Re: [CentOS] Current RHEL fragmentation landscape

[Walter H. via CentOS]

On 21.07.2023 09:30, Lee Thomas Stephen wrote:

Because the general rule seems to be
Oh! You are an individual, we will offer you affordable/free service
What! You are a business, we will offer you extremely 'unaffordable' 
service.


this is ok, but the worse thing is:  students and teachers get 
affordable/free service


and other citizens had to pay unrealistic sums of money ...

Because being a 'business' by default means you have a 'lot' of money 
to waste.


(a) talking about money to waste is nonsense
(b) think of the fact that this way residents get something affordable, 
which is absolutely fair;
e.g. residents get 200 Mbit down/20 Mbit up unlimited for 30 dollars a 
month,

'business' has to pay for the same more than 100 dollars a month;



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Current RHEL fragmentation landscape

[Walter H. via CentOS]

On 21.07.2023 09:30, Lee Thomas Stephen wrote:

Because the general rule seems to be
Oh! You are an individual, we will offer you affordable/free service
What! You are a business, we will offer you extremely 'unaffordable' service.


this is ok, but the worse thing is:  students and teachers get 
affordable/free service


and other citizens had to pay unrealistic sums of money ...


Because being a 'business' by default means you have a 'lot' of money to waste.


(a) talking about money to waste is nonsense
(b) think of the fact that this way residents get something affordable, which 
is absolutely fair;
e.g. residents get 200 Mbit down/20 Mbit up unlimited for 30 dollars a month,
'business' has to pay for the same more than 100 dollars a month;


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] RADVd and DHCPv6?

[Walter H. via CentOS]

Hello,

these are my settings in

radvd.conf

interface br0
{
    AdvSendAdvert on;
        AdvManagedFlag on;
    AdvOtherConfigFlag on;
    MinRtrAdvInterval 5;
    MaxRtrAdvInterval 15;
    route fe80::1/64
    {
    AdvRouteLifetime infinity;
    AdvRoutePreference high;
    };
};

in general I use stateful DHCPv6 (AdvManagedFlag on),
but is there a way to have some devices (Android) get their IPv6 by SLAAC?

Thanks,
Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Walter H.]

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227

On 27.01.2021 08:38, Gionatan Danti wrote:

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disk choice for workstation ?

[Walter H.]

If I were you,
I'd do the 2nd ... use a larger SSD (1 TB), and keep the mirror set 
(raid 1) for /data

Walter

On 26.12.2020 21:20, Nicolas Kovacs wrote:

Hi,

My workstation is currently equipped with a pair of Western Digital Red 1 TB
SATA disks in a software RAID 1 setup.

Some stuff like working with virtual machines is a bit slow, so I'm thinking
about replacing the disks by SSD.

I'm hesitating between three different setups:

1) Use a relatively small SSD (120 to 240 GB) to reinstall the system on it.
Keep the two SATA disks in a RAID 1 array and mount /home on it.

2) Use a larger SSD (500 GB to 1 TB), install everything (including /home) on
it. Keep the two SATA disks in a RAID 1 array and mount them on /data for 
storage.

3) Get rid of the disks and go full SSD, with a 1 TB disk.

Any advice from the hardware gurus on this list?




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] HE-IPv6-Tunnel with CentOS 7

[Walter H.]

Hello,

on my tunnel end  I habe configured this:

in /etc/sysconfig/network-scripts/ifcfg-eth0 I added this

IPV6INIT=yes
IPV6ADDR=lan-prefix::1
IPV6ADDR_SECONDARIES="fe80::1"
IPV6_AUTOCONF=no
IPV6_ROUTER=yes

/etc/sysconfig/network-scripts/ifcfg-sit1 is this

TYPE=SIT
NAME=sit1
ONBOOT=yes
DEVICE=sit1
BOOTPROTO=none
IPV6INIT=yes
IPV6TUNNELIPV4=ipv4-of-tunnel-at-he
IPV6TUNNELIPV4LOCAL=myipv4
IPV6ADDR=tunnel-prefix::2

in /etc/sysconfig/network I added this:

NETWORKING_IPV6="yes"
IPV6FORWARDING="yes"
IPV6_DEFAULTGW=tunnel-prefix::1
IPV6_DEFAULTDEV=sit1

everything works fine, but

can someone explain this behaviour:

traceroute6 www.google.com

doing this on this CentOS-Box, I have tunnel-prefix::1 at the first hop 
as expected;


doing this on another Linux (CentOS), I have the CentOS-Box at the first 
hop and tunnel-prefix::1 at the 2nd hop as expected,
but doing this on a Windows, there I have tunnel-prefix::1 at the 2nd 
and the 3rd hop, why?

(the same with my own 6in4-tunnel)

Thanks,

Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Blog article: CentOS is NOT dead

[Walter H.]

On 14.12.2020 13:07, Nicolas Kovacs wrote:

Hi,

Here's an interesting read which makes a point for CentOS Stream:

https://freedomben.medium.com/centos-is-not-dead-please-stop-saying-it-is-at-least-until-you-read-this-4b26b5c44877

tl;dr: Communication about Stream was BAD, but Stream itself might be a good
thing. Here's why.


'might' doesn't mean 'is', there the "terminus techicus" 'dead' is korrekt


"CentOS Stream intends to be as stable as RHEL"

and where is the 10 year update support?

the last update of CentOS Stream will be in the year 2024

and do you really think it is worth the work to migrate to CentOS Stream,
when knowing to have this work again in less than 4 years?

Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] The conclusio: CentOS is dead

[Walter H.]

Why?

it is called "rolling release" and no one gave officially a statement to 
the question I asked,


if it is meant like that of Win10 ...

a beta release is not the same that many expect as a stable system, as 
they are used to have with CentOS;


you should think of renaming CentOS to something different, because with 
Enterprise this CentOS Stream has nothing in common;


and does Redhat really expect everone - even private people - afford a 
RHEL subscription¹ just to have a stable system?


¹ I would in case I only need just one RHEL subscription for ALL my 
private used VMs (including the ones hosted in internet as VPS)


- a DNS server
- a proxy server (squid)
- a mail server (mail store - cyrus-imapd)
- a mail server (mail router f. outgoing mails)
- a mail server (mail scanner f. incoming mails with SpamAssassin and 
ClamAV)
- a 2nd proxy server (squid, with SSL interception and Squidclamav plus 
ClamAV)

- a web server (apache)
- a jump host
- a 6in4 router
- desktop with graphical UI (plus Firefox and Thunderbird) is a now a 
SL, but they decided several time ago,
  not to do their own system based on RHEL, they use CentOS, that is 
now a little bit bad for this/SL's use case;


- a VPS with OpenVPN (used with my smartphone)
- a VPS with a proxy (squid, to avoid censorship due to geolocation 
blocking)

- a VPS as the other end of 6in4
- a VPS with storage of my own files
  (all VPS run a bind, too)

Thanks for read;

Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] question centos stream 8 applying updates

[Walter H.]

On 11.12.2020 19:19, Gordon Messmer wrote:

On 12/10/20 2:53 PM, edward via CentOS wrote:
after reading some info on centos stream is a  rolling release. i'm 
wondering applying 



It's not a "rolling release" in the most commonly used sense. There 
just isn't a minor number for releases.  CentOS Stream 8 will always 
be CentOS Stream 8, and never 8.1 or 8.2, etc.  Just one ten-year long 
release.  At any given point in time, a fully updated system should be 
backward-compatible with any applications that have run earlier in the 
release cycle.


with CentOS Stream there are only updates till 2024(!) not 2029 as it be 
expected ...



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Update path question in connection with CentOS Stream?

[Walter H.]

Hello,

when someone has installed a CentOS 7.1 in the past,

and did 'yum update' regularily, his/she got a CentOS 7.8 now without 
any reinstallation procedure or other complications;


when the same wanted to update to CentOS 8 he/she had to do a new install;

what happens to CentOS Stream?

when some is now installing CentOS Steam and will do

'dnf update' or 'yum update' regularily in the future,

what does he/she get till the "end"?

is this a rolling release like Win10 which doesn't need to be 
reinstalled now and in future?

(the fact that hardware can break is not the question)

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream from bottom works, what is this?

[Walter H.]

On 09.12.2020 18:12, Johnny Hughes wrote:

On 12/9/20 11:01 AM, Walter H. wrote:

On 09.12.2020 15:45, Johnny Hughes wrote:

On 12/9/20 8:41 AM, Walter H. wrote:

p.s. can someone tell in as short as possible what this CentOS Stream is
in comparison to CentOS 8?

CentOS Stream is built from the currently released RHEL Source Code + 0.1

So if RHEL 8.3 is released .. Stream is the Source Code (built) that
will become 8.4 in a few months.

what does this mean in comparison to CentOS 8, which sources are used
for this?

to be concrete:

I can download this ISO of CentOS 8

(1) CentOS-8.3.2011-x86_64-dvd1.iso

and this ISO fo CentOS Stream

(2) CentOS-Stream-8-x86_64-20201203-dvd1.iso

which sources are used for (1) and which for (2)?

and what does it mean of the update process be 'yum update'

e.g. if one would do this with CentOS 6, there is no way; the support
ended;

with CentOS 8 this will haben one day (somewhat in 2029), and what is
said about this of CentOS Stream?


CentOS Linux 8 is the source code from released current RHEL 8 .. for
now 8.3.  The EOL of CentOS Linux 8 is 31 DEC 2021
when doing 'yum update' regularly this would also be EOL the end of the 
following year?

CentOS Stream 8 is the source cdoe from what be RHEL + 0.1 .. so
currently 8.3 + 0.1 = 8.4.  It will EOL in 31 MAY 2024


this is much longer here, can I update this 'forever' just doing 'yum 
update' regularly?


why I am asking this, I need to choose one option, because my CentOS 6 
VMs are EOL;


and I would practice this the same way I did, when my CentOS 4 became 
EOL, I installed CentOS 6

VM by VM - never used CentOS 5;

e.g. the first one was the DNS-VM, which I used CentOS 6.2,
then the outgoing Mail-server-VM, I used CentOS 6.3
and by doing 'yum update' regularly they all became finally 6.10;

so which should I choose
- CentOS 7: EOL in 2024
- CentOS Stream: EOL also in 2024
(CentOS 8 is no option I guess)

comparing to Windows,
when using Win10, there is no install needed any more, every half year 
function update,

and the other time security/bug fix update;

is doing CentOS Stream the same way?

Thanks,

Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream from bottom works, what is this?

[Walter H.]

On 09.12.2020 15:45, Johnny Hughes wrote:

On 12/9/20 8:41 AM, Walter H. wrote:

p.s. can someone tell in as short as possible what this CentOS Stream is
in comparison to CentOS 8?

CentOS Stream is built from the currently released RHEL Source Code + 0.1

So if RHEL 8.3 is released .. Stream is the Source Code (built) that
will become 8.4 in a few months.


what does this mean in comparison to CentOS 8, which sources are used 
for this?


to be concrete:

I can download this ISO of CentOS 8

(1) CentOS-8.3.2011-x86_64-dvd1.iso

and this ISO fo CentOS Stream

(2) CentOS-Stream-8-x86_64-20201203-dvd1.iso

which sources are used for (1) and which for (2)?

and what does it mean of the update process be 'yum update'

e.g. if one would do this with CentOS 6, there is no way; the support ended;

with CentOS 8 this will haben one day (somewhat in 2029), and what is 
said about this of CentOS Stream?


Thanks,

Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS Stream from bottom works, what is this?

[Walter H.]

Hello,

I just tried installing a VM from the stream ISO and it worked;

the only thing I would like to have changed as a default config is

GRUB_CMDLINE_LINUX=" net.ifnames=0 ..."

the reason, I find eth0, eth1, eth2 easier to use than cryptic names 
like ens33 or ens0p3 or so;


Walter

p.s. can someone tell in as short as possible what this CentOS Stream is 
in comparison to CentOS 8?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] strange RPM dependency observed in CentOS 7

[Walter H.]

On 08.12.2020 15:12, Jonathan Billings wrote:

On Tue, Dec 08, 2020 at 02:54:03PM +0100, Walter H. wrote:

Yes, then the interesting question, how can I make use of these
GeoIP-features when
doing these e.g.

nslookup    200:470:17:55::1
nslookup    222.10.10.1
nslookup   www.centos.org
host www.centos.org

Looking at the source, it looks like the geoip-related functions are
only called in the 'named' code and the libdns library.  I don't see
any features in dig, host or nslookup for looking up countries based
on IP.  However, the GeoIP package has a 'geoiplookup' command that
looks up a country from an IP.

wouldn't it be a good idea to split this, so that 'bind-utils' has no 
dependency of neither GeoIP nor geoipupdate,

like it is in CentOS 6?

(on systems where the bind-utils are used, mostly no GeoIP is used - DNS 
vs. Web)


Thanks,

Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] strange RPM dependency observed in CentOS 7

[Walter H.]

On 08.12.2020 14:44, Jonathan Billings wrote:

On Tue, Dec 08, 2020 at 02:33:01PM +0100, Walter H. wrote:

can someone explain, why the two packages
-  GeoIP
-  geoipupdate
are needed when installing the bind-utils package?

The bind-utils package requires 'libGeoIP.so.1()(64bit)', which is
provided by the GeoIP package.  The GeoIP package requires
'geoipupdate', which is provided by the geoipupdate package.

% rpm -q --requires bind-utils|grep GeoIP
libGeoIP.so.1()(64bit)
% rpm -q --requires GeoIP | grep geoipupdate
geoipupdate

GeoIP provides a C library and a lookup tool to look up countries from
an IP address.  The bind-utils executables are all linked against
libGeoIP.so.1, so I assume they use some functionality from that
library.

/usr/bin/geoipupdate is a tool to update the data files in the GeoIP
package.

Yes, then the interesting question, how can I make use of these 
GeoIP-features when

doing these e.g.

nslookup    200:470:17:55::1
nslookup    222.10.10.1
nslookup   www.centos.org
host www.centos.org

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] strange RPM dependency observed in CentOS 7

[Walter H.]

Hello,

can someone explain, why the two packages
-  GeoIP
-  geoipupdate
are needed when installing the bind-utils package?

yum install bind-utils
...

 Package    Arch   Version  
 Repository    Size

Installing:
 bind-utils x86_64 32:9.11.4-26.P2.el7_9.2  
 base 260 k
Installing for dependencies:
 GeoIP  x86_64 1.5.0-14.el7 
 base 1.5 M
 bind-libs  x86_64 32:9.11.4-26.P2.el7_9.2  
 base 157 k
 bind-libs-lite x86_64 32:9.11.4-26.P2.el7_9.2  
 base 1.1 M
 bind-license   noarch 32:9.11.4-26.P2.el7_9.2  
 base  90 k
 geoipupdate    x86_64 2.5.0-1.el7  
 base  35 k

Transaction Summary

Install  1 Package (+5 Dependent packages)
...

Thanks,

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, as a 6in4 server

[Walter H.]

On 02.12.2020 09:16, Roberto Ragusa wrote:

On 12/1/20 8:39 PM, Walter H. wrote:

I have a VPS at a hoster where I got 3 /64 ipv6 prefixes/subnets, 
that are routed;


one for the VPS itself  - let us call this  srvprefix
one for the tunnel, only ::1 (server side) and ::2 (home side) are 
used - let us call this tunnelprefix

and one for my network at home - let us call this homeprefix

now I'm just in test state, a CentOS VM is the other end of the tunnel;
(when the server runs well, my CentOS ZBOX will become the other end 
of the tunnel)


at the server

the eth0 device has  serverprefix::1, the sit1 device has 
tunnelprefix::1


the routing is set with /etc/sysconfig/network-scripts/route6-sit1

tunnelprefix::2 dev sit1
homeprefix::/64 via tunnelprefix::2 dev sit1

in sysctl.conf these are set

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 1

now I have to do these

ip -6 neigh add proxy homeprefix::1 dev eth0
ip -6 neigh add proxy homeprefix::### dev eth0

the question, can I do something to avoid these "ip -6 neigh ..."? if 
yes, what? and how?

can the hoster do something? if yes, what?
I may be missing something, 

can you specify this?

but you have 3 different networks,
yes, my own network at home, the network of the tunnel, and public the 
network where the VPS is part of;

shouldn't you just configure routing instead of using proxy_ndp?


without these the following   is not possible,   -> Destination host 
unreachable


ping6  homeprefix::1
ping6 tunnelprefix::2
ping6 tunnelprefix::1   (the sit1 device of the server itself)

Thanks,

Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7, as a 6in4 server

[Walter H.]

Hello,

I have a VPS at a hoster where I got 3 /64 ipv6 prefixes/subnets, that 
are routed;


one for the VPS itself  - let us call this  srvprefix
one for the tunnel, only ::1 (server side) and ::2 (home side) are used 
- let us call this tunnelprefix

and one for my network at home - let us call this homeprefix

now I'm just in test state, a CentOS VM is the other end of the tunnel;
(when the server runs well, my CentOS ZBOX will become the other end of 
the tunnel)


at the server

the eth0 device has  serverprefix::1, the sit1 device has tunnelprefix::1

the routing is set with /etc/sysconfig/network-scripts/route6-sit1

tunnelprefix::2 dev sit1
homeprefix::/64 via tunnelprefix::2 dev sit1

in sysctl.conf these are set

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 1

now I have to do these

ip -6 neigh add proxy homeprefix::1 dev eth0
ip -6 neigh add proxy homeprefix::### dev eth0

the question, can I do something to avoid these "ip -6 neigh ..."? if 
yes, what? and how?

can the hoster do something? if yes, what?

Thanks,

Walter

my ISP told me that he won't deploy IPv6 within the next 5 years;


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Physical position of swap partition on the disk

[Walter H.]

On 30.11.2020 13:55, Jonathan Billings wrote:

On Nov 30, 2020, at 02:35, Nicolas Kovacs  wrote:

  * /dev/sda1: 500 MB /boot ext2
  * /dev/sda2: 55 GB / ext4
  * /dev/sda3: 4 GB swap


Now, SSDs don’t have the same physical characteristics, so it doesn’t matter. 
Also, cloud storage and virtual machines don’t even have real hardware.

without hardware neither cloud storage nor virtual machines;

The partitioning is handled by different code starting in el7, and this seems 
to be the logic built in.  I feel like it was written to assume that root and 
swap are on LVM.  When it comes to resizing file systems, it might make sense 
to put the root ext4 at the end of the disk, so it is actually 
counterproductive to put swap at the end.


is there a rule that says that the order of the partitions in the 
partition table corresponds to the order of them itself on disk?


no.

keep in mind, that the order on disk can be something different then the 
order in the partition table;


Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] named errors in /var/log/messages

[Walter H.]

Hello,

can someone explain these errors

Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit 
for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit 
for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit 
for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.

is this caused by a misconfiguration at the master dns or this dns (slave)?
(the master dns can only be connected by IPv6)

is there a serious problem?

there also can be found such entries

Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from 
IPV6-MASTER#53: connected using IPV6-THIS#46019
Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from 
IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs 
(0 bytes/sec)

or is this just caused by #0 - I guess source port 0?

these are the ip6tables entries on this dns (slave)

-A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j 
ACCEPT
-A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT

the master has these for each dns

-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state 
--state NEW -j ACCEPT
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT

the master DNS has this in /etc/named.conf

acl dns-hosts {
IPV6-SLAVE;// IPv6only: slave
...
};

view "auth" {
match-clients {
dns-hosts;
};
empty-zones-enable no;
recursion no;

additional-from-auth no;
additional-from-cache no;

also-notify {
IPV6-SLAVE;// IPv6only: slave
...
};
notify-source 0.0.0.0;
notify-source-v6 IPV6-MASTER;
transfer-source 0.0.0.0;
transfer-source-v6 IPV6-MASTER;

zone "#ZONE#" IN {
type master;
notify yes;
file "named._authzone-#ZONE#";
allow-transfer { dns-hosts; };
allow-update { none; };
};

...
};

the slaves itself have this in /etc/named.conf

masters masterhost {
IPV6-MASTER;   // IPv6only: master
};

view "auth" {
match-clients {
any;
};
empty-zones-enable no;
recursion no;

transfer-source 0.0.0.0;
transfer-source-v6 IPV6-SLAVE;

additional-from-auth no;
additional-from-cache no;

zone "#ZONE#" IN {
type slave;
masters { masterhost; };
file "slaves/named._authzone-#ZONE#";
};

...
};

I have 3 slave DNS servers, each has the same master; and such log entries are 
at all three slave DNS servers;
each of these 3 slaves is DualStack (in the wild) and the master is IPv6only 
(at home)


Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: DMARC / DKIM Failure Reports

[Walter H.]

On 17.09.2019 16:20, Valeri Galtsev wrote:



On 2019-09-17 09:06, Miroslav Geisselreiter wrote:

Hi guys,

when I send e-mails to CentOS mailing list , I 
received DMARC / DKIM failure reports. Is it possible to solve this 
problem and if so how?




That is why DMARC took 10 years of heated discussions, before it was 
actually implemented - in first place by big boys who will never 
hear/listen. DMARC breaks mail forwarding. Period. Breaks normal way 
mail lists were operating, but mail lists found work around:


I maintain mail lists for the department, mailman is mail list server 
we use. There is setting: Replace the From: if set to "Munge from" 
then mail list will replace sender with mail list itself and it will 
appear as send by ... through mail list. DMARC enforcing folks/servers 
will be happy.


Just my $0.02

Valeri

and any S/MIME signature is broken ...
indeed there exist mail lists, that conserve the S/MIME signature ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: android phone backup NOT to google cloud question

[Walter H.]

On 15.05.2019 16:21, Valeri Galtsev wrote:

Dear All,

My apologies for OT question.

I wonder if someone of Android smartphone owners backs up their device 
and user/application data NOT to google cloud.

no problem, host your own nextcloud and get the nextcloud app;
also no need of having the contacts and/or calendar at google ...

and the most important:  you can select by this criteria; other things 
like camera, ... are less important, its a phone ...


I know, Apple iDevices are a bit better data wise, and Apple has 
[quite] a bit better reputation, though these are still Apple devices, 
not yours ;-)

if better means overpriced then you are right;
good androids are for less then 200 usd, iPhones start at 500 usd



Any advise, anybody?

Thanks a lot in advance!

Valeri




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] time to say good-bye to win 7 / printer is the last blocker

[Walter H.]

On 22.02.2019 07:12, Ralf Prengel wrote:

Hallo,
the laptop of my wife is the last Win7 system in my network.
My question:
I need a well supported printer (MFC) with network interface, if possible with 
colour printing.

Ralf


buy a color laserjet that can postscript, there are cheap ones; and get 
the printer definiton file and thats it;

e.g. my HP CP1515n is such one
no need to install any 3rd party at all

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[Walter H.]

On 15.02.2019 10:54, Phoenix, Merka wrote:

Just downloading 2% of 50 TB (1 TB) would take a while over even a fast network 
link (measured in megabits (Mb), not megabytes (MB) like disk storage). Even on 
a local LAN downloading 1 TB is several hours @ 8 Mb/second on a Gigabit 
Ethernet link w/ no other traffic at all.

Gigabit ethernet is capable of transfering 100 MBytes in a seond or 6 
GBytes in a minute or less than 3 hours the whole TByte

but transfering this via an internet link would be a challenge;

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[Walter H.]

On 15.02.2019 19:27, Warren Young wrote:

Tell ’im ’e’s *dreamin’!*.

my words of unrealistic wishes :-)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[Walter H.]

On 15.02.2019 18:10, (RS) Tyler Schroder wrote:

OP - Backblaze Personal. May be like $1/extra per month than your budget. 
Unlimited IO and backup storage assuming you only need redundancy.

https://www.backblaze.com/cloud-backup.html

would you really backup into a system, that has closed connectivity?
I'd prefer connecting a way I want: e.g.  SFTP, SSHFS, HTTPS, ...
and not it is given by closed software you don't know ...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[Walter H.]

On 15.02.2019 09:14, Turritopsis Dohrnii Teo En Ming wrote:

On Fri, Feb 15, 2019 at 4:10 PM Walter H.  wrote:

On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote:

Hi,

Could you recommend affordable and reliable cloud storage for 50 TB of data?

whats your budget?

and 50 TB = 50 000 GB is a big amount which isn't this cheap ...

Hi Walter H,

My budget is around USD$50 per year.

Thank you.

not realistic, even ONE HDD with just 10 TB costs more then US$ 300

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

[Walter H.]

On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote:

Hi,

Could you recommend affordable and reliable cloud storage for 50 TB of data?

whats your budget?

and 50 TB = 50 000 GB is a big amount which isn't this cheap ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024

[Walter H.]

On 02.11.2018 21:02, Frank Cox wrote:

https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/

That's still several years in the future, of course.

But it's interesting nonetheless.
by reading between the lines this could mean, that RHEL 7 (CentOS 7 and 
other forks of RHEL)

is the last one having KDE on board?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] inquiry about limitation of file system

[Walter H.]

On 03.11.2018 08:44, yf chu wrote:

I have a website with millions of pages.


does 'millions of pages' also mean 'millions of files on the file system'?

just a hint - has nothing to do with any file system as its universal:
e.g. when you have 1 files
don't store them in one folder, create 100 folders with 100 files in each;

there is no file system that handles millions of files in one folder
or with limited resources (e.g. RAM)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Would RHEL, CentOS, and Fedora Remain Open Source/Free Software After IBM Buys Red Hat for $34 Billion?

[Walter H.]

On 31.10.2018 04:44, Turritopsis Dohrnii Teo En Ming wrote:

Good morning from Singapore,

This is of paramount importance. Would Red Hat Enterprise Linux (RHEL), CentOS, 
and Fedora remain open source/free software after IBM buys Red Hat for $34 
Billion?



RHEL is open source, but not for free ..., think of this;

Greetings from Austria

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Future Releases (was: What are the differences between systemd and non-systemd Linux distros?)

[Walter H.]

On 18.10.2018 00:08, Johnny Hughes wrote:

The bottom line .. we don't make the decision whether or not to use
systemd or not.  We rebuild RHEL source code.

will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2?
I'm sure there will come a CentOS 8, but when is it probable to be released?

one of the most important things (for me), as I already noticed there 
will be quite differences
between CentOS 6 and CentOS 7, not only systemd or not, also Apache 2.2 
and 2.4

and many other;
the config files won't be the same, will there be a migrate helper or 
something like this

which does the config conversion to get a CentOS 7 or maybe then CentOS 8
that does exact the same things the old CentOS 6 did?

Greetings
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Issue with latest update of CentOS6

[Walter H.]

Hello,

after I did update all my CentOS6 boxes - VMs and router; two of them 
(one VM and the router) are my local DNS resolvers;
and I'm using the DNSSECTLSAvalidator plugin from nic.cz: 
https://www.dnssec-validator.cz/


before the update this plugin worked using my resolvers, after the 
update I get:
"Failure - bogus DNSSEC reply, DNSSEC validation not possible with 
current settings"
of course, when telling using a custom resolver (the one of nic.cz) it 
works, but before mine worked, too ...


Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix on centos 7

[Walter H.]

On 06.09.2018 21:15, Larry Martell wrote:

When I try and send mail I see this in the maillog:

Sep  6 11:59:48 postfix/sendmail[11059]: fatal: open
/etc/postfix/main.cf: Permission denied

But /etc/postfix/main.cf is world readable:

$ ls -l /etc/postfix/main.cf
-rw-r--r--. 1 root root 27176 Jun  9  2014 /etc/postfix/main.cf


do a
ls -alZ /etc/postfix/main.cf
very probale is invalid SElinux File context
is should show

-rw-r--r--. root root system_u:object_r:postfix_etc_t:s0 
/etc/postfix/main.cf




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

[Walter H.]

On 01.09.2018 20:12, Rainer Duffner wrote:



Am 01.09.2018 um 18:00 schrieb Leon Fauster via CentOS:

Out of curiosity - do you change also the private key every time?

when renewing a certificate the private key should also be changed;
other ways the renewal because of short validity period doesn't make a 
sense ...



I’m pretty sure LE creates a new private key, too.

depends on the implementation;



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

[Walter H.]

On 31.08.2018 21:31, Michael Schumacher wrote:


certbot works only with ports 80 or 443? Can lego work with with IMAP
ports like 143 or 993? The documentation is not very clear.


in case of other then Webserver you use ACME-DNS
just for a simple ACME client that is capable for ACME-DNS use acme.sh
https//acme.sh/



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 and RAM

[Walter H.]

On Tue, July 17, 2018 01:41, Jay Hart wrote:
>
>
>> On 17 July 2018 at 09:24, Jay Hart  wrote:
>>
>>> Hello,
>>>
>>> What would the recommended minimum amount of RAM be, to run Centos 7.
>>> 16GB???
>>>
>>
>>
>> Jay, it helps us help you when you give more information.
>>
>> I have CentOS 7 running happily on 4GB. My presumption - based on
>> experience, extrapolation, and google - is that it will also run with
>> 64TB.
>>
>> Anything between those numbers should be good.
>>
>> Cheers
>> L.
>
> L, The use of this machine would be as a home server running as a web and
> email server, two users,
> light use.  My current server has 4GB, but I'm thinking of getting a new
> box and if I can afford
> it, figured I'd get 16GB vice 8.

think of a box with a SSD instead of a HDD
as its a server, no need of X

a box like this:
https://www.zotac.com/us/product/mini_pcs/ci329-nano#spec
fits your requirement

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Clamd issues on Centos 6.10

[Walter H.]

On Mon, July 16, 2018 20:04, Alexander Dalloz wrote:
> Am 16.07.2018 um 19:42 schrieb Walter H.:
>> On 15.07.2018 00:13, Jay Hart wrote:
>>> Clamd failed to start.
>>>
>> try removing it  (yum remove ...) reboot and then reinstall it again
>> (yum install ...)?
>
> Seriously, this is not Windows.

Seriously, then this guy is telling a story

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Clamd issues on Centos 6.10

[Walter H.]

On 15.07.2018 00:13, Jay Hart wrote:

Clamd failed to start.

try removign it  (yum remove ...) reboot and then reinstall it again 
(yum install ...)?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic

[Walter H.]

On 04.07.2018 18:37, Alice Wonder wrote:

On 07/04/2018 08:54 AM, Walter H. wrote:

Hello,

the RPM

ca-certificates-2018.2.22-65.1.el6.noarch

has a big problem ...
many certificates were removed - my proxy uses this as source and isn't
able to validate correct any more -
most sites show this:

/[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)

/Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust
External TTP Network/CN=AddTrust External CA Root

Self-signed SSL Certificate in chain: /C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

and many other Root certificates are missing ...



Not sure why they were removed but in the past, root certificates are 
removed due to problems with the certificate authorities that mean 
their signatures no longer mean the sites are who they say there.


That's the problem with PKI. When you can't trust the root, you can't 
sign any certificate down the chain from the root.


Unfortunately DANE is not yet supported by browsers.

DANE is not  a solution, it is another problem ...


But anyway, does the changelog indicate why the certs were removed?

where can I find the changelog?


It may be a good thing - protecting you from potential MITM when you 
otherwise would have the assumption that the site is valid because it 
has a cert.

depends ...

this
https://cdn.pbrd.co/images/Hs5VL82.png
is not the cause of SSL everywhere, it is the answer of SSL everywhere ...


I know digicert specifically has had problems before resulting in 
fraudulent certificates being issued.

this had been in the past ..., not relevant to present time ...


Hopefully the industry can move to DANE and make blind trust a thing 
of the past.

before DANE, DNSSEC as a requirement has to be deployed ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] ca-certificates-2018.2.22-65.1.el6.noarch problematic

[Walter H.]

Hello,

the RPM

ca-certificates-2018.2.22-65.1.el6.noarch

has a big problem ...
many certificates were removed - my proxy uses this as source and isn't 
able to validate correct any more -

most sites show this:

/[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)

/Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External 
TTP Network/CN=AddTrust External CA Root

Self-signed SSL Certificate in chain: /C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

and many other Root certificates are missing ...

Greetings,
Walter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba issues with Win 10

[Walter H.]

On 28.06.2018 16:30, mark wrote:

Hi, folks,

Just ran into a problem: someone with a new laptop, running Win 10,
version 1709, tried to map their home directory (served from a CentOS
6.9 box, and it fails, with Windows complaining that it no longer
supports SMBv1, and if you go to their site, you can install support
for that manually

The server running samba can *not* be updated to 7 - we have a lot of
stuff based off it, and most of our users use it, one way or another,
so it's a major thing when we do finally upgrade (or, more likely,
replace the server).

Has anyone run into this, and if so, any workarounds on the Linux end?

  mark



the solution is to enable SMBv1 in Win10 ...
look for this in the Knowledge-Base of Microsoft

https://support.microsoft.com/en-sg/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)

[Walter H.]

On Thu, June 21, 2018 23:23, Robert Heller wrote:
> At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list
 wrote:
>
>>
>> On 21.06.2018 19:28, Robert Heller wrote:
>> > Are there any imap daemons (besides cyrus-imapd).  cyrus-imapd is
>> appearently
>> > not compatible with postfix + procmail.  I need an imap daemon that
>> will work
>> > with a postfix + procmail system.
>> >
>> the problem seems to be procmail, I use postfix and cyrus-imapd with no
problems;
>
> No actually the problem is cyrus-imapd: cyrus-imapd expects all users to
use
> imap (or pop3) to access their E-Mail.
of course, what else do you expect?
(SSL is not the problem, as I'm using cyrus-imapd with SSL)

here my settings in /etc/imapd.conf

tls_cert_file: /etc/pki/cyrus-imapd/tls.crt/mail-host.crt
tls_key_file: /etc/pki/cyrus-imapd/tls.key/mail-host.key
tls_ca_file: /etc/pki/cyrus-imapd/tls.crt/server-chain-sslca.crt
tls_cipher_list:
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES:!SSLv2:+SSLv3:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP
tls_prefer_server_ciphers: 1
tls_versions: tls1_0 tls1_1 tls1_2

Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)

[Walter H.]

On Thu, June 21, 2018 23:23, Robert Heller wrote:
> At Thu, 21 Jun 2018 20:42:50 +0200 CentOS mailing list 
> wrote:
>
>>
>> On 21.06.2018 19:28, Robert Heller wrote:
>> > Are there any imap daemons (besides cyrus-imapd).  cyrus-imapd is
>> appearently
>> > not compatible with postfix + procmail.  I need an imap daemon that
>> will work
>> > with a postfix + procmail system.
>> >
>> the problem seems to be procmail, I use postfix and cyrus-imapd with no
>> problems;
>
> No actually the problem is cyrus-imapd: cyrus-imapd expects all users to
> use
> imap (or pop3) to access their E-Mail.
of course, what else do you expect?
(SSL is not the problem, as I'm using cyrus-imapd with SSL)

Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Imap daemons for CentOS 6 (other then cyrus-imapd)

[Walter H.]

On 21.06.2018 19:28, Robert Heller wrote:

Are there any imap daemons (besides cyrus-imapd).  cyrus-imapd is appearently
not compatible with postfix + procmail.  I need an imap daemon that will work
with a postfix + procmail system.

the problem seems to be procmail, I use postfix and cyrus-imapd with no 
problems;


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] invalid mirror .host-engine.com

[Walter H.]

Hello,

how can I prevent of using these mirrors?

# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base extras updates
Cleaning up Everything
Cleaning up list of fastest mirrors
# yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
 * base: centos.den.host-engine.com
 * extras: centos.den.host-engine.com
 * updates: centos.den.host-engine.com
http://centos.den.host-engine.com/6/os/x86_64/repodata/repomd.xml: 
[Errno 12] Timeout on 
http://centos.den.host-engine.com/6/os/x86_64/repodata/repomd.xml: (28, 
'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')

Trying other mirror.
base 
| 3.7 kB 00:00
http://centos.den.host-engine.com/6/extras/x86_64/repodata/repomd.xml: 
[Errno 12] Timeout on 
http://centos.den.host-engine.com/6/extras/x86_64/repodata/repomd.xml: 
(28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 
seconds')

Trying other mirror.
extras   
| 3.4 kB 00:00
http://centos.den.host-engine.com/6/updates/x86_64/repodata/repomd.xml: 
[Errno 12] Timeout on 
http://centos.den.host-engine.com/6/updates/x86_64/repodata/repomd.xml: 
(28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 
seconds')

Trying other mirror.

is there a way of setting up a DNS ZONE where requests to this domain 
get somewhat like 'not exist'?


Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] shutdown or poweroff?

[Walter H.]

Hello,

just a simple question, my router has CentOS 6 with the apcupsd running, 
in the log of

apcupsd I see this:

2018-02-01 19:05:54 +0100  apcupsd 3.14.12 (29 March 2014) redhat 
startup succeeded

2018-02-04 15:52:43 +0100  Power failure.
2018-02-04 15:52:49 +0100  Running on UPS batteries.
2018-02-04 15:53:00 +0100  Reached remaining time percentage limit on 
batteries.

2018-02-04 15:53:00 +0100  Initiating system shutdown!
2018-02-04 15:53:00 +0100  User logins prohibited
2018-02-04 15:53:37 +0100  apcupsd exiting, signal 15
2018-02-04 15:53:37 +0100  apcupsd shutdown succeeded

does this mean the shutdown was successfull?
is there other log where I can verify this: because shutting down squid 
takes almost a minute or so ...


Thanks,
Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CVE-2017-12376

[Walter H.]

On 26.01.2018 15:09, Johnny Hughes wrote:

On 01/26/2018 05:55 AM, Walter H. wrote:

Hello,

are there updates for this CVE with ClamAV f. CentOS 6 in progress?


The CentOS Project does not release ClamAV.  What repo are you getting
it from?  I see that it does exist in EPEL.


from EPEL repo

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CVE-2017-12376

[Walter H.]

Hello,

are there updates for this CVE with ClamAV f. CentOS 6 in progress?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754

[Walter H.]

Hello,

will there be updates for these CVEs for CentOS 6?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Nvidia maximum pixel clock issue in kmod-nvidia-384.98

[Walter H.]

On Thu, January 4, 2018 05:22, Phil Perry wrote:

> I couldn't find any reports upstream at nvidia so am unsure if they are
> aware of the issue. For reference, my GK208 [GeForce GT 730] in my test
> system is unaffected by the issue and is working fine with the 384.98
> driver over DVI.

keep in mind that an nVIDIA GeForce is a consumer graphics device and the
NVS xxx series device is a business product similar to the nVIDIA Quadro
...
(with Windows they have different video drivers ...)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS6 davfs2 shows invalid free/total storage capacity

[Walter H.]

Hello,

I have a CentOS6 VM with davfs2 where I mount WebDAV Shares;
one I have at a storage hoster and one I configured myself on a virtual 
server I rented on a hoster;

why does 'df' always show the same value for capacity

[root@centos6-vm ~]# df
Filesystem   1K-blocks Used Available Use% Mounted on
/dev/sda3 11249272  7074512   3596664  67% /
tmpfs   3932640393264   0% /dev/shm
/dev/sda1   21803979340127231  39% /boot
https://webdav.hidrive.strato.com/
  2664 1332  1332  50% /mnt/hidrive
https://myserver.example.com/webdav/
  2664 1332  1332  50% /mnt/webdav

the capacity of the hidrive is 5 GB and of mine abount 10 GB ...
several time ago I had a hoster, where the correct values where shown,
so this seems that this is a server setting, but how/where,
I'm just doing this on my server (CentOS with default Apache RPM):

DavLockDB /var/lib/dav/DavLock

Alias /webdav/ "/var/www/webdav/"


AllowOverride None
Options +Indexes
Dav On



AuthType Basic
AuthName "WebDAV"
AuthUserFile /var/www/passwrds
Require User walter


are there any settings I can do on server side or can I do something on 
client side,

be shown correct values ...

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] semi-OT:apcupsd

[Walter H.]

On 17.11.2017 16:16, m.r...@5-cent.us wrote:

I can't seem to find apcupsd for C 6. Just went to epel's website, and not
visible. Anyone have a clue?

mark



yum list | grep apcupsd
shows this:
apcupsd.x86_64  3.14.12-1.el6
@epel


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6)

[Walter H.]

On Mon, November 13, 2017 15:54, Joseph L. Casale wrote:
> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Walter H.
> Sent: Monday, November 13, 2017 4:32 AM
> To: centos@centos.org
> Subject: [CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6)
>
>> Hello,
>>
>> there is a short explanation about virtual hosts in Apache ...
>> https://wiki.centos.org/TipsAndTricks/ApacheVhostDefault
>
> That page has not been updated since 2009, while it may be correct
> there is no reason not to use the correct documentation, the section
> of interest is short:
> https://httpd.apache.org/docs/2.4/vhosts/name-based.html

>> 
>> ServerName host.example.org
>> DocumentRoot /var/www/default
>> 
>
> So this becomes your default vhost when a match is not found and explains
> why the php file is invoked when the order of specificity falls through.
>
>> http://mail.example.org/ <-- works
>> http://smtp.example.org/ <-- doen't work
>> http://smtp.example.org/host.php <-- gives the HTTP_HOST (PHP-script),
>>  but why?
>>
>> http://www.example.com/  <-- works
>> http://hello.example.com/ <-- doesn't work
>> http://hello.example.com/host.php <-- gives the HTTP_HOST (PHP-script),
>>   but why?
>
> Do you have the correct ip address in your vhost config?
yes
> I would
> bet if you read the log, you will see what is happening and how it differs
> from
> what you expect.
not really, the strange thing was something different;

httpd -S lists all vhosts, and at last
'Syntax OK'

and exact this was the strange; I'm used to add the port number to
ServerAlias and this was the mistake ...
httpd -S, didn't realize this

I removed the port numbers from ServerAlias entries and now it works :-)

> Some more in-depth details at
> https://httpd.apache.org/docs/2.4/vhosts/details.html

Greetings,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Strrange behavior of VirtualHosts in Apache (CentOS6)

[Walter H.]

Hello,

there is a short explanation about virtual hosts in Apache ...
https://wiki.centos.org/TipsAndTricks/ApacheVhostDefault

the `hostname` gives a different donmain name than what should be hosted ...
e.g.  `hostname` is  host.example.org and the domain to be hosted is
example.com, so I did this:


ServerName host.example.org
DocumentRoot /var/www/default


# used to get let's encrypt for the mail server

ServerName mail.example.org
ServerAlias smtp.example.org
DocumentRoot /var/www/mail



ServerName www.example.com
DocumentRoot /var/www/domain



ServerAlias *.example.com
DocumentRoot /var/www/catchall


the DocumentRoot directories are empty,
only in /var/www/default I have a PHP script:  host.php


now the strange behavior;

http://mail.example.org/ <-- works
http://smtp.example.org/ <-- doen't work
http://smtp.example.org/host.php <-- gives the HTTP_HOST (PHP-script),
 but why?

http://www.example.com/  <-- works
http://hello.example.com/ <-- doesn't work
http://hello.example.com/host.php <-- gives the HTTP_HOST (PHP-script),
  but why?

doesn't work does mean, that access/errors are logged in logfile of wrong
virtual host ...

where is my mistake;

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Advice for storage location ...

[Walter H.]

Hello,

I have an incoming mailserver, and there I'm implementing a mailfilter,
which I did like this: 
http://www.postfix.org/FILTER_README.html#simple_filter


there they use  /var/spool/filter
in this sample script the temporary file is deleted;
can I keep it there for a short time (1 week)?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Bash help

[Walter H.]

On 25.10.2017 18:47, Warren Young wrote:

You’re making things hard on yourself by insisting on Bash, by the way.  This 
solution is better expressed in Perl, Python, Ruby, Lua, JavaScript…probably 
dozens of languages.

or just awk ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)

[Walter H.]

Hello,

how do achieve this:

how must files /etc/sysconfig/network-scripts/ look like to be the same as
entering the following two commands ...
ip -f inet6 rule add fwmark 1 lookup 100
ip -f inet6 route add local ::/0 dev lo table 100
is there the localhost device lo correct, or does it have to be br0?

e.g.
a file route-br0 with
192.168.1.0/24 via 10.10.10.1 dev br0
does the routing to the segment 192.168.1.0/24 via 10.10.10.1

/etc/sysconfig/ip6tables

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-N DIVERT
-A DIVERT -j MARK --set-mark 1
-A DIVERT -j ACCEPT

-A PREROUTING -i br0 -p tcp -m socket -j DIVERT
-A PREROUTING -i br0 -p tcp -d  2a02:1788:2fd::b2ff:5302 --dport 80 -j TPROXY 
--tproxy-mark 0x1/0x1 --on-port 3129

COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

-A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp --dport 443 -m state --state NEW -j ACCEPT

-A INPUT -i br0 -m tcp -p tcp --dport 3129 -m state --state NEW -j ACCEPT



the goal should be, that for specific IPv6 hosts (destination), the packets are 
redirected through the proxy
running on the router box, other destinations should be just forwarded without 
proxy ...

LAN port = br0 (dual stack), HE tunnel port = sit1 (ipv6 only), WAN port = eth1 
(ipv4 only)

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron

[Walter H.]

On 31.07.2017 13:15, Johnny Hughes wrote:


Running external things like VMWare Workstation (or other 3rd party
custom compiled apps) is exactly what enterprise distros like RHEL,
CentOS, Ubuntu LTS, SUSE SLES are designed for .. running things already
compiled for a long period of time while providing security updates.

yes, but impossible to stay up-to-date forever,
as the upgrade e.g. from CentOS 6 to CentOS 7 is not supported ...

If Windows is what you are trying to run, doing that on KVM works fine
and the VMs are (usually :D) able to run as is when upgrading. to other
versions.
the goal would have been, to have a Linux as my desktop instead of 
Windows one day ...

my virtual machines are not just Windows, also some ancient things ...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron

[Walter H.]

On 31.07.2017 13:23, Mark Haney wrote:
Uh, I run VMWare workstation just fine on my F26 upgraded machine. No, 
it didn't work when I upgraded, but it's trivial to fix.


http://rglinuxtech.com/?p=1939

This link gets you a running workstation in about 5 minutes.
not really, with this I only get the additional network interfaces 
listed with  'ifconfig', nothing more ..., I removed it, and wait for a 
VMware Wkst. Update ...

(as this is just a test box, I can do this; if it were my essential box,
I would have kicked Fedora from the harddisk and used Windows again, as 
I do on my essential box)



  No, this wasn't really a Fedora issue, it's a VMWare issue.

doesn't really help me, the upgrade killed my VMware Workstation


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron

[Walter H.]

On 30.07.2017 20:22, Johnny Hughes wrote:

On 07/30/2017 09:41 AM, Walter H. wrote:

On 30.07.2017 14:29, Johnny Hughes wrote:

I personally have a Fedora machine that I keep updated and do some work
on all the time learning/testing.  I just seamlessly upgraded it from
Fedora 25 to Fedora 26 using a couple of dnf commands .. awesome
experience actually.

because of this feature to upgrade from one release to the next, I
thought to test this on my old computer;
fedora itself works fine, but this upgrade from 25 to 26 broke the
vmware workstaion completely ...
it doesn't work any more, any hints in net which could be found don't
work ...
and this was the goal to have a linux running with vmware workstation
instead of my old windows ...

but as it seems there is no way of achiving this ...


Looking at VMWare Workstation, it does not seem to run on Fedora at all.
It seems to run on :

 Ubuntu 16.04
 Red Hat Enterprise Linux 7.1
 CentOS 7.1
 Oracle Linux 7
 openSUSE 13.2
 SUSE Linux Enterprise Server 12

So, I'm not sure how it was running on Fedora 25 to get messed up by an
upgrade to Fedora 26.

with Fedora 25 everything worked fine, even the upgrade from VMware Wkst 
12.5.6 to 12.5.7 with automatic recompilation of neccessary kernel modules

without my intervention ...
and the same when a kernel upgrade among other updates occured on Fedora 
25, everything worked fine ...


but the upgrade from F25 to F26 killed my VMware Workstation :-(
even the updates which occured after this upgrade didn't help ...



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora bugs and EOL [was Re: CentOS users: please try and provide feedback on Fedora] Boltron

[Walter H.]

On 30.07.2017 14:29, Johnny Hughes wrote:

I personally have a Fedora machine that I keep updated and do some work
on all the time learning/testing.  I just seamlessly upgraded it from
Fedora 25 to Fedora 26 using a couple of dnf commands .. awesome
experience actually.
because of this feature to upgrade from one release to the next, I 
thought to test this on my old computer;
fedora itself works fine, but this upgrade from 25 to 26 broke the 
vmware workstaion completely ...
it doesn't work any more, any hints in net which could be found don't 
work ...
and this was the goal to have a linux running with vmware workstation 
instead of my old windows ...


but as it seems there is no way of achiving this ...



Obviously looking at Fedora 26 and the new Modularity components will be
helpful for anyone who will be upgrading to newer RHEL or CentOS
releases in the future.

in case it is just a server this is already supported by RHEL  (from 6 to 7)

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] where is samba?

[Walter H.]

On 23.07.2017 19:56, mad.scientist.at.la...@tutanota.com wrote:

Can I ask where people are downloading samba from?  I followed the instructions 
in the centos wiki but it's hard to tell what to do next on the German site.  
It was easy before but totally murky now (at least to this wetware).  a link or 
two or clearer/more complete instructions  would be greatly appreciated.

Samaba comes as RPM from CentOS

samba.x86_64  3.6.23-43.el6_9  
@updates
samba-common.x86_64   3.6.23-43.el6_9  
@updates
samba-winbind.x86_64  3.6.23-43.el6_9  
@updates
samba-winbind-clients.x86_64  3.6.23-43.el6_9  
@updates


(from my CentOS 6 VM which has both Samba Client and Samba Server)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slow Samba

[Walter H.]

On 23.07.2017 16:48, vychytraly . wrote:

Thank you very much, I will try these.

There are only Centos 7 and Windows 10 machines on the network.
in case this doesn't give any diagnostic, look for iperf on both sides, 
linux and windows,

this tests the native network speed ...

https://iperf.fr/


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slow Samba

[Walter H.]

On 23.07.2017 13:08, vychytraly . wrote:

Hello friends,

I have a Gigabit network with few Windows and Centos 7 machines and I
noticed that when copying files via Samba from:

Windows to Windows I can copy files with speed of +- 120 MBps (I think this
is the max speed gigabit network can provide)

which Windows  and which CentOS (6, 7) you are talking about?


But when copying files from:

Centos to Centos I get only speeds of about 40 MBps

how do you copy from CentOS to CentOS - SMB, too?

Windows to Centos 40 MBps

Centos to Windows 40 MBps

this seems to be, that SAMBA doesn't support SMB v2 or v3

can you try the following test, to see if it is not a problem deeper ...

can you get WinSCP ...
https://winscp.net/eng/download.php
(the Portable executables suits)

and connect with this from Windows to CentOS and try a file transfer here
if it has nearly the same speed as with SAMBA, the problem is deeper
if it is quite faster then the problem is SAMBA

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Messages during update 'yum update' at CentOS 6 VM

[Walter H.]

Hello,

at the last update (Kernel updated
from 2.6.32-696.3.2.el6.x86_64 to 2.6.32-696.6.3.el6.x86_64)
I got these messages

 Updating : ipv6calc-1.0.0-20.el6.x86_64 6/25
/var/tmp/rpm-tmp.yi7R81: line 1: /usr/sbin/ldconfig: No such file or
directory
warning: %post(ipv6calc-1.0.0-20.el6.x86_64) scriptlet failed, exit status
127
Non-fatal POSTIN scriptlet failure in rpm package
ipv6calc-1.0.0-20.el6.x86_64

 Cleanup : ipv6calc-0.99.2-17.el6.x86_64 25/25
/var/tmp/rpm-tmp.i7G3si: line 1: /usr/sbin/ldconfig: No such file or
directory
warning: %postun(ipv6calc-0.99.2-17.el6.x86_64) scriptlet failed, exit
status 127
Non-fatal POSTUN scriptlet failure in rpm package ipv6calc

after this a
ipv6calc -A conv6to4 77.88.99.111
works ...

what does the messages should say to me ...

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [Fwd: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?]

[Walter H.]

On 30.06.2017 18:11, Yves Bellefeuille wrote:

  Do you know this?

"For operational use, shell access is assumed, and root privileges are
required."

It's not much of a secret that you can mess with a system if you have
root access...


and in case you restart the box, this hack is gone :-)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] what is causing this problem ... (yum, fastest mirror)

[Walter H.]

Hello,

what is causing the following, and can someone give the solution which is
mentioned at https://access.redhat.com/articles/1320623

by the way: why are the "fastest" mirrors from other continent?

[root@host sysconfig]# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base epel extras updates
Cleaning up Everything
Cleaning up list of fastest mirrors

[root@host sysconfig]# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base epel extras updates
Cleaning up Everything

[root@host sysconfig]# yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
epel/metalink | 12 kB 00:00
* base: mirror.genesisadaptive.com
* epel: mirror.us.leaseweb.net
* extras: mirror.genesisadaptive.com
* updates: mirror.genesisadaptive.com
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:01
epel | 4.3 kB 00:00
http://mirror.us.leaseweb.net/epel/6/x86_64/repodata/repomd.xml: [Errno
-1] repomd.xml does not match metalink for epel
Trying other mirror.
epel | 4.3 kB 00:00
https://download-ib01.fedoraproject.org/pub/epel/6/x86_64/repodata/repomd.xml:
[Errno -1] repomd.xml does not match metalink for epel
Trying other mirror.
epel | 4.2 kB 00:00
https://mirror.us-midwest-1.nexcess.net/epel/6/x86_64/repodata/c259ce09172fc535ff3b556ccad8d2a02f128a2da95f0c1389ce9443800e225d-primary.sqlite.bz2:
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not
Found"
Trying other mirror.
To address this issue please refer to the below knowledge base article
https://access.redhat.com/articles/1320623
If above article doesn't help to resolve this issue please open a ticket
with Red Hat Support.
http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/repodata/c259ce09172fc535ff3b556ccad8d2a02f128a2da95f0c1389ce9443800e225d-primary.sqlite.bz2:
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not
Found"
Trying other mirror.
epel/primary_db | 5.9 MB 00:01
extras | 3.4 kB 00:00
extras/primary_db | 29 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.0 MB 00:01
No Packages marked for Update


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question Mirrors ?

[Walter H.]

On 23.06.2017 21:31, m.r...@5-cent.us wrote:

Walter H. wrote:


this isn't fixed ...

   yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
epel/metalink
|  14 kB 00:00
   * base: centos.mirror.constant.com
   * epel: archive.linux.duke.edu
   * extras: centos.mirror.constant.com
   * updates: centos.mirror.constant.com
base
| 3.7 kB 00:00
base/primary_db
| 4.7 MB 00:01
epel
| 4.3 kB 00:00
http://archive.linux.duke.edu/pub/epel/6/x86_64/repodata/repomd.xml:
[Errno -1] repomd.xml does not match metalink for epel
Trying other mirror.


Hey, they've gone onto a new and different error. We were getting "not a
valid .xml file.

Try yum clean all, then try it.

this is the result after yum clean all ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question Mirrors ?

[Walter H.]

On 23.06.2017 17:02, m.r...@5-cent.us wrote:

Fabian Arrotin wrote:

On 23/06/17 12:22, Günther J. Niederwimmer wrote:

Hello List,

in the last weeks I have many, many Errors from chron hourly on my
systems :-
(.

Have we broken or not updated mirrors in the yum config ?

Can you give details please ? As per design there are *no* mirrors
declared in the yum config files for CentOS, but they use the mirrorlist
feature, that has all the current lists of mirrors that are
validated/tested in loop


Missed the beginning of this - has this been for a while, or just in the
last couple days? If so, do you have EPEL enabled? We had tons of errors,
due to the error with them. Fixed by yesterday.


this isn't fixed ...

 yum update
Loaded plugins: fastestmirror, security
Setting up Update Process
Determining fastest mirrors
epel/metalink
|  14 kB 00:00

 * base: centos.mirror.constant.com
 * epel: archive.linux.duke.edu
 * extras: centos.mirror.constant.com
 * updates: centos.mirror.constant.com
base 
| 3.7 kB 00:00
base/primary_db  
| 4.7 MB 00:01
epel 
| 4.3 kB 00:00
http://archive.linux.duke.edu/pub/epel/6/x86_64/repodata/repomd.xml: 
[Errno -1] repomd.xml does not match metalink for epel

Trying other mirror.
epel 
| 4.3 kB 00:00
http://fedora-epel.mirrors.tds.net/fedora-epel/6/x86_64/repodata/repomd.xml: 
[Errno -1] repomd.xml does not match metalink for epel

Trying other mirror.
epel 
| 4.2 kB 00:00
epel/primary_db  
| 5.9 MB 00:03
extras   
| 3.4 kB 00:00
extras/primary_db
|  29 kB 00:00
updates  
| 3.4 kB 00:00
updates/primary_db   
| 2.0 MB 00:00

No Packages marked for Update

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question Mirrors ?

[Walter H.]

On 23.06.2017 12:37, Anthony K wrote:

On 23/06/17 20:22, Günther J. Niederwimmer wrote:

Have we broken or not updated mirrors in the yum config ?

Thanks for a answer,


See *Problems with EPEL* further down the list.

it is not EPEL itself

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 addresses order (CentOS6)

[Walter H.]

On Wed, May 31, 2017 03:55, Steven Tardy wrote:
>
>> On May 30, 2017, at 3:26 AM, Walter H. <walte...@mathemainzel.info>
>> wrote:
>>
>> is there a way to influence the order?
>
> Not sure what your use of multiple IPs is. . . but I'd probably use an
> interface alias instead of secondary.
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces-alias.html

Interface Alias and IPv6only?
(the referenced guide only explains IPv4, I'm talking about IPv6 only)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] IPv6 addresses order (CentOS6)

[Walter H.]

Hello,
in /etc/sysconfig/network-scripts/ifcfg-eth0 I have this

...
IPV6INIT=yes
IPV6ADDR=prefix::5
IPV6ADDR_SECONDARIES="prefix::2 prefix::3 prefix::4"
IPV6_AUTOCONF=no
IPV6_DEFAULTGW=prefix::1
IPV6_DEFAULTDEV=eth0

when I enter ifconfig the IPv6 addresses are in a different order

eth0 Link encap:Ethernet HWaddr ...
inet addr:... Bcast:... Mask:...
inet6 addr: fe80::.../64 Scope:Link
inet6 addr: prefix::4/64 Scope:Global
inet6 addr: prefix::3/64 Scope:Global
inet6 addr: prefix::5/64 Scope:Global
inet6 addr: prefix::2/64 Scope:Global

is there a way to influence the order?
or how can I tell e.g. ssh to use a specific IPv6 address?
(as it seems ssh uses the first one listed in ifconfig and not the one
defined with IPV6ADDR)

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS6 and squid34 package ...

[Walter H.]

Hello

what is the essential difference between the default squid package and 
this squid34 package,

as I have problems using this squid34 package for FTP connections;
there are no shown icons, when going to e.g. ftp://ftp.adobe.com/
when I tell the browser to show the image then I get this squid 
generated message ...


the same config /etc/squid/squid.conf works with the default squid 
package ...



While trying to retrieve the URL: 
http://proxy.local:3128/squid-internal-static/icons/silk/folder.png 
 



The following error was encountered:

 * *Access Denied. *

Access control configuration prevents your request from being allowed at 
this time.

Please contact your service provider if you feel this is incorrect.

Your cache administrator is ...


Generated Thu, 25 May 2017 06:50:02 GMT by proxy.local (squid/3.4.14)



has anybody the hint for me, what is wrong ..., here is the 
/etc/squid/squid.conf



acl localnet src 192.168.1.0/24

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all

http_port 3128

cache_dir ufs /var/spool/squid 16400 16 256
coredump_dir /var/spool/squid

nonhierarchical_direct off

visible_hostname proxy.local
unique_hostname proxy.local

forwarded_for off
cache_mem 2560 MB

icon_directory /usr/share/squid/icons
error_directory /etc/squid/errors

as_whois_server whois.ra.net

logformat combined %>A %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

access_log /var/log/squid/access.log combined

refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320


the same host has a running apache, where host proxy.local is a password 
protected web, which has the folling


for port 80

RewriteCond %{HTTP_HOST} ^proxy\.local(:80)?$ [NC]
RewriteRule ^/(.*)$ https://proxy.local/$1 [L,R=301]


for port 443


AuthName Firewall/Router
AuthType Basic
AuthUserFile /var/www/passwrds
Require User admin



/var/log/squid/access.log has this ...

client - - [25/May/2017:08:50:02 +0200] "GET 
http://proxy.local:3128/squid-internal-static/icons/silk/folder.png 
HTTP/1.1" 403 1655 "ftp://ftp.adobe.com/; "UserAgent" TCP_DENIED:HIER_NONE



the apache doesn't log anything in connection with this ...

has anybody the hint for me, what is causing this?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mini PCs

[Walter H.]

On 17.05.2017 11:58, Robert Moskowitz wrote:


http://www.ebay.com/itm/ZOTAC-ZBOX-NANO-Plus-Mini-PC-ZBOXNANO-AD12-PLUS-2GB-320GB-with-Power-Supply-56/382042194064?_trksid=p2045573.c100033.m2042&_trkparms=aid%3D111001%26algo%3DREC.SEED%26ao%3D1%26asc%3D41376%26meid%3Deae770f22d504a9b8366eb0c02dd20d6%26pid%3D100033%26rk%3D7%26rkt%3D8%26sd%3D152356229748 



I will post power and other numbers here when I get the unit.

Hi looked it up,

this AMD CPU has a thermal design power of 18 W

Greetings,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mini PCs

[Walter H.]

On Mon, May 15, 2017 09:53, wwp wrote:

> On Mon, 15 May 2017 09:22:54 +0200 "Walter H."
> <walte...@mathemainzel.info> wrote:
>
>> On Sun, May 14, 2017 11:00, wwp wrote:
>> > On Sat, 13 May 2017 13:08:17 +0200 "Walter H."
>> > <walte...@mathemainzel.info> wrote:
>> >
>> > This might become off-topic with my reply, but I'm curious: is there
>> > any specific software you're running from CentOS on your zbox in order
>> > to manage the rooter features?
>> SSH?
>
> I think I've been unclear, sorry about that! I wanted to ask if you use
> something, any helper installed on this rooter box, on top of
> firewalld/iptables, in order to setup and administrate the NAT/rooting
> (and eventually proxy) rules?

I've configured it quite simple ...

/etc/sysconfig/network_scripts:
ifcfg-eth0 and ifcfg-wlan0 have this: BRIDGE=br0
ifcfg-br0 is LAN (Dual-Stack)
ifcfg-eth1 is WAN (IPv4only)
ifcfg-sit1 is an HE IPv6 tunnel (IPv6only)

/etc/hostapd/hostapd.conf has this:
interface=wlan0
bridge=br0

/etc/sysconfig/ip(6)tables have at the last lines this:

# Log all other
-A INPUT -j LOG --log-prefix "IP(v6)[IN]: " --log-level 7
-A FORWARD -j LOG --log-prefix "IP(v6)[FWD]: " --log-level 7
-A OUTPUT -j LOG --log-prefix "IP(v6)[OUT]: " --log-level 7

there runs a cronjob every hour, which sends an email
like this:
dmesg |grep -e "IP(v6)\[" |timefltr.pl

for DNS a BIND is configured as caching DNS, and as authoritative master for
my domain ...

an Apache is configured only for some status pages like output of
'ifconfig', 'df', 'free', 'ip(6)tables -L -n -v', 'uptime'

I programmed some simple network diagnostic:
- traceroute(6) and ping(6) to a given dns/ip-host
- nslookup of a given dns-name

this is only reachable from LAN side; as I have a VM that runs a squid
with SSL-interception, I made a mini-CA, the root is installed on my
computers,
one intermediate CA is used by squid, the other intermediate CA is used
for signing a SSL certificate which I use on LAN side of my zbox or on my
intranet (e.g. squirrel)

to reach my squirrel, the apache does proxying ...

when there is the need of changing firewall rules, I manually edit the
files and reload ip(6)tables ...

it is somewhat very individual, I'm thinking of sending SMS messages on
special situations, e.g. the WAN IP address has changed (this happens
about 2-3 times in a year)

that's all


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mini PCs

[Walter H.]

On Sun, May 14, 2017 11:00, wwp wrote:
> On Sat, 13 May 2017 13:08:17 +0200 "Walter H."
> <walte...@mathemainzel.info> wrote:
>
>> On 13.05.2017 00:29, Robert Moskowitz wrote:
>> > I have been working, for the past few years, with armv7 SOCs and have
>> > a number of servers working.
>> >
>> > Intel, etal are catching up with ARM and I have seen ones like:
>> >
>> > https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html
>> >
>> >
>> I would take something similar to this:
>> https://www.zotac.com/product/mini_pcs/zbox-ci323-nano
>> (for this zbox I can tell you, that it works with CentOS, as I have one
>> configured as firewall/router)
>
> This might become off-topic with my reply, but I'm curious: is there
> any specific software you're running from CentOS on your zbox in order
> to manage the rooter features?
SSH?

> I currently use, between my xDSL box and my LAN machines, an ATX-format
> box running a pretty old GNU/Linux system with a Jay's Firewall setup
> but I'd like to replace it w/ a fanless small barebone like the Zotac
> CI327: ...
this zbox has in comparison to the CI323 a different CPU, which I don't
know if this is supported by CentOS
(I didn't mention, that I use CentOS 6 ...)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mini PCs

[Walter H.]

On 13.05.2017 00:29, Robert Moskowitz wrote:
I have been working, for the past few years, with armv7 SOCs and have 
a number of servers working.


Intel, etal are catching up with ARM and I have seen ones like:

https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html 




I would take something similar to this:
https://www.zotac.com/product/mini_pcs/zbox-ci323-nano
(for this zbox I can tell you, that it works with CentOS, as I have one 
configured as firewall/router)



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] TLSv1.3 support?

[Walter H.]

Hello,

will the next update of CentOS 6 (6.10) have TLSv1.3 support?

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logrotate failed ... (CentOS 6.9)

[Walter H.]

On 01.05.2017 13:15, James Pearson wrote:

walte...@mathemainzel.info:

I get regularily such a mail


Anacron job 'cron.daily' on 

/etc/cron.daily/logrotate:

error: error running non-shared postrotate script for
/var/log/clamd.clamsmtp/clamsmtpd.log of
'/var/log/clamd.clamsmtp/clamsmtpd.log'


The following may help:

  https://bugzilla.redhat.com/show_bug.cgi?id=1376815

James Pearson



Hello,

I found your hint several time ago, this didn't solve it ...

I don't understand this

-killall -HUP clamd. 2>/dev/null || :
+killall -HUP clamd. > /dev/null 2>&1 || true

in the patch

as the file has this
pkill -SIGHUP -f clamd.clamsmtp >/dev/null 2>&1 || :

in comparison /etc/logrotate.d/clamav has this

   killall -HUP clamd >/dev/null 2>&1 || :



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] logrotate failed ... (CentOS 6.9)

[Walter H.]

I get regularily such a mail


Anacron job 'cron.daily' on 

/etc/cron.daily/logrotate:

error: error running non-shared postrotate script for 
/var/log/clamd.clamsmtp/clamsmtpd.log of 
'/var/log/clamd.clamsmtp/clamsmtpd.log '



content of /etc/logrotate.d/clamsmtp

/var/log/clamd.clamsmtp/clamsmtpd.log {
monthly
notifempty
missingok

postrotate
pkill -SIGHUP -f clamd.clamsmtp >/dev/null 2>&1 || :
endscript
}

when looking at  ls:


total 572
drwxr-xr-x. 2 clamsmtp mail   4096 May  1 03:15 .
drwxr-xr-x. 6 root root   4096 May  1 03:15 ..
-rw-r-. 1 clamsmtp mail953 May  1 08:43 clamsmtpd.log
-rw-r-. 1 clamsmtp mail 109806 Jan  1 10:28 clamsmtpd.log-20170101
-rw-r-. 1 clamsmtp mail 114825 Feb  1 03:42 clamsmtpd.log-20170201
-rw-r-. 1 clamsmtp mail 101356 Mar  1 03:50 clamsmtpd.log-20170301
-rw-r-. 1 clamsmtp mail 112365 Apr  1 19:51 clamsmtpd.log-20170401
-rw-r-. 1 clamsmtp mail 104204 May  1 03:15 clamsmtpd.log-20170501


this shows normal

where does this error mail come from?

Thanks
Walter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

[Walter H.]

On 26.04.2017 08:58, Nicolas Kovacs wrote:

Hi,

I'm currently experimenting with a public server running CentOS 7. I
have half a dozen production servers all running Slackware Linux, and I
intend to progressively migrate them to CentOS, for a host of reasons
(support cycle, package availability, SELinux, etc.) But before doing
that, I have to figure out a few things that work differently under
CentOS. Apache and SSL behave quite differently under these two
distributions.

So far, Apache is running fine with HTTP and hosts a series of virtual
hosts.

I have installed Certbot and created a Let's Encrypt certificate for the
server.

I have a "dummy" website under /var/www/html/default/html.

I installed mod_ssl and only edited the following directives in
/etc/httpd/conf.d/ssl.conf. I kept the default options for everything else.

--8<
...
DocumentRoot "/var/www/html/default/html"
ServerName sd-41893.dedibox.fr:443
...
SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem
--8<

After restarting Apache, the website shows up correctly.

https://sd-41893.dedibox.fr/

But when I test it using Qualys SSL Labs Server Test, the results are a
disappointment.


with this:

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite 
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!SSLv2:+SSLv3:!3DES:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'


SSLHonorCipherOrder on
SSLStrictSNIVHostCheck on

you get Grade A+


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network Attached Storage

[Walter H.]

On 03.01.2017 00:56, TE Dukes wrote:
The QNAP does have a lot of features that I'd probably never use. The 
only issue I have is what would be the end of life support. Would that 
matter if it's a backup device? 

yes when you have to change one HDD drive and doesn't get same type or size
and so there are mixed HDDs running a pseudo hardware/software RAID ...

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network Attached Storage

[Walter H.]

On Tue, January 3, 2017 00:17, TE Dukes wrote:

> This for home use. Thought I'd start out with 2, 4TB drives, maybe 3 so I
> could implement RAID 5. I have four computers to backup.

Keep in mind, this has to be backed up, too;
because a RAID failure can happen ...

before implementing a RAID 5 with 3 disks plus hot spare,
implement a RAID 6 with 4 disks;

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6: environment variables and cronjobs ...

[Walter H.]

Hello,

in

/etc/cron.d/test

I've this:

50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set )
>>/tmp/test.txt

and I thought I would be shown environment variables which are defined in

e.g.
/etc/profiles.d/proxy.sh or
/etc/profiles.d/proxy.csh

but this isn't like this ...

where do I have to define e.g.
export http_proxy="http://proxy.local:3128/;
in order to have it in cron jobs?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[Walter H.]

On Tue, November 22, 2016 22:40, James B. Byrne wrote:
>
> On Sun, November 20, 2016 12:43, Walter H. wrote:
>
>>
>> https://box.domain1.com works
>> but
>> https://box.domain2.com results in  'Certificate name mismatch'
>>
>>
>
> What are the contents of the certificate(s) you have configured for
> tls?  What AltSubject names, if any, do the certificate(s) support?
>
both were wildcard certificates, one for each domain ...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI? Solved ...

[Walter H.]

It is solved, I don't know why but
SNI works only with hosts that are
declared with ServerName
and not with ServerAlias

so I did the following ...

I made an include file that contained everything of the virtualhost 
except the ServerAdmin and ServerName declarations

and did this:


ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName box.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName calcbox.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl


...

Greetings,
Walter


On 20.11.2016 18:24, Walter H. wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 
2.2.15)

just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[Walter H.]

On 20.11.2016 18:33, David Nelson wrote:

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost entry?

this is not the problem

meant

https://box.domain1.com works
but
https://box.domain2.com results in  'Certificate name mismatch'

Thanks,
Walter


On Nov 20, 2016, at 9:24 AM, Walter H.<walte...@mathemainzel.info>  wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6, Apache 2.2.15 and SNI?

[Walter H.]

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Keyboard layout on remote, local, ... CentOS 6; strange behaviour

[Walter H.]

Hello,

I did the following:

in /boot/grub/menu.lst I added/replaced   KEYTABLE=us-acentos

in /etc/sysconfig/keyboard I have this:
KEYTABLE="us-acentos"
MODEL="pc105"
LAYOUT="us"
KEYBOARDTYPE="pc"
VARIANT="intl"

my host system is Windows; and for connecting to Linux terminal I use PuTTY

in Windows I have configured German keyboard layout;

what would someone expect, when using PuTTY to connect to the above 
configured CentOS 6


I thought that there I have the US intl layout; but its German;

when I switch the keyboard layout in Windows to US intl. and connect
to a CentOS 6, where the following is configured

in /boot/grub/menu.lst  KEYTABLE=de-latin1-nodeadkeys
and in /etc/sysconfig/keyboard  this:

KEYTABLE="de-latin1-nodeadkeys"
MODEL="pc105"
LAYOUT="de"
KEYBOARDTYPE="pc"
VARIANT="nodeadkeys"

here I thought I have German keyboard layout, but it isn't; it's US

in short: why do I have the keyboard layout, which is configured at the 
host running PuTTY and not which is configured in CentOS?


when I log into the Linux directly at the console, I do have the 
configured keyboard layout;


Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 address configuration and default IPv6 address with CentOS 6.8?

[Walter H.]

On 15.10.2016 10:42, John R Pierce wrote:

On 10/15/2016 1:15 AM, Walter H. wrote:



where can I define which IPv6 address is used as source IP, when doing
e.g.wget ...
   ssh ...
   ... | mail t...@example.com


on wget, its --bind-address=

on ssh, its -b 

mail will, afaik, forward the eemail to your local MTA, which in turn 
will decide what to do with it, so its your MTA that would need to be 
configured with a bind address, that would be postfix or whatever.



Thanks,
I see, programs do it their way, and there is no global setting like 
"use ";


Grettings,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] IPv6 address configuration and default IPv6 address with CentOS 6.8?

[Walter H.]

Hello,

when I have this in /etc/sysconfig/network-scripts/ifcfg-eth0

TYPE=Ethernet
NAME=eth0
NM_CONTROLLED=no
ONBOOT=yes
DEVICE=eth0
USERCTL=no
...
IPV6INIT=yes
IPV6ADDR=2001:DB8:DEAD:BEEF::10
IPV6ADDR_SECONDARIES="2001:DB8:DEAD:BEEF::20 2001:DB8:DEAD:BEEF::30 
2001:DB8:DEAD:BEEF::40 2001:DB8:DEAD:BEEF::50"

IPV6_AUTOCONF=no
IPV6_DEFAULTGW=2001:DB8:DEAD:BEEF::1
IPV6_DEFAULTDEV=eth0

I have a virtual server, and there are the alias addresses splitted,
e.g. IPv6 2001:DB8:DEAD:BEEF::40 is used by BIND (named, authoritativ 
DNS server)
IPv6 2001:DB8:DEAD:BEEF::30 is used by MTA (postfix, DNS has this for MX 
of this domain)
IPv6 2001:DB8:DEAD:BEEF::20 and 2001:DB8:DEAD:BEEF::10 are used by 
Apache (httpd)

...

and this is also splitted in the firewallconfig ip6tables

-A INPUT -d 2001:DB8:DEAD:BEEF::30 -m tcp -p tcp --dport 25 -m state 
--state NEW -j ACCEPT

-A INPUT -m tcp -p tcp --dport 25 -j DROP

-A INPUT -d 2001:DB8:DEAD:BEEF::40 -m tcp -p tcp --dport 53 -m state 
--state NEW -j ACCEPT

-A INPUT -d 2001:DB8:DEAD:BEEF::40 -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 53 -j DROP
-A INPUT -m udp -p udp --dport 53 -j DROP


where can I define which IPv6 address is used as source IP, when doing
e.g.wget ...
   ssh ...
   ... | mail t...@example.com
   ...

Thanks,
Walter


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hint for nslookup wanted ...

[Walter H.]

On Tue, October 11, 2016 15:27, Anand Buddhdev wrote:

> This is bad advice, because in DNS, ANY != ALL
>
> If you query with qtype=any, and you ask a caching resolver, then it
> will return to you all the records that are in its cache at that time,
> which may or may not include the records you want.
>
> In order to definitively get the A as well as the  records, one
> needs to ask for them specifically:
>
> nslookup -type= www.example.com
> nslookup -type=A www.example.com
>
> This makes a cache explicitly look up those types of records if it
> doesn't already have them.
>
Thanks this brings light in the dark ...

Greetings,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Hint for nslookup wanted ...

[Walter H.]

On Tue, October 11, 2016 15:23, Richard Mann wrote:
>> -Original Message-
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>> Behalf Of Walter H.
>> Sent: Tuesday, October 11, 2016 9:05 AM
>> To: centos@centos.org
>> Subject: [CentOS] Hint for nslookup wanted ...
>>
>> Hello,
>>
>> has anybody a hint for me, how I can use nslookup to get
>> either IPv6  only or both A and  entries when doing this:
>>
>> e.g.
>>
>> # nslookup www.example.com
>>
>
> Did your google break?

not really;

> For just IPv6
> nslookup -type= www.example.com
>
> For all records
> nslookup -type=any www.example.com

nslookup -type=any www.google.com

shows only IPv6, when having done
nalookup -type= www.google.com
before???

other sample:

[root@host ~]# nslookup -query=any www.bipa.at
Server: 192.168.23.2
Address:192.168.23.2#53

Non-authoritative answer:
www.bipa.at canonical name = www.bipa.at.cdn.cloudflare.net.

Authoritative answers can be found from:

[root@host ~]#

why is no IP - neither IPv4 nor IPv6 shown?
doesn't matter if -query=any or -type=any


Greetings,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Hint for nslookup wanted ...

[Walter H.]

Hello,

has anybody a hint for me, how I can use nslookup to get
either IPv6  only or both A and  entries when doing this:

e.g.

# nslookup www.example.com

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPv6 routing with 2 different prefixes

[Walter H.]

On 13.09.2016 16:58, Gordon Messmer wrote:

On 09/13/2016 12:03 AM, Walter H. wrote:

why can only the router do
ping6 2001:db8:0815::17
and not the linux box?



It's not uncommon for systems to not route packets back out the 
interface where they were received.  What kind of router is this?

It is a CentOS 6 box

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] IPv6 routing with 2 different prefixes

[Walter H.]

Hello

I've got two prefixes, one /48 and one /64

let's say these two
2001:db8:0815::/48
2001:db8:4711:cafe::/64

the router has on it's ethernet interface the following to IPv6 addresses:
2001:db8:0815::1/48
2001:db8:4711:cafe::1/64

a windows box has
2001:db8:0815::17/48
and
2001:db8:0815::1
as it's gateway

a linux box has
2001:db8:4711:cafe::11/64
and
2001:db8:4711:cafe::1
as it's gateway

why can only the router do
ping6 2001:db8:0815::17
and not the linux box?

is there a missing IPv6 route?

Thanks,
Walter



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] more than one IP address on network device?

[Walter H.]

On 05.09.2016 15:28, Alexander Dalloz wrote:

Am 05.09.2016 um 14:27 schrieb Jonathan Billings:
On Sep 4, 2016, at 1:27 PM, Walter H. <walte...@mathemainzel.info> 
wrote:

'ifconfig' doesn't show these additional addresses ...


This is one of the many reasons why people don’t use ‘ifconfig’ anymore.


As additional information: ifconfig as part of net-tools is deprecated 
since 2009.
of course one can run ip  commands having the same result as the 
ifconfig thing, but

how would this go, when e.g. eth0 shall be up at OS startup?

e.g. /etc/sysconfig/network-scripts/route6-sit1
with this content
::/0 dev sit1
does the job automatically using ip 
(ip route add ::/0 dev sit1)

you will find e.g. where one runs
iptables -A 
ip6tables -A ...
or other firewall solutions;
but all this doesn't make any sense as long it is done automatically 
after OS startup;


https://serverfault.com/questions/633087/where-is-the-statement-of-deprecation-of-ifconfig-on-linux 



net-tools isn't any longer installed by default on CentOS 7.

no ip ... command?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] more than one IP address on network device?

[Walter H.]

On 04.09.2016 17:33, Ulf Volmer wrote:


OK, some testing has been done. you have to specify

IPADDR=192.168.0.10
NETMASK=255.255.255.0
NETWORK=192.168.0.0
GATEWAY=192.168.0.1
IPADDR2=192.168.2.10
NETMASK2=255.255.255.0
NETWORK2=192.168.2.0

I tried this way; but
'ifconfig' doesn't show these additional addresses ...


please note, that you have to specify only one GATEWAY, there can be
only one default gateway active.

sure?
thought that IPADDR, GATEWAY, NETMASK and NETWORK must go with,
the same with IPADDR2, GATEWAY2, NETMASK2 and NETWORK2 ...

Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] more than one IP address on network device?

[Walter H.]

On 04.09.2016 15:18, Ulf Volmer wrote:

On 09/03/2016 07:34 PM, Walter H. wrote:


if I would need an additional IPv6 address I'd just add
IPV6ADDR_SECONDARIES="ipv6addr"
to this file; if I would need an additional IPv4 address this works only
by a virtual device
e.g. eth0:1 like this:

That's not true, you can add ipv4 address to the interface in the same way:

| IPADDR2=172.17.170.101
| NETMASK2=255.255.255.0

There is no need to create a virtual network device.

ah ok, and the other values?

IPADDR2=192.168.1.10
BROADCAST2=192.168.1.255 <--
NETMASK2=255.255.255.0
NETWORK2=192.168.1.0 <--
GATEWAY2=192.168.1.1 <--

in case they don't match the first IP address?

Thanks,
Walter

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos