining then working.
Needed horrible expensive lan-optimesers at both end

So perhaps nfs4 or afs (later is intended for geographically separated 
machines, afaicr)
but certainly not smb!

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing an SSL Cert

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
ML
Sent: Wednesday, January 27, 2010 1:38 AM
To: CentOS mailing list
Subject: [CentOS] Installing an SSL Cert

HI All,

I am considering buying this: 

http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo003a

Since I have a domain that will be collecting data and processing payments. 

Where can I find instructions on how to install the certificate?

Do I have to run another domain or sub domain for the store? Or can I just run 
the whole domain on https?

Thanks,
-Jason
___

Ever considerd cacert.org ?

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Mirrors and Adjacent country groups

[J.Witvliet]

Hi 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Lanny Marcus
Sent: Wednesday, August 26, 2009 9:41 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS Mirrors and Adjacent country groups

On 8/25/09, Rainer Duffner  wrote:
> Am 26.08.2009 um 00:13 schrieb Lanny Marcus:

>>> Don't you have peering-points somewhere?
>>> Sorry for hijacking this thread...
>> Rainer: I don't think your reply is OT or hijacking. Good point. I 
>> suspect that in the EU, there is a lot of peering between countries, 
>> but here in SA, I don't think so.
>
> I suspected that.
> To illustrate, this:
> http://www.caida.org/research/topology/as_core_network/pics/ascore-ipv
> 4-ipv6.200903_poster.pdf
> is the map I was looking for.

Cool. I downloaded that 4.3 MB file.   I suspect we could peer with
Panama. I believe like Colombia, they are also quite advanced with
regard to telecommunications, and it's close. The city I live in
(Cali) is actually much closer to Miami, Florida than Los Angeles,
California is.  And maybe we could peer with Peru, but that's a long way
to our South.



Afaik it is impossible to deduce from the URL if one node is located
nearby or far away.
Eventhough as i live in europe, i can register and use a japanese URL.

Secondly, i fond out that ISP do funny tricks with routing: My
connection to my next-door-neighbour goes via a transcient node in
New-York (high latency).


Only traceroute can give you a clue if a node is local or not.
And even then there is a question of available bandwith

Hans

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using Linux as a NAS / SAN device

[J.Witvliet]

Hi, 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Robert Heller
Sent: Friday, August 28, 2009 12:23 AM
To: CentOS mailing list
Cc: CentOS mailing list
Subject: Re: [CentOS] using Linux as a NAS / SAN device

At Fri, 28 Aug 2009 00:12:27 +0200 CentOS mailing list
 wrote:

> 
> Hi,
> 
> I'm looking at using Linux as a NAS / SAN device, and would like some 
> input from other's who have done this before?
> 
> How would it compare to commercial SAN devices, Thecus N8800SAS
> (http://www.thecus.com/products_over.php?cid=11&pid=177&set_language=e
> nglish)
> or something similar to these?
> 
> I would probably use hardware RAID 10, and could go with either SAS / 
> SATA, and then probably offer iSCSI, Samba. NFS & rsync.
> In terms of servers hardware, well either Tyan / SuperMicro / Intel / 
> Dell would be fine as well. But, my question is rather from a linux 
> point of view, how would Linux compare to dedicated NAS devices, in 
> terms of the OS managing the device?

I think many dedicated NAS devices, are in fact Linux machines, using an
embedded Linux system.

--
Just a word of caution.
I had a simarly question: building one self, or buyding dedicated hw.
Looked through several specs of different boxes, and decided for an
ICY-box, that can hold two sata-disks, raid0/raid1/jbod, has an
GB-ethernet interface and capable of doing NFS. (which is actually an
Linux-box)

However, the box is as slow as a proverbial civil-servant, although the
link is realy set to GB, it just might as well have been 100MB. And even
that its not capable of filling to the max. (60Mb)
Found out (afterwards ;-) on the relevant product mailing lists that
it's the max the box can do.

hans

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to tell if I've been hacked?

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Ryan Pugatch
Sent: Wednesday, August 19, 2009 5:23 AM
To: CentOS mailing list
Subject: Re: [CentOS] How to tell if I've been hacked?



Christopher Chan wrote:
> Scott Ehrlich wrote:
>> There is a lot of talk about the vulnerable Linux kernel.   I'm
simply
>> wondering the telltale signs if a given system has been hacked?
>> What, specifically, does a person look for?
>>   
> 
> rpm -Va is a good start for modified binaries/libraries.
> rootkit detectors is another thing you can try.
> 
> 
> Other than that, it is checking your logs and looking for odd files 
> lying around...
> 


Also, processes running that you don't recognize.  Users you don't
recognize.  Logged in sessions that you don't recognize.  Free space
shrinking abnormally.  An increase in bandwidth usage that is
unexpected.

Ryan

Also processes you thinkk you DO recognize:
Just for testing how alert my co-workers were, i had a program called
"kswapd", just calculating prime-numbers...
They never noticed. ;-)

Without any preperation it's harder. No point in installing tripwire,
activating apparmor/selinux afterwards.
Those things should be done after a fresh installation.

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] protecting multiuser systems from bruteforce ssh attacks

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Eugene Vilensky
Sent: Thursday, August 20, 2009 10:15 PM
To: CentOS mailing list
Subject: [CentOS] protecting multiuser systems from bruteforce ssh
attacks

Hello,

What is the best way to protect multiuser systems from brute force
attacks?  I am setting up a relatively loose DenyHosts policy, but I
like the idea of locking an account for a time if too many attempts are
made, but to balance this with keeping the user from making a helpdesk
call.
What are some policies/techniques that have worked for this list with
minimal hassle?

Hi Eugene,

Depends on the number of users (as you mentioned "mutisuser" ) And how
strong you want your system to be protected.
If its not a couple of thousands, i would suggest:
Disabling password-login alltogether, and use keys only.

On the other hand, you can also demand that all connection must be made
by using a vpn-connection (openvpn/ipsec). 
After that you can be assured that any attempt is from a local user.

Both are a much stronger protection than allow/deny or
firewall-mechanisms

Hans

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 docs, howtos, descriptions

[J.Witvliet]

 




From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Tony Asnicar
Sent: Friday, June 12, 2009 12:38 PM
To: centos@centos.org; fedora-l...@redhat.com;
debian-u...@lists.debian.org; ubuntu-us...@lists.ubuntu.com
Subject: [CentOS] IPv6 docs, howtos, descriptions


I know...google...BUT:
Does someone has good howtos, docs, descriptions, opinions in forums, or
similar things about IPv6 and "related things"?
I just think it would be a very good idea to collect some links about
it...
Regards, and thank you in anticipation 
 
much info at:
http://www.tunnelbroker.net/forums/index.php?PHPSESSID=5ed651d73b5ce5378
20eeddd11bf0df1&board=2.0
 
If you login with your (free!) account there are a bunch of examples
scripts for any OS 

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel Atom systems?

[J.Witvliet]

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Angus MacGyver
Sent: Monday, May 25, 2009 5:51 PM
To: CentOS mailing list
Subject: Re: [CentOS] Intel Atom systems?

On Mon, 2009-05-25 at 16:22 +0200, Peter Hopfgartner wrote:
> >> Any comments on CentOS 5 on Intel Atom CPUs?
> >>
> >> I need to build a couple of inexpensive systems that will be used 
> >> primarily as gateway/firewall systems with OpenVPN, and need 
> >> recommendations in reliable hardware platforms.  These will need 
> >> two NICs.
> >> 
> >
> > Go with Soekris, they are built for that purpose. You can even get 
> > an SSL accelerator card for them. Mine has a ~500Mhz AMD Geode CPU, 
> > 512MB ram, I added a 1GB CF card, it has 4x100Mbit NICs, it has a 
> > slot for a PCI device, I put a bracket with another serial port on 
> > there to hook to a UPS, has a USB port, and a serial port for 
> > console access, draws a tiny amount of power.
> >
> > I don't consider linux a good platform for firewall or VPN devices 
> > myself, I use OpenBSD, with pf. I have an OpenVPN from my soekris 
> > box at home to my co-located server(runs Debian), have had it hooked

> > up for almost a year now, works great. I don't need the SSL 
> > acceleration card as my commit rate at the colo is only 1Mbit, so I 
> > don't want to push a lot of traffic.
> >
> > http://www.soekris.com/net5501.htm
> >
> > These things are designed from the ground up to be firewall/VPN 
> > appliances(low end mind you, your not gonna be pushing gigabits of 
> > traffic through them). The CPU on mine doesn't even have a heat 
> > sink.
> >
> > nate

WRAP's are old, but I've still got one powering my firewall/VPN device,
years later(WAN/LAN and DMZ), and the ALIX is a drop in replacement, and
I have one of those in a NAS.

Granted, you ain't gonna get multi GB throughput, same as soekris, but
by goodness they are stable and reliable, zero moving parts, and as for
ALIX/WRAP series, pretty neglible power requirements.

Also agree with Nate, I'd choose a version of BSD for a firewall/gateway
device over Linux, either FreeBSD or OpenBSD.

Something new (shipping starts in june)
Have a look at:
http://www.fit-pc.net/fitpc-2-p-2.html or
http://www.fit-pc.info/downloads/handleidingen/fit_pc_2_eng.pdf
Intel Atom Z530 1,6 GHz
1 GB DDR2 onboard
1* 1000 BaseT Ethernet, RJ45
OPTION: 802,11g
6* USB 2.0 high speed ports (for additional ethernet ports)
Mini SD port
Either diskless or with 160GB sata
Size: 115 x 101 x 27

As it new hardware, chances are minute that any flavour of *BSD will run
on it for the next couple of years.
You can get it with linux pre-installed.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificate system

[J.Witvliet]

 

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Barry Brimer
Sent: Friday, April 24, 2009 5:44 PM
To: CentOS mailing list
Subject: Re: [CentOS] Certificate system

Quoting j.witvl...@mindef.nl:

> Hi all,
>
> Can anybody inform me wether the  "RedHat Certificate System" or 
> actually a CentOS equivalent is available for CentOS.
> Just skimmed on a download site through the RPM's for 5.3 and I 
> couldn't find it.
> According to their pressrelease, it the code should be gpl, allthough 
> I can't find any rpm for RH, FC or Centos.
>
> It seems that this is one of the few CA-packages for large scale 
> deployment of certificates.
> Only alternative AFAIK is OpenCA, which seems to be hardly
maintained...
> ( binaries on their site are old, and source code yields lots of 
> errors during build..)

The Fedora version of RHCS is called Dogtag

You might have to modify/rebuild their SRPMS.


Yes, i came across dogtag.
However i got the impression it was something in the same category like
tinyca or pyca.
Perhaps it is based on the code of RHCS, and all documentation is just
some wiki pages.
Bit different from the docu from RHCS-7.3 (Their admin guide is over 600
pages)

I was asked to make a proposal for an (large) opensource CA/RA/ocsp/

If selected, i make them order an official package with support from RH.
But i would like to have some hands-on experience before, and not get
all my information from paper.
OpenCA has also quite some nice docu (but doesn't live up to it), and
used to be included in some distro's. 

So, ejbca seems to be more appropiate than dogtag (if i can't get RHCS)

hw

__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Certificate system

[J.Witvliet]

Hi all,

Can anybody inform me wether the  "RedHat Certificate System" or
actually a CentOS equivalent is available for CentOS.
Just skimmed on a download site through the RPM's for 5.3 and I couldn't
find it.
According to their pressrelease, it the code should be gpl, allthough I
can't find any rpm for RH, FC or Centos.

It seems that this is one of the few CA-packages for large scale
deployment of certificates.
Only alternative AFAIK is OpenCA, which seems to be hardly maintained...
( binaries on their site are old, and source code yields lots of errors
during build..)

Defensie/CDC/IVENT/Research en Innovation Centrum
Ing J. (Hans) Witvliet Systeembeheer, CAcert-assurer
T   0174-539053
mailto:j.witvl...@mindef.nl
Coldenhovelaan 1, 3155RC Maasland, kamer A109


__
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos