[CentOS] RedHat 6.5 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system - NEW CRAZY BUG
Il 26/02/2013 19.24, News ha scritto: Il 25/02/2013 12.28, Simon Matter ha scritto: Hello to the list, I update a RedHat server from 6.3 to 6.4 and install the last shorewall rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show the error ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system, after the boot I can start shorewall by hand. Could it be a problem with SELinux? Simon What can I do? Thanks to everybody Amedeo Here from the shorewall newsletter... Simon you're magician! the update change the selinux's labels of iptables after reset this it's all ok I think that when the people updates frome centos 6.3 to centos 6.4 the world stopping Here is the commands: restorecon -Rv /sbin restorecon reset /sbin/iptables-multi-1.4.7 context system_u:object_r:bin_t:s0-system_u:object_r:iptables_exec_t:s0 restorecon reset /sbin/ip6tables-multi-1.4.7 context system_u:object_r:bin_t:s0-system_u:object_r:iptables_exec_t:s0 Thanks sooo much Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hello to the list, I start from here because there are some news, this is the story: I upgrade one server from Centos 6.3 to 6.5 and come back out again the problem described above, so I use restorecon -Rv /sbin but there is not output, this was strange, I reboot the server and shorewall won't start again, i try some hacks but nothing. So i tried to change selinux in permissive mode and shorewall START!! I look at files: ls -Z /sbin/ip* and the surprise -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /sbin/ip6tables-multi-1.4.7 -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /sbin/iptables-multi-1.4.7 the selinux label was wrong so I look in the /etc/selinux/targeted/contexts/files/file_contexts file for the label cat /etc/selinux/targeted/contexts/files/file_contexts | grep ip and i don't find nothing, this was very very strange so I open manually the file and SURPRISE!! what i find: /sbin/ebtables -- system_u:object_r:iptables_exec_t:s0 /sbin/ebtables-restore -- system_u:object_r:iptables_exec_t:s0 look!! ebtables and not iptables. if i use restorecon -Rv /sbin did not work because the label was wrong. I find the same problem in a server running RedHat 6.5 but had not come out because I had upgraded from 6.4 to 6.5 [FIX] I relabel manually the two files with this commands: chcon -t iptables_exec_t /sbin/iptables-multi-1.4.7 chcon -t iptables_exec_t /sbin/ip6tables-multi-1.4.7 but i hope that the /etc/selinux/targeted/contexts/files/file_contexts will updated soon. I hope that this can help someone Thanks Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RESOLVED: Re: [Shorewall-users] RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
Il 25/02/2013 12.28, Simon Matter ha scritto: Hello to the list, I update a RedHat server from 6.3 to 6.4 and install the last shorewall rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show the error ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system, after the boot I can start shorewall by hand. Could it be a problem with SELinux? Simon What can I do? Thanks to everybody Amedeo Here from the shorewall newsletter... Simon you're magician! the update change the selinux's labels of iptables after reset this it's all ok I think that when the people updates frome centos 6.3 to centos 6.4 the world stopping Here is the commands: restorecon -Rv /sbin restorecon reset /sbin/iptables-multi-1.4.7 context system_u:object_r:bin_t:s0-system_u:object_r:iptables_exec_t:s0 restorecon reset /sbin/ip6tables-multi-1.4.7 context system_u:object_r:bin_t:s0-system_u:object_r:iptables_exec_t:s0 Thanks sooo much Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Firewall - router with virtual IP
Il 03/11/2011 3.34, Fajar Priyanto ha scritto: Hi all, I haven't found anything in Google about this. I'm creating a firewall router with Centos with few virtual IP using iptables. May I ask for your experience? Is there any pitfall or bad side of using virtual IP for this purpose? I'm using few virtual IP to accommodate few subnets that go through this firewall/router. Thank you. Fajar. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall for this http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: headless fanless silent 2 HDs micro server/pc...
Il 09/08/2011 16.57, John Doe ha scritto: Hey, A bit out of topic but I am looking for a micro server/pc if anyone knows a descent one... I found many nice NAS but I would like to have full access to the OS (install CentOS, etc). Dream one would be - Very quiet (fanless) since it will sit in my bedroom. - Headless - Small. - 2/3 HDs (2.5 are ok) for RAID1 (hardware RAID would be nice, and with BBC even more).- 1 or 2 GB NICs - USB3 or ESATA would be nice... - Price would not be much of a problem (maybe no more than $1000 though). Random thoughts: - a shuttle PC with 2 HDs and a real RAID card (if it fits inside), but maybe too noisy, no headless. - a mac mini server looks very nice (but max budget, need another Mac to install, not sure if easy/possible to install CentOS). - some NAS were I could easily replace the OS (not on a flash chip). So if you know a nice one... Thx, JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos HP Microserver is very good for me, i have one and it's ok. Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Limiting bandwidth
Il 20/02/2010 13.25, Bob McConnell ha scritto: Rajagopal Swaminathan wrote: Greetings, Scenario: Centos box with eth1 (10.0.0.0/24) and eth0 (192.168.0.0/24) segment on eth0 has access to full bandwidth of uplink Both are on 100mbps switches Requirements: bandwith on segment on eth1 needs to be throttled to different speeds - say 32, 64, 128kbps and the such. Required for application performance testing purposes. The best tool I have found for this is DummyNet, which is built into FreeBSD. It was created to test protocol designs then adapted for traffic management. However, I am not aware of any ports into Linux. http://info.iet.unipi.it/~luigi/dummynet/ http://cs.baylor.edu/~donahoo/tools/dummy/tutorial.htm Bob McConnell N2SPP ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I try to use shorewall for this. Amedeo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/ldap.conf pam_filter
Hi Chris, Thanks, you mind, replace ldap auth with winbind auth ? my scene: on one side 1 smb server pdc with ldap, on the another side, 1 Xorg-Server with auth over ldap , the same from the first one (smb). i need to permit only users membership_of Domain Users to login on the Xorg-Server Thanks Am 05.02.2010 12:45, schrieb Christoph Maser: Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect: Hi, we use an openldap server / samba as domain controller for our windows/linux workstations. on a specific server, login should only be allowed, if the certain user is member of a group (let's call this group login). All the users in the domain are members of the group Domain Users. Therefore their primary gid is not the login-group's gid. How can I make the login depending on that login-group-membership? Thanks! Toby If you use winbind you can use require_membership_of= in/etc/security/pam_winbind.conf. Chris financial.com AG Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RSync Issues
man rsync -i, --itemize-changes output a change-summary for all updates --list-only list the files instead of copying them --ignore-existing skip updating files that exist on receiver -v, --verbose increase verbosity --existing, --ignore-non-existing This tells rsync to skip creating files (including directories) that do not exist yet on the destination. If this option is combined with the --ignore-existing option, no files will be updated (which can be useful if all you want to do is delete extraneous files). This option is a transfer rule, not an exclude, so it doesn't affect the data that goes into the file-lists, and thus it doesn't affect deletions. It just limits the files that the receiver requests to be transferred. --ignore-existing This tells rsync to skip updating files that already exist on the destination (this does not ignore existing directories, or nothing would get done). See also --existing. This option is a transfer rule, not an exclude, so it doesn't affect the data that goes into the file-lists, and thus it doesn't affect deletions. It just limits the files that the receiver requests to be transferred. This option can be useful for those doing backups using the --link-dest option when they need to continue a backup run that got interrupted. Since a --link-dest run is copied into a new directory hierarchy (when it is used properly), using --ignore existing will ensure that the already-handled files don't get tweaked (which avoids a change in permissions on the hard-linked files). This does mean that this option is only looking at the existing files in the destination hierarchy itself. ML schrieb: Hi All, Rsyncing to a USB drive. I am in single user mode. I am doing: rsync -avx --stats --progress --ignore-existing --exclude 'home/backup/ data' / /mnt/sdb2/ But I dont see if ignoring existing. A previous rsync stalled and now it seems to be copying them again rather than ignoring them. Does anyone have thoughts? -ML ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall in CentOS 5.1
Ray Leventhal ha scritto: Robert Spangler wrote: On Thursday 24 July 2008 03:34, Gopinath Achari wrote: Please suggest me a good firewall package for Cent OS 5.1 Server. This server is going to face to internet and will be accessed by the branch offices. adding a late voice to this thread, I've used and enjoyed the cli of apf which acts as a front end for iptables http://rfxnetworks.com/apf.php no rpm of which I'm aware, but the install is non-intrusive and very simple -Ray ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I use shorewall in some server from 5-6 yesars without problems. http://www.shorewall.net/ Amedeo Fragai ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos