Re: RHEL/SL and iptables
Le 20/04/2011 02:26, Tom H a écrit : On Tue, Apr 19, 2011 at 12:53 PM, Robert E. Blair wrote: There is a sourceforge project called firestarter which has a rather nice script that does lots of iptables config and provides a gui monitor of firewall activity. You could also try APF: http://www.rfxn.com/projects/advanced-policy-firewall/ (I've never used it so this isn't an experienced-based recommendation but I've installed it on a test box to check out its rules and they looked good.) Shorewall's also an option that you could consider. It's another blind recommendation though; I've never even seen its default rules... Thanks very much for the numerous answers. I read through a pile of documentation, and figured out the most simple solution was a handcrafted iptables script from scratch. Here goes : --8<--- #!/bin/sh ##/root/bin/firewall-start IPT="/sbin/iptables" WAN_IFACE="eth0" LAN_IFACE="eth1" $IPT -F $IPT -t nat -F $IPT -t mangle -F $IPT -X $IPT -t nat -X $IPT -t mangle -X $IPT -P INPUT DROP $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -A INPUT -i lo -j ACCEPT $IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT $IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A INPUT -p tcp -i $LAN_IFACE --dport 22 -j ACCEPT $IPT -A INPUT -p udp -i $LAN_IFACE --dport 67 -j ACCEPT $IPT -A INPUT -j LOG --log-prefix "+++ IPv4 packet rejected +++ " $IPT -A INPUT -j REJECT $IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE /sbin/service iptables save /sbin/service iptables condrestart --8<--- Works like a charm so far. Logging (near the end of the script) tells me whenever I'm locking myself out of something. Cheers from South France, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: What kins of business use Linux?
Le 19/04/2011 07:20, Todd And Margo Chester a écrit : I really do not feel like the *aggravation* of having to maintain any more Windows installations: low quality software that almost works and has to be fussed with 20 times more than a Linux installation. And customer who are never really very happy with the way things turn out, or the expense. I'm running a small business specialized in 100% GNU/Linux and FOSS systems, aimed at professional users, e. g. folks who use a PC as a tool to get work done. So far, my clients are small town halls, public libraries, a private school. My networks are mainly CentOS on servers, and a personal mix of CentOS and Fedora on desktops. Right now, it looks like I'll use the SL6/minimal-GNOME combination as a base for the new desktops. I think a significant number of my clients don't even know they're using Linux. My only contact with Windows is when I have to retrieve data from a rotten install before replacing it with a crisp and clean Linux install. Sometimes, I integrate the odd Windows XP client in a mixed network, but more often than not, I just tell my clients that I don't do Windows, and I (politely) advise them to see someone else. So far, only one client wanted to migrate back, and it was the sort of client I was glad to be rid of anyway. Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: What kins of business use Linux?
Le 19/04/2011 07:20, Todd And Margo Chester a écrit : Sort of like graphics houses prefer Apple. What kinds of business prefer Linux? The french Gendarmerie Nationale ( = police force) is currently migrating no less than 85.000 desktops from Windows XP to Ubuntu 10.04. Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
RHEL/SL and iptables
Hi, Until recently, I've only been using the system-config-securitylevel-tui utility, because it's easy to use while covering all my needs. Now I have to switch to a manual iptables configuration, because 1) the system-config-securitylevel-tui utility has been "dumbed" down, and 2) some of the things I want to do need a more fine-grained control. What's the most "orthodox" (e. g. clean) solution to configure iptables manually (in a script, somewhere) with SL ? Cheers, Niki Kovacs -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: SL vs. RPMForge repo
Le 15/04/2011 00:48, Dag Wieers a écrit : Of course, that would also mean we'd have to update that non-PAE kernel as part of that repository. If people have a clear need for this (and there is at least one committed to support this) do speak up. It might be the beginning of something beautiful... Yes, I do have a clear need for this. My company is specialized in providing Linux solutions for professionals (mostly small town halls, schools, public libraries). From time to time, I give one of the various consumer grade distros a spin, but I always seem to come back to some RHEL clone on desktops as well as on servers. More often than not, I have to perform installs on hardware that's quite old, if not completely outdated. The sort of dinosaur hardware that nothing - short of a meteor strike - can kill. CentOS 5 is still churning away on one of my client's PIII-500 with 128 MB RAM (recently beefed up to 256 MB). Of course, most of the time, folks ask for decent hardware. But I like to still be able to install a decent system on older hardware. Cheers from the sunny South of France, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
RHEL 5.6 vs. SL 5 ?
Hi, I just took a peek at the download page for SL 5, and I only see 5.5. Does SL 5.6 exist somewhere, or has it never be released? If that's the case, is it simply a matter of install medium, e. g. are the updates for 5.5 (after a 'yum update') equal to a 5.6 install? I'd like to ask specifically, because I'd like to use SL 5 for a webserver, and AFAIK, RHEL 5.6 has replaced PHP 5.1.6 by PHP 5.3, which would be very welcome. Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: SL vs. RPMForge repo
Le 14/04/2011 03:39, Nico Kadel-Garcia a écrit : Yeah, I just hopped over from CentOS due to the delays in release and the invisibility of the build process there. I'm pretty happy with SL 6.0. +1. Quite some familiar names around this mailing list. As far as I'm concerned, I expected some sort of refugee camp, and I'm the more pleasantly surprised to find it's a four star hotel. Less than 24 hours with SL, and it looks like I'm going to stick with it. I just discovered that the text-based version of Anaconda has been seriously amputated in functionality. But that's probably an upstream decision. Plus, I wonder why I can't install SL6 on my good old Fujitsu Lifebook with a Pentium M processor, which the installer kernel refuses to work with. Any know workaround for that apart from installing SL 5.x or buying a new laptop? Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: SL vs. RPMForge repo
Le 13/04/2011 22:33, Dag Wieers a écrit : These requirements are all SL 6.0 packages, so I assume there's something wrong with your yum configuration. [dag@moria ~]# rpm -qf /usr/lib64/libesd.so.0 esound-libs-0.2.41-3.1.el6.x86_64 [dag@moria ~]# rpm -qf /usr/lib64/libcppunit-1.12.so.1 cppunit-1.12.1-3.1.el6.x86_64 [dag@moria ~]# rpm -qf /usr/lib64/libglut.so.3 freeglut-2.6.0-1.el6.x86_64 [dag@moria ~]# rpm -qf /usr/lib64/liblzo2.so.2 lzo-2.03-3.1.el6.x86_64 I would start by cleaning the cache: yum clean all Heh, I just found out. I live in a remote village with a slow DSL connection, and with CentOS, my first reflex always was to copy the content of the install DVD to a web server in my local network to make a local repository, and then configure Yum to point to that repo. Which made me wonder if the SL install DVD contained everything there is. Indeed... not :o) Reconfigured Yum to point to a standard SL repo on the Internet, and everything worked out fine. Cheers and thanks for the help. Niki PS: SL rocks! -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
Re: SL vs. RPMForge repo
Le 13/04/2011 20:59, Dag Wieers a écrit : I would be interested to know what yum errors you got, and distribution/arch and other relevant information. :-) Here goes : # cat /etc/issue Scientific Linux release 6.0 (Carbon) # yum repolist repo id repo name status rpmforgeRHEL 6.0 - RPMforge.net - 3 793 sl Scientific Linux 6.0 -2 969 sl-security Scientific Linux 6.0 - updates 552 # yum install mplayer ... --> Finished Dependency Resolution Error: Package: mplayer-1.0-0.46.svn20100703.el6.rf.i686 (rpmforge) Requires: libesd.so.0 Error: Package: dirac-1.0.2-1.el6.rf.i686 (rpmforge) Requires: libcppunit-1.12.so.1 Error: Package: libcaca-0.99-0.1.beta17.el6.rf.i686 (rpmforge) Requires: libglut.so.3 Error: Package: mpg123-1.13.2-1.el6.rf.i686 (rpmforge) Requires: libesd.so.0 Error: Package: mplayer-1.0-0.46.svn20100703.el6.rf.i686 (rpmforge) Requires: liblzo2.so.2 You could try using --skip-broken to work around the problem Any suggestion ? Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32
SL vs. RPMForge repo
Hi, I've been a CentOS user for a few years, and I just decided to switch to SL. I installed it on two of my sandbox PCs in my office. First reaction : I like it a lot! I expect a few things to be different than CentOS, and maybe the odd rough edge here and there. First things first. Does the RPMForge third party repo work OK with SL ? Because I just configured it and tried a 'yum install mplayer' and got a load of Yum error messages about missing dependencies. I'm aware this question could possible (also?) belong on the RPMForge mailing list, though I'm not exactly sure. Which third party repo do you guys recommend? Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32