Re: Sound

[Rick Sewill]

On Saturday, January 14, 2012 07:47:05 PM Patrick Dupre wrote:
 Hello,
 
 After upgrade from fedora 14 to fedora 16 on a Inspiron 9400, I lost
 the sound!
 vlc run OK, but no sound!
 How can I check the hardware drivers?
 
 Thank.

If you are now using pulse audio, and don't have pavucontrol installed, please 
install pavucontrol.  Please use pavucontrol to check if the volume is muted.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Desktop stickiness under Fedora-16/KDE

[Rick Sewill]

On Saturday, December 31, 2011 07:36:56 AM Timothy Murphy wrote:
 My desktop siezes up every hour or so;
 I can continue in the current desktop,
 but cannot change to another desktop
 or go to another application by clicking on an icon in the panel.
 
 The problem cures itself in 20-30 seconds,
 so it is not life-threatening.
 
 I killall-ed upowerd, but that didn't do the trick.
 There is nothing untoward in /var/log/messages.
 
 The problem could be to do with Firefox or KDE or Fedora;
 I'm not sure which.
 
 I've seen a few comments on this,
 but has anyone found a cure?

I'm still on Fedora 15, not sure when I will upgrade.
I run KDE, kontact/kmail, pidgin, alternate between Firefox and google-chrome.

My reason for not upgrading, so far, my desktop has only 1 G of ram.

Even on Fedora 15, if I try to run Firefox + kmail + all of the friends,
(the friends being Nepomuk, Akonadi, and what they call in), 
my system starts to swap.  

Depending what I'm doing in Firefox, Firefox and it's friend, 
the plugin-container, take lots of ram.

I will upgrade to Fedora 16 eventually, either when I can afford a new desktop,
or when I work up the courage to install on this desktop.

If possible, can you see the disk light on your desktop?
Is the disk light flashing when your desktop freezes up?

People may suggest reducing the memory footprint of Firefox.
I did a google search, found things to change in about:config,
disabled ram caching -- don't remember the change so do your own search,
disabled a number of Firefox plugins, all to control the memory footprint.

I actually created 2 scripts, use them at your own risk.
If my scripts are bad or wrong, hopefully someone will tell us.

One script stops a number of services, including kontact (kmail).
The other script starts those services.
I always stop services before using Firefox or google-chrome.

rsewill@rsewill:~ 3:3 $ more bin/stopmemoryhogs 
#!/bin/bash

declare -i sleeptime=30

# qdbus im.pidgin.purple.PurpleService /im/pidgin/purple/PurpleObject 
PurpleCoreQuit

qdbus org.kde.kontact /MainApplication quit

# qdbus org.kde.kopete /MainApplication quit

sleep ${sleeptime}

declare printerapp=$(qdbus | grep printer-applet)
[ ! -z ${printerapp} ]  qdbus ${printerapp} /MainApplication quit

akonadictl stop
# qdbus org.kde.kmix /MainApplication quit

sleep ${sleeptime}

qdbus org.kde.NepomukServer /nepomukserver quit

qdbus org.kde.korgac /MainApplication quit

rsewill@rsewill:~ 3:4 $ more bin/startmemoryhogs 
#!/bin/bash

declare -i sleeptime=30

nepomukserver 
# pidgin -f 

sleep ${sleeptime}

akonadictl start
# kopete
# kmix

sleep ${sleeptime}

kontact

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: more than one bridge

[Rick Sewill]

On Tuesday, December 27, 2011 06:59:53 AM Hiisi wrote:
 On 27 December 2011 15:49, Sam Varshavchik mr...@courier-mta.com wrote:
  Hiisi writes:
  Hi, list!
  Is there a way to set up more than one bridged interface having one
  physical device? I'm setting up virtual machines and want them to
  share the same network with host computer. For one guest machine I
  simply created a bridged interface adding line 'BRIDGE=br0' to
  /etc/sysconfig/network-scripts/ifcfg-p21p1 (host computer network
  interface), then created /etc/sysconfig/network-scripts/ifcfg-br0 with
  nececarry configuration. How to create second interface for second
  guest machine and so on?
  
  Add the second machine to the same bridge.
 
 Hi, Sam!
 Thanks, I've already did it. But theoretically, is it possible to
 create more than one bridge on one interface?

Have you looked into using VLANs?

From http://en.wikipedia.org/wiki/Virtual_network, a few paragraphs down,
VLANs (Virtual LANs) are logical LAN's (Local Area Networks), based on 
physical LAN's. A VLAN can be created by partitioning a physical LAN into 
multiple logical LAN's (subnets) using a VLAN ID. Alternatively, several 
physical LAN's can function as a single logical LAN. The partitioned network 
can be on a single router, or multiple VLAN's can be on multiple routers just 
as multiple physical LAN's would be. A VLAN can be on a VPN.

Your question sounds similar to partitioning a physical LAN into multiple
logical LAN's (subnets) using a VLAN ID.

Can someone, who has used VLANs recently, 
comment if this approach will do what the OP wants,
and help with the configuration on Linux if the OP wants to try it?

Last time I used VLANs was the late 1990's...on a SOHO (FlowPoint) router.
I'm afraid I'm a bit rusty and would have to test any help I might offer.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Bullies get into FireFox, and make a mess in F-14, way too easily, forcing me to DBAN the hd reinstall...

[Rick Sewill]

On Sunday, November 20, 2011 04:11:32 PM Linda McLeod wrote:
 The bullies who have been targeting my PC with computer problems have
 got into FireFox yet again, changing things..
 

Questions please.  

Are you running Firefox as root or as a normal user?

Have you disabled SeLinux?

Do your accounts, both root and your normal account,
have strong passwords?  Could the bullies know your passwords?

Do these bullies have physical access to your PC? 
If the bullies physical access, the only way I can think to protect stuff,
is to encrypt everything.  I would prefer others describe how to do this.
I've never encrypted my hard disk.

If these bullies do not have physical access, 
are they coming in through the Internet?
If yes, this leads to a bunch of questions.

Do you have a firewall device or NAT router or something offering you
some protection between your PC and the Internet?
Have you made changes to your PC's firewall?

How are the bullies coming in if they are coming in over the Internet?
It's possible, if the bullies are not smart, you could look at log messages. 
Someone who's done this before, would she look in /var/log/secure?

If a bully were coming in to my PC, over the Internet, 
I would first suspect they were using ssh.

I dislike the default ssh server configuration on Fedora.
I believe the default is to allow incoming ssh connections,
to normal user accounts, using password authentication.
The default iptables configuration for ssh is allow connections from anywhere.
The first things I do on a new system is disable password authentication,
only allow certain users ssh access, 
and restrict incoming ssh connections to a trusted subset of my local LAN.
I wish the default Fedora configuration, at the very least,
limited ssh connections to the local LAN.
I wish the ssh server had an option to test passwords for strength,
and reject incoming connections to accounts with weak passwords.

Other ways they could come in over the Internet include things like VPN
or VNC.  If you don't know what VPN or VNC is, you haven't enabled it.
If you are running a VNC server, are those passwords strong and secure?

Have you installed any software or plugins that are letting the bullies in?
Were you asked for the root password, by some program, unexpectedly?

If I believe a bully has gotten into my system and compromised it,
I would strongly recommend reloading my system from a backup I trust.
This backup needs to be one I believe was before the bullies first got in.
Otherwise, there are Linux rootkits designed to hide how bullies got in,
what they are doing, and prevent you from keeping them out.

To be perfectly honest, and not knowing any facts,
I would first suspect you have a weak password they brute force guessed,
and they are coming in through ssh.  Unfortunately, once in, they could
cause havoc in your user account, and if they got into your root account,
there is no telling how much harm they did.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Need to change uid and gid

[Rick Sewill]

On Friday, November 11, 2011 04:22:52 PM Jonathan Ryshpan wrote:
 In the process of upgrading from Fedora-15 to Fedora-16, my uid and gid
 have both been changed from 500 to 1000.  I maintain a mirror of my
 system as backup using rsync, so in order for the mirroring to continue
 properly the uid and gid in the mirror filesystem have to be changed to
 match the main one.  There's no problem with my home directory, just use
 $ chown --recursive 1000.1000 in the mirror of my home directory.
 However there are a few odd files, like my crontab
 file /var/spool/cron/jonrysh which needs to have its uid (but NOT its
 gid) changed.
 
 Where is a convenient script to do this?  There must be one, since this
 is essentially what was done in the upgrade from Fedora-15 to Fedora-15.
 
 Many Thanks - jon

I would suggest 
find . -uid 500 -exec chown -h owner \;
find . -gid 500 -exec chgrp -h group \;

The -h option says do the chown or chgrp to the symbolic link
instead of following the symbolic link.  Without the -h option,
the symbolic link is followed, causing the symbolic link ownership
to not be changed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Need to change uid and gid

[Rick Sewill]

On Friday, November 11, 2011 10:58:01 PM Rick Sewill wrote:
 On Friday, November 11, 2011 04:22:52 PM Jonathan Ryshpan wrote:
  In the process of upgrading from Fedora-15 to Fedora-16, my uid and gid
  have both been changed from 500 to 1000.  I maintain a mirror of my
  system as backup using rsync, so in order for the mirroring to continue
  properly the uid and gid in the mirror filesystem have to be changed to
  match the main one.  There's no problem with my home directory, just use
  $ chown --recursive 1000.1000 in the mirror of my home directory.
  However there are a few odd files, like my crontab
  file /var/spool/cron/jonrysh which needs to have its uid (but NOT its
  gid) changed.
  
  Where is a convenient script to do this?  There must be one, since this
  is essentially what was done in the upgrade from Fedora-15 to Fedora-15.
  
  Many Thanks - jon
 
 I would suggest
 find . -uid 500 -exec chown -h owner \;
 find . -gid 500 -exec chgrp -h group \;
 

Oops...It's late.  My syntax for the find commands is bad.
I forgot the {} to specify the file selected by the find command.
find . -uid 500 -exec chown -h owner {} \;
find . -gid 500 -exec chgrp -h group {} \;

 The -h option says do the chown or chgrp to the symbolic link
 instead of following the symbolic link.  Without the -h option,
 the symbolic link is followed, causing the symbolic link ownership
 to not be changed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Unable to ssh nodes with global IP

[Rick Sewill]

On Sunday, October 23, 2011 05:14:01 AM Harish Pillay wrote:
  On 10/23/2011 05:09 PM, Abu Attar Musharih wrote:
  The customer service said that  ssh is not allowed. So, what to do
  then? I badly need a server with global IP for experimenting grid
 
 You can do the following:
 a) edit /etc/ssh/sshd_config and change the default port 22 to a
 higher port say 10022. Actually anything above 1024 would
 be sufficient.
 b) restart your sshd daemon
 c) from your client, say if you are running on the command line,
 you can do the following: ssh -p 10022 hostname
 replacing the 10022 with whatever you've changed your sshd
 to.
 d) do ensure that on your server you open up the port you want
 sshd to accept connections. you can do that from the
 command line via system-config-firewall.
 
 hth.
 
 harish

Question to the OP please.  Are you also behind your own router?
Does it run NAT?  If yes, is it configured to forward an ssh connection,
from the Internet, to your local host?

When you switch your ssh server (etc/ssh/sshd_config) to use a non-standard
port, and if you are behind a router that is doing NAT, 
you will need to configure the router to forward the connection to your host.

If you are behind a router, owned by the ISP, that is using NAT,
our suggestions probably won't work...we need to know your network topology.

How can one tell if one is behind a router that uses NAT?
What is your local host's IP address?  
If your host's IP address is in the range, listed by rfc 1918,
http://www.rfc-editor.org/rfc/rfc1918.txt
192.168.0.0 - 192.168.255.255, 172.16.0.0 - 172.31.255.255, 
or 10.0.0.0 - 10.255.255.255, you are behind a router running NAT.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Problems with Fedora15 and sound INTEL 82801DB0ICH4

[Rick Sewill]

On Thursday, October 20, 2011 11:35:06 PM Miguel Cardenas wrote:
 Hello
 
 I have just moved to Fedora 15 (used another distro before), but it appears
 that the sound control is managed by the Phonon... I don't know much about
 it except that tried it some time ago when compiled it as a module for KD4,
 and it did not recognize all my sound devices and some multimedia
 formats...

I believe pulse audio is present on your system.  
I assume, if you do, ps wx | grep [p]ulseaudio
you will see something like
rsewill@rsewill:~ 3:6 $ ps wx | grep [p]ulseaudio
 2463 ?Ssl   8:42 /usr/bin/pulseaudio --start

Have you used pulse audio before?

Try running kmix with KMIX_PULSEAUDIO_DISABLE=1 as in the following script.

rsewill@rsewill:~ 3:1 $ more bin/kmix-alsa 
#!/bin/bash

export KMIX_PULSEAUDIO_DISABLE=1  kmix
rsewill@rsewill:~ 3:2 $ ls -l bin/kmix-alsa
-rwx--. 1 rsewill rsewill 54 Oct 20 00:27 bin/kmix-alsa

 
 If I open the KMix it does not show the devices, just a single (one)
 control for each input and output, no pcm mic etc. but I guess it is due
 the Phonon that does not support my chipset at all...
 

The above script may get kmix to show the alsa controls.

 My doubt is, if I install another mixer control software, would it work by
 accessing directly to the audio (kernel?) driver without causing conflict
 to the Phonon?
 

There is a pulse audio mixer control, pavucontrol, for the PulseAudio sound 
server.
rpm -q -i pavucontrol
You may need to install it, yum install pavucontrol

 And another multimedia related question, when trying AMAROK it told that
 there was no MPEG-1 plugin detected, but looking at the repositories can't
 find something like (using yum)... any idea of what may be wrong?
 

You say it did not recognize all your sound devices and multimedia formats?

You will need to be more specific...what sound devices are recognized?  
What sound devices are not recognized?

Do you mean you have multiple sound devices such as an internal sound card,
a USB sound device, what?

Do you mean you plugged something into the sound jack and the internal sound 
card isn't behaving properly, such as not doing surround sound or something?
If this is a problem, this opens up, for me, a can of worms.  
It's possible you need to do something like create a file in /etc/modprobe.d
that passes various options to snd-hda-intel
Before going down this path, we need to know if this is, indeed, your problem.
I always get lost and confused going down this path and welcome others help.

What multimedia formats are recognized?
What multimedia formats are not recognized?

The comments, regarding pulse audio, are related to sound devices.

When you say it doesn't recognize multimedia formats, do you mean formats
like mp3?  Fedora doesn't, by default, provide the software for mp3 because
mp3 is a proprietary format.  If you are using audacious, you might need
rpm -q -i audacious-plugins-freeworld-mp3
found in the repository rpmfusion-nonfree
If you are using something else that uses gstreamer,
you might need gstreamer-plugins-bad or gstreamer-plugins-ugly or I don't know 
what else.

A disclaimer...I am interested in sound discussions because I always have 
problems with my own sound configuration.  Usually, when I try to answer
these questions, some kind soul corrects me and both I and the OP learn.

 Thanks!
 
 Miguel
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Remote access

[Rick Sewill]

On Friday, October 14, 2011 06:05:29 AM Marko Vojinovic wrote:
 On Friday 14 October 2011 05:13:53 KC8LDO wrote:
  Is there a way to use ssh to get through a firewall for remote access to
  a system? The situation I'm looking at is a Fedora system sitting behind
  a company firewall, which I have no control over, that I wish to gain
  access to by logging into it over the Internet from a remote computer.
  In other words the connection is initiated from outside of the
  firewalled company network.
  
  What I'm thinking is using ssh to forward a port, 3389, to another
  computer on my own private network (also behind a firewall and NAT
  router) at home acting as a middle man. Then from another computer, lets
  say at a hotel, logging in to the same computer on my private home
  network and have it pass traffic bidirectionaly between the two end
  point computers.
  
  Is this something than can be done using ssh and if so how? I would also
  like to have the remote Fedora system connection to the middle man
  computer remain even if the remote computer is not connected.
 
 You want to look into OpenVPN. It does take some time to read the docs and
 set it up, but it's worth it.
 
   http://openvpn.net/index.php/open-source.html
 
 Essentially, it adds a virtual ethernet device (called tap) to each
 machine, and connects these into a virtual LAN. From that point on you can
 do whatever you want, as if the machines were next to each other in the
 same room, connected to an ethernet switch.
 
 It may happen that the default openvpn port is blocked by the company
 firewall. In that case just reconfigure your machines to use openvpn on
 some port that is not blocked. Other than that, openvpn will work for you
 all over the globe, and it is completely under your control.
 
 Best, :-)
 Marko

Please talk with your manager and your sysadmin.

A good sysadmin will look at the firewall logs, will see something strange,
will report it up to the chain of command, to his boss.

If the sysadmin doesn't, he should lose his job.

If you do something, behind the companies back, the company can't trust you.
If a company can't trust you, they have to design you out of the company.
They have to get rid of you.

I've worked remotely for a number of companies.

In each case, the company, and the sysadmin, wanted me to vpn in.
They helped me.  They arranged which VPN I was to use and what I could access.
They also insured their security wasn't compromised.

If you bypassed security at a company where I worked, you would be discovered.
You would be fired.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Remote access

[Rick Sewill]

On Friday, October 14, 2011 10:25:59 AM Rick Sewill wrote:
 On Friday, October 14, 2011 06:05:29 AM Marko Vojinovic wrote:
  On Friday 14 October 2011 05:13:53 KC8LDO wrote:
   Is there a way to use ssh to get through a firewall for remote access
   to a system? The situation I'm looking at is a Fedora system sitting
   behind a company firewall, which I have no control over, that I wish
   to gain access to by logging into it over the Internet from a remote
   computer. In other words the connection is initiated from outside of
   the firewalled company network.
   
   What I'm thinking is using ssh to forward a port, 3389, to another
   computer on my own private network (also behind a firewall and NAT
   router) at home acting as a middle man. Then from another computer,
   lets say at a hotel, logging in to the same computer on my private
   home network and have it pass traffic bidirectionaly between the two
   end point computers.
   
   Is this something than can be done using ssh and if so how? I would
   also like to have the remote Fedora system connection to the middle
   man computer remain even if the remote computer is not connected.
  
  You want to look into OpenVPN. It does take some time to read the docs
  and set it up, but it's worth it.
  
http://openvpn.net/index.php/open-source.html
  
  Essentially, it adds a virtual ethernet device (called tap) to each
  machine, and connects these into a virtual LAN. From that point on you
  can do whatever you want, as if the machines were next to each other in
  the same room, connected to an ethernet switch.
  
  It may happen that the default openvpn port is blocked by the company
  firewall. In that case just reconfigure your machines to use openvpn on
  some port that is not blocked. Other than that, openvpn will work for you
  all over the globe, and it is completely under your control.
  
  Best, :-)
  Marko
 
 Please talk with your manager and your sysadmin.
 
 A good sysadmin will look at the firewall logs, will see something strange,
 will report it up to the chain of command, to his boss.
 
 If the sysadmin doesn't, he should lose his job.
 
 If you do something, behind the companies back, the company can't trust
 you. If a company can't trust you, they have to design you out of the
 company. They have to get rid of you.
 
 I've worked remotely for a number of companies.
 
 In each case, the company, and the sysadmin, wanted me to vpn in.
 They helped me.  They arranged which VPN I was to use and what I could
 access. They also insured their security wasn't compromised.
 
 If you bypassed security at a company where I worked, you would be
 discovered. You would be fired.

I should add, in each case, the company provided me with the laptop to use.
The company insured the laptop had the firewall and virus software they wanted.
The sysadmin managed the laptop; either remotely or I brought the laptop in.
I was to use that laptop for work, and nothing else.
I was not to use any other PC for accessing work, only that laptop.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: selinux is a pain

[Rick Sewill]

On Tuesday, September 20, 2011 10:30:38 AM Tim wrote:
 On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
  I reinstalled (better hardware) a server and had selinux enabled (was
  disabled before), and I starting to see why so many people don't use
  selinux.
 
 Let's clarify what you've written...  You are, now, trying to run a
 system with SELinux enabled, that was previously running with it
 disabled.  The same files on the drive, just changing the SELinux
 setting.  Is that right?
 
 If so, no wonder you're having grief.  While SELinux was off, your
 system was writing files without setting any SELinux contexts.  So,
 those files are just default files.  Now that SELinux is on, there's no
 contexts written in the file attributes that would tell SELinux to allow
 access, so the default (for safety) action is to disallow it.
 

If the above is his problem, has he tried creating /.autorelabel and reboot?
Please see man selinux, 
The best way to relabel the file system is to create the flag  file 
/.autorelabel  and reboot.  system-config-securitylevel, also has this 
capability.  The restorcon/fixfiles commands are also available for relabeling 
files.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

On Thursday, August 18, 2011 11:31:18 PM Paul Allen Newell wrote:
 On 8/17/2011 10:33 PM, Andre Speelmans wrote:
  Two things:
  First, try without any firewall (service iptables stop), or enter a
  first line like: iptables -I INPUT -j ACCEPT, just so we can isolate
  the problem.
  
  If that fails, look what actually gets send on the server (tcpdump -i
  eth0 -nnl port 25).
 
 Andre:
 
 Thanks for help.
 
 I did a service iptables stop on two of my machines (chalupa --
 192.168.2.10 and chowder -- 192.168.2.11). I then typed, on chowder:
 +++
 telnet chalupa 23
 telnet chalupa 25
 telnet chalupa
 +++
 
 In all three cases, the return was:
 +++
 telnet: connect to address 192.168.2.0: Connection refused

Is this a typo?  Did it say
telnet: connect to address 192.168.2.10: Connection refused

 +++
 
 Paul
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

 My iptables is the default per F14 installation:
 +++
 # Generated by iptables-save v1.4.9 on Tue Aug 16 22:13:30 2011
 # Used command iptables-save  iptables_F14_ORIGINAL_yoyo
 *filter
 
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [9950:627381]
 

iptables entries are processed in the order found...

 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
Above line jumps to ACCEPT for any packet with an established connection.

 -A INPUT -p icmp -j ACCEPT
Above line jumps to ACCEPT for any icmp packet.

 -A INPUT -i lo -j ACCEPT
Above line jumps to ACCEPT for any packet from the loopback interface.

 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
Above line jumps to ACCEPT for any ssh packet establishing a new connection.

May I suggest inserting an entry, at this spot, for mail, something like the 
following.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The goal of the previous line is to jump to ACCEPT for any mail packet 
establishing a new connection.

Instead of the above line, you might want to specify a source IP address range 
to limit which IP addresses can send mail to your machine.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -s 192.168.2.0/24 -j 
ACCEPT
The goal of -s 192.168.2.0/24, in the above line, is to only accept incoming 
connections to port 25 (the default smtp port), if the source IP address of 
the packet is in the range 192.168.2.0 - 192.168.2.255.

 -A INPUT -j REJECT --reject-with icmp-host-prohibited
Above line jumps to REJECT for any packet destined to the host.
As I said the order of entries is important.  

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
Above line jumps to REJECT for any packet the host might forward.

 COMMIT
 # Completed on Tue Aug 16 22:13:30 2011
 +++
 

I apologize for not reading your original message and going off on a telnet/ssh 
tangent in a previous email. 

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: telnet on local LAN question

[Rick Sewill]

On Tuesday, August 16, 2011 12:04:57 AM Paul Allen Newell wrote:
 Greetings
 
 I am trying to figure out how to get communication between my F14 boxes
 on a local wired LAN. The best test case I can come up with to prove
 that I don't know what I am doing wrong is telnet.
 
...snip...
 Ping works great between all of the machines for both otherX and
 otherX.localdomain, lists the 192.168.10.x address like a happy camper
 should
 
 But a telnet otherX 25 or telnet otherX.localdomain 25 fails.
 
 I can't tell if I need to add information about the other machines
 somewhere else on name or if they really are known but something is
 blocking it.
 

You didn't say if you could telnet locally to your local host:
Does this command work: telnet localhost
If not, the telnet service needs to be enabled/started.

Another possibility, iptables might be blocking it.
See if your iptables allows new incoming connections on the tcp telnet port.

There are other possibilities, but these are the first two I'd check.

If you plan to use ssh instead of telnet anyway, is best to do ssh instead.
I believe ssh is normally enabled/started.
I believe iptables is normally set up to allow incoming ssh connections.

I'm not sure the default sshd settings in /etc/ssh/sshd_config.
I'd go through those options.  Please see man sshd_config

I think the default is now only protocol 2 -- good if that's true.

I wish the default didn't allow PasswordAuthentication.
For testing and getting ssh working, password authentication may be okay.
Wouldn't want PasswordAuthentication as my default.
Is best to use PubkeyAuthentication, at a minimum, with good keys.

I think the default is to allow root login.  Wish that were not the case.
Make the person ssh in on a normal user account and su to root.
Please change PermitRootLogin yes to PermitRootLogin no

Please limit which users can come in over ssh in /etc/sshd_config.
Use AllowGroups and/or AllowUsers.

Not sure if you want X11Forwarding or not.

Some object to security by obscurity,
but you might wish to change the ssh port from port 22 to some other port.
It doesn't stop hackers if they discover your open ssh port.
It slows down those hackers who only look for ssh on port 22.

Question for iptables/firewall GUI people...
is there a way to specify ip address ranges in any firewall GUIs?

Rather than allow new incoming ssh connections 
from any IP address given by the rule, 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
I think the OP would like to specify acceptable IP address ranges.

The OP sounds like he only wants local hosts coming in.
By hand, I would have entries with the source IP address range specified 
as in -s 192.168.0.0/16, -s 10.0.0.0/8, -s 172.16.0.0/12 

I can muck up /etc/sysconfig/iptables manually...most people shouldn't.
Bad things can happen if they don't know what they are doing.
It would be nice if firewall GUIs did this for them.  
Which firewall GUIs do?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: NM_CONTROLLED=no not working

[Rick Sewill]

On Friday, July 15, 2011 02:48:53 PM Ian Pilcher wrote:
 I feel like I'm losing my mind.  Can someone confirm that this is
 supposed to work before I bugzilla this?
 
 I am trying to get NetworkManager to ignore my wireless adapter (while
 still managing my Ethernet adapter and VPN connections).  I have created
 /etc/sysconfig/network-scripts/ifcfg-wlan0:
 
DEVICE=wlan0
TYPE=Wireless
HWADDR=00:23:14:12:C1:38
NM_CONTROLLED=no
 


Does the following work?
NM_CONTROLLED=no
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: NM_CONTROLLED=no not working

[Rick Sewill]

On Friday, July 15, 2011 08:14:43 PM Rick Sewill wrote:
 On Friday, July 15, 2011 02:48:53 PM Ian Pilcher wrote:
  I feel like I'm losing my mind.  Can someone confirm that this is
  supposed to work before I bugzilla this?
  
  I am trying to get NetworkManager to ignore my wireless adapter (while
  still managing my Ethernet adapter and VPN connections).  I have created
  
  /etc/sysconfig/network-scripts/ifcfg-wlan0:
 DEVICE=wlan0
 TYPE=Wireless
 HWADDR=00:23:14:12:C1:38
 NM_CONTROLLED=no
 
 Does the following work?
 NM_CONTROLLED=no

It was a long shot if NM_CONTROLLED=no works...documentation indicates
NM_CONTROLLED=no should work.  I think what you have should work too

Documentation says one must have the correct HWADDR address.
Looking at your followup emails, it appears you have the correct HWADDR 
address.  Another long shot...documentation suggests you can have
HWADDR=00:23:14:12:C1:38 as you have...but as an experiment,
please put quotes around the MAC address
HWADDR=00:23:14:12:C1:38

Why am I asking for quotes around things?  I'm not sure how NetworkManager 
reads ifcfg-wlan0.  It may have internal routines for reading the file -or-
it may use a shell (like the bash shell) to read ifcfg-wlan0.
I believe the non-NetworkManager network has scripts in 
/etc/sysconfig/network-scripts that use the bash shell to read  ifcfg-wlan0. 
I am trying to guess what syntax might make NetworkManager and
non-NetworkManager happy.  To tell the truth, what you have should work.
I just want to rule out this possibility.

Another line of questions.  
What is in /etc/NetworkManager/NetworkManager.conf?
I have the following:
rsewill@rsewill:~ 3:1 $ more /etc/NetworkManager/NetworkManager.conf 
[main]
plugins=ifcfg-rh
According to the documentation,  man NetworkManager.conf,
on a Redhat/Fedora system, one might have plugins=ifcfg-rh and/or keyfile
If one has both, the order the plugins are listed matters.
For example, do you have plugins=ifcfg-rh -or-  plugins=keyfile
-or- plugins=ifcfg-rh,keyfile -or- plugins=keyfile,ifcfg-rh?
Ideally you will say you have plugins=ifcfg-rh and we still won't have an idea 
what is wrong.  It's a possibility that needs to be ruled out.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Bash: (foo==0)?foo=1:foo=0 valid?

[Rick Sewill]

On Saturday, July 02, 2011 02:11:52 PM inode0 wrote:
 On Sat, Jul 2, 2011 at 2:07 PM, Daniel B. Thurman d...@cdkkt.com wrote:
  I used:  (((foo==0)?foo=1:0)) and it works in a bash script!
 
 I don't think that is quite the same as what I'm guessing your
 original attempt intended. In this case if foo does not equal 0 to
 begin with it won't be set to 0. Perhaps that doesn't matter in your
 particular case.
 
 John

If you know that foo is always initialized to either a value of zero or one, 
would the following seem reasonable?
let foo=1-$foo
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound since upgrading to F15

[Rick Sewill]

On Sunday, May 29, 2011 10:59:42 PM John Aldrich wrote:

With the disclaimer, I haven't tried to upgrade to Fedora 15 yet,
so I am getting my information from my Fedora 14 system,
I have a question on the alsa-info.sh script output.

I didn't see any !!Modprobe options (Sound related) in your output.
I assume Fedora 15 still needs modprobe options for sound.

I have sound options in my Fedora 14 /etc/modprobe.d/local.conf file.
...skip options not related to sound...
options snd cards_limit=8
alias snd-card-0 snd-hda-intel
options snd-hda-intel index=0
alias snd-card-7 snd-usb-audio
options snd-usb-audio index=7

I need to repeat the disclaimer, I am still using Fedora 14.

On my Fedora 14 system, alsa-info.sh script output gives the following:
...Skip beginning of my output...
!!Advanced information - PCI Vendor/Device/Susbsystem ID's
!!

00:10.1 0403: 10de:026c (rev a2)
Subsystem: 103c:2a45


!!Modprobe options (Sound related)
!!

snd-hda-intel: index=0
snd-usb-audio: index=7


!!Loaded sound module options
!!--
...Skip rest of my output...
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No ethernet connection -

[Rick Sewill]

On Monday, May 30, 2011 04:35:54 AM Bob Goodwin wrote:
 New F-15 install.
 
 How is the ethernet connection made/assigned, whatever? I made
 some changes via chkconfig and lost eth0 and eth1. Ethtool
 simply reports no devices. Is there a routine for setting up
 ethx or does it just have to happen automatically? That seems
 unlikely.
 

With the caveat, I am still on Fedora 14 and haven't tried to upgrade yet,
I assume Fedora 15 still has needed configuration files in /etc/modprobe.d.

What is in your /etc/modprobe.d/local.conf?

My Fedora 14 /etc/modprobe.d/local.conf file contains the following:
rsewill@rsewill:~ 3:1 $ more /etc/modprobe.d/local.conf 
alias eth0 via-rhine
alias eth1 via-rhine
alias eth2 forcedeth
alias scsi_hostadapter libata
alias scsi_hostadapter1 sata_nv
alias scsi_hostadapter2 pata_amd
alias scsi_hostadapter3 usb-storage
options snd cards_limit=8
alias snd-card-0 snd-hda-intel
options snd-hda-intel index=0
alias snd-card-7 snd-usb-audio
options snd-usb-audio index=7

On Fedora 14 this was how I associated which ethernet driver for which device.
I assume it's still the same way on Fedora 15.

Another person is having sound problems, and I remember there is sound stuff
in /etc/modprobe.d/local.conf too.

I am wondering if Fedora 15 did things to the modprobe files -or- 
if the format of the modprobe files has changed -or- 
if the modprobe files have been replaced by something else.

I will try to upgrade to Fedora 15, in time.  At this moment, I am hesitant.  
I have an old system, with limited RAM.  I need to have good file backups.
I am concerned my attempt to upgrade to Fedora 15 may fail.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No ethernet connection -

[Rick Sewill]

On Monday, May 30, 2011 07:22:45 AM Frank Murphy wrote:
 On 30/05/11 13:19, Rick Sewill wrote:
 snip
 
  I will try to upgrade to Fedora 15, in time.  At this moment, I am
  hesitant. I have an old system, with limited RAM.  I need to have good
  file backups. I am concerned my attempt to upgrade to Fedora 15 may
  fail.
 
 If upgrading F15 should preserve the ethX stuff,
 but if a fresh install pci slots (nic) will be emX

They changed the names?  Thank you for the heads up.
I will need to switch to the new names, in time, then.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound since upgrading to F15

[Rick Sewill]

On Monday, May 30, 2011 07:08:14 AM John Aldrich wrote:
  On Sunday, May 29, 2011 10:59:42 PM John Aldrich wrote:

 Ok... I put the info you had in your local.conf file WRT audio, except for
 the USB as I don't have any USB audio. I'm tempted to put an old PCI sound
 card in to see if that might help things, but I don't really want to. I
 want to figure out what is going on with sound and why it doesn't work now,
 but it did before I upgraded to F15!

Do you, by chance, know what you had in your /etc/modprobe.d/ files,
related to sound, on Fedora 14?

If I do a google search, options snd_hda_intel model
it appears snd_hda_intel has other options.

My modprobe options might not be enough, or even correct for your hardware.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Antivirus for Fedora 14

[Rick Sewill]

On Friday, May 20, 2011 12:29:23 PM John Aldrich wrote:
 On Fri May 20 2011, Andrew Jamison wrote:
  I always install ClamAV which is free from the repositories, that may
  work for now. When viruses become a bigger threat on Linux (not to
  far-fetched to say it could happen) then you may see commercial
  programmers offering Linux versions of their clients.
 
 You can already by commercial antivirus for Linux. Kaspersky offers a Linux
 version, as does AVG and Symantec. How well those work is anyone's guess. I
 don't have any info on whether or how well they work, simply advising that
 they already exist.
 
 Now, I agree that it's not too far-fetched to expect to see a linux virus
 in the wild. Apple is now reportedly advising users to get some sort of
 antivirus for the Mac, and since Apple's O/S is based on BSD, it doesn't
 seem like a huge stretch to imagine that a Linux virus could be developed.
 
 I would like to see more workstation antiviruses be developed for linux.
 Most of the antivirus products I've seen for linux have been for servers.

There have been Linux viruses in the past.

Please see URL:
http://en.wikipedia.org/wiki/Linux_malware

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[OT] My paranoia and skype, was Re: Protected WLAN

[Rick Sewill]

On Wednesday, May 18, 2011 07:01:53 AM Marko Vojinovic wrote:

 Except for skype, of course... ;-) But that's old news. And now that
 Microsoft took it over, they will probably trade with the nsa for a
 backdoor... :-)
 

I apologize for the off topic remarks I am about to make.

I would be very surprised if skype didn't have back doors for governments.

Skype is proprietary and we can't examine the source for back doors.

There were allegations the Chinese Skype had a text chat back door.
http://blogs.skype.com/en/2008/10/skype_president_addresses_chin.html

My paranoia causes me to believe the back doors don't stop with text chat.
My paranoia causes me to believe multiple governments demanded back doors.

This is one of two reasons I don't want to use skype.
The other reason I don't want to use skype is I don't want to be a super node.

In my mind, it would be very easy for governments to be men in the middle,
to intercept interesting skype traffic, to be able to store conversations.

To put it plainly, I don't trust skype.

Sorry to go off topic.  Flame me if you wish.  I think I deserve to be flamed.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 11:45:47 PM JD wrote:
...
 Well, that bridge is the router.
 Wireless clients that are associated with an Access Point
 in infrastructure mode cannot directly talk to each other.
 Their traffic must  flow through the router.
 If I had set the two computers to use AdHoc mode of
 association with each other, then indeed, their traffic
 would go directly to each other without any other facility
 in between.

I've been quiet because I don't know enough about the internals of wireless.
This discussion gives me a question.

What would happen if the computers were set to AdHoc mode?
It's unclear to me if the gateway has to be set to AdHoc mode too.
As an aside, I'm curious if most devices allow an AdHoc mode setting.

From a 64000 foot view, I'd expect the following.
The two wireless computers would find each other.
The two wireless computers would not find 192.168.1.1, the computer on the LAN, 
UNLESS the gateway answered the ARP for computers  on the LAN.
From the ARP table on the Powerbook, from another response in this thread,
it appears the gateway answers ARP requests for computers on the LAN.

This may be a wild goose chase, but I'm curious what happens in this case.

I'm not sure if you would want to actually run your network in AdHoc mode.
I don't know the direct and indirect consequences of doing this.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 09:27:55 AM JD wrote:
 On 05/14/11 08:48, G.Wolfe Woodbury wrote:
  On 05/14/2011 09:36 AM, JD wrote:
  On my F14, I am running a firewall that accepts specific connection on
  specific ports from some machines on the LAN.
  
  However, for one machine I made a general rule to accept all
  connections:
  
  -A INPUT -s 192.168.1.60 -j ACCEPT
  
  After restarting the firewall,
  
  I still am unable to ping that machine and it is unable to ping me.
  That machine is not running a firewall.
  
  I can ping the router and another machine I have on the LAN.
  The machine at 192.168.1.60 can do the same.
  
  What else do I need to do to be able to talk to machine 192.168.1.60
  and it to my fedora machine?
  
  Try:
  
  -A INPUT -s 192.168.1.60/32 -j ACCEPT
  
  there needs to be a netmask in the syntax.
 
 Tried it.
 Did not change anything :(

Could we see more of the network topology please?

Can you do on both machines:
/bin/netstat -rn

/sbin/ifconfig

If you don't mind, it might be easiest to copy your filewall
rules so we can see them.  As root,
/sbin/iptables -L -v

If you are concerned with security and sharing your public IP address, 
may I suggest changing the public IP address ranges to something else, 
like xxx.xxx.xxx.0, yyy.yyy.yyy.0, etc, in the output. 

Another question...if you have multiple ethernet devices,
which device is 192.168.1.60 connected to?  


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 10:46:51 AM JD wrote:
 On 05/14/11 09:17, Rick Sewill wrote:
  On Saturday, May 14, 2011 09:27:55 AM JD wrote:
  On 05/14/11 08:48, G.Wolfe Woodbury wrote:
  On 05/14/2011 09:36 AM, JD wrote:
  On my F14, I am running a firewall that accepts specific connection on
  specific ports from some machines on the LAN.
  
  However, for one machine I made a general rule to accept all
  connections:
  
  -A INPUT -s 192.168.1.60 -j ACCEPT
  
  After restarting the firewall,
  
  I still am unable to ping that machine and it is unable to ping me.
  That machine is not running a firewall.
  
  I can ping the router and another machine I have on the LAN.
  The machine at 192.168.1.60 can do the same.
  
  What else do I need to do to be able to talk to machine 192.168.1.60
  and it to my fedora machine?
  
  Try:
  
  -A INPUT -s 192.168.1.60/32 -j ACCEPT
  
  there needs to be a netmask in the syntax.
  
  Tried it.
  Did not change anything :(
  
  Could we see more of the network topology please?
  
  Can you do on both machines:
  /bin/netstat -rn
 
 On Fedora Machine:
 # /bin/netstat -rn
 Kernel IP routing table
 Destination Gateway Genmask Flags   MSS Window  irtt
 Iface
 10.0.0.00.0.0.0 255.255.255.0   U 0 0  0
 eth0
 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
 wlan0
 10.1.1.00.0.0.0 255.255.255.0   U 0 0  0
 eth0
 192.168.122.0   0.0.0.0 255.255.255.0   U 0 0  0
 virbr0
 0.0.0.0 192.168.1.254   0.0.0.0 UG0 0  0
 wlan0
 
 
 On the machine in question (192.168.1.60)
 # /sbin/netstat -rn
 Routing tables
 
 Internet:
 DestinationGatewayFlagsRefs  Use  Netif Expire
 default192.168.1.254  UGSc80en1
 127127.0.0.1  UCS 00lo0
 127.0.0.1  127.0.0.1  UH  04lo0
 169.254link#6 UCS 00en1
 192.168.1  link#6 UCS 20en1
 192.168.1.10:26:18:6:ef:7 UHLW0  113en1566
 192.168.1.60   127.0.0.1  UHS 00lo0
 192.168.1.254  0:1d:5a:c8:91:c1   UHLW   15  153en1565
 
 Internet6:
 Destination Gateway
 Flags  Netif Expire
 
 ::1 link#1
 
 UHL lo0
 fe80::%lo0/64   fe80::1%lo0
 Uc  lo0
 fe80::1%lo0 link#1
 UHL lo0
 ff01::/32   ::1
 U   lo0
 ff02::/32   fe80::1%lo0
 UC  lo0
 
  /sbin/ifconfig
 
 On Fedora machine:
 
 # /sbin/ifconfig
 eth0  Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
UP BROADCAST MULTICAST  MTU:1500  Metric:1
RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:174589 (170.4 KiB)  TX bytes:418153 (408.3 KiB)
Interrupt:19 Base address:0xd800
 
 eth0:0Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
UP BROADCAST MULTICAST  MTU:1500  Metric:1
Interrupt:19 Base address:0xd800
 
 loLink encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:373719874 (356.4 MiB)  TX bytes:373719874 (356.4 MiB)
 
 virbr0Link encap:Ethernet  HWaddr 22:3E:A6:BB:CD:51
inet addr:192.168.122.1  Bcast:192.168.122.255
 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b)  TX bytes:1617830 (1.5 MiB)
 
 wlan0 Link encap:Ethernet  HWaddr 00:34:56:00:03:43
inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
TX packets:4947232 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1062494718 (1013.2 MiB)  TX bytes:500756007 (477.5 MiB)
 
 wlan0:0   Link encap:Ethernet  HWaddr 00:34:56:00:03:43

Re: Networking problem

[Rick Sewill]

On Saturday, May 14, 2011 03:27:53 PM JD wrote:
 On 05/14/11 12:55, Rick Sewill wrote:
  On Saturday, May 14, 2011 10:46:51 AM JD wrote:
  On 05/14/11 09:17, Rick Sewill wrote:
  On Saturday, May 14, 2011 09:27:55 AM JD wrote:
  On 05/14/11 08:48, G.Wolfe Woodbury wrote:
  On 05/14/2011 09:36 AM, JD wrote:
  On my F14, I am running a firewall that accepts specific connection
  on specific ports from some machines on the LAN.
  
  However, for one machine I made a general rule to accept all
  connections:
  
  -A INPUT -s 192.168.1.60 -j ACCEPT
  
  After restarting the firewall,
  
  I still am unable to ping that machine and it is unable to ping me.
  That machine is not running a firewall.
  
  I can ping the router and another machine I have on the LAN.
  The machine at 192.168.1.60 can do the same.
  
  What else do I need to do to be able to talk to machine 192.168.1.60
  and it to my fedora machine?
  
  Try:
  
  -A INPUT -s 192.168.1.60/32 -j ACCEPT
  
  there needs to be a netmask in the syntax.
  
  Tried it.
  Did not change anything :(
  
  Could we see more of the network topology please?
  
  Can you do on both machines:
  /bin/netstat -rn
  
  On Fedora Machine:
  # /bin/netstat -rn
  Kernel IP routing table
  Destination Gateway Genmask Flags   MSS Window  irtt
  Iface
  10.0.0.00.0.0.0 255.255.255.0   U 0 0  0
  eth0
  192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
  wlan0
  10.1.1.00.0.0.0 255.255.255.0   U 0 0  0
  eth0
  192.168.122.0   0.0.0.0 255.255.255.0   U 0 0  0
  virbr0
  0.0.0.0 192.168.1.254   0.0.0.0 UG0 0  0
  wlan0
  
  
  On the machine in question (192.168.1.60)
  # /sbin/netstat -rn
  Routing tables
  
  Internet:
  DestinationGatewayFlagsRefs  Use  Netif
  Expire default192.168.1.254  UGSc80   
  en1 127127.0.0.1  UCS 00lo0
  127.0.0.1  127.0.0.1  UH  04lo0
  169.254link#6 UCS 00en1
  192.168.1  link#6 UCS 20en1
  192.168.1.10:26:18:6:ef:7 UHLW0  113en1   
  566 192.168.1.60   127.0.0.1  UHS 00lo0
  192.168.1.254  0:1d:5a:c8:91:c1   UHLW   15  153en1   
  565
  
  Internet6:
  Destination Gateway
  Flags  Netif Expire
  
  ::1 link#1
  
  UHL lo0
  fe80::%lo0/64   fe80::1%lo0
  Uc  lo0
  fe80::1%lo0 link#1
  UHL lo0
  ff01::/32   ::1
  U   lo0
  ff02::/32   fe80::1%lo0
  UC  lo0
  
  /sbin/ifconfig
  
  On Fedora machine:
  
  # /sbin/ifconfig
  eth0  Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
  
  inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
  inet6 addr: fe80::203:dff:fe15:2b9e/64 Scope:Link
  UP BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
  TX packets:849 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:174589 (170.4 KiB)  TX bytes:418153 (408.3 KiB)
  Interrupt:19 Base address:0xd800
  
  eth0:0Link encap:Ethernet  HWaddr 00:03:0D:15:2B:9E
  
  inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
  UP BROADCAST MULTICAST  MTU:1500  Metric:1
  Interrupt:19 Base address:0xd800
  
  loLink encap:Local Loopback
  
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:4734603 errors:0 dropped:0 overruns:0 frame:0
  TX packets:4734603 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:373719874 (356.4 MiB)  TX bytes:373719874 (356.4
  MiB)
  
  virbr0Link encap:Ethernet  HWaddr 22:3E:A6:BB:CD:51
  
  inet addr:192.168.122.1  Bcast:192.168.122.255
  
  Mask:255.255.255.0
  
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8391 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:0 (0.0 b)  TX bytes:1617830 (1.5 MiB)
  
  wlan0 Link encap:Ethernet  HWaddr 00:34:56:00:03:43
  
  inet6 addr: fe80::234:56ff:fe00:343/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:4976669 errors:0 dropped:0 overruns:0 frame:0
  TX

Re: Best FOSS alternative for skype?

[Rick Sewill]

On Thursday, May 12, 2011 02:08:56 AM Zoltan Hoppar wrote:
 HI Fernando,
 
 Yesterday night I have tried out your suggestion, and works
 surprisingly well. By the way, a far as I know there is an possibility
 to use our Fedora SIP inside at FAS, right?

Please correct me if I am wrong, 
but I am under the impression Fedora talk has been retired.

Please see URL:
https://insight.fedoraproject.org/content/kevin-fenzi-fedora-talk-first-static-
then-silence-talkfedoraprojectorg-closing-2011-05-05

If Fedora talk has indeed, been retired, 
could someone update the wiki and other references to Fedora Talk?

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Best FOSS alternative for skype?

[Rick Sewill]

On Tuesday, May 10, 2011 04:54:33 PM Marko Vojinovic wrote:
...
 Thus the question: is there a FOSS VoIP app that provides roughly the same
 quality, reliability and free-as-in-beer service?

I would like to know the answer to this question also.

I've been reading about Google and xmpp and jingle.
http://en.wikipedia.org/wiki/Jingle_%28protocol%29

I found a firefox plugin I could download.
From URL: http://www.google.com/chat/video
I clicked Install voice and video chat 
and got to URL: http://www.google.com/chat/video/download.html
I installed the rpm.
I haven't tested it much...I did call my google voice number 
to see if I could answer and I could.  
I assume I can call out too, but haven't tried.

Always keeping firefox running is not satisfactory for me.
I have an older machine, with not enough ram or cpu power.

I was hoping to use an open source voip client program.
empathy seems to use libjingle and will let me know when
there is an incoming google voice call, but it doesn't work.
Google voice wants me to press 1 to accept the call.
I have no way to press 1 in empathy.

I haven't had any success with any other client program.
I tried kopete, gajim, without success.

It used to be google voice worked with sip if one had a gizmo5 account.
Google discontinued gizmo5 recently.  
I heard rumors there are still ways to call google voice from sip,
but that doesn't help me.  
I want to use an open source client, and can no longer use a sip client.

If anyone knows how to get one of these xmpp client programs 
working with google voice, please share that information.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: dhcpd gateway settings

[Rick Sewill]

On Friday, April 22, 2011 12:11:38 PM Aaron Gray wrote:
 I am trying to set up a network and gateway on 192.168.1.x that I am using
 for BOOTP'ing servers.
 
 dhcpd.conf
 ~~~
 allow booting;
 allow bootp;
 ddns-update-style interim;
 ignore client-updates;
 subnet 192.168.1.0 netmask 255.255.255.0 {
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.1.255;
 option routers 192.168.1.1;
 option router-discovery true;
 option domain-name-servers 8.8.8.8;
 range dynamic-bootp 192.168.1.200 192.168.1.240;
 next-server 192.168.0.140;
 filename pxelinux.0;
 }
 subnet 192.168.0.0 netmask 255.255.255.0 {
 }
 ~~
 
 But I cannot seem to get HTTP or other services to work on 192.168.1.x
 
 I have the existing 192.168.0.x network and was wondering how gateway
 requests should get from 192.168.1.x to 192.168.0.1 ?
 
 Many thanks in advance,
 
 Aaron

If I were a dhcp client, with no other routing configuration information,
I will arp for the router at 192.168.1.1 to find the router's mac address.
I would send the packet not destined to my local subnet to the router.

I will not arp for 192.168.0.140 because it is not on my local subnet.

The question becomes, how is the router at 192.168.1.1 configured?
The router needs to forward the packets to the 192.168.0.x network.

To see the path, on the 192.168.1.x machine, try traceroute -n 192.168.0.x

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: dhcpd gateway settings

[Rick Sewill]

On Friday, April 22, 2011 01:58:35 PM Aaron Gray wrote:
 On 22 April 2011 19:37, Rick Sewill rsew...@gmail.com wrote:
  On Friday, April 22, 2011 12:11:38 PM Aaron Gray wrote:
   I am trying to set up a network and gateway on 192.168.1.x that I am
  
  using
  
   for BOOTP'ing servers.
   
   dhcpd.conf
   ~~~
   allow booting;
   allow bootp;
   ddns-update-style interim;
   ignore client-updates;
   subnet 192.168.1.0 netmask 255.255.255.0 {
   
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.1.255;
   option routers 192.168.1.1;
   option router-discovery true;
   option domain-name-servers 8.8.8.8;
   range dynamic-bootp 192.168.1.200 192.168.1.240;
   next-server 192.168.0.140;
   filename pxelinux.0;
   
   }
   subnet 192.168.0.0 netmask 255.255.255.0 {
   }
   ~~
   
   But I cannot seem to get HTTP or other services to work on 192.168.1.x
   
   I have the existing 192.168.0.x network and was wondering how gateway
   requests should get from 192.168.1.x to 192.168.0.1 ?
   
   Many thanks in advance,
   
   Aaron
  
  If I were a dhcp client, with no other routing configuration information,
  I will arp for the router at 192.168.1.1 to find the router's mac
  address. I would send the packet not destined to my local subnet to the
  router.
  
  I will not arp for 192.168.0.140 because it is not on my local subnet.
  
  The question becomes, how is the router at 192.168.1.1 configured?
  The router needs to forward the packets to the 192.168.0.x network.
 
 How do I do that ?

I was reading your answers to Jame's questions on the other sub-thread.
His questions were actually better than my questions.

What is device 192.168.1.1?  Is that the Netgear or your laptop?
From the other thread I gather 192.168.0.140 is your laptop.
What is the IP address for the Netgear, 192.168.0.1?

A strange question, do you wish your laptop, running Linux, to filter packets 
from the 192.168.1/24 network to the Internet?

If the answer to the above question is no, you might consider configuring the 
Netgear to be the gateway for both the 192.168.0/24 and 192.168.1/24 subnets.
http://documentation.netgear.com/fvs336g/enu/202-10257-01/FVS336G_RM-05-08.html
The Netgear will be the gateway for both subnets. 
The Netgear will route traffic between the two subnets.

If, on the other hand, you want your laptop to filter packets from the 
192.168.1/24 subnet to the Internet, you have two choices.

You can configure your laptop to route packets between the 192.168.0/24 and 
192.168.1/24 subnets -or- you can configure your laptop to masquerade packets 
from the 192.168.1/24 subnet when it forwards packets from the 192.168.1/24 
subnet to the 192.168.0/24 subnet (and, by extension, to the Internet).

For both choices where you want your laptop filtering packets from the 
192.168.1/24 subnet, you need to do the following:
1) your laptop needs to do multihoming on the ethernet port
One IP address, for your laptop, should be 192.168.0.140.
The other IP address, for your laptop, should be 192.168.1.1.
I get these two IP addresses based on your dhcpd.conf file.
If you need help with this, we can go into more detail in another email.
I know how to do this if you are NOT using NetworkManager.
Someone else may know how to do this if you are using NetworkManager.

2) Your laptop needs to be set to enable IP forwarding.
 You can dynamically turn on IP forwarding with the following command
 (as root), echo 1  /proc/sys/net/ipv4/ip_forward
 The above command would need to be done each time your laptop boots.
 Alternatively, you can change the line, net.ipv4.ip_forward = 0
 in the file, /etc/sysctl.conf, change the value from 0 to 1, to have the 
laptop always want to do IP forwarding when it boots.

3) You will need to examine your iptables and change your iptables 
configuration, as needed, to permit packets flowing between
the 192.168.0/24 and 192.168.1/24 subnet.

This is where you decide if you want to masquerade packets from the 
192.168.1/24 subnet or simply route packets from the 192.168.1/24 subnet.

If you want to simply route 192.168.0/24 packets, your step 4 is as follows:
4) configure the Netgear to route any packets to the 192.168.1/24 subnet
 through your laptop by telling the Netgear the gateway for the
 192.168.1/24 subnet is 192.168.0.140.  If you wish to do this,
 we need to search the internet to learn how to configure static routes
 on the Netgear.

Alternatively, if you want to have your laptop do masquerading, step 4 is:
4) configure iptables on your laptop to do iptables masquerading when 
your laptop is forwarding the 192.168.1/24 subnet. 
I would suggest google: iptables masquerading linux
The following is a result for a device with two physical interfaces.
http://www.revsys.com/writings/quicktips/nat.html
I assume one can use a single multihomed

Re: Help with PPTP VPN connection keeps failing

[Rick Sewill]

On Tuesday, April 19, 2011 10:43:32 AM Eric B. wrote:

  
  CCP terminated by peer
  Compression disabled by peer.
  LCP terminated by peer

I don't know if this means anything.

I would have thought not successfully negotiating compression would not be a 
good enough reason to terminate the connection.  

Still, I've been wrong more times than I care to admit.

Can you change the compression on your side to match what the peer expects?
I don't know if the peer expects a specific compression or no compression.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Help with PPTP VPN connection keeps failing

[Rick Sewill]

On Tuesday, April 19, 2011 10:38:34 PM Eric B. wrote:
 Rick Sewill rsew...@gmail.com wrote in message
 news:201104191901.17623.rsew...@gmail.com...
 
  On Tuesday, April 19, 2011 10:43:32 AM Eric B. wrote:
   CCP terminated by peer
   Compression disabled by peer.
   LCP terminated by peer
  
  I don't know if this means anything.
  
  I would have thought not successfully negotiating compression would not
  be a
  good enough reason to terminate the connection.
  
  Still, I've been wrong more times than I care to admit.
  
  Can you change the compression on your side to match what the peer
  expects?
  I don't know if the peer expects a specific compression or no
  compression.
 
 This may sound like a stupid question, but how/where does one configure
 compression using the Network Manager?  I can't seem to find documentation
 on option configuration anywhere.
 
 Thanks,
 
 Eric

I use KDE so I am limited in what I can do with GNOME Network Manager, but...
Can you go to the Network Connections, select VPN,
select the pptp connection and edit it.
Click the Advanced button, which I think is above the Save button.

Doing a google search: networkmanager pptp compression
I got the URL http://blog.herbertm.ca/archives/258
which may help us.

Can you tell us what the old settings were before changing any settings?

Can you make the settings be similar to the screen shot in the above URL?
I.e., have only MSCHAP selected, MPPE checked, 128 bit (most secure),
I think it doesn't matter if TCP header compression is checked/unchecked,
but have the other compressions unchecked.

While I would not terminate a connection if compression was not negotiated,
I would terminate a connection if encryption were not successfully negotiated.

Were there any messages about encryption negotiation in the log?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Running ssh on unreserved ports

[Rick Sewill]

On Saturday, February 19, 2011 04:28:11 am Anne Wilson wrote:
 On Saturday 19 February 2011 10:20:30 Tim wrote:
  On Fri, 2011-02-18 at 16:07 -0500, Alex wrote:
   I'd like to move it to a higher port to avoid the normal doorknob
   rattling that occurs with ssh running on a public server.
  
  Even with it on a different port, you'd probably want to implement some
  firewalling that auto-bans an IP after few failed attempts.  That stops
  them from continually trying to get through.
  
  I think there was a package called fail2ban, or something similar, that
  did that automatically.
 
 Fail2ban is easy to set up, and I've seen it stop attempts here.
 
 Anne

The one time I suffered a rootkit on Linux was when someone
used a bug in ssh to get into my system.  Fortunately, for me,
I discovered the rootkit within hours of it happening and reloaded.

I am paranoid about ssh and welcome suggestions that increase my ssh 
security configuration, in particular, and overall security, in general.

Currently, for ssh on my system, I do the following:
1) in my /etc/ssh/sshd_config file
   a) I specify which users can use ssh (AllowUsers rsewill ...)
   b) I explicitly specified only protocol 2 could be used until that
   was the default in later versions of ssh.  (Protocol 2)
   c) I switch to a non-standard port (Port ...)
   d) I do not permit root logins, (PermitRootLogin no)
   e) I ignore user known hosts (IgnoreUserKnownHosts yes)
   f) I do not permit password authentication (PasswordAuthentication no)

   I do not permit kerberos authentication.

   This leaves public key authentication.
   Please make sure the key bits are large enough, default is 2048 for RSA,
   and make sure the person, with the private key, protects the private key.

2) in iptables
   a) I whitelist the IP addresses of those I permit coming in through ssh.

   If one can't whitelist IP addresses,one might try blacklisting
   IP address ranges.  For example, if one lives in Europe, one might not
   expect an ssh connection from the United States or Russia or China.

   Please note, I do not believe blacklisting is that effective.
   First, the zombie PCs can be anywhere, in any country.
   Second, people can use proxy services to get around country blacklists.

   If you still want to try to blacklist countries,
   please do a google search, China IP range, to get some sites
   that list IP address ranges for various countries.
   I can't/won't recommend any particular site, but can list a few
   examples from this google search:
http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
http://www.countryipblocks.net/country-blocks/select-formats/
http://www.find-ip-address.org/ip-country/

   With the advent of IPv6, you need to start whitelisting and 
   blacklisting IPv6 addresses when your ISP switches to IPv6.
   The default, for most ports, is to drop incoming connects.
   IPSec seems to be an exception.  I'm not sure I like having 
   IPSec as an exception unless I expect IPSec traffic.
   Why aren't there iptables filters that allow outgoing IPSec
   connections, but not incoming IPSec connections
   The normal IPv4 iptables filters also allow IPSec connections.
   Is this the default or have I accidentally enabled IPSec?

   b) I set up my iptables filters to drop packets from a source that
   fails to connect in n attempts over a certain period of time.
   I would suggest doing a google search: ssh-evil iptables
   for examples.  If you are not comfortable with iptables and 
   iptables filters, please get a trusted friend to help you.  
   The iptables filters are your firewall; you want all filters correct,
   and in the correct order, or you leave yourself open to attack.

It sounds like fail2ban scans log files for break-in attempts, not just
for ssh, but for other protocols as well.  It would be a welcome addition.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: why is my Linux so damn slow?

[Rick Sewill]

On Saturday, February 12, 2011 12:09:34 pm M. Fioretti wrote:
 On Sat, Feb 12, 2011 19:03:56 PM +0100, Marco Fioretti 
(mfiore...@nexaima.net) wrote:
  On Sat, Feb 12, 2011 12:55:16 PM -0500, Lamar Owen (lo...@pari.edu) wrote:
   On Saturday, February 12, 2011 12:19:33 pm M. Fioretti wrote:
besides hard drive and DVD burner there are only Logitech webcam,
wheelmouse and earphone microphone, but everything is plugged in
the back which is not really accessible without moving
furniture. I'll do that if needed, but isn't a way to check for
those interrupts from the prompt?
   
   Let's see if iowaits are you issue.  Install the sysstat package
   (yum install sysstat) and run: iostat -x 1
  
  here it is, thanks for the tip. When it isn't zero, the await column
  gives anything from 27.36 to 35.78 (last line) to 5 (I have already
  posted top output in a comment to the web page):
  
  [root@polaris ~]# iostat -x 1 | egrep -i 'device|sda'
 
 Sorry, of course that's only the part of the story about sda. here is one
 complete run of iostat:
 
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 5.000.00   
 5.00 0.0064.0012.80 0.036.00   6.00   3.00 dm-0   
   0.00 0.000.008.00 0.0064.00 8.00 0.04   
 4.38   3.75   3.00 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 other runs show all null values for  dm-0 / dm-1, or values similar to
 these
 
 Marco

Could you show the output of iostat -x 1, 
not iostat -x 1 | egrep -i 'device|sda'
please?

On my system, when I do
iostat -x 1
I get avg-cpu besides drive information.
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   5.050.004.040.000.00   90.91

Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz 
avgqu-sz   await  svctm  %util
sda   0.00 0.000.000.00 0.00 0.00 0.00 
0.000.00   0.00   0.00

It might help to see the avg-cpu.
If we are lucky, either the %user or %system or ... will show high cpu usage.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: why is my Linux so damn slow?

[Rick Sewill]

On Saturday, February 12, 2011 12:27:55 pm Rick Sewill wrote:
 On Saturday, February 12, 2011 12:09:34 pm M. Fioretti wrote:
  On Sat, Feb 12, 2011 19:03:56 PM +0100, Marco Fioretti
 
 (mfiore...@nexaima.net) wrote:
   On Sat, Feb 12, 2011 12:55:16 PM -0500, Lamar Owen (lo...@pari.edu) 
wrote:
On Saturday, February 12, 2011 12:19:33 pm M. Fioretti wrote:
 besides hard drive and DVD burner there are only Logitech webcam,
 wheelmouse and earphone microphone, but everything is plugged in
 the back which is not really accessible without moving
 furniture. I'll do that if needed, but isn't a way to check for
 those interrupts from the prompt?

Let's see if iowaits are you issue.  Install the sysstat package
(yum install sysstat) and run: iostat -x 1
   
   here it is, thanks for the tip. When it isn't zero, the await column
   gives anything from 27.36 to 35.78 (last line) to 5 (I have already
   posted top output in a comment to the web page):
   
   [root@polaris ~]# iostat -x 1 | egrep -i 'device|sda'
  
  Sorry, of course that's only the part of the story about sda. here is one
  complete run of iostat:
  
  
  Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s
  avgrq-sz avgqu-sz   await  svctm  %util sda   0.00 5.00 
0.00 5.00 0.0064.0012.80 0.036.00   6.00   3.00
  dm-0
  
0.00 0.000.008.00 0.0064.00 8.00 0.04
  
  4.38   3.75   3.00 dm-1  0.00 0.000.000.00
  0.00 0.00 0.00 0.000.00   0.00   0.00
  
  other runs show all null values for  dm-0 / dm-1, or values similar to
  these
  
  Marco
 
 Could you show the output of iostat -x 1,
 not iostat -x 1 | egrep -i 'device|sda'
 please?
 
 On my system, when I do
 iostat -x 1
 I get avg-cpu besides drive information.
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
5.050.004.040.000.00   90.91
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util
 sda   0.00 0.000.000.00 0.00 0.00 0.00
 0.000.00   0.00   0.00
 
 It might help to see the avg-cpu.
 If we are lucky, either the %user or %system or ... will show high cpu
 usage.

Another question please...if it's spurious interrupts, I found the device file,
/proc/interrupts, which has a row for Spurious interrupts.

We haven't demonstrated the problem is interrupt related.
Can we try to isolate or rule out this as a problem please?

Could you show us the output of twice, the second time a few seconds
after the first time so we can see if any interrupt number changes fast. 
more /proc/interrupts
...
more /proc/interrupts

Can people suggest any information/files in /proc which might help us?

I assume there is a periodic hardware clock interrupt for your CPU.
Can we find out this clock interrupt rate somewhere?


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: why is my Linux so damn slow?

[Rick Sewill]

On Saturday, February 12, 2011 12:43:53 pm M. Fioretti wrote:
 On Sat, Feb 12, 2011 12:27:55 PM -0600, Rick Sewill (rsew...@gmail.com) 
wrote:
  Could you show the output of iostat -x 1,
  not iostat -x 1 | egrep -i 'device|sda'
  please?
 
 Sure, sorry, here you go (this is with Firefox open, right now)
 
 
 Linux 2.6.35.10-74.fc14.x86_64 (polaris.localdomain)  02/12/2011  
_x86_64_(2
 CPU)
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   28.930.003.230.690.00   67.15
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.7612.231.72   
 2.0796.94   111.7654.97 0.10   26.58   4.13   1.57 dm-0   
   0.00 0.002.45   13.9896.65   111.7612.68 2.18 
 132.68   0.95   1.57 dm-1  0.00 0.000.010.00
 0.09 0.00 8.00 0.005.45   3.18   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   48.760.000.500.000.00   50.75
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   16.580.001.010.000.00   82.41
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 0.000.00  
 19.00 0.00   152.00 8.00 0.010.79   0.11   0.20 dm-0  
0.00 0.000.00   19.00 0.00   152.00 8.00 0.01  
  0.79   0.11   0.20 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
4.460.000.994.950.00   89.60
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.0027.000.00   
 9.00 0.00   272.0030.22 0.077.67   7.67   6.90 dm-0   
   0.00 0.000.00   34.00 0.00   272.00 8.00 0.10   
 2.82   2.03   6.90 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
4.500.001.000.000.00   94.50
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   12.870.000.990.000.00   86.14
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00
 
 avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   39.300.000.500.000.00   60.20
 
 Device: rrqm/s   wrqm/s r/s w/s   rsec/s   wsec/s avgrq-sz
 avgqu-sz   await  svctm  %util sda   0.00 0.000.00   
 0.00 0.00 0.00 0.00 0.000.00   0.00   0.00 dm-0   
   0.00 0.000.000.00 0.00 0.00 0.00 0.00   
 0.00   0.00   0.00 dm-1  0.00 0.000.000.00
 0.00 0.00 0.00 0.000.00   0.00   0.00

Is there any correlation between avg-cpu %user and Device sda 
wsec/s writes?

Is there a burst of %user cpu activity followed by a burst of wsec/s writes?

If the system is doing so little, I'd expect less %user cpu activity.
Since the system is 2 CPU, does 48% means one cpu ran solid for a second?

Someone help us...I know there is a command to show open files, lsof.
Does that command include a way to find out disk activity per file or
is there another command that can find out disk activity per file?
I'm hoping, if we identify the file(s) with disk activity, we might identify
the service/application/kernel feature that is hogging the cpu.


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users

Re: why is my Linux so damn slow?

[Rick Sewill]

On Saturday, February 12, 2011 12:55:12 pm M. Fioretti wrote:
 On Sat, Feb 12, 2011 12:47:13 PM -0600, Rick Sewill (rsew...@gmail.com) 
wrote:
  Could you show us the output of twice, the second time a few seconds
  after the first time so we can see if any interrupt number changes fast.
  more /proc/interrupts
 
 here are two runs, 5/6 seconds apart:
 
 [root@polaris ~]# more /proc/interrupts
CPU0   CPU1
   0:136180   IO-APIC-edge  timer
   1:  0  2   IO-APIC-edge  i8042
   4:  0  2   IO-APIC-edge
   7:  1  0   IO-APIC-edge  parport0
   8:  0  1   IO-APIC-edge  rtc0
   9:  0  0   IO-APIC-fasteoi   acpi
  12:  0  4   IO-APIC-edge  i8042
  14:  0  0   IO-APIC-edge  pata_amd
  15:  0  0   IO-APIC-edge  pata_amd
  17:  0  2   IO-APIC-fasteoi   firewire_ohci
  20: 116972135   IO-APIC-fasteoi   ohci_hcd:usb3, nvidia
  21:947289   IO-APIC-fasteoi   ehci_hcd:usb2, hda_intel
  22:  0  3   IO-APIC-fasteoi   ehci_hcd:usb1
  23: 252957 24   IO-APIC-fasteoi   ohci_hcd:usb4
  43: 449718   5490   PCI-MSI-edge  ahci
  44: 850242 23   PCI-MSI-edge  eth0
 NMI:  0  0   Non-maskable interrupts
 LOC:   12772218   13583547   Local timer interrupts
 SPU:  0  0   Spurious interrupts
 PMI:  0  0   Performance monitoring interrupts
 PND:  0  0   Performance pending work
 RES:68964877547957   Rescheduling interrupts
 CAL:   8607  11701   Function call interrupts
 TLB:  43915  42920   TLB shootdowns
 TRM:  0  0   Thermal event interrupts
 THR:  0  0   Threshold APIC interrupts
 MCE:  0  0   Machine check exceptions
 MCP:103103   Machine check polls
 ERR:  1
 MIS:  0
 [root@polaris ~]#
 [root@polaris ~]# more /proc/interrupts
CPU0   CPU1
   0:136180   IO-APIC-edge  timer
   1:  0  2   IO-APIC-edge  i8042
   4:  0  2   IO-APIC-edge
   7:  1  0   IO-APIC-edge  parport0
   8:  0  1   IO-APIC-edge  rtc0
   9:  0  0   IO-APIC-fasteoi   acpi
  12:  0  4   IO-APIC-edge  i8042
  14:  0  0   IO-APIC-edge  pata_amd
  15:  0  0   IO-APIC-edge  pata_amd
  17:  0  2   IO-APIC-fasteoi   firewire_ohci
  20: 116985135   IO-APIC-fasteoi   ohci_hcd:usb3, nvidia
  21:947289   IO-APIC-fasteoi   ehci_hcd:usb2, hda_intel
  22:  0  3   IO-APIC-fasteoi   ehci_hcd:usb1
  23: 252957 24   IO-APIC-fasteoi   ohci_hcd:usb4
  43: 449809   5490   PCI-MSI-edge  ahci
  44: 850456 23   PCI-MSI-edge  eth0
 NMI:  0  0   Non-maskable interrupts
 LOC:   12774821   13585530   Local timer interrupts
 SPU:  0  0   Spurious interrupts
 PMI:  0  0   Performance monitoring interrupts
 PND:  0  0   Performance pending work
 RES:68969747548786   Rescheduling interrupts
 CAL:   8608  11703   Function call interrupts
 TLB:  43919  42921   TLB shootdowns
 TRM:  0  0   Thermal event interrupts
 THR:  0  0   Threshold APIC interrupts
 MCE:  0  0   Machine check exceptions
 MCP:103103   Machine check polls
 ERR:  1
 MIS:  0
 [root@polaris ~]#
 
 
 will try now to find out the clock interrupt rate. Thanks

I think the clock interrupt rate is shown by the Local timer interrupts.
I don't know if that number is okay or not.  I think it might be okay.

I am curious about the Rescheduling interrupts.
I do not have a dual core system so I have no rescheduling interrupts.

I do not know how many rescheduling interrupts is too many. 

I did google searches, Resheduling interrupts
and Linux Resheduling interrupts
It appears there have been problems, in this area, over the years.
We should be careful to limit ourselves to any recent problems.

I found some sort of explanation of rescheduling interrupts at
https://help.ubuntu.com/community/ReschedulingInterrupts
Also at this URL were suggestions for troubleshooting problems.
One suggestion, from this URL was to use vmstat 1.
I haven't used vmstat before so this is educational.
Another suggestion was troubleshooting ACPI and APIC problems.

This problem sounds similar to another person's problem:
http://www.spinics.net/lists/kvm/msg49558.html
I mention this problem because of the date and also it's
Debian (not Fedora).  We don't know if this person's problem
is a Rescheduling interrupt problem...but it sounds similar.



signature.asc
Description

Re: outout format of time command

[Rick Sewill]

On Tuesday, February 01, 2011 04:13:20 am Adel ESSAFI wrote:
 Hello,
 I have  followed the man page of  time commande to put a certain output
 format.
 However, time command does not recognise -f  option.
 
 Could you help please.
 
 
 
 [adel@localhost generateInstance]$ time -f %e ls
 bash: -f: command not found

There are two separate time commands.

One is a bash built-in.  
To set the format for this time, please set the environment variable,
TIMEFORMAT.  Please do info bash and search for TIMEFORMAT.

The other is the time command described by man time.
To use this time command, please do $(which time) -f %e ls
On my system, $(which time) happens to be /usr/bin/time
so I can also do /usr/bin/time -f %e ls


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [Fedora] Re: [Fedora] Re: korganizer crash

[Rick Sewill]

On Thursday, January 27, 2011 04:10:46 pm Walter Cazzola wrote:
 Dear all,
 just to add something to my problem, this affect only my user, from root
 korganizer starts like a charm. I've noticed that it is bound to the
 akonadi server but also killing all the process related to akonadi
 korganizer from my user doesn't start.
 
 :-(
 
 any help is appreciated
 

I just started using kde a little while ago so I may not be much help.

I believe, to identify a problem, one needs to isolate the problem.

To this end, what calendar(s) were you working with just before it failed?

If they were local calendars, can you move them out of the way,
until you identify which local calendar causes the problem, and then
examine that calendar to see what might be causing the problem?

I would strongly encourage you to make a backup before moving files.
It would be bad if my suggestion made matters worse.

If they are calendars from the Internet, can you bring up korganizer
with your PC not connected to the Internet--korganizer will fail to get 
to the internet, but you might be able to disable the Internet calendar.
If disabling an Internet calendar stops the crashing, we get a hint.

Once the calendar(s) causing problems can be identified, 
others may have hints what is causing the crashing problem.

Also, when it crashes, I assume abrt wants to make a report.
Do the details of the report give a hint why korganizer is crashing?
The hint may have no meaning to me, but might help a developer.
With the hint, one might google to see what others did to fix similar problems.

I wish I could give you an answer.  
I'm afraid I can only suggest isolating the problem.
Hopefully others, who have used kde longer or develop kde 
will recognize the problem and suggest a fix or workaround.



signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: iptables and NAT

[Rick Sewill]

On Tuesday, January 25, 2011 09:12:07 am Ian Pilcher wrote:
 What is the default gateway on the web server?  It's possible that
 packets are getting through the gateway server just fine, but getting
 lost on the way back.

Can the OP run wireshark and look for the packets?

Also, if one does 
iptables -L -v -t nat
-and-
iptables -L -v
before and after trying to send a packet from the Internet to his server,
do the byte and packet counts for the nat iptables entries and the other 
iptables entries (for forwarding the packet) get incremented as expected?


signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Checking whether Gnome screensaver currently active

[Rick Sewill]

On Tuesday, January 18, 2011 08:52:57 pm Robert Nichols wrote:
 On 01/18/2011 12:28 PM, Rick Sewill wrote:
  On Tuesday, January 18, 2011 09:00:22 am Robert Nichols wrote:
  On 01/18/2011 01:34 AM, Rick Sewill wrote:
  On Monday, January 17, 2011 10:57:00 pm Robert Nichols wrote:
  On 01/17/2011 09:57 PM, Rick Sewill wrote:
  Question please:
  
  Can you use
  gnome-screensaver-command -q
  
  man gnome-screensaver-command
  
  I'm currently trying out KDE so I don't know
  what is returned by the above command for the
  various gnome-screensaver states.
  
  As I said in my original message, when run from a cron job that fails:
  ** Message: Failed to connect to the D-BUS daemon:
  /bin/dbus-launch terminated abnormally with the following
  error: Autolaunch error: X11 initialization failed.
  
  And yes, I did try it with DISPLAY=:0.0 in the environment.
  
  You have a good puzzle!
  
  I read all the responses for the problem,
  http://www.mail-archive.com/debian-kde@lists.debian.org/msg30421.html
  
  I tried to condense their answer to the following...please give it a
  try:
  
  I created a file, ${HOME}/bin/testscreensaver
  = Please begin contents of file testscreensaver with following line
  #!/bin/bash
  
  # We must set the DISPLAY variable so dbus is happy.
  
  export DISPLAY=:0.0
  
  # We must find the DBUS_SESSION_BUS_ADDRESS so dbus is happy.
  
  for pid in $(pgrep -u $USER)
  do
  
declare DBUS_SESSION_BUS_ADDRESS=$(cat /proc/${pid}/environ | \

tr '\0' '\n' | grep DBUS_SESSION_BUS_ADDRESS=)
  
  # I looked for the first DBUS_SESSION_BUS_ADDRESS found.
  
[ -z ${DBUS_SESSION_BUS_ADDRESS} ] || break
  
  done
  
  
  # Strip off the DBUS_SESSION_BUS_ADDRESS= string at the beginning.
  DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS:25}
  
  # I echo it for debugging purposes...you probably don't want to echo
  it. echo Set bus address to${DBUS_SESSION_BUS_ADDRESS}
  
  # If I have a string, I call the gnome-screensaver-command
  [ -z ${DBUS_SESSION_BUS_ADDRESS} ] || gnome-screensaver-command -q
  
  = Please end file testscreensaver with previous line
  
  Hmmm, in that script you're not doing anything with
  DBUS_SESSION_BUS_ADDRESS beyond testing for non-null (it's not
  exported), so Set bus address to is a misnomer.  Found bus address
  might be more to the point.  It does test whether this user currently
  has a session, which is useful.
  
  Please see man dbus-daemon.
  
  I believe the variable, DBUS_SESSION_BUS_ADDRESS, must be set for desktop
  applications to find the per-session daemon to have interprocess
  communication amongst themselves.  From man dbus-daemon, I am
  referring to the per-session daemon, not the systemwide daemon.
 
 Look again at the script you posted and explain where it does anything but
 set and test for non-null an internal shell variable that has no special
 meaning to the shell itself.  Had you in some manner exported that variable
 so that gnome-screensaver-command could see it, then I would have more
 reason to believe you.

I stand corrected. 

 I ran a test without DBUS_SESSION_BUS_ADDRESS set.
Only the export DISPLAY=:0.0 seems to be needed.





signature.asc
Description: This is a digitally signed message part.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: xmms only playing mp3 as root

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


 Hi Mchael,
 This system was installed - clean - from dvd on 28-12-2010.
 I use my laptop like my car. Drive it - stick to the rules - not messing 
 with things I do not know about.
 When beyond me I ask for advice.
 Your positive input is appreciated.
 Before I try anything is your advice still standing since this is new 
 install?
 Await your comment
 Thanks.
 Johan
 

I just noticed this thread.
Please forgive me if my comments are not germane.

When you are logged in, as root, do you have a file,
~/.xmms/config, and if so, is there a line in this file,
output_plugin=

When you are logged in, as a normal user, do you have a file,
~/.xmms/config, and if so, is there a line in this file,
output_plugin=

For me, when I am logged in, as a normal user, I do have a file,
~/.xmms/config, and the line in my file is
output_plugin=/usr/lib64/xmms/Output/libxmms-pulse.so

I have not run xmms, as root.  I do not have a directory, /root/.xmms

I thought, somewhere, I read, your xmms was looking for /dev/dsp.
I thought /dev/dsp was for the audio system, Open Sound System (OSS).
I thought, but could be wrong, OSS, was replaced,
in the default Fedora installation, by Pulse Audio
(with ALSA actually used to drive the sound hardware).

I do not have the device file, /dev/dsp.

xmms does play mp3 files, for me, as a normal user.
In my setup, xmms must use Pulse Audio.  I don't have OSS installed.

I apologize if my comments are not germane.
I missed the start of this thread.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0d9KQACgkQyc8Kn0p/AZTHXgCfTUj0MJTDhsfwr8qi5AqlQvVk
dOYAoIuwuLynII/pRpEzyY1V7xXvCzh4
=JrHI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: How do I set up DHCP in order to upgrade the software on my router?

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/28/2010 08:31 AM, Colin Paul Adams wrote:

 I edited 
 /etc/dhcp/dhcpd.conf
 
 to look like this:
 
 #
 # DHCP Server Configuration file.
 #   see /usr/share/doc/dhcp*/dhcpd.conf.sample
 #   see 'man 5 dhcpd.conf'
 #
 authoritative;
 use-host-decl-names on;
 ddns-update-style none;
 
 option domain-name colin.demon.co.uk;
 next-server 192.168.254.201;
 filename linux/pxelinux.0;
 allow bootp;
 
 subnet 192.168.254.0 netmask 255.255.255.0 {
 
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.254.255;
 
 }
 group {
  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
 }
 

I looked at /usr/share/doc/dhcp-4.2.0/dhcpd.conf.sample,
and saw the following:

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

subnet 10.254.239.32 netmask 255.255.255.224 {
  range dynamic-bootp 10.254.239.40 10.254.239.60;
  option broadcast-address 10.254.239.31;
  option routers rtr-239-32-1.example.org;
}


If the above, in the sample file, is correct,
and your router is using BOOTP instead of DHCP,
I would think you need
  range dynamic-bootp ...

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0aADAACgkQyc8Kn0p/AZRzlACfeZe3M257Yjd7hJxLdIJDqHzt
srIAnjHnPolQVWotLGs7lw9E2Wsz8vjr
=Q7Av
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: How do I set up DHCP in order to upgrade the software on my router?

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/28/2010 09:20 AM, Rick Sewill wrote:
 On 12/28/2010 08:31 AM, Colin Paul Adams wrote:
 
 I edited 
 /etc/dhcp/dhcpd.conf
 
 to look like this:
 
 #
 # DHCP Server Configuration file.
 #   see /usr/share/doc/dhcp*/dhcpd.conf.sample
 #   see 'man 5 dhcpd.conf'
 #
 authoritative;
 use-host-decl-names on;
 ddns-update-style none;
 
 option domain-name colin.demon.co.uk;
 next-server 192.168.254.201;
 filename linux/pxelinux.0;
 allow bootp;
 
 subnet 192.168.254.0 netmask 255.255.255.0 {
 
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.254.255;
 
 }
 group {
  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
 }
 

Hmmm.  I did a little more digging.

I found, in man dhcpd.conf, the following:
BOOTP Support
  Each BOOTP client must be explicitly declared in the dhcpd.conf file.
  A very basic client  declaration  will  specify  the  client  network
  interface's  hardware  address  and  the IP address to assign to that
  client.   If the client needs to be able to load a boot file from the
  server,  that  file's name must be specified.   A simple bootp client
  declaration might look like this:

   host haagen {
 hardware ethernet 08:00:2b:4c:59:23;
 fixed-address 239.252.197.9;
 filename /tftpboot/haagen.boot;
   }

Could you instead of doing what I thought previously, replace
 group {
  host 192.168.254.254 { hardware ethernet 00:14:7F:F8:83:DD; }
 }

with something like the following...
host myrouter {
  hardware ethernet 00:14:7F:F8:83:DD;
  fixed-address 192.168.254.254;
  filename /var/lib/tftpboot/ZZQIAA8.225.bli;
}

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0aCigACgkQyc8Kn0p/AZTTqgCdHDl7KvO+2RfFy2Eep3k/RFOL
v1UAoJYrZnNwME92MLP5o8vsH9Wn3dBt
=GgOI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: nm-applet autoload

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/21/2010 10:28 AM, Richard Heck wrote:
 
 After an upgrade from F12 to F14, which went very smoothly even on an 
 old laptop (yea!), nm-applet is no longer loaded automatically under 
 KDE. I can load it manually from a terminal, and then all is well, but 
 this is a hassle. I could also add it to the Autostart folder, but that 
 seems the wrong way to handle it.
 
 Suggestions?
 
 Thanks,
 Richard
 

For me, nm-applet is loaded as a Startup Application
(System-Startup Application-Network Manager)
The command found in the Startup Program was
nm-applet --sm-disable

Note: I am using Gnome, not KDE.  Your mileage may vary.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Q20gACgkQyc8Kn0p/AZTJwgCffog0UDfOQNgW6XYDqdSzIBTb
+AsAoJPwVACpkmGOa7ZK8/eCmBfv2Bfi
=wbYG
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: nm-applet autoload

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/21/2010 10:52 AM, Rick Sewill wrote:
 On 12/21/2010 10:28 AM, Richard Heck wrote:
 
 After an upgrade from F12 to F14, which went very smoothly even on an 
 old laptop (yea!), nm-applet is no longer loaded automatically under 
 KDE. I can load it manually from a terminal, and then all is well, but 
 this is a hassle. I could also add it to the Autostart folder, but that 
 seems the wrong way to handle it.
 
 Suggestions?
 
 Thanks,
 Richard
 
 
 For me, nm-applet is loaded as a Startup Application
 (System-Startup Application-Network Manager)
 The command found in the Startup Program was
 nm-applet --sm-disable
 
 Note: I am using Gnome, not KDE.  Your mileage may vary.
 

I mistyped...that should be
(System-Preferences-Startup Applications-Network Manager)

Sorry.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Q29sACgkQyc8Kn0p/AZQccwCfUcAdM5gDnalJ8hE/Byy2SMVP
PJMAoJTEV0CnFA4vvQyxuUes4PBPF2ZZ
=++4C
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Still having problems with mount of USB drive at boot time

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/14/2010 03:33 PM, Robert Moskowitz wrote:
 This is for Fedora 12 and a 1.5Tb USB seagate drive.
 
 How do I get this drive recognixzed at boot time?  Once it is set up it 
 is known as:
 
 /media/d4ae05a3-c60f-489d-8159-e16c9a271f0b
 
 

Caution: I am on Fedora 14.
I can't remember if the following is true for Fedora 12.
I believe the following is true for Fedora 13.

When the disk is on and plugged in, does an entry for it appear in
ls -l /dev/disk/by-uuid

What I have done is the following:
1) In my /etc/fstab I have
   (following is all one line, forgive the line wrap)
UUID=90de18a5-489b-40bd-85a4-9a2ff3a15d81 /media/wd  ext2   noauto
0 0

2) When I turn on my USB disk, the following appears:
   ls -l /dev/disk/by-uuid/90de*
rsew...@rsewill:~ 2:6 $ ls -l /dev/disk/by-uuid/90de*
lrwxrwxrwx. 1 root root 10 Dec 15 01:42
/dev/disk/by-uuid/90de18a5-489b-40bd-85a4-9a2ff3a15d81 - ../../sdf1

It appears I can use UUID=name where name is found in /dev/disk/by-uuid
in my /etc/fstab file.

3) I do, sudo mount /media/wd
   Please note: I have my /etc/sudoers file set up so I can do
   sudo mount 
   As root, one edits the /etc/sudoers file using the visudo command
   to set up what user can do what with the sudo command.

Similarly, I believe I can use LABEL=label for the disk if it appears in
/dev/disk/by-label.  I have a walkman which I have labeled, WALKMAN.
My fstab entry for it is as follows:
  (following is all one line, forgive the line wrap)
LABEL=WALKMAN   /media/walkman   vfat
noauto,user 0 0

The entry, when the walkman is plugged in, in /dev/disk/by-label is
rsew...@rsewill:~ 2:11 $ ls -l /dev/disk/by-label/WALKMAN
lrwxrwxrwx. 1 root root 10 Dec 15 01:47 /dev/disk/by-label/WALKMAN -
../../sdg1

I can mount my walkman, as a normal user, because of the user option
in the /etc/fstab file.
mount /media/walkman

I use noauto or noauto,user so I can control when the device is
mounted.  I mount these devices manually.

Please see man 8 mount for the definitions of these options,
noauto, user, defaults.

I assume, since you say you want it mounted automatically,
and I assume at boot time, you will not want the noauto option.

Would you, instead, use the defaults option instead of noauto?

If the device is not turned on during boot, with the defaults option,
I'm not sure what will happen.  I expect the system to wait a long time
and/or hang waiting for the device to appear.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0Id6gACgkQyc8Kn0p/AZR65gCfSjpKUXRNqj0KzLgfazGY4Y8U
4xgAnRjdZ0kiUMGBUmXgfV4oUqn5ZGy/
=tTbg
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Testing changes to fstab

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/15/2010 07:29 PM, Robert Moskowitz wrote:
 A long time ago I got burned with a type in /etc/fstab and back then I 
 was told how to test out changes to fstab.
 
 Well I just added my USB drive to fstab and want to make sure I got it 
 right.  The line I added is:
 
 /dev/sdb1/media/usbdriveext4defaults1 2
 
 I figure this out from the fstab man page and that the following works:
 
 mount /dev/sdb1 /media/usbdrive
 
 But I want to test first before I reboot.  BTW, the messages I now get 
 for this drive during boot are:
 
 Dec 15 19:56:06 homebase kernel: usb 1-2: New USB device found, 
 idVendor=0bc2, idProduct=3300
 Dec 15 19:56:06 homebase kernel: usb 1-2: New USB device strings: Mfr=1, 
 Product=2, SerialNumber=3
 Dec 15 19:56:06 homebase kernel: usb 1-2: Product: Desktop
 Dec 15 19:56:06 homebase kernel: usb 1-2: Manufacturer: Seagate
 Dec 15 19:56:06 homebase kernel: usb 1-2: SerialNumber: 2GHJTCB4
 Dec 15 19:56:06 homebase kernel: usb 1-2: configuration #1 chosen from 1 
 choice
 
 Oh, and I used e2label to label the partition the same as its serial #).
 
 

A suggestion please.

Instead of using /dev/sdb1 in /etc/fstab, can you use either,
UUID=uuid-for-the-partition or LABEL=label-for-the-partition?

I speak from personal experience.

At one time, I tried using /dev/sdf1 for a usb drive.

Then I added another usb device.

Depending how usb devices were discovered,
my usb drive wasn't /dev/sdf1 any more.

When the device is plugged in, even if the device is not mounted,
can you check ls -l /dev/disk/by-uuid or ls -l /dev/disk/by-label
to learn the uuid or label for the usb drive, respectively?

Since you stated you labeled the partition, 2GHJTCB4,
you should be able to do, in your /etc/fstab,

LABEL=2GHJTCB4 /media/usbdriveext4defaults1 2

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0JuO4ACgkQyc8Kn0p/AZQyrACdEWkPCbLuz8TiB1vLCmH3eeAS
ow4AnR4ixd/G68+1q27kLzK4NIALOcVp
=6CP2
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fedora14.Impossible Internet.More and More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/15/2010 12:18 AM, Rick Sewill wrote:
 On 11/14/2010 10:23 PM, Luis Suzuki wrote:
 All below was taken when Gnome NetworkManager was saying that Auto eth0
 was active and OK.
 
 Below some more data:# ping 192.168.1.254
 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
 64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=1.15 ms
 64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.700 ms
 64 bytes from 192.168.1.254: icmp_req=3 ttl=64 time=0.733 ms
 64 bytes from 192.168.1.254: icmp_req=4 ttl=64 time=0.715 ms
 64 bytes from 192.168.1.254: icmp_req=5 ttl=64 time=0.706 ms
 64 bytes from 192.168.1.254: icmp_req=6 ttl=64 time=0.775 ms
 64 bytes from 192.168.1.254: icmp_req=7 ttl=64 time=0.801 ms
 64 bytes from 192.168.1.254: icmp_req=8 ttl=64 time=0.716 ms
 64 bytes from 192.168.1.254: icmp_req=9 ttl=64 time=0.726 ms
 64 bytes from 192.168.1.254: icmp_req=10 ttl=64 time=0.708 ms
 64 bytes from 192.168.1.254: icmp_req=11 ttl=64 time=0.709 ms
 
 
 This means the ethernet hardware is working.  You can ping the router.
 
 #less /etc/resolv.conf
 # Generated by NetworkManager
 domain lan
 search lan
 nameserver 192.168.1.254
 /etc/resolv.conf (END) 
 
 
 This is good as long as the router will do DNS for you.
 
 #ifconfig -a
 
 eth0  Link encap:Ethernet  HWaddr 00:21:70:BC:71:84  
   inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
   inet6 addr: fe80::221:70ff:febc:7184/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   RX packets:120 errors:0 dropped:0 overruns:0 frame:0
   TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000 
   RX bytes:11211 (10.9 KiB)  TX bytes:19119 (18.6 KiB)
   Interrupt:43 Base address:0x8000 
 
 The interface IP address is 192.168.1.64...okay.
 
 # ip route
 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.64
  metric 1 
 
 # netstat -rn
 Kernel IP routing table
 Destination Gateway Genmask Flags   MSS Window  irtt
 Iface
 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
 eth0
 
 
 You have no default route...this is part of the problem.
 When doing ip route, you should have something like
 default via 192.168.1.254 dev eth0
 When doing netstat -rn, you should have something like
 0.0.0.0 192.168.1.2540.0.0.0 UG0 0
 0 eth0
 
 # cat /etc/sysconfig/network-scripts/ifcfg-eth0
 cat: /etc/sysconfig/network-scripts/ifcfg-eth0: No such file or directory
 
 
 Argh.  I don't use NetworkManager...if there is no ifcfg-eth0 file,
 what does NetworkManager do?  People?
 
 What you need to do is add a default route to 192.168.1.254 for eth0
 
 I have no plans to use NetworkManager any time soon so I can only give
 you general hints...I wish someone who does use NetworkManager would
 take over this discussion.
 
 Needless to say...I will try.
 
 When you start the Network Manager client to examine/modify
 configurations, you should find the configuration for eth0.
 
 I'm only guessing, but is it something like Network connections?
 Can you select the ethernet network connection and push the edit button?
 
 When you do that, does a pop-up appear?
 Does it have a IPv4 Settings tab?
 
 Can you select the IPv4 Settings tab.
 
 What is the Method: Automatic (DHCP)
  or Automatic (DHCP) addresses only
  or Manual
  or what?
 
 I'm guessing the Method is Manual...but please tell me.
 
 The following advice is based on the belief the Method is Manual.
 
 Is there a Routes button?  Please press it.
 
 Does another pop-up appear, something like Editing IPv4 routes for 
 Can you add a route,
 AddressNetmask   Gateway Metric
 0.0.0.00.0.0.0   192.168.1.254   1
 
 Can someone who does use NetworkManager correct the above please?
 I'm sure I have things wrong since I don't use NetworkManager.
 Hopefully, people can get the idea what I want tried.
 
 Please let me know how far off I am regarding the NetworkManager GUI.
 
 When you are done, please do either
 ip route or netstat -rn
 I wish to see if the default route has been added.
 If you have a default route...try to ping something on the Internet.
 
 I manage my interfaces myself...I do networking things for a living.
 NetworkManager was not my friend, in the past, when it interfered with
 what I needed to do...so I turned it off, and never turned it back on.

Shows what I know about NetworkManager...yes, I'm learning,

if for your eth0 connection,
You have Method: Manual
Instead of doing what I suggested by pushing the Routes button and
adding the default gateway there...
Change the Addresses entry from
Address Netmask   Gateway
192.168.1.64255.255.255.0 0.0.0.0
to
Address Netmask   Gateway
192.168.1.64255.255.255.0 192.168.1.254
That's probably the NetworkManager

Re: Fedora14.Still Impossible Internet.More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2010 02:02 PM, Luis Suzuki wrote:
 Well it seems my problem is related with this one:   bugzilla
 649570.However my NIC is a Realtek RTL 8102E.
 
 the DHCP discovery packets may not be responded as well.However the
 workaround,
 does not work for me(place acpi=off or pcie_aspm=off in grub kernel boot
 options).
 
 So,I probably need to completely stop processes that are in charge of
 automatic
 network discovery and configure all,manually from scratch.
 
 I tried once and it did not work,I did:
 
 chkconfig NetworkManager off
 /etc/init.d/network stop
 ifconfig eth0 192.168.1.64 netmask 255.255.255.0
 /etc/init.d/network start
 
 Note: my DNS server is 192.168.1.254(when auto configured).

Given you are using 192.168.x.x, you must have a router doing NAT.

When you believe your ethernet connection is up, can you ping your
router IP address?  Is your router IP address 192.168.1.254?
Is your router also your DNS server?

Can you please give us the information from the following commands:
ifconfig -a
This will give us a hint if your ethernet interface thinks it's up.
The ping command above will tell us if it's really up and you can ping
your router.

netstat -rn(or ip route)
Either of these commands will give us an idea of your current routing
table.  We need to be certain 192.168.1.254 isn't some other interface
on your PC.  We need to see what your default route actually is.  We
need to make sure you don't have other routes that are interfering with
your ability to get to the Internet.

cat /etc/sysconfig/network-scripts/ifcfg-eth0
This will give us a hint how the eth0 interface is coming up...
I assume you haven't put anything special in /etc/sysconfig/network
I assume you don't have any /etc/sysconfig/network-scripts/route* files

cat /etc/resolv.conf
This will give us a hint of your current DNS information.

If you can ping the router, and the router is your gateway, and you
still can't get to the Internet, we need to know information about the
router.

Is that router configured as a dhcp server for your local lan?

Does that router do DNS for your local lan?
Can you access your router, examine its configuration, and make sure it
is configured to do DNS for your local lan.

Can you access your router, examine the information for its WAN
interface, and insure it has the correct IP address and DNS information
from your ISP?  I assume your ISP is providing you with a dynamic IP
address.  Tell me if I'm wrong.

Please tell us the DNS information your router has from your ISP.
Please tell us the first number of your WAN dynamic IP address, as
in 24.x.x.x, I don't wish you to advertise your IP address in a public
forum.  I just wish to see you have a reasonable WAN IP address.

Does your router have any special parental features blocking your access
to the Internet?  Does your router have any firewall rules blocking your
access to the Internet?

We may need to know more information about your ISP...I hope we don't.

If you can get to your router, and your router looks okay...meaning
the LAN side looks okay (correct DHCP, etc) and the WAN side looks okay
(correct IP address and DNS information), I will ask about the ISP.

I will ask,
what kind of Internet connection are you using?  xDSL, cable, etc.

Does your ISP require you to log in to their web site to validate your
Internet connection (MAC address) the first time you try to get to the
Internet with a new device (is the router a new device as far as the ISP
is concerned)?  I had a cable company that did something like that...I
don't have that cable company any longer.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzgf+kACgkQyc8Kn0p/AZSjSwCgg3+cdd+POgmcT519yzjDxMuL
ecAAn0k2EmvWBmJdXnQeAC9jXo2Mo1r5
=JjRr
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fedora14.Impossible Internet.More and More data.

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2010 10:23 PM, Luis Suzuki wrote:
 All below was taken when Gnome NetworkManager was saying that Auto eth0
 was active and OK.
 
 Below some more data:# ping 192.168.1.254
 PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
 64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=1.15 ms
 64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.700 ms
 64 bytes from 192.168.1.254: icmp_req=3 ttl=64 time=0.733 ms
 64 bytes from 192.168.1.254: icmp_req=4 ttl=64 time=0.715 ms
 64 bytes from 192.168.1.254: icmp_req=5 ttl=64 time=0.706 ms
 64 bytes from 192.168.1.254: icmp_req=6 ttl=64 time=0.775 ms
 64 bytes from 192.168.1.254: icmp_req=7 ttl=64 time=0.801 ms
 64 bytes from 192.168.1.254: icmp_req=8 ttl=64 time=0.716 ms
 64 bytes from 192.168.1.254: icmp_req=9 ttl=64 time=0.726 ms
 64 bytes from 192.168.1.254: icmp_req=10 ttl=64 time=0.708 ms
 64 bytes from 192.168.1.254: icmp_req=11 ttl=64 time=0.709 ms
 

This means the ethernet hardware is working.  You can ping the router.

 #less /etc/resolv.conf
 # Generated by NetworkManager
 domain lan
 search lan
 nameserver 192.168.1.254
 /etc/resolv.conf (END) 
 

This is good as long as the router will do DNS for you.

 #ifconfig -a
 
 eth0  Link encap:Ethernet  HWaddr 00:21:70:BC:71:84  
   inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
   inet6 addr: fe80::221:70ff:febc:7184/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   RX packets:120 errors:0 dropped:0 overruns:0 frame:0
   TX packets:153 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000 
   RX bytes:11211 (10.9 KiB)  TX bytes:19119 (18.6 KiB)
   Interrupt:43 Base address:0x8000 

The interface IP address is 192.168.1.64...okay.

 # ip route
 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.64
  metric 1 
 
 # netstat -rn
 Kernel IP routing table
 Destination Gateway Genmask Flags   MSS Window  irtt
 Iface
 192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
 eth0
 

You have no default route...this is part of the problem.
When doing ip route, you should have something like
default via 192.168.1.254 dev eth0
When doing netstat -rn, you should have something like
0.0.0.0 192.168.1.2540.0.0.0 UG0 0
0 eth0

 # cat /etc/sysconfig/network-scripts/ifcfg-eth0
 cat: /etc/sysconfig/network-scripts/ifcfg-eth0: No such file or directory
 

Argh.  I don't use NetworkManager...if there is no ifcfg-eth0 file,
what does NetworkManager do?  People?

What you need to do is add a default route to 192.168.1.254 for eth0

I have no plans to use NetworkManager any time soon so I can only give
you general hints...I wish someone who does use NetworkManager would
take over this discussion.

Needless to say...I will try.

When you start the Network Manager client to examine/modify
configurations, you should find the configuration for eth0.

I'm only guessing, but is it something like Network connections?
Can you select the ethernet network connection and push the edit button?

When you do that, does a pop-up appear?
Does it have a IPv4 Settings tab?

Can you select the IPv4 Settings tab.

What is the Method: Automatic (DHCP)
 or Automatic (DHCP) addresses only
 or Manual
 or what?

I'm guessing the Method is Manual...but please tell me.

The following advice is based on the belief the Method is Manual.

Is there a Routes button?  Please press it.

Does another pop-up appear, something like Editing IPv4 routes for 
Can you add a route,
AddressNetmask   Gateway Metric
0.0.0.00.0.0.0   192.168.1.254   1

Can someone who does use NetworkManager correct the above please?
I'm sure I have things wrong since I don't use NetworkManager.
Hopefully, people can get the idea what I want tried.

Please let me know how far off I am regarding the NetworkManager GUI.

When you are done, please do either
ip route or netstat -rn
I wish to see if the default route has been added.
If you have a default route...try to ping something on the Internet.

I manage my interfaces myself...I do networking things for a living.
NetworkManager was not my friend, in the past, when it interfered with
what I needed to do...so I turned it off, and never turned it back on.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzg0KcACgkQyc8Kn0p/AZTTPwCdHKiyosgZVP2T6xhv8+3s9IWz
ncMAnjTVRt5qm1BLkygIDI+jgqddysHI
=ZkNj
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: DNS on F13

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/10/2010 10:28 AM, Paolo Galtieri wrote:
 On 11/10/10 00:13, François Patte wrote:
 Le 10/11/2010 00:14, Paolo Galtieri a écrit :
 I had configured a local DNS server under F12 and everything was working
 fine.  I upgraded the system to F13 and
 setup DNS again.  Now I see the following errors.

 Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
 dlv.isc.orghttp://dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof failed)
 resolving 'dlv.isc.org/DLV/INhttp://dlv.isc.org/DLV/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
 dlv.isc.orghttp://dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
 dlv.isc.orghttp://dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
 dlv.isc.orghttp://dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
 'howtoforge.com.dlv.isc.org/DS/IN
 http://howtoforge.com.dlv.isc.org/DS/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
 resolving 'howtoforge.com.dlv.isc.org/DLV/IN
 http://howtoforge.com.dlv.isc.org/DLV/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
 dlv.isc.orghttp://dlv.isc.org  SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
 'www.howtoforge.com.dlv.isc.org/DS/IN
 http://www.howtoforge.com.dlv.isc.org/DS/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
 resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
 http://www.howtoforge.com.dlv.isc.org/DLV/IN': 168.158.8.15#53

 I have 2 servers configured in the forwarders section of named.conf

 forwarders { 68.2.16.30; 168.158.8.15; };

 It only complains about the second one.

 I found Bug 577639 which seems related, but it's marked closed notabug.

 So if it's not a bug why am I seeing these errors and how do I go about
 resolving them?

 Is this a configuration issue on my side, or is this an issue with my ISP?

 The file /etc/named.iscdlv.key contains the correct key.

 Any assistance is appreciated.
 
 Did you test if it is not related to selinux?
 
 
 I don't believe it has anything to do with SElinux since the errors only 
 show up for one of the 2 DNS servers I have listed in the forwarders 
 entry.  Also I don't get any SElinux alert messages.

 Paolo

May we see your /etc/named.conf file please?

I am wondering if you have an old /etc/named.conf file.
Please look for /etc/named.conf.rpmnew, and if it's there,
please compare the two files, save your current /etc/named.conf,
and mv /etc/named.conf.rpmnew /etc/named.conf

When I do,
[r...@rsewill ~]# service named start
Starting named:[  OK  ]
followed by
[r...@rsewill ~]# host -a energy.gov localhost
Too much stuff got printed to reproduce here without reason
Output looks reasonable

I do not have bind-chroot installed.  Are you using bind-chroot?

For this test, I am using
[r...@rsewill ~]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64
What version of bind are you using please?

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkza40YACgkQyc8Kn0p/AZRDHQCglJg1SNUT0qN/PAWKyE1+CDHJ
VbQAn1ueb1AKs4SUXIj2iZi3CJapPrdP
=yyT5
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: DNS on F13

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 Le 10/11/2010 00:14, Paolo Galtieri a écrit :
 I had configured a local DNS server under F12 and everything was
 working
 fine.  I upgraded the system to F13 and
 setup DNS again.  Now I see the following errors.

 Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
 dlv.isc.orghttp://dlv.isc.org   SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof
 failed)
 resolving 'dlv.isc.org/DLV/INhttp://dlv.isc.org/DLV/IN':
 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
 dlv.isc.orghttp://dlv.isc.org   SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
 dlv.isc.orghttp://dlv.isc.org   SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
 dlv.isc.orghttp://dlv.isc.org   SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG)
 resolving
 'howtoforge.com.dlv.isc.org/DS/IN
 http://howtoforge.com.dlv.isc.org/DS/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof
 failed)
 resolving 'howtoforge.com.dlv.isc.org/DLV/IN
 http://howtoforge.com.dlv.isc.org/DLV/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
 dlv.isc.orghttp://dlv.isc.org   SOA: got insecure response; parent
 indicates it should be secure
 Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG)
 resolving
 'www.howtoforge.com.dlv.isc.org/DS/IN
 http://www.howtoforge.com.dlv.isc.org/DS/IN': 168.158.8.15#53
 Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof
 failed)
 resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
 http://www.howtoforge.com.dlv.isc.org/DLV/IN': 168.158.8.15#53

 I have 2 servers configured in the forwarders section of named.conf

 forwarders { 68.2.16.30; 168.158.8.15; };

I didn't see anything wrong in your named.conf or named.rfc1912.zones

I tried dig, found in bind-utils-9.7.1-2.P2.fc13.x86_64.

When I did,
[r...@rsewill etc]# dig +dnssec @168.158.8.15  energy.gov

;  DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13  +dnssec @168.158.8.15
energy.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: FORMERR, id: 28148
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;energy.gov.IN  A

;; Query time: 78 msec
;; SERVER: 168.158.8.15#53(168.158.8.15)
;; WHEN: Wed Nov 10 21:33:15 2010
;; MSG SIZE  rcvd: 39

It appears I didn't get a valid answer.

When I just changed the nameserver,
[r...@rsewill etc]# dig +dnssec @68.2.16.30  energy.gov

;  DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13  +dnssec @68.2.16.30
energy.gov
; (1 server found)
...
;; Query time: 99 msec
;; SERVER: 68.2.16.30#53(68.2.16.30)
;; WHEN: Wed Nov 10 21:34:23 2010
;; MSG SIZE  rcvd: 1720

I got a very large, which looks valid to me, answer.

If I leave off the +dnssec option,
[r...@rsewill etc]# dig @168.158.8.15  energy.gov

;  DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13  @168.158.8.15 energy.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 31441
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;energy.gov.IN  A

;; ANSWER SECTION:
energy.gov. 2380IN  A   205.254.148.200

;; Query time: 79 msec
;; SERVER: 168.158.8.15#53(168.158.8.15)
;; WHEN: Wed Nov 10 21:37:37 2010
;; MSG SIZE  rcvd: 44

I seem to get a valid answer.
The bind I am using is
[r...@rsewill etc]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64

What version of bind are you using?

I have two questions about the name server at 168.158.8.15
1) Do we know if that name server supports dnssec?

2) If it supports dnssec, can we find out what name server
   (software and version) is being used so we can search the
   Internet to see if that name server is supposed to be
   interoperable with bind-9.x.x when doing dnssec?

I am wondering why FC12 worked.
I don't know what version of bind (rpm -q bind) is in FC12.

I can see 3 possibilities why FC12 bind might have worked
1) perhaps the name server at 168.158.8.15 has a bug when doing dnssec,
   but was interoperable with the bind found in FC12, but not bind FC13.

2) Perhaps there is an error introduced into FC13

3) Perhaps, if 168.158.8.15 is not doing dnssec, FC12 bind
   would fall back to normal DNS.  I'd be surprised if FC13 bind
   didn't also fall back to normal DNS...unless there is an option
   in your /etc/named.conf telling FC13 bind to only do dnssec.
   I am still parsing those options in /etc/named.conf...if someone
   who already has 

Re: Intermittent freezing

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/29/2010 04:05 AM, Nigel Bishop wrote:
 I am running Fedora 13 with Linux Kernel 2.6.33-3.85.fc13.x86_64 with Gnome
 2.30.0 on HP laptop ProBook 4510S
 
 At times, it almost freezes, with very slow response to the keyboard. System
 monitor shows that something is hogging the CPU. Sometimes, after a few
 minutes, it recovers, other times I have to re-boot.
 
 Any ideas?
 
 Nigel
 
 

Which system monitor program are you using?

To my surprise, gnome-system-monitor shows me, under Processes, only my
processes, not all the processes in the system.

Question to everyone, is there a way to have gnome-system-monitor show
all processes, in the system, not just my processes?

The KDE system monitor, ksysguard, on the other hand, can show me all
processes in the system.

One can also run top in a shell.
If top -i is done, idled or zombied processes will not be displayed.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzKubwACgkQyc8Kn0p/AZTsFwCgiho/zN2j72lhTKzxFR3Bhhu1
OFQAn0sZdAc/PPEljKDDJqu1SpbqySXi
=lL83
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: More on DNS issue

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/23/2010 09:32 PM, Joe Zeff wrote:
 On 10/23/2010 06:58 PM, Rick Sewill wrote:
 [snip]
 Can you show your ifcfg-eth0, ifcfg-lo, and /etc/resolv.conf please?
 
 My pleasure!
 
 [r...@khorlia network-scripts]# cat ifcfg-eth0
 # Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
 DEVICE=eth0
 BOOTPROTO=none
 HWADDR=00:10:dc:3a:6b:74
 ONBOOT=yes
 SEARCH=zeff.us
 USERCTL=no
 PEERDNS=yes
 IPV6INIT=no
 NM_CONTROLLED=no
 TYPE=Ethernet
 DHCP_HOSTNAME=khorlia.zeff.us
 IPADDR=192.168.0.30
 NETMASK=255.255.255.0
 GATEWAY=192.168.0.1
 PREFIX=24
 DNS1=207.217.77.82
 DNS2=207.217.120.83
 
 [r...@khorlia network-scripts]# cat ifcfg-lo
 DEVICE=lo
 IPADDR=127.0.0.1
 NETMASK=255.0.0.0
 NETWORK=127.0.0.0
 # If you're having problems with gated making 127.0.0.0/8 a martian,
 # you can change this to something else (255.255.255.255, for example)
 BROADCAST=127.255.255.255
 ONBOOT=yes
 NAME=loopback
 DNS1=207.217.77.82
 DNS2=207.217.120.83
 
 [r...@khorlia etc]# cat resolv.conf
 # Generated by NetworkManager
 search zeff.us
 
 
 # No nameservers found; try putting DNS servers into your
 # ifcfg files in /etc/sysconfig/network-scripts like so:
 #
 # DNS1=xxx.xxx.xxx.xxx
 # DNS2=xxx.xxx.xxx.xxx
 # DOMAIN=lab.foo.com bar.foo.com
 nameserver 207.217.77.82
 nameserver 207.217.120.83
 nameserver 71.242.0.12
 
 Interesting.  I thought I'd disabled Network Manager several years ago, 
 but checking, system-config-services had it enabled.  I've tried 
 disabling it again, but don't have much faith in that anymore!

I can think of two possibilities:
1) the DNS information is first being written to /etc/resolv.conf
   when interface eth0 is brought up, and then overwritten later.

2) the DNS information is not successfully being written to
   /etc/resolv.conf when interface eth0 is brought up.

For the first possibility,
I notice /etc/sysconfig/network-scripts/ifup-post will call
/sbin/ifup-local if it exists and is executable.
Also, /etc/sysconfig/network-scripts/ifdown-post will call
/sbin/ifdown-local if it exists and is executable.
Could you create /sbin/ifup-local and /sbin/ifdown-local (or add some
lines to these files if they exist) for debugging purposes

I'm thinking something along the lines of having a file in /root that
captures what /etc/resolv.conf is each time an interface is brought up
or down...would something like the following for both files seem reasonable:
#!/bin/bash
echo # $(date) # ${0} ${1}  /root/debug-resolv-conf
cat /etc/resolv.conf  /root/debug-resolv-conf

The files, /sbin/ifup-local and /sbin/ifdown-local,
need to be executable to work.

I hope you get the idea.

For the second possibility,
I searched /etc/sysconfig/network-scripts to see what scripts have
DNS1 and found /etc/sysconfig/network-scripts/ifup-post

If I read ifup-post correctly, ... there are 2 if statements that both
need to execute for the section of code that writes /etc/resolv.conf

You have PEERDNS=yes so the first if statement,
if [ $PEERDNS != no ] ... is satisfied correctly.

Could the second if statement be failing somehow:
if [ -n $DNS1 ]  ! grep -q nameserver $DNS1 /etc/resolv.conf 
   tr=$(mktemp /tmp/XX) ; then

Assuming $DNS1 equals 207.217.77.82, and the entry is not already in
/etc/resolv.conf, the only way I can see this if statement failing is
if tr=$(mktemp /tmp/XX) fails.

It's only a guess...could selinux be causing tr=$(mktemp /tmp/XX) to
fail somehow?  When you get a repeatable failure condition, does
changing selinux to permissive mode cause things to work?
I am not sure which file(s) to examine in /var/log to find log messages
when selinux prevents an action...that might be a better way to check.

Final question, when you get a failure condition, does bringing the
eth0 interface down and up, manually, after the system is up and
running, cause /etc/resolv.conf to be written correctly?  I ask this
question because the conditions during boot might be different from the
conditions when one brings an interface up manually on a running system.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzEBrcACgkQyc8Kn0p/AZSaHACgq8Dk/FG90y49SLoz1xB8NGhu
FRMAniGdWyPJ2Iqyc6jH2IFOqB/6ivGc
=UicA
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: More on DNS issue

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/23/2010 07:59 PM, Joe Zeff wrote:
 OK, I've now rebooted, and the problem manifested again.  No surprise.
 
 Checking, both ifcfg-eth0 and ifcfg-lo have the proper DNS in them but 
 resolf.conf claims they don't.
 
 [r...@khorlia etc]# ls -l resolv.conf
 -rw-r--r--. 2 root root 317 Oct 23 17:53 resolv.conf
 
 [r...@khorlia network-scripts]# ls -l ifcfg*
 -rw-r--r--. 8 root root 343 Oct 15 00:51 ifcfg-eth0
 -rw-r--r--. 1 root root 293 Sep 15 12:30 ifcfg-lo
 
 Neither of them has changed recently, as you can see and resolv.conf was 
 rebuilt at boot.  Any ideas?

Can you show your ifcfg-eth0, ifcfg-lo, and /etc/resolv.conf please?

If you have anything you want kept private, please replace the private
information with X, Y, ...

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzDktsACgkQyc8Kn0p/AZTpfwCfYHvnGBIyDgN4Jkr+dBE+R+3b
y9EAoKXiNG6g4Xa8mhVQykpIaTZq98To
=0NH/
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Suggestions about podcast apps (rhythmbox and vlc)

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/16/2010 11:40 AM, Suvayu Ali wrote:
 Hi,
 
 I was looking for some application to listen to and maybe keep some of 
 the podcasts I want to listen to. So far I have been using rhythmbox, it 
 serves my purposes just right except when something goes wrong and the 
 database (its in XML format) goes bad. Apparently there is no way of 
 easily importing/combining databases for the podcast feeds for rhythmbox.
 
 So I tried out the latest feature enhancements in vlc, again it works 
 perfectly except that I can't save any of the podcasts.
 
 Does anyone know how to solve either of these problems? Or is there some 
 other application that meets my needs? I am open to trying new 
 applications as long as they are light on the desktop (the reason I 
 didn't like Miro).
 
 Thanks for any thoughts.
 

I use gpodder for podcasts.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky52SwACgkQyc8Kn0p/AZS6QACglZ44khJ1aGsjcVAWF8bp/UYh
jI4AoKpXd5EM51E22gEgIEEW3AAlbCYf
=rGyI
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


This is off topic, but I thought I should tell people.

This past weekend, I suffered a DOS attack launched against VOIP SIP
Clients.  The attack came, at different times, from 3 separate IP addresses.

I blocked the IP addresses using IP Tables when I discovered it.

The attack was a bombardment of several hundred SIP REGISTER requests,
per second, with a user agent of friendly-scanner.
The attack was a sustained attack over three days.

I contacted my ISP.  They told me they have taken steps.

I contacted 2 of the 3 owners of the offending IP addresses.
The third owner of the IP address was a job site address in China,
and I couldn't figure out how to contact them.

In my case, I run the VOIP SIP program, twinkle.

Twinkle started consuming vast amounts of memory, going from a normal 5
MiB usage to 500-600 MiB usage, before I realized what was happening.

Twinkle attempted to respond to each incoming packet with an outgoing
SIP error packet.

I posted a message on the yahoo group used by twinkle asking what they
could do to better handle such an attack.

If you suddenly seem to have memory problems, I suggest running
something like System Monitor to find out what applications have memory.

I also be on the lookout for unexpectedly high internet traffic.

This message is off-topic, because it is not specific to Fedora.
I thought it wouldn't hurt to let people know of this type of attack.
I hope people don't object to this off-topic post.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky3WikACgkQyc8Kn0p/AZRr+QCgnpEL5nIS5JX+0AucTKeGyrbf
ZDoAnjIFC7hVPW58sKM6tVVNSNwEN2xq
=mLHd
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: [OT] To people with VoIP SIP Clients (twinkle, etc), friendly-scanner DOS attack

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/14/2010 02:58 PM, Patrick Lists wrote:
 On 10/14/2010 09:29 PM, Rick Sewill wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 This is off topic, but I thought I should tell people.

 This past weekend, I suffered a DOS attack launched against VOIP SIP
 Clients.  The attack came, at different times, from 3 separate IP addresses.
 
 I don't see why you would want to attack a VoIP client. Maybe the dark 
 side knows something I don't. Recently I have seen an increase in brute 
 force register attacks from Chinese networks. But that was on Asterisk 
 servers. I had to block the following networks from which most attacks 
 originated:
 
 60.0.0.0/255.248.0.0
 60.8.0.0/255.254.0.0
 60.10.0.0/255.255.0.0
 
 Most other attacks came from the US, France and Brazil.
 
 Installing fail2ban may help where a single IP tries to brute force 
 itself into a SIP server. But that does not apply to a VoIP client.
 
 Would you mind sharing which networks your attacks came from?
 

I hesitate to answer, but will.

The people who own 67.222.1.124 and 184.106.213.202
were very cooperative and interested.

The Chinese IP address was 218.14.146.200.
I could connect to 218.14.146.200 port 80 and saw,
what I thought, was a Chinese job website...I don't know Chinese.
I apologize if the website is not Chinese.

The attack packets had a user agent name of friendly-scanner.

I assumed it was a version of something found at
http://blog.sipvicious.org/

I assume it was looking for an asterisk server.

Unfortunately, my twinkle client decided to reply.
I tried looking for a twinkle configuration option to tell twinkle to
just ignore REGISTER requests, to no avail.

A snippet of the twinkle log looked like the following:


+++ 12-10-2010 09:12:24.764991 INFO SIP ::process_sip_msg
Received from: udp:67.222.1.124:5092
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 67.222.1.124:5092;branch=z9hG4bK-1019189801;rport
Content-Length: 0
From: 2299812582 sip:2299812...@24.111.191.152
Accept: application/sdp
User-Agent: friendly-scanner
To: 2299812582 sip:2299812...@24.111.191.152
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 1066778109
Max-Forwards: 70


- ---

+++ 12-10-2010 09:12:24.769299 INFO SIP ::send_sip_udp
Send to: udp:218.14.146.200:5069
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
127.0.0.1:5069;received=218.14.146.200;rport=5069;branch=z9hG4bK-1124511546
To: 3096784503 sip:3096784...@24.111.191.152;tag=gusmt
From: 3096784503 sip:3096784...@24.111.191.152
Call-ID: 497952175
CSeq: 1 REGISTER
Server: Twinkle/1.4.2
Content-Length: 0


- ---

+++ 12-10-2010 09:12:24.770028 INFO SIP ::send_sip_udp
Send to: udp:218.14.146.200:5069
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP
127.0.0.1:5069;received=218.14.146.200;rport=5069;branch=z9hG4bK-404923090
To: 3096784503 sip:3096784...@24.111.191.152;tag=yrkuk
From: 3096784503 sip:3096784...@24.111.191.152
Call-ID: 1619872740
CSeq: 1 REGISTER
Server: Twinkle/1.4.2
Content-Length: 0


- ---

+++ 12-10-2010 09:12:24.770475 INFO SIP ::process_sip_msg
Received from: udp:67.222.1.124:5092
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 67.222.1.124:5092;branch=z9hG4bK-4261809208;rport
Content-Length: 0
From: 2299812582 sip:2299812...@24.111.191.152
Accept: application/sdp
User-Agent: friendly-scanner
To: 2299812582 sip:2299812...@24.111.191.152
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 2728516634
Max-Forwards: 70


- ---

+++ 12-10-2010 09:12:24.771846 INFO SIP ::process_sip_msg
Received from: udp:218.14.146.200:5069
REGISTER sip:24.111.191.152 SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5069;branch=z9hG4bK-2590771448;rport
Content-Length: 0
From: 3096784503 sip:3096784...@24.111.191.152
Accept: application/sdp
User-Agent: friendly-scanner
To: 3096784503 sip:3096784...@24.111.191.152
Contact: sip:1...@1.1.1.1
CSeq: 1 REGISTER
Call-ID: 3719869292
Max-Forwards: 70


- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAky3iqsACgkQyc8Kn0p/AZTGxgCfYOtgq3yP4qeaFTjv5gMwI6O1
4GkAoIjl3m7n5iOrNTEORClyYtUqf68E
=MMlX
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH can't connect

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/02/2010 11:32 AM, Jim wrote:
   Wether I run NX (nomachine) or SSH I get the same error message, no 
 matter what host I try to connect to.
 
 And on the host servers SSHd is running.
 And so is the Client box.
 
 Running  NX
 Error message:   ssh: connect to host 70.236.39.98 port 22: Connection 
 timed out
 
 Running $ ssh j...@70.236.39.98
 ErrorMessage:ssh: connect to host 70.236.39.98 port 22: Connection 
 timed out
 

My concern about security makes me worry about asking too much about the
host, 70.236.39.98

Unfortunately, a little more information about the host, 70.236.39.98,
might help.

Is it a dedicated always on the Internet host, or a dial-up host?

I note, when I do,
host -a 70.236.39.98

I get
;; ANSWER SECTION:
98.39.236.70.in-addr.arpa. 6995 IN  PTR
ppp-70-236-39-98.dsl.ipltin.ameritech.net.

- From the answer, is the host, 70.236.39.98, using PPP and is the host
always on the Internet, or only on the Internet when 70.236.39.98 has
outgoing traffic?

I also think I cannot get very close to the host when I do,
traceroute -n 70.236.39.98

I shouldn't be surprised that I cannot ping 70.236.39.98
A number of firewalls don't respond to ping.

Another, completely orthogonal possibility, is to ask about the ISP.
Perhaps the ISP, Ameritech, is restricting ports?
A number of ISPs restrict email ports (port 25).
I haven't heard of ISP restricting ssh ports (port 22), but need to ask.

Do you have access to iptables on 70.236.39.98?
There is a way to see the count of the number of packets each iptable
rule handles.
I think, as root, one does iptables -L -v -n
The -v verbose option causes counts to be shown.
Please see man iptables

If we believe the problem is iptables on 70.236.39.98, we should see a
count for the iptables rule that is blocking the traffic increase.

I would discourage one from showing their iptables rules willy-nilly.
Please sanitize security information shown in open forums.

People will argue, if the rules are correct, it doesn't matter if they
are shown.  I will counter by asking when does anyone, and I include
myself in this list of people who are very imperfect, have the rules
perfectly correct.

I suspect the packet isn't even getting to 70.236.39.98...but don't know
where, or why, the packet is getting dropped.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkynyo4ACgkQyc8Kn0p/AZSiRACgk7ObVoG/t1SOQCu6ZK5ul46w
zjMAoI5SkD2AD27YCn5ymMmQPpimlLbJ
=8D2u
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: I need a jabber client, like real fast

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/25/2010 11:30 AM, Robert Moskowitz wrote:
 On 08/25/2010 11:39 AM, Robert Moskowitz wrote:
 On 08/25/2010 11:27 AM, Máirín Duffy wrote:

 On Wed, 2010-08-25 at 11:11 -0400, Robert Moskowitz wrote:

  
 We are suppose to have a WebEX meeting going, but having problems.  So
 the coordinator told everyone to jump on a jabber session.

 I don't know what to use for jabber on my FC12 system.


 Empathy or Pidgin work. I believe in at least one of them they call
 jabber 'XMPP' instead of using the word 'jabber'
  
 I can't figure out in Empathy how to join jabber.ietf.org to get into
 the core session.
 

This is neat.  I didn't realize the IETF was using jabber for chats.

I'm using Pidgin because empathy doesn't support O-T-R.
I have a Mac friend who uses O-T-R when talking to me.

If I right click on Pidgin in my Notification Area,
I get the option, Join Chat...

A Window pops up, saying Join a Chat with
Account...I select one of my Jabber accounts,
such as my Google jabber account.
The Window expands to the following:
Account rsew...@gmail.com/pidgin...
Room:
Server:
Handle: rsewill
Password:

I enter hallway for the room and jabber.ietf.org for the server getting
Account rsew...@gmail.com/pidgin...
Room: hallway
Server: jabber.ietf.org
Handle: rsewill
Password:
I click Join and I am in hallway chat room at jabber.ietf.org.

The following URL describes how to set up google talk chat in Pidgin:
http://google.com/support/chat/bin/answer.py?hl=enanswer=24073

I learn something new every day.

Thank you!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx1UVAACgkQyc8Kn0p/AZR1HACfak9Qgrt3qlSTHo3m9CDYw8n7
zjEAnjtactmPfiLTunMNz0I8o3FTYqEu
=Vx72
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 11:14 AM, Zoltan Hoppar wrote:
 
 
 2010/8/20 Rick Sewill rsew...@gmail.com mailto:rsew...@gmail.com
 
 On 08/19/2010 01:08 PM, Zoltan Hoppar wrote:
 Hi,
 
 This is an smaller problem around pulseaudio. I couldn't explain
 why is
 so, but I think this is an PA bug. Currently the playback works every
 way but, recording not. When I try to use Empathy jabber voice call
 option to my partner, then rings out with voice, but after pick up
 - for
 an shiny brief moment - the mic works, after that no more - and
 pops out
 an error that couldn't link source (maybe the thread makes itsef
 suicide, perhaps?). After that I have made an second try - I have
 attached an USB soundcard - what is widely usable on many linux
 (it uses
 Cystal Sound chipset). The result was disappointing - here the mic
 worked as should, but I heard no voice in my headphone, nor even at my
 speakers.
 Anybody could confirm this is an bug? Is there a known solution?
 
 
 PS: If needed, I'm ready to debug.
 
 Thanks,
 
 Zoltan
 
 --
 PGP:  06853DF7

I have an idea about the microphone.

When running pavucontrol, under Input Devices, do you have more than
one port?  I discovered I have, Microphone 1, Microphone 2, and
Line-In when I look at Port: one of those names.  Given where I
plugged in my microphone, I believe I need to have Microphone 1
selected as the port for my microphone to work.

Could you check if you have multiple ports, and try changing the port,
and see if the microphone works if a certain port is selected?
I would try this test without the second USB sound card.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 12:35 PM, Zoltan Hoppar wrote:
 I think this will be the problem - I have only one input device called
 Analog Stereo. No line in or whatever...
 
 Next?
 

I'm stuck.

I expected to see, in pavucontrol, Input Devices, something like,

Internal Audio Analog Stereo,  ... a button to mute, a button to lock
channels together, a button to set as fallback,

and then under that
Port: I have Microphone 1 selected, other choices Microphone 2, and
Line-In

And then
Front Left volume slider
Front Right volume Slider

and then a bar showing audio activity.

You might have something different than Front Left and Front
Right...I don't know.

I don't know how to proceed from here.

Can others answer if it's normal to not have a Port:, if the card
doesn't support multiple ports?

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

On 08/20/2010 01:06 PM, Zoltan Hoppar wrote:
 Rick, here is the pavucontrol input devices picture.
 
 http://img443.imageshack.us/img443/8031/inputdevices.png
 
 Zoltan
 

It appears you have two input devices.

One is the RS880 Audio Device.
One is the Bels? hangforr?? Analog Stereo device.

Please accept my apology for using ? for non-English characters.
I don't know how to enter non-English characters.

I'm not sure what the Monitor of ... entries are for.
I ignore them (can someone tell us what they are for?).

When you run paman (from rpm -q -i paman), it should show
Server Information as the first tab, Devices as the second tab,
Clients as the third tab, Modules as the fourth tab, and finally
Sample Cache

For Server Information, what is the Default Sink and what is the
Default Source.

I have, for Default Sink, alsa_output.pci-_00_10.1.analog-stereo
Default Source, alsa_input.pci-_00_10.1.analog-stereo

For devices, I have
Sinks
alsa_output.pci-_00_10.1.analog-stereo  Internal Audio Analog Stereo

Sources
alsa_output.pci-_00_10.1.analog-stereo.monior
 Monitor of Internal Audio Analog Stereo
alsa_input.pci-_00_10.1.analog-stereo   Internal Audio Analog Stereo

This leads to my questions:
1) do you have alsa_input.xxx... for each microphone input source?
   I would ignore the Monitor of ... entries.
2) On the Server Information tab, what is the default Source when
   you do not have the USB sound card in, and what is the default Source
   when you have the USB sound card.

I still suspect you have to select your default source and default sink.

I did another Internet search...don't know if it will help:
http://wiki.archlinux.org/index.php/Allowing_Multiple_Programs_to_Play_Sound

Please search for Random Lack of Sound:

 Random Lack of Sound

If you randomly have no sound on startup, it may be because your system
has multiple sound cards, and their order may sometimes change on
startup. If this is the case, then change this section of /etc/asound.conf:

ctl.dmixer {
type hw
card FOO
}

Replace FOO with the desired audio device, as reported in the
/proc/asound/cards file. An example of the file is shown below.

 0 [U0x46d0x9a1]: USB-Audio - USB Device 0x46d:0x9a1
  USB Device 0x46d:0x9a1 at usb-:00:12.2-2, high
speed
 1 [SB ]: HDA-Intel - HDA ATI SB
  HDA ATI SB at 0xf9ff4000 irq 16

Device 0 is the microphone built into a webcam, while device 1 is the
integrated sound card. If you've copied the /etc/asound.conf from above
as is, alsa will attempt to initialize the microphone as an audio output
device, but will fail and you will have no sound. Rather than setting
FOO to the number, you set it to the name next to the number, like so:

ctl.dmixer {
type hw
card SB
}

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No keyboard or mouse under X - How to debug udev?

[Rick Sewill]

On 08/19/2010 08:17 AM, Mike Fleetwood wrote:
 Hi,
 
 Quick background:
 I have Fedora 12 installation recently transferred to new hardware
 with embedded ATI Radeon HD 4250 GPU.  The ATI/Radeon X11 driver
 didn't support the GPU and the VESA X11 driver just switched the
 monitor into power saving mode.  Upgraded just X11 (and udev and
 kernel dependencies) to versions from Fedora 13.  ATI/Radeon X11
 driver now works and my desktop is displayed but X11 finds no keyboard
 or mouse.
 
 Worked around this by adding the following to /etc/X11/xorg.conf, to
 tell X11 not to rely on udev to provide keyboard and mouse details.
 Section ServerFlags
 
 Option AutoAddDevices off
 
 EndSection
 
 
 Question:
 How do I investigate udev to see why X11 isn't getting a keyboard and mouse?
 
 Thanks,
 Mike

I do not think it's a good idea to mix/match Fedora 12 and Fedora 13
versions of X11, udev, and kernel dependencies.  I would suggest doing a
full upgrade to Fedora 13, if possible.

Having expressed my concern, I'd suggest looking at /var/log/Xorg.0.log
to see if there are any messages from X11 in regard to the mouse or
keyboard.  I'd also try booting Fedora 12 (or is it Fedora 13) in
inittab 3, and start X11 manually using startx, to see if there are any
messages printed when X11 starts/stops.  I can think of little else.

Others will be able to give better advice.  They will probably ask which
kernel dependencies were upgraded.

Perhaps, to get others to give better advice, it might be good to
explain why you need to mix/match between Fedora 12 and Fedora 13.

Again, I think it's a bad idea to mix/match things from different
versions.  I doubt if one could ask developers or post a bugzilla report
asking for help.  Personally, I wouldn't do this.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Pulseaudio error on HP Probook 4515s

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 08/19/2010 01:08 PM, Zoltan Hoppar wrote:
 Hi,
 
 This is an smaller problem around pulseaudio. I couldn't explain why is
 so, but I think this is an PA bug. Currently the playback works every
 way but, recording not. When I try to use Empathy jabber voice call
 option to my partner, then rings out with voice, but after pick up - for
 an shiny brief moment - the mic works, after that no more - and pops out
 an error that couldn't link source (maybe the thread makes itsef
 suicide, perhaps?). After that I have made an second try - I have
 attached an USB soundcard - what is widely usable on many linux (it uses
 Cystal Sound chipset). The result was disappointing - here the mic
 worked as should, but I heard no voice in my headphone, nor even at my
 speakers.
 Anybody could confirm this is an bug? Is there a known solution?
 
 PS: If needed, I'm ready to debug.
 
 Thanks,
 
 Zoltan
 
 -- 
 PGP:  06853DF7
 

Usually, when I say things about Pulse Audio, others gently correct me.

Sounds like you have two separate problems...without the USB sound card,
your microphone stops working.

With the USB sound card, your speakers/headphones stop working.

I think you need to debug each problem separately.

Do you have pavucontrol installed?
rpm -q -i pavucontrol -- yum install pavucontrol

I'd check what pavucontrol tells you about the volume settings for your
input devices and output devices.  Please make sure nothing is muted.

When you add the USB sound card, I'd expect separate controls for the
second sound card.

I only have one sound card...I'd expect Pulse Audio to supply a way to
select the sink (speaker/headphone) and the source (microphone) to use
when you have multiple sound cards.  I'm not sure how to select the
source or sink when one has multiple sound cards.  Hopefully, others
will answer.

Before running empathy, does your microphone work when you do not have
the USB sound card?  After running empathy, do you need to reboot to get
your microphone to work?  If you look at the pavucontrol settings for
the microphone before starting empathy and compare those settings after
you start empathy, what changes?

Before running empathy, your speaker/headphones work when you have a
second sound card?  After running empathy, do you need to reboot to have
your speaker/microphones work?  What pavucontrol settings change for
your speaker/headphones?

I always look at http://www.pulseaudio.org/wiki/PerfectSetup when I have
problems with Pulse Audio...nothing jumps out at me that may help you.
I'm curious what does Empathy think it's using for sound?  Is it Alsa or
what?

Is there anything in /var/log/messages from pulseaudio when you run empathy?

Some bug reports suggest doing pulseaudio -vvv.  Normally, pulseaudio
is running as a user startup application (or so I think).  Can one do
kill pulseaudio
pulseaudio -vvv  somefile.txt
and see if there are any useful pulseaudio messages.
I have no idea what pulseaudio -vvv produces...it may be lots of output.
pulseaudio -vvv may have so many messages audio quality will be bad.

My best guess, if the pavucontrols look correct after running empathy,
but the microphone or speakers/headphones stop working, I'd suspect
Pulse Audio or Alsa or both.  If the volume controls are being changed,
I'd wonder what empathy is doing.

I haven't tried empathy yet...I should.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxt59kACgkQyc8Kn0p/AZRxvQCeO2FsDl69Z74BgFSlbumycOzZ
y3sAn2MeH/H1jcY7nxt8Dn+uluaICbPH
=JgtC
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sound Streaming Problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/30/2010 10:43 AM, Oliver Ruebenacker wrote:
  Hello,
 
   I have a recurring problem with sound streaming with Fedora 13 (and
 earlier versions - I am having this problem for quite a while, across
 different Fedora versions) on my Dell Latitude 820 laptop. This
 affects equally the sound of YouTube videos and music CDs. Sometimes
 it works flawlessly, sometimes there is no sound, and sometimes the
 sound cycles through short intervals, like a stuck record, but with
 faster repetitions.

Someday, I will be proficient with Fedora Sound, but I'm not there yet.

I think you looked for a pattern to get an idea what is happening.
- From your message, I don't think you found any pattern.
It can be quite frustrating.

Could you be having multiple problems?

When you said you had youtube videos stuttering, I thought of
Internet latency, but you wouldn't have that issue with music CDs.

When having a problem, I would focus on the simplest problem first.
If possible, focus on the problem with music CDs to rule out networking.

You might have music CD stuttering issues if a program were hogging the
CPU.  Is there any program, in the background, that might hog the CPU?

 
   Occasionally, restarting the application (Firefox, Rhythmbox, etc)
 helps, often it does not. Sometimes, logging out and back in helps,
 sometimes it does not help. On rare occasions, changing the volume
 control helps (when I'm not listening, I usually keep the volume at
 zero, and it sometimes seems as if the system has not noticed that the
 volume has been turned up, until I turn it up some more).
 

Does the problem happen in the middle of playing something or always at
the beginning?  Does the problem ever clear itself, in the middle of
playing something, without you intervening?

There are multiple sound drivers in Linux.
There are multiple sound servers in Linux.
When I say sound system below, I am referring collectively to what sound
drivers and sound servers you are using.

What sound systems being used may have a bearing on your problem.

As far as your configuration, what sound system are you using?
Are you using Pulse Audio -or- are you using Alsa directly?
Are you using something else?

I am using pulseaudio so I have /usr/bin/pulseaudio running.
I can also see that pulseaudio is running by using the pacmd.
pacmd is in rpm -q -i pulseaudio-utils
I can do pacmd stat to get a quick status of pulseaudio.

   I tried different plugins/add-ons with Firefox, and different
 application to play the music CD, but it does not seem to make a
 difference.
 

- From this, I will assume it is the sound system, or something happening
in the background in your PC, not a specific program.

   What can I do? Thanks!
 

I will assume you keep your RPMs up to date.

I believe more information on your configuration is needed.

Please check what programs are running in the background.
Try to rule out programs hogging the CPU.

Please provide more information on your sound system configuration.

Knowing your configuration, I would start looking through bugzilla.
I would start searching the internet for people having similar problems.

Assuming you are using Pulse Audio, I would look at
http://pulseaudio.org/wiki/PerfectSetup
http://pulseaudio.org/wiki/FAQ

Your configuration might have sound going directly to Alsa.
I'm not sure what to suggest in this case.  Perhaps looking at
http://alsa.opensrc.org/index.php/Main_Page
Perhaps, http://alsa.opensrc.org/index.php/FAQ

If you are using Pulse Audio, I believe the following:
Currently, I believe Pulse Audio is an abstract layer acting like a
generic interface for sound, providing certain higher level features.

Pulse Audio talks to Alsa.  Also, in turn, talks to the Alsa sound
device drivers that talk to the hardware.

Pulse Audio provides APIs for programs that think they are talking to
Alsa so those programs really talk to Pulse Audio, which in turn,
talks to Alsa.

If you are using Alsa directly, I believe the following:
Alsa provides its own API for programs.  Alsa talks to the Alsa sound
drivers which control the hardware.

You might not be using Pulse Audio or Alsa at all.
You might be using OSS.  I believe OSS is a competitor to Alsa.
http://en.wikipedia.org/wiki/Open_Sound_System
I believe OSS has its own sound drivers that talk to the hardware.

I found a URL talking about Linux sound, which predates Pulse Audio.
http://www.linux.com/archive/articles/113775
It is old webpage, but still interesting.

I think Linux sound is still evolving.
I know my understanding of Linux sound is still evolving.
I expect and welcome others correcting me each time I comment on sound.

There are many people who stay with one sound server or another,
one set of sound drivers or another, who are far more knowledgeable.
Hopefully, they will be stirred to comment once they know more about
your sound system configuration.

-BEGIN PGP SIGNATURE-
Version: GnuPG 

Re: Crontab as alarm clock with ogg123

[Rick Sewill]

On 07/24/2010 02:55 PM, Robert Arkiletian wrote:
 Hi,

 Using 'crontab -e' I set crond to play an ogg music file with ogg123.
 But it only plays it if I'm logged in.
 How does one make it play even if a different user is logged in or
 nobody is logged in?

 To debug I tried su - to another user and play the file. I got error

 ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect:
 Connection refused

 === Could not load default driver and no driver specified in config
 file. Exiting.

 So I'm thinking it's the same infrastructure to prevent others music
 playing when you switch users. But in my case I *want* it to play. Any
 ideas?


Ideas, yes.  Solutions, no.  Pulse Audio still confuses me.
I'm almost afraid to comment.  Give me courage.

I am guessing, but think the Pulse Audio Daemon is normally per user.

When a different user is logged in, that user starts Pulse Audio.
Your cron job won't talk to the other user's Pulse Audio Daemon.
Your cron job doesn't have the correct cookie.

Your cron job won't be able to start a working Pulse Audio Daemon.
The other user's Pulse Audio Daemon has the hardware.

Please, someone who understands this better, tell me if I'm correct.

If the above is the problem, there are, perhaps three ways to fix this.
Two ways, are similar to Pulse Audio problems described in the FAQ.

People wanted to know how to make sound work when switching users.
In Linux, we have a User Switch Applet letting us switch users.
http://www.pulseaudio.org/wiki/FAQ#Sounddoesntworkwhenswitchingusers
The above suggests using ConsoleKit.
I am guessing ConsoleKit defines cookies for sharing resources.
If a user has the cookie, that user can use the resource.
I don't understand how to use ConsoleKit cookies with Pulse Audio.
The cookie must be somewhere in the user's home directory.

People wanted to know how to configure Pulse Audio for over the network.
The idea would be to have your cron job talk to the user's Pulse Audio
as if your cron job audio were coming over the network.
http://www.pulseaudio.org/wiki/FAQ#HowdoIusePulseAudiooverthenetwork
I don't fully understand this choice either.  I think,
copy ~/.pulse-cookie to all clients that shall be allowed to connect 
may be necessary, but not sufficient.

Another choice is to run the Pulse Audio Daemon in system mode.
http://www.pulseaudio.org/wiki/SystemWideInstance
The above URL warns people not to run Pulse Audio in system mode.

I don't think I'd want to run Pulse Audio in system mode.
If possible, I'd like to know how to use these cookies.
It seems cookies are needed when switching users or over the network.

Hopefully someone who understands these choices can explain them to us.
Hopefully they can also explain which choice is best for you.
Hopefully they will give us a cookbook for setting up the best choice.
If these are not good choices, hopefully they will offer another choice.

Some may say Pulse Audio is getting in the way and should not be used.
I don't wish to participate in the Pulse Audio is good or bad debate.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Phone calls from laptop

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2010 01:13 AM, RAMAKISHOREBABU KOPPULA wrote:
 
 
 On Thu, Jul 15, 2010 at 11:54 PM, JD jd1...@gmail.com
 mailto:jd1...@gmail.com wrote:
 
  On 07/15/2010 11:20 AM, Frank Murphy wrote:
  On 15/07/10 10:37, RAMAKISHOREBABU KOPPULA wrote:
  My laptop has a internal modem and RJ-11 connector. I want to connect
  the phone line to the laptop and by using head phones I want to make
  calls. How to do this? Is there any software available to do this?
 
  Kishore
 
  Maybe?
 
  yum install ekiga
 
  Upstream:
  http://www.ekiga.org/
 
 
 That's not what the user wants.
 He just wants an app that will use the regular standard phone line
 to make person to person calls using the local telco service.
 He is not asking for a VOIP solution.
 
 Ekiga (formerly called GnomeMeeting) is a VoIP and video conferencing
 application for GNOME and Windows. ...
 
 
 Yes, you are correct.
 
 Kishore
 
 --

Not quite what you what, but something interesting to look at.
The Fedoraproject is trying to use VoIP for communications.

Please see, http://talk.fedoraproject.org/

For VoIP software,
please see http://talk.fedoraproject.org/setup-local-system

twinkle, empathy, ekiga, are VoIP softphones.  They are tools.
They use the SIP VoIP protocol.

Ekiga used to be gnome-meeting, compatible with Microsoft Netmeeting,
running the H.323 protocol Microsoft Netmeeting used.  Ekiga supports
both the H.323 protocol and the SIP VoIP protocol.

In order to do what you want, if you wish to use a SIP softphone, you
would need an account with a provider, that works with SIP softphones,
who let's you make landline calls from your VoIP softphone.
You would configure your VoIP softphone to use that provider.

In the case of most SIP VoIP softphones, you can configure multiple
providers.  There will be multiple providers.  You will need to search
the Internet to comparison shop.

I have not tried empathy.  I tried ekiga and twinkle.
I had better luck with twinkle and currently have twinkle running with
accounts on talk.fedoraproject.org and sipphone.com.

There are a large number of VoIP SIP providers.  They come and go.
Each VoIP SIP provider can be thought of as an island of VoIP SIP users.

There is a community that is trying to join these islands together.
Please see URL, http://sipbroker.com/sipbroker/action/login
The list of VoIP SIP providers, that I have found, is
http://www.sipbroker.com/sipbroker/action/providerWhitePages
The list of PSTN access numbers, that I have found, is
http://www.sipbroker.com/sipbroker/action/pstnNumbers

I should mention what a PSTN access number is.  Some SIP providers have
PSTN access numbers.  People, who do not near their VoIP SIP softphones
can call these PSTN access numbers to get into the SIP provider's
network letting the person call a PC from a landline or mobile phone.

Please note what I said about each provider being an island.  The
provider may (or may not) let one use the provider's PSTN access number
to call a person's softphone in a different island.  Hopefully, they do,
but it is their service and they do what they wish.

I do not make landline calls so can't answer what provider I'd use for
landline calls.

People have mentioned Skype.  Skype can also be thought of as an island
of people who use Skype for VoIP.  Partly, skype defines a proprietary
protocol for doing VoIP over the Internet.  Skype's protocol is
proprietary, so we don't get to see what their protocol actually is.
Skype is more than just a proprietary protocol and software running on
your PC.  Skype is run by one company.  That company is your provider
and will make landline calls when you use Skype.  You will need to check
their prices for providing this service.

I tried running Skype to talk to other people who were using Skype, as a
communications tool, at a place where I worked.
I found it was better to install Skype on the Windows PC, they provided,
rather than install it on my Fedora Linux PC.  I had problems with Skype
on my Fedora Linux PC.  This was some years ago.  Hopefully, Skype works
better on Fedora Linux now.

Other notes: I had problems, using the VoIP SIP protocol, through
firewalls and behind NAT, in the past.  Hopefully, those problems have
been fixed.  Currently, I am not behind NAT, so I can't give an answer.

What I will say about Skype...when it works...it just works.  It is easy
to install.  It works around firewalls and NAT and everything.
Personally, I do not trust Skype.  It is proprietary.  It works very
hard to get around security mechanisms.

Given my current Internet configuration, I would become a Skype
supernode if I ran Skype on my Linux PC.  Couple that with the fact my
ISP is going the bandwidth CAP route, I would probably exceed my ISP's
bandwidth CAP and suffer the consequences.

Off the topic, I am in the process of trying to switch ISPs.

Re: sshd Authentication refused

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


 
 The keys work except for ssh Fedora 12 - Fedora 13. If you ssh
 Fedora 13 - Fedora 12 or ssh Fedora 12 - Fedora 12 they work. If you
 provide a password when sshing Fedora 13 - Fedora 12 it works. Just
 need to solve the issue of needing to provide a password.
 

I assume ssh Fedora 13 - Fedora 13 works.

Could you compare the /etc/ssh/sshd_config file on Fedora 12 with the
/etc/ssh/sshd_config file in Fedora 13?  Just guessing, but perhaps
there is some option in the Fedora 13 sshd_config that needs tweaking.

I looked at http://www.openssh.org/faq.html
The faq said,
3.14 - I copied my public key to authorized_keys but public-key
authentication still doesn't work.

Typically this is caused by the file permissions on $HOME, $HOME/.ssh or
$HOME/.ssh/authorized_keys being more permissive than sshd allows by
default.

In this case, it can be solved by executing the following on the server.

$ chmod go-w $HOME $HOME/.ssh
$ chmod 600 $HOME/.ssh/authorized_keys $ chown `whoami`
$HOME/.ssh/authorized_keys

If this is not possible for some reason, an alternative is to set
StrictModes no in sshd_config, however this is not recommended.

I am wondering what happens if you put StrictModes no in the
Fedora 13 /etc/ssh/sshd_config file.  This would only be for a test.
They specifically said they do not recommend doing this so I wouldn't
leave this option set this way, but I'm curious what happens.

Clarification please: is it true public key authentication doesn't work,
Fedora 12 - Fedora 13?  Does password authentication work,
Fedora 12 - Fedora 13?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw9a70ACgkQyc8Kn0p/AZTcBwCfRbs3EwkbC5acm2jWwYS4M8pv
B/gAnj16vKbcIxswBfyx4BXagwKfhBhB
=JXkJ
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH / permissions problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2010 10:49 AM, Gary Stainburn wrote:
 Hi folks,
 
 This seems like de ja vu, but I can't find anything in the archives.
 
 I've got F13 on my laptop, and also on a new virtual server.
 
 I've copied my home directory from my old server to my new one and then tried 
 to ssh to the new server.  However, I have a problem
 
 If I ssh to root on the new server everything is fine, but if I ssh to my 
 user 
 I get errors and X forwarding doesn't work.
 
 Can anyone suggest things for me to look at / try.
 
 Gary
 
 [g...@dcomp5 ~]$ ssh -Y -C lcomp3 -l root
 r...@lcomp3's password: 
 Last login: Tue Jul 13 16:04:20 2010 from gary.ringways.co.uk
 [r...@lcomp3 ~]# kcalc 
 [r...@lcomp3 ~]# logout
 [g...@dcomp5 ~]$ ssh -Y -C lcomp3
 g...@lcomp3's password: 
 Last login: Tue Jul 13 15:55:16 2010 from gary.ringways.co.uk
 /usr/bin/xauth:  timeout in locking authority file /home/gary/.Xauthority
 [g...@lcomp3 ~]$ kcalc
 X11 connection rejected because of wrong authentication.
 kcalc: cannot connect to X server localhost:11.0
 [g...@lcomp3 ~]$ 
 

If root works, but your local user does not, and you appear to have
gotten beyond the initial login sequence--it seemed to accept password
authentication in both cases--I would suspect something in one of your
~/.bash* files.  I've been burned, multiple times, having something in
my .bashrc or .bash_profile that does something interactive,
forgetting an ssh shell is batch.

I have the same problem when I try to do things in a cron job when I
forget a cron job is also batch.

I have carefully separated my .bash_profile and .bashrc file into those
parts I always want done and those parts that are interactive.

I place a check in my .bashrc file to prevent interactive stuff being
done in a batch job.

# check for shell is not interactive
[ -z ${PS1} ]  return

As a quick test, could you save your .bash_profile and .bashrc files,
get the default files, and see if you can ssh in?  The default files
should be found /etc/skel/.bash_profile and /etc/skel/.bashrc

Also, I strongly recommend you disable ssh root login and have people
first log into their own account and then su to root.  To disable root
login, please look at /etc/ssh/sshd_config.
In this file, I have
PermitRootLogin no

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8swIACgkQyc8Kn0p/AZRgbACffvA3UUlqVw4ICErb/H7NfLk0
8AcAoKe0WgTDz7OwcDb6gPjjXvjNxJz8
=K3YZ
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: sshd Authentication refused

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2010 01:43 PM, Kevin Fenzi wrote:
 On Tue, 13 Jul 2010 11:16:46 -0700 (PDT)
 David Highley dhigh...@highley-recommended.com wrote:
 
 New install of Fedora 13 we get the following /var/log/secure entry
 when we ssh from a Fedora 12 system to the Fedora 13 system:
 Authentication refused: bad ownership or modes for
 file /home/dhighley/.ssh/authorized_keys

 We have checked and tried different modes until we are blue in the
 face. Have read the upates notes for openssh and Fedora 13 release.
 Googled the net for know issues and bugzilla.redhat.com. We did check
 for selinux blocks and found none.

 User home directory is auto NFS mounted and we use NIS. This works
 Fedora 12 to Fedora 12.
 
 You may want to use 'ssh-copy-id' to copy the key over to the f13
 system. That will setup the right permissions and such automatically
 for you. 
 
 Also, you will want to see if there are any selinux alerts on the f13
 machine. 'ausearch -m avc -ts today' can list the ones from today. 
 
 kevin
 

I cannot explain how f12 -- f12 works, but f12 -- f13 does not.
I can only guess there is something different for the NFS mount -or-
something different regarding NIS.

=

One possibility, which I consider very, very remote is the following.

I may be wrong but I think the ownership and modes for all the parent
directories from your /home/dhighley/.ssh directory also matter.

I assume you made sure /home/dhighley/.ssh is mode 700.
What is the mode of /home/dhlighley?  Is it 755 (I think that's okay).
I think any write mode for group or other would be bad.
I assume /home/dhlighley is owned by you, the user.

What about /home?  Who owns it?  What is it's mode?
I think root must own it.
I think only root should have write access to it.

I actually assume the ownership and modes are all correct...the
possibility of this being the problem seems exceedingly rare to me, but
please check.

=

Another possibility, which I also consider remote, but is worth asking.
On the f13 machine, when you log in as dhlighley, is the user name only
found in NIS?  On occasion, if one is testing something new, one might
put in a local account in the /etc/passwd file, and forget it is there.
Depending on your /etc/nsswitch.conf file, the local file is probably
checked before NIS.

Sorry, can't think of anything else.  Others have already mentioned selinux.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw8ubMACgkQyc8Kn0p/AZSC9wCePd3r5B52EBYAQ7mQtRsPWeql
99AAn2UBA4uvL7lvX9zBF2mm82OYObu9
=xTPl
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Help me troubleshoot this problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


 Having said the above, if you suspect an acpi or apic problem,
 the URL: http://fedoraproject.org/wiki/KernelCommonProblems
 says,
 acpi=off is a big hammer, and if that works, narrowing down by trying
 pci=noacpi instead may yield clues
 It also says, nolapic and noapic are sometimes useful

 
 A quick update. I tried the acpi=no option and so far, so good. I have even 
 brought it back into X windows and ran some yum updates to apply some stress. 
 I'll leave it in this state until tomorrow evening just to make sure. Then 
 I'll try the smaller hammers. 
 
 Question showing my ignorance of what acpi is. If pci=noacpi works or does 
 not work, what clues is that giving me?
 

I didn't respond earlier because we've reached my level of ignorance too.

If I were you, I might try to narrow the problem a little further.

Eventually I would write a Bugzilla bug report telling the maintainers
the symptoms, what I had done, including things that didn't work as well
as things that seemed to work.

If I had a workaround, I wouldn't expect much help from a maintainer
because I would assume they have other problems to solve where a
workaround is not known.

If my Bugzilla bug report happened to be in an area a maintainer was
already digging in, the maintainer might take an interest and ask me to
do things to help gather more information.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0eoUACgkQyc8Kn0p/AZR50wCcDs5oxFPA5YEY7WxUzXnx5y1w
YQQAnRj/zLTrSXXOVqxTsHfkP2golkvs
=LcJc
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/06/2010 10:38 AM, Bill Davidsen wrote:
 Rick Sewill wrote:
 On 07/05/2010 10:23 PM, Rick Sewill wrote:
 .
 I am wondering if OSS is enabled on your system.

 Please look for things related to OSS in
 /etc/modprobe.conf (if it exists)
 and /etc/modprobe.d
 Please make sure the line in /etc/modprobe.d/dist-oss.conf is
 commented out.

 Please do, lsmod | grep snd
 Please make sure there is nothing like snd-pcm-oss or snd-seq-oss
 installed.

 I think you have this totally backward. There are many applications which use 
 the /dev/dsp* devices, and which will produce no sound unless they are 
 present. 
 In fact, I think the majority of older hardware does not have support for 
 sound 
 other than oss. As I look at my newest TV card it has stuff in /dev/dvb, 
 while 
 the other 4-5 cards which have been happily in use do not.
 
 To test (as root):
modprobe -v snd-pcm-oss
{test applications for sound here}
 
 A lot of people have functional old hardware they can't replace, for 
 financial 
 or technical reasons. That's why there is oss support, to support the 
 hardware 
 which needs it.
 

This is something I didn't know.  As I said, audio still confuses me.

Our goal should be to help the original poster.

In this regard, this new information raises a number of questions.

I am hoping someone will say there is a wiki or web page that answers
these questions (and questions I didn't think of).

The questions, I hope, which might be of use to the original poster are
as follows:
1) for what hardware should one use OSS as opposed to Pulse Audio.
   I did a quick internet search, but failed to find such a list.
   I am hoping others can help.

   This question is to help the original poster decide if they should
   switch to OSS and see if it works.

2) How does one tell if OSS is being used?
   I assume, if I do lsmod | grep oss, I will see if the OSS modules
   are being loaded.

3) How does one switch from Pulse Audio to OSS?
   I assume one needs to edit files in /etc/modules.d/*.conf
   or /etc/modules.conf.
   Files to be edited might include dist-oss.conf and blacklist.conf
   and others?  Am I right?

   Are there other files one needs to edit?
   Are there any rpms one needs to install?
   Are there any rpms one needs to remove?

   Are there any application configuration changes one needs to make?
   I assume applications can be configured to use the OSS api, as well
   as the ALSA api and/or Pulse Audio API.

4) How does one switch from OSS back to Pulse Audio?
   Is the answer to this the inverse of the answer to question 3?
   I.e., edit files /etc/modules.d/*.conf or /etc/modules.conf
   Install certain rpms?
   Remove certain rpms?

5) is there a web page that describes the tools one uses when using OSS?
   Are these the tools: http://www.opensound.com/ossapps.html#mixer

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0f/IACgkQyc8Kn0p/AZRCogCgqMIl3yxUUveNk+MNcnvhq0um
sRkAoIsCgZcczEiEWmrk2gY+ZxljtbJf
=Uu8V
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On a different track, again to help the original poster.

In other messages on this thread, it sounded like the original poster
was using a driver, ens1370, which some people thought was suspect.

Is there a tool that can talk directly to the driver, bypassing Alsa,
OSS, Pulse Audio, everything, so one can see if the driver can generate
sound through the card?

We will probably need to know all the steps to use such a tool?

For example, wouldn't we need to stop certain services or applications
that might have exclusive use of the driver/device/card?

==

Another question, in regard to this ens1370 driver, are there any
/var/log/messages regarding this driver.

==

Another question, should the original poster try OSS?

- From the /var/log/messages in another message from the original poster,
Jul  4 14:55:03 davehost pulseaudio[2120]: alsa-util.c:
snd_pcm_avail() returned a value that is exceptionally large:
18446744073709522368 bytes (418293516244 ms).
Jul  4 14:55:03 davehost pulseaudio[2120]: alsa-util.c: Most likely
this is a bug in the ALSA driver 'snd_ens1370'. Please report this
issue to the ALSA developers.

Is it possible OSS would use a different driver and have more success
with that driver?  Is the ens1370 driver an ALSA driver?

==

Another question regarding what is in the /var/log/messages please?
Are there many Pulse Audio messages just prior to this message that says
value that is exceptionally large?

I ask, because, I tried searching Bugzilla for similar bugs.
Some bug reports indicate sound continued to work, but there was
stuttering.  Others said sound stopped working after a few minutes.  One
said sound did not work.

Following said sound stopped working after a yum update:
https://bugzilla.redhat.com/show_bug.cgi?id=572322

Following said log of alsa-util's messages about snd_hda_intel
malfunction and When I try to obtain Surround 4.0 sound instead of
classic Stereo sound from a soundcard capable of Surround 5.1 I see in
/var/log/messages
https://bugzilla.redhat.com/show_bug.cgi?id=537714
This bug report brings up a question about the Sound Blaster card,
(again I am showing my ignorance), does the Sound Blaster Card support
multiple variations in sound (Surround sound, classic stereo, etc)?
Do any of these other variations in sound work?

Finally, is the Pulse Audio server crashing?  I found the following bug
report, which said pulseaudio is crashing?
https://bugzilla.redhat.com/show_bug.cgi?id=530650

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkw0ikQACgkQyc8Kn0p/AZRb8ACfWi9Ky/zE8Wbfgtl6uZPD4pqd
I2EAoJVwUAL7JjzBF2RZX/Xovp0udAfw
=nNgw
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

On 07/05/2010 10:23 PM, Rick Sewill wrote:
 On 07/05/2010 09:26 PM, Dave Stevens wrote:
 Quoting JD jd1...@gmail.com:
 
 Can you post output of lspci?

 sure, here:

 00:00.0 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a2)
 00:01.0 ISA bridge: nVidia Corporation MCP55 LPC Bridge (rev a3)
 00:01.1 SMBus: nVidia Corporation MCP55 SMBus (rev a3)
 00:02.0 USB Controller: nVidia Corporation MCP55 USB Controller (rev a1)
 00:02.1 USB Controller: nVidia Corporation MCP55 USB Controller (rev a2)
 00:04.0 IDE interface: nVidia Corporation MCP55 IDE (rev a1)
 00:05.0 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:05.1 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:05.2 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:06.0 PCI bridge: nVidia Corporation MCP55 PCI bridge (rev a2)
 00:08.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
 00:09.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
 00:0a.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0b.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0c.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0d.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0e.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0f.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] HyperTransport Technology Configuration
 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] Address Map
 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] DRAM Controller
 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] Miscellaneous Control
 01:06.0 Multimedia audio controller: Ensoniq ES1370 [AudioPCI]
 05:00.0 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
 Bridge (rev 07)
 05:00.1 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
 Bridge (rev 07)
 08:00.0 VGA compatible controller: ATI Technologies Inc Radeon HD 4770 
 [RV740]
 08:00.1 Audio device: ATI Technologies Inc RV710/730

 and for what it's worth I'm curious why my video card shows up as an  
 audio device.

 
 I don't know if it will be useful, but can you do, as root,
 lspci -vvv -s 8:00.1
 I assume there will be a kernel driver in use.
 
 Sound has always confused me.  Let me see if I can get this right this
 time.  Every time I try to explain sound, someone (correctly!) dings me.
 
 Pulse Audio provides a framework through which applications should do
 audio (microphone/speakers/etc).  Pulse Audio speaks to Alsa.
 
 Alsa speaks to the driver that actually drives the audio hardware.
 Then there is the driver, itself, which drives the hardware.
 
 Pulse Audio is supposed to provide a consistent interface to audio.
 
 Before we had Pulse Audio, applications would speak with alsa
 (or with ESD which also was supposed to provide a consistent interface
 to audio).  I guess an application could also talk to the driver itself,
 but I would hope this to be rare.
 
 Now, I believe, we have the following:
 Pulse Audio provides the consistent interface.
 Pulse Audio uses Alsa.
 Alsa talks to the hardware driver.
 
 Applications, that think they are talking directly to Alsa can actually
 be talking to Pulse Audio through a plugin,
 rpm -q -i alsa-plugins-pulseaudio
 
 Applications that think they are talking directly to Esound can actually
 be talking to Pulse Audio through a plugin,
 rpm -q -i pulseaudio-esound-compat
 
 I believe, Applications should, over time, be changed to talk to Pulse
 Audio.
 
 Why this background?  We need to follow the audio path.
 
 We need to see what Pulse Audio thinks.
 
 We need to see what Alsa thinks.
 
 We need to see if a driver has the hardware.
 
 Pulse Audio can mute the audio.
 Alsa should be controlled by Pulse Audio, but is still best to make
 sure Alsa isn't muting the audio.
 I assume we have a kernel driver for the audio hardware.
 
 Pulse Audio might have sound muted.
From xterm (gnome-terminal) please run pavucontrol,
 or from the menu, Applications,
 Sound  Video, please start Pulse Volume Control,
 Please check the Output Devices tab to see if you have volume and make
 sure it is not muted.
 pavucontrol is provided by rpm -q -i pavucontrol,
 yum install pavucontrol if necessary.
 You may have more than one Port...I have two ports.
 I have Analog Output and I have Analog Headphones.
 Please make sure you have volume and it is not muted on all ports.
 By the way, if you don't mind me asking, what ports do you have?
 
 If Pulse Audio is happy, please see what Alsa thinks.
 rpm -q -i alsa-utils  (yum install alsa-utils if necessary)
 
From xterm (gnome-terminal) please run: alsamixer
 provided by alsa-utils
 
 Controls for alsamixer can be found in the upper right corner.
 F1 for help, F3 for Playback, F4 for Capture, Esc for exit

Re: Help me troubleshoot this problem

[Rick Sewill]

On 07/05/2010 06:15 PM, awrobinson...@nc.rr.com wrote:
 
  Geoffrey Leach ge...@hughes.net wrote: 
 On 07/05/2010 03:28:20 PM, awrobinson...@nc.rr.com wrote:

  Geoffrey Leach ge...@hughes.net wrote: 
 On 07/05/2010 01:27:01 PM, awrobinson...@nc.rr.com wrote:
 I am trying to install Fedora on a PC I built. I had Windows XP
 running on it for more than a year without any apparent problems.
 snip

 Hardware:

 Motherboard: BIOSTAR TFORCE TF520-A2 AM2 NVIDIA nForce 520 MCP ATX 
 AMD
 Processor: AMD Athlon 64 X2 4200+ Brisbane 2.2GHz Socket AM2 65W
 Dual-Core Processor
 Video Card: MSI NX8400GS-TD256E GeForce 8400 GS 256MB 64-bit GDDR2 
 PCI
 Express
 Memory: A-DATA 2GB (2 x 1GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400)
 Dual Channel
 Memory: A-DATA 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400)
 Dual Channel
 (6 GB total)
 Hard drive: SAMSUNG EcoGreen F2 HD103SI 1TB 5400 RPM SATA 3.0Gb/s 
 3.5
 snip
 I wasn't able to discover anyything about Fedora compatibility with  
 your Biostar MB, so you might well be in unexplored territory. It 
 appears that the hardware compatibility lists for Fedora are no longer 
 maintained, alas.

 The Nvidia FOSS driver for X (NV) might be a problem for you. I suggest 
 you stay at runlevel 3 until your problems are resolved. If R/L 5 
 causes you a problem after that, try the proprietary driver. I've found 
 that it works well. 

 You didn't say where your Fedora came from. Are you sure that it's 
 clean?

 
 Pretty sure. I used the netinstall CD for both 13 and 12. I checked the 
 md256sum for the Fedora 13 iso. I downloaded both from the Fedora site, so 
 they came from a Fedora-specific mirror. And there is the fact that I got the 
 same behaviour from both.
 
 Again, please keep the questions coming. I really want to resolve this.
  

May I suggest looking at the URL:
http://fedoraproject.org/wiki/KernelCommonProblems

It is where I would start when trying to debug Fedora panic/crash problems.

From this webpage, in the Crashes/Hangs section, they seem to suggest
setting kernel boot parameters to try to narrow the problem or work
around the problem.

For more information on kernel boot parameters, the web page says,
The full list of kernel options is in the file
/usr/share/doc/kernel-doc-version/Documentation/kernel-parameters.txt,
which is installed with the kernel-doc package

I assume one can find the correct kernel-parameters.txt file either
looking in the local file system assuming Fedora is usable -or-
searching the internet for kernel-parameters.txt
If one finds it with an internet search, please make sure the
kernel-parameters.txt more or less match the correct version of the
Fedora kernel.

Having said the above, if you suspect an acpi or apic problem,
the URL: http://fedoraproject.org/wiki/KernelCommonProblems
says,
acpi=off is a big hammer, and if that works, narrowing down by trying
pci=noacpi instead may yield clues
It also says, nolapic and noapic are sometimes useful

You need to look at kernel-parameters.txt to see what these parameters
do before using them.  Please don't try a parameter just to try it.
Using a kernel boot parameter could make matters worse.

If you suspect a video problem...and I believe they are trying to phase
out support for the kernel boot parameter, nomodeset--I believe they
have already phased out support for Intel, but still have some code
support for AMD which you have, I would still try that boot parameter to
see what happens.  You will need to search the internet to find out
about the parameter nomodeset.  I don't consider using nomodeset as
a solution, but rather as a way to gather a data point or work around a
problem.

I would suggest trying one kernel boot parameter at a time, with the
hope of better isolating what is happening if a parameter seems to work.

If you discover a kernel boot parameter that acts as a workaround, it
may or may not provide a clue, to start isolating what is happening.

I would also look at the /var/log/messages for clues what was happening
a little before the failure/panic...you may hate me for suggesting
looking at /var/log/messages, sometimes there is nothing there and
sometimes there is too much there.

If you find a kernel boot parameter that works around the problem,
you will need to decide whether or not to write a bugzilla bug report.
If you do not find a kernel boot parameter, you may still wish to write
a bugzilla bug report.  A bugzilla bug report is the way, I believe,
for communcating problems with the maintainers.  I hope they ask you for
information, and I hope they suggest how to get what they ask for.
I would encourage you to write a bugzilla bug report, unless the problem
is a hardware failure, in which case, I don't know what to do.
Sometimes, if a problem is a hardware failure, nothing can be done.
Sometimes, if a problem is a hardware failure, the software can be more
graceful when the problem happens.

I would also look at other sections of the web page,

Re: no sound on F11, F12 and now F13 but sound on Omega 12 live??? wtf??

[Rick Sewill]

On 07/05/2010 09:26 PM, Dave Stevens wrote:
 Quoting JD jd1...@gmail.com:

 Can you post output of lspci?
 
 sure, here:
 
 00:00.0 RAM memory: nVidia Corporation MCP55 Memory Controller (rev a2)
 00:01.0 ISA bridge: nVidia Corporation MCP55 LPC Bridge (rev a3)
 00:01.1 SMBus: nVidia Corporation MCP55 SMBus (rev a3)
 00:02.0 USB Controller: nVidia Corporation MCP55 USB Controller (rev a1)
 00:02.1 USB Controller: nVidia Corporation MCP55 USB Controller (rev a2)
 00:04.0 IDE interface: nVidia Corporation MCP55 IDE (rev a1)
 00:05.0 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:05.1 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:05.2 IDE interface: nVidia Corporation MCP55 SATA Controller (rev a3)
 00:06.0 PCI bridge: nVidia Corporation MCP55 PCI bridge (rev a2)
 00:08.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
 00:09.0 Bridge: nVidia Corporation MCP55 Ethernet (rev a3)
 00:0a.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0b.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0c.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0d.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0e.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:0f.0 PCI bridge: nVidia Corporation MCP55 PCI Express bridge (rev a3)
 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] HyperTransport Technology Configuration
 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] Address Map
 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] DRAM Controller
 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8  
 [Athlon64/Opteron] Miscellaneous Control
 01:06.0 Multimedia audio controller: Ensoniq ES1370 [AudioPCI]
 05:00.0 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
 Bridge (rev 07)
 05:00.1 PCI bridge: NEC Corporation uPD720400 PCI Express - PCI/PCI-X  
 Bridge (rev 07)
 08:00.0 VGA compatible controller: ATI Technologies Inc Radeon HD 4770 [RV740]
 08:00.1 Audio device: ATI Technologies Inc RV710/730
 
 and for what it's worth I'm curious why my video card shows up as an  
 audio device.
 

I don't know if it will be useful, but can you do, as root,
lspci -vvv -s 8:00.1
I assume there will be a kernel driver in use.

Sound has always confused me.  Let me see if I can get this right this
time.  Every time I try to explain sound, someone (correctly!) dings me.

Pulse Audio provides a framework through which applications should do
audio (microphone/speakers/etc).  Pulse Audio speaks to Alsa.

Alsa speaks to the driver that actually drives the audio hardware.
Then there is the driver, itself, which drives the hardware.

Pulse Audio is supposed to provide a consistent interface to audio.

Before we had Pulse Audio, applications would speak with alsa
(or with ESD which also was supposed to provide a consistent interface
to audio).  I guess an application could also talk to the driver itself,
but I would hope this to be rare.

Now, I believe, we have the following:
Pulse Audio provides the consistent interface.
Pulse Audio uses Alsa.
Alsa talks to the hardware driver.

Applications, that think they are talking directly to Alsa can actually
be talking to Pulse Audio through a plugin,
rpm -q -i alsa-plugins-pulseaudio

Applications that think they are talking directly to Esound can actually
be talking to Pulse Audio through a plugin,
rpm -q -i pulseaudio-esound-compat

I believe, Applications should, over time, be changed to talk to Pulse
Audio.

Why this background?  We need to follow the audio path.

We need to see what Pulse Audio thinks.

We need to see what Alsa thinks.

We need to see if a driver has the hardware.

Pulse Audio can mute the audio.
Alsa should be controlled by Pulse Audio, but is still best to make
sure Alsa isn't muting the audio.
I assume we have a kernel driver for the audio hardware.

Pulse Audio might have sound muted.
From xterm (gnome-terminal) please run pavucontrol,
or from the menu, Applications,
Sound  Video, please start Pulse Volume Control,
Please check the Output Devices tab to see if you have volume and make
sure it is not muted.
pavucontrol is provided by rpm -q -i pavucontrol,
yum install pavucontrol if necessary.
You may have more than one Port...I have two ports.
I have Analog Output and I have Analog Headphones.
Please make sure you have volume and it is not muted on all ports.
By the way, if you don't mind me asking, what ports do you have?

If Pulse Audio is happy, please see what Alsa thinks.
rpm -q -i alsa-utils  (yum install alsa-utils if necessary)

From xterm (gnome-terminal) please run: alsamixer
provided by alsa-utils

Controls for alsamixer can be found in the upper right corner.
F1 for help, F3 for Playback, F4 for Capture, Esc for exit.

I'd be curious to know what alsamixer shows you.
For me, I only have a [Playback] Master for audio output and a

Re: Ideas for integrating a SIP account, N900, Magic Jack, Linux, etc...

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/23/2010 05:33 PM, Linuxguy123 wrote:
 People are using PAP2 devices to connect to Magic Jack accounts, thus
 removing the need to use the Magic Jack USB dongle.
 
 Where does Google Voice fit into this ?
 
  
 

I was actually wondering if Google Voice might be useful for you.

If my understanding is correct, you can do the following:
1) You can have a google voice number act as the number everyone dials.
   This would be the number you give people to call you.

2) You can tell google which phones to ring when someone calls the
   google voice number.

3) I believe, but am not certain, google supports some sort of
   voice mail.

In my mind, Google Voice is like having a main number for a business.
People call the main number.  Individual phones are called by Google.
You can program which phones ring when this main number is called.
If caller-id is working, you can control what happens based on caller.

The individual phones still have their own phone numbers.
The individual phones still can place or receive calls.

I could be wrong, but believe you can have a home phone,
a cell phone, and a SIP phone through sipphone.com associated
with a Google Voice number.
I'm not sure if you can have more than one of each or not.

I believe, one can also, somehow, dial out from the Google Voice number.

I was looking into Google Voice.  It may or may not work for you.
As always, please do your own research to see if it works for you!

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkwikOEACgkQyc8Kn0p/AZTPIQCggDNzy8uePoKjuagW6d2SsK7T
LK8AnRBuxM0Mt9c0Y8pyARNmHCbf8OVR
=BLAv
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: No sound from Amarok (phonon/ pulseaudio)

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/05/2010 01:18 PM, Rex Dieter wrote:
 Linuxguy123 wrote:
 
 On Wed, 2010-05-05 at 11:54 -0500, Rex Dieter wrote:
 Linuxguy123 wrote:

 F12 /x86, fully up to date, except I can't boot the most recent kernel.

 $uname -a
 Linux localhost.localdomain 2.6.32.10-90.fc12.i686.PAE #1 SMP Tue Mar
 23 10:04:28 UTC 2010 i686 i686 i386 GNU/Linux

 Sound works for everything except Amarok.

 Settings - Configure Amarok - Playback - Sound System Configuration
 shows Configure Phonon which then lists pulse Audio as my sole
 option.

 Does the 'test' button work or do anything?

 Nope.
 
 $ yum list phonon
 Installed Packages
 phonon.i686
 4.4.0-3.fc12  @updates
 ...
 How do I get sound working for Amarok ?

 What does pavucontrol say is your PA output device?

 Internal Audio Digital Stereo (IEC958)

 On the Configuration tab, Internal Audio is shown as Digital Stereo
 Duplex (IE958)

 On the Playback tab, Amarok is the only application shown, other than
 System Sounds.
 
 While playing, does pavucontrol show any activity for the amarok stream?
 
 Either way, I'd venture there is a volume problem here, something got muted 
 or set to 0 somehwere.
 
 -- Rex
 

Hmm.  While digging around when I had sound problems,
I found the following URL of interest:
http://pulseaudio.org/wiki/PerfectSetup

It claims,
Amarok ¶

Amarok is a KDE media player. It supports multiple engines, which can
be changed within the menu: Settings - Configure Amarok... -
Engines. The GStreamer engine supports PulseAudio (refer to the general
GStreamer section on this page for more information), while the Xine
engine supports both PulseAudio (1.1.2 and newer) and Esound (older
versions). 

Going further down for the Gstreamer section,
GStreamer Applications ¶

Applications using the modern GStreamer media framework such as
Rhythmbox or Totem can make use of the PulseAudio through gst-pulse, the
PulseAudio plugin for GStreamer in gst-plugins-good. After installing
it, you have to enable it as default audio sink and source for all GNOME
applications by changing the GConf keys
/system/gstreamer/0.10/default/audiosink and
/system/gstreamer/0.10/default/audiosrc:

gconftool -t string --set /system/gstreamer/0.10/default/audiosink pulsesink
gconftool -t string --set /system/gstreamer/0.10/default/audiosrc pulsesrc

Alternatively, you can make these changes with the GUI tool
gstreamer-properties.

The GStreamer plugin wraps playback, recording and the mixer interface. 

I don't know where gconftool can be found.
I used gsteamer-properties to set the default audio sink and source.
gstreamer-properties is a binary provided by gnome-media-apps
$ rpm -q gnome-media-apps
gnome-media-apps-2.28.5-1.fc12.x86_64

The gstreamer Pulse Audio Plugin is found in
$ rpm -q gstreamer-plugins-good
gstreamer-plugins-good-0.10.21-1.fc12.x86_64

$ rpm -q -l gstreamer-plugins-good|grep -i pulse
/usr/lib64/gstreamer-0.10/libgstpulse.so

In the end I believe Pulse Audio will be a good thing.
I like the idea of this abstraction layer and what it tries to do.

I tried switching a number of programs to using Pulse Audio native.

I think I still have some programs trying to go to Alsa.
I believe programs trying to go to Alsa are being intercepted by
$ rpm -q alsa-plugins-pulseaudio
alsa-plugins-pulseaudio-1.0.22-1.fc12.x86_64

I have things, more or less, working now.  Stuff could still be better.

Like me, your mileage will vary.  I wish you luck.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvhwlkACgkQyc8Kn0p/AZSlxQCcDNIHC601ZIvq2eGtPqtT3zMF
u1wAoIMx6sPIeW+UhSebTnNfhSQMTsk4
=Eej1
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sound Problems FC12

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/30/2010 06:30 PM, Jim wrote:
 On 04/28/2010 05:48 PM, Jim wrote:
 On 04/28/2010 01:18 PM, Jim wrote:
 On 04/28/2010 12:59 PM, Jim wrote:
 Fc12-X86_64/KDE

 No sound at all.

 Pulseaudio volume is set to 100% , alsamixer is set to 80% and in 
 System
 Settings  Multimedia it shows Dummy for devices, no sound using test

 I have a Ensoniq ens-1371 and it has a driver snd-ens1371 the module is
 being loaded at boot time.

 See below.

 Where is the system-config-soundcard package for Fedora 12.


I don't know where the system-config-soundcard package is either.

 Sound worked perfect in Fedora 11  , did upgrade to Fedora 12 and no 
 sound.



...


 rtkit-daemon[1596]: Sucessfully made thread 1946 of process 1946 
 (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
 pulseaudio[1946]: pid.c: Daemon already running.
  rtkit-daemon[1596]: Sucessfully made thread 1952 of process 1952 
 (/usr/bin/pulseaudio) owned by '500' high priority at nice level -11.
  pulseaudio[1952]: pid.c: Daemon already running.
  gnome-keyring-daemon[1957]: couldn't set environment variable in 
 session: The name org.gnome.SessionManager was not provided by any 
 .service files
  pulseaudio[1593]: module.c: Module module-device-manager should be 
 loaded once at most. Refusing to load.
  pulseaudio[1593]: module-x11-xsmp.c: module-x11-xsmp may no be loaded 
 twice.
  pulseaudio[1593]: module.c: Failed to load  module module-x11-xsmp 
 (argument: display=:1006
 session_manager=local/unix:@/tmp/.ICE-unix/1889,unix/unix:/tmp/.ICE-unix/1889):
  
 initialization failed.

 
 In the /var/log/messages it says that module-x11-xsmp is not loading.
 In /etc/pulse/default.pa it shows the  paragraph;
 
 /etc/pulse/default.pa
 
 ### Register ourselves in the X11 session manager
 #load-module module-x11-xsmp
 
 It appears here that the module is not ment to be loaded.
 
 And here is the only place I can find about xsmp;
 
 locate xsmp
 /usr/lib/pulse-0.9.21/modules/module-x11-xsmp.so
 
 Why is this module interfering with my not getting any sound ??
 

I don't know the answer to your questions.
It sounds as if pulseaudio is already running when your session starts.

You wouldn't, by any chance, be running pulse audio in system mode?
Please see URL:
http://pulseaudio.org/wiki/SystemWideInstance
I am guessing you are not running pulse audio in system mode.

I don't understand how pulse audio can already be running.
Do you have something in your .bash_profile or .bashrc file, maybe?

I found two pulse audio commands useful when I had sound problems:
pavucontrol -- yum info pavucontrol
and to a lesser extent, paman -- yum info paman

Please install pavucontrol if you haven't already:
yum install pavucontrol
Please run pavucontrol -- it is GUI based (please note I use Gnome;
  I assume it works fine on KDE)
You will see the following tabs:
Playback   Recording   Output Devices   Input Devices   Configuration
Please select the Output Devices tab.
One possibility, and it is probably a long-shot, you may have multiple
output devices.  One output device might have good volume.  The other
might not.
The output devices are selected by changing the
Port: ... item.  For me, I have
Port: Analog Output and
Port: Headphones
The volume is always the same for both devices for me...but you might
be changing the volume of one and not the other...I don't know.

For grins, please install paman if you haven't already.
yum install paman
Please run paman -- it is GUI based
It has the following tabs:
Server Information  Devices  Clients  Modules  Sample Cache
I am wondering if you can find module-x11-xsmp under Modules.

I am curious to know what is listed in Clients, and, if something
is listed under devices.

I assume, under Server Information, it is not disconnected or anything.

I have since found another pulse audio command.
yum info padevchooser -- it is GUI based.
If I am not mistaken, one can advertise one's sound devices over the
network with pulse audio and one can select a pulse audio sound device
on another host.  I doubt if you have done this, but is interesting if
it can be done.

I better add a disclaimer.  I don't know or understand the workings of
pulse audio and alsa and sound devices very well.  I looked at lots of
stuff when I upgraded to Fedora 12 and my sound wasn't working.  I got
sound to work so I am happy.  I can't remember what was wrong.

It would be nice if someone who knows and understands pulse audio and
alsa better would chime in with better advice than I can give.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvblngACgkQyc8Kn0p/AZS6ewCgpNvRHIqviP7ICXxctOCvE92p
NFQAn2koSTkg5Vod2FPqnaZSiQEBkOzK
=lI8x
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:

Re: GW (LAN1, LAN2, ADSL) config

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/20/2010 05:48 PM, j.halifax . wrote:

 Is IP forwarding on?

 Yes, it is.
 
 
 
  Původní zpráva 
 Od: Terry Polzin foxec...@wowway.com
 Předmět: Re: GW (LAN1, LAN2, ADSL) config
 Datum: 20.4.2010 19:03:39
 
 On Tue, 2010-04-20 at 15:31 +0200, j.halifax . wrote:
 Hi All,

 please help me kindly to reconfig my default GW (Fedora 12).

 The GW has 3 active Ethernet cards:
 eth0 - connected to Internet ADSL router (incl. VPN, pptpd)
 eth1 - not used
 eth2 - LAN1
 eth3 - LAN2.

 I had everything working fine but due to some problems I lost 
 the configuration of the GW and I can't get it working again.

 (1) The Internet access (LAN1 - GW - Internet) is working fine.
 (2) The access of  (Internet - GW - LAN1 / LAN2) is ok incl. VPN
 (3) I can not access LAN2 neither from LAN1 nor from GW box

 Traceroute shows that for (3) packets don't go to eth3 (LAN2) as
 they should, but they fall down to eth0 (default gw).

 Can you please advise me what I need to set-up (iptables) in the GW?

 Thank you so much for your kind help.

 Regards,
 jh

 Is IP forwarding on?

 -- 
 users mailing list
 users@lists.fedoraproject.org
 To unsubscribe or change subscription options:
 https://admin.fedoraproject.org/mailman/listinfo/users
 Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines





As another person asked, please do netstat -rn
Please also do /sbin/ifconfig -a

When debugging a routing problem, we need to see your routing table.
It's also good to see the interfaces.

I would be surprised if the problem were iptables related.

Sounds more like the problem is routing table related.

I'm assuming you haven't done anything with the /sbin/ip command
like policy routing.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvOM/sACgkQyc8Kn0p/AZSWmQCfTd7Anw2fdFOLrxgWSjen40oh
dWAAoKJcsXKaL7HEvRyMdNoxQbLoMQZS
=8n1a
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: GW (LAN1, LAN2, ADSL) config

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/20/2010 07:15 PM, j.halifax . wrote:

 .please do netstat -rn
 Please also do /sbin/ifconfig -a

 
 ==
 netstat
 ==
 # netstat -rn
 Kernel IP routing table
 Destination Gateway Genmask Flags   MSS Window  irtt Iface
 192.168.180.0   0.0.0.0 255.255.255.0   U 0 0  0 eth3
 10.255.253.010.255.250.250  255.255.255.0   UG0 0  0 eth2
 10.1.1.010.255.250.250  255.255.255.0   UG0 0  0 eth2
 195.39.130.00.0.0.0 255.255.255.0   U 0 0  0 eth0
 10.255.250.00.0.0.0 255.255.255.0   U 0 0  0 eth2
 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth0
 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth2
 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0 eth3
 172.17.0.0  192.168.180.1   255.255.0.0 UG0 0  0 eth3
 192.168.0.0 192.168.180.1   255.255.0.0 UG0 0  0 eth3
 0.0.0.0 195.39.130.89   0.0.0.0 UG0 0  0 eth0
 
 ==
 ifconfig
 ==
 ifconfig -a
 eth0  Link encap:Ethernet  HWaddr 00:1B:11:B1:5D:0D
   inet addr:195.39.130.92  Bcast:195.39.130.255  Mask:255.255.255.0
   inet6 addr: fe80::21b:11ff:feb1:5d0d/64 Scope:Link
   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
   RX packets:24299910 errors:0 dropped:0 overruns:0 frame:0
   TX packets:15282420 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:16111717780 (15.0 GiB)  TX bytes:2946725879 (2.7 GiB)
   Interrupt:21 Base address:0xca00
 
 eth1  Link encap:Ethernet  HWaddr 00:19:D1:9D:E6:14
   BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
   Memory:9220-9222
 
 eth2  Link encap:Ethernet  HWaddr 00:19:5B:38:B7:36
   inet addr:10.255.250.37  Bcast:10.255.250.255  Mask:255.255.255.0
   inet6 addr: fe80::219:5bff:fe38:b736/64 Scope:Link
   UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
   RX packets:53693057 errors:0 dropped:0 overruns:0 frame:0
   TX packets:15359524 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:5565104705 (5.1 GiB)  TX bytes:13115812080 (12.2 GiB)
   Interrupt:22 Base address:0xa900
 
 eth3  Link encap:Ethernet  HWaddr 00:1B:11:B1:1C:D4
   inet addr:192.168.180.100  Bcast:192.168.180.255  Mask:255.255.255.0
   inet6 addr: fe80::21b:11ff:feb1:1cd4/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   RX packets:4068329 errors:0 dropped:0 overruns:0 frame:0
   TX packets:60337 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:417749601 (398.3 MiB)  TX bytes:4328913 (4.1 MiB)
   Interrupt:18 Base address:0x6800
 
 loLink encap:Local Loopback
   inet addr:127.0.0.1  Mask:255.0.0.0
   inet6 addr: ::1/128 Scope:Host
   UP LOOPBACK RUNNING  MTU:16436  Metric:1
   RX packets:431338 errors:0 dropped:0 overruns:0 frame:0
   TX packets:431338 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:0
   RX bytes:41551814 (39.6 MiB)  TX bytes:41551814 (39.6 MiB)
 
 sit0  Link encap:IPv6-in-IPv4
   NOARP  MTU:1480  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:0
   RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 
 Thank you so much... :)
 jh
 
 

The routing table and interfaces look okay.

I am confused.  I have questions below.

 
  Původní zpráva 
 Od: Rick Sewill rsew...@gmail.com
 Předmět: Re: GW (LAN1, LAN2, ADSL) config
 Datum: 21.4.2010 01:10:47
 
 On 04/20/2010 05:48 PM, j.halifax . wrote:

 Is IP forwarding on?

 Yes, it is.



  Povodní zpráva 
 Od: Terry Polzin foxec...@wowway.com
 PYedmt: Re: GW (LAN1, LAN2, ADSL) config
 Datum: 20.4.2010 19:03:39
 
 On Tue, 2010-04-20 at 15:31 +0200, j.halifax . wrote:
 Hi All,

 please help me kindly to reconfig my default GW (Fedora 12).

 The GW has 3 active Ethernet cards:
 eth0 - connected to Internet ADSL router (incl. VPN, pptpd)

I expected to see something in the routing table or interfaces for
pptpd.  Isn't there a ppp0 (or something like that) interface for pptpd.

What is added to the routing table (netstat -rn) or interfaces

Re: SSH tunnel for ssh traffic

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 09:12 AM, Christoph Höger wrote:
 Hi,
 
 I need to ssh to some remote VM that sit in a private LAN. For any other
 service (e.g. RDP) I'd use ssh tunneling just normal.
 But what do I do for ssh traffic? Since ssh is not host agnostic, it
 will always complain about localhost having a different RSA key.
 I just do not want to edit the known_hosts every time I need to connecto
 to a new machine!
 
 Is there some way to tell ssh to use a tunnel directly for a connection?
 
 regards
 
 Christoph
 

I'm afraid I do not understand what you are asking.

Let me try to answer what I think you are asking.
I apologize if I'm wrong.

Let us say I want to ssh tunnel to a remote machine on a remote lan.
Let us say I want to tunnel ssh traffic through this ssh tunnel to
still a third machine on that remote lan.

Could I do something like the following in my ~/.ssh/config file:

Host remote
 HostKeyAlias myAliasForRemote
 HostName remote.com
 LocalForward  veryremotehost:22

Host veryremote
 HostKeyAlias myAliasForVeryRemote
 HostName localhost
 port 

Now, could I do
ssh remote
and myAliasForRemote is what is associated with the host in my
~/.ssh/known_hosts file.
and as long as this connection is open, could I do
ssh veryremote
and myAliasForVeryRemote is what is associated with the host,
veryremotehost, in my ~/.ssh/known_hosts file.

I am not sure if the DNS name, veryremotehost needs to be resolved
locally or remotely.  I think it is remotely, but you would need to
check.  Normally, I would have used IP addresses because the hosts on
the company's internal lan did not have DNS entries.

The HostKeyAlias controls the name used for the host that is stored in
the ~/.ssh/known_hosts file.

Is this what you are asking?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHWB0ACgkQyc8Kn0p/AZT9LACcDNo/uJxnV1fx4JEbboAIgFt2
fMYAoK62YhEtG/Oc45hZs1hAED9tLBOe
=aTns
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: authentication problem

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 11:51 AM, jack craig wrote:
 Hi Folks,
 
 I have an authentication issue with ssh that i'd like to ask for clues
 on solving?
 
 i have created a local host key, id_rsa.pub.
 
 i have copied that to the remote host, .ssh/authorized_keys,
 and checked the perms for both ~/.ssh  .ssh/authorized_keys.
 
 yet i get the below, ...
 
 
 ssh -v -l jackc sby1.extraview.com
 OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
...
 publickey,gssapi-with-mic,password   !
...
 No credentials cache found
 
...
 No credentials cache found
 
...
 debug1: Next authentication method: publickey
 debug1: Offering public key: /home/jackc/.ssh/id_rsa
 debug1: Server accepts key: pkalg ssh-rsa blen 277
 Agent admitted failure to sign using the key.
 debug1: Next authentication method: password
 ja...@sby1.extraview.com's password:
 
 my naive reading of the above looks like it fulfilled
 one authentication method, but then goes on to ask for another,
 in this case, a password.
 
 my wag is that there is an /etc/pam.d config that is wrong,
 but this isn't my strong suite and i don't want to guess/mess around.
 
 also, this phrase, ...
 
 debug1: Unspecified GSS failure.  Minor code may provide more information
 No credentials cache found
 

I wouldn't worry about GSS failure.  You haven't set it up.
- From URL:
http://www.ssh.com/support/documentation/online/ssh/adminguide/53/userauth-gssapi.html
it explains the idea behind GSS.  I tend to think of GSS as Kerberos.

 where do i find the minor code its referring to?
 
 any ssh guru's out there to provide  a clue?
 

Not sure.

When it says, Agent admitted failure to sign using the key.,
is it referring to ssh-agent?

There is a program, ssh-add, which talks to ssh-agent.
I haven't used ssh-add or ssh-agent in a long time.

Before I take us down this path which might be a wild good chase,
I better ask are you using these?

Whenever I have publickey authentication problems,
it usually is file and directory permissions.
You indicated you checked ~/.ssh and ~/.ssh/authorized_keys

As a test, could you make certain your $HOME directories,
on both the local and remote machine, are not writable by anyone,
but owner?

Could you make sure ~/.ssh on both machines is only read/write
by owner?

Could you make sure the files in ~/.ssh, such as authorized_keys,
config, id_rsa, known_hosts, are only read/write by owner?

For me, anything in ~/.ssh should only be read/write by owner.
Call me paranoid but only owner should have access to these files.

The one kicker, I'm asking you to do, is make sure both
$HOME directories are, at most, readable, by others, and not writable.

If you want someone to put files in your $HOME directory area,
can you set up $HOME/droparea and give them read/write access
to $HOME/droparea?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHX68ACgkQyc8Kn0p/AZSq7gCfemQ7xhl7GwPnlC1Hcrj+XlI0
dREAn16BFmZbHBeQ8ZvcX2Hp+iCVoBy3
=l5hs
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: SSH tunnel for ssh traffic

[Rick Sewill]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/15/2010 04:38 PM, Christoph Höger wrote:
 

 Host remote
  HostKeyAlias myAliasForRemote
  HostName remote.com
  LocalForward  veryremotehost:22

 Host veryremote
  HostKeyAlias myAliasForVeryRemote
  HostName localhost
  port 
 
 
 This comes very close to my needs. Only one thing left: Is there any way
 to trigger ssh remote just by running ssh veryremote?
 

I always started ssh remote manually.

Could you create a bash shell script that starts ssh remote in the
background, and then starts ssh veryremote?

- From the man ssh page, there is a suggestion about using
  The following example tunnels an IRC session from client machine
  “127.0.0.1” (localhost) to remote server “server.example.com”:

  $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
  $ irc -c ’#users’ -p 1234 pinky 127.0.0.1


Perhaps you could do something like:
# Please note...I have not tested this.
#!/bin/bash
# establish the initial ssh tunnel putting it in the background
ssh -f remote sleep 10 
# wait 2 seconds for ssh to set up the tunnel, hopefully long enough
sleep 2
# establish the ssh tunnel to the very remote machine.
ssh veryremote

I prefer starting ssh -f remote sleep 10  manually to know the ssh
tunnel is actually started before I start using it to forward traffic.

Other than using a bash script, I can't think of a way to trigger
the starting of ssh remote.

On another note, they added a ~/.ssh/config option that is new to me.
For those having problems with a home directory shared across multiple
machines, from man ssh_config,
they added NoHostAuthenticationForLocalhost

NoHostAuthenticationForLocalhost
   This option can be used if the home directory is shared across
   machines.  In this case localhost will refer to a different
   machine on each of the machines and the user will get many warn-
   ings about changed host keys.  However, this option disables host
   authentication for localhost.  The argument to this keyword must
   be “yes” or “no”.  The default is to check the host key for
   localhost.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHmV4ACgkQyc8Kn0p/AZQpuQCfXK3UcWOd8LR0FkHbRK0uqH9n
mYMAn0XVzkFoD7y4Cxkq3NLGpWyHp2x3
=YRkG
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sftp does not work after upgrade fo F12

[Rick Sewill]

On 03/30/2010 05:57 AM, Gianfranco Durin wrote:
...
 =
 
 Googling a little, I see I am not the only one to have a similar problem:
 
 http://www.experts-exchange.com/OS/Linux/Setup/Q_24958525.html
 http://support.expandrive.com/discussions/expandrive-mac/361-can-ssh-connect-on-the-comandline-but-expandrive-connection-allways-dies
 
 So, finally I tried:
 ===
 sftp -vvv localhost
...
 debug1: Sending subsystem: sftp
 debug2: channel 0: request subsystem confirm 1
 debug2: fd 3 setting TCP_NODELAY
 debug2: callback done
 debug2: channel 0: open confirm rwindow 0 rmax 32768
 debug3: Wrote 192 bytes for a total of 1941
 debug2: channel 0: rcvd adjust 2097152
 debug2: channel_input_status_confirm: type 99 id 0
 debug2: subsystem request accepted on channel 0
 debug3: Wrote 48 bytes for a total of 1989
 debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
 debug1: client_input_channel_req: channel 0 rtype e...@openssh.com reply 0
 debug2: channel 0: rcvd eow
 debug2: channel 0: close_read
 debug2: channel 0: input open - closed
 debug2: channel 0: rcvd eof
 debug2: channel 0: output open - drain
 debug2: channel 0: obuf empty
 debug2: channel 0: close_write
 debug2: channel 0: output drain - closed
 debug2: channel 0: rcvd close
 debug3: channel 0: will not send data after close
 debug2: channel 0: almost dead
 debug2: channel 0: gc: notify user
 debug2: channel 0: gc: user detached
 debug2: channel 0: send close
 debug2: channel 0: is dead
 debug2: channel 0: garbage collecting
 debug1: channel 0: free: client-session, nchannels 1
 debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)
 
 debug3: channel 0: close_fds r -1 w -1 e 6 c -1
 debug3: Wrote 32 bytes for a total of 2021
 debug3: Wrote 64 bytes for a total of 2085
 debug1: fd 0 clearing O_NONBLOCK
 debug3: fd 1 is not O_NONBLOCK
 Transferred: sent 1872, received 2040 bytes, in 0.1 seconds
 Bytes per second: sent 22414.6, received 24426.1
 debug1: Exit status -1
 Connection closed
 =
 Honestly, I am little confused...
 
 Thanks to all,
 Gianfranco

I am confused too.

Just a guess...might be a wild goose chase...
for the user account you are trying to sftp to, could you save your bash
startup files on the server machine and set up the default bash startup
files?

My memory is vague, or it might be my imagination, but I seem to
remember having a problem, a very long time ago, about having things in
my bash startup files that were interfering with my ability to do things
through ssh.  Whatever problem I had may no longer be a problem.

I finally fixed my problem by stopping my .bashrc file from doing
certain things if not interactive.

I came to the conclusion my problem had something to do with things in
my .bashrc file intercepting input from the standard input and creating
unexpected output on standard output.

I still try to separate my bash startup files into stuff I always want
to do and stuff I only want to do when interactive.

I still put the following line in an appropriate place in my .bashrc
file to stop doing certain things when I am not interactive:

# check for shell is not interactive
[ -z ${PS1} ]  return

It's just a guess...but it would be quick and easy to test.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Sftp does not work after upgrade fo F12

[Rick Sewill]

On 03/29/2010 10:23 AM, Gianfranco Durin wrote:
 On 03/29/2010 03:28 PM, Aaron Konstam wrote:
 On Mon, 2010-03-29 at 11:07 +0200, Gianfranco Durin wrote:
 On 03/25/2010 03:51 PM, Marvin Kosmal wrote:
 Could start with which sftp on the Fedora machine.

 YMMV

 Marvin


 Thanks,
 I use openssh

 and I have

 Subsystem sftp /usr/libexec/sftp-server

 enable in my sshd.config file.

 Is it enough?

 Gianfranco
 This is the line in my sshd.conf file
 Subsystem   sftp/usr/libexec/openssh/sftp-server

 The file you reference does not exist on my machine.
 
 Yes, sorry, you are right, this is the very same I have
 
 Gianfranco

Can you ssh successfully from the client side to the server side?

Sorry if you already answered this question.
I started looking at this thread in the middle.

If you cannot ssh, that will give us some hints.

If you can ssh successfully, please check your /etc/hosts.allow and
/etc/hosts.deny files on the server side.  I believe openssh-server is
built to examine those files.  I believe those files can authenticate or
block connections on a per service per user per host basis.

On the client side, can you do sftp -v 

Does anyone know if multiple sftp -v -v -v increase the logging level as
it does in ssh -v -v -v ?

If using multiple -v does increase the logging level, can you do
sftp -v -v -v ...


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: log in through root

[Rick Sewill]

On 03/28/2010 03:29 AM, Rajanish Kumar wrote:
 Hi!
  I have already installed Fedora 12 .I have given root password...and
 finally added a user name rajanish
 .I am log in through rajanishbut i have not accessing throgh root...I
 want to log in through root because i want to learn administrative property.
  please help me to guide log in through root..
   
 Rajanish Kumar
 Fedora User
 

Others will answer how to log in through root.

I would express a different concern.

Please forgive me if this sounds like a rant.
I don't wish it to be such.  The following is what I believe.

Linux has a different mindset from Windows.

I think of Windows as being single-user focused.
One user, at a time, does things on Windows.
That user, is, for all intents and purposes, god on the PC.
That user, invariably, runs with administrator privileges.

I realize I am being unfair to Windows.
One can have multiple Windows users active at the same time.
One can leave one user active and log in as another user.

Windows users can be restricted from administrator privileges.

Windows users are coerced into running with administrator privileges.
Windows users run programs that try to do upgrades automatically.
Windows users visit websites that try to do installs immediately.

Linux is multi-user.  People are expected to run as normal users.
People should be root only long enough to do system things.

Program developers create downloads with this in mind.
People can download and compile and build programs as normal users.
Only when people need to install, do people need to become root.

For most things, people should run as a normal user.
When I see a person running normal programs, as root, I shudder.

People have arguments, which is more secure, Windows or Linux.
I believe it is not the operating system that is secure or insecure.
I believe it is the way people use the operating system.

I believe one can take an insecure Windows operating system and make it
secure.  One can argue, it will also be annoying to use, or unusable,
but that is another discussion.

I believe one can take a secure Linux operating system and make it insecure.

What am I trying to say?

Please be very, very careful what you do as root.
You can make a terrible mess if you don't know what you are doing.

This is the end of my rant...wishing it didn't sound like a rant.

To help this person and me and others, can someone suggest some
reasonable websites that explain how to keep Linux secure and how to be
a Linux administrator for beginners?

What I found, when searching the Internet, was rather dated.

I'm not looking for information on selinux or the intricacies of iptables.

I'd rather find a tutorial saying things like...
only run services (chkconfig service ...) you need,
only open firewall ports (iptables ...) you really want opened,
only install software from sources you trust,
don't run user programs or games as root,
get a USB drive for backups and how to do backups,
etc.

I have a personal reason for asking for this information.

My sister keeps bringing her Windows XP PC to me for fixing.
It takes her less than a week to get viruses on her PC.
I've reloaded from the factory partition twice already.

The second time, she got viruses, really frustrated me.
Before giving her back her PC, I made sure all the patches were in.
I had Norton Utilities running with all updates.
I made sure her firewall was enabled.
Did me little good.

Her PC currently has some viruses on it (this is the third time).
Again, I made sure all patches were in and all updates were in.

Norton Utilities can detect the viruses, but not remove them.

I told her I wanted to install Linux on her PC.
She is bucking.  She knows how to find notepad.
She wants to be able to run a Creative Memories program.
She has both Internet Explorer and firefox (I tried to get her to use
firefox) set to go to her favorite website, as her home page.

I only find out she has a problem when she can't do her usual routine.
The first two times, I found out, because the malware was demanding
money and wouldn't let her do anything with her PC.

This last time, I found out, because, when she clicked the web browser
icon, it went to the wrong web page, not her home page.

Even if I force her to switch to Linux, I will have problems.
She will fuss and fuss until I give her the root password.
I won't want to give her the root password...for obvious reasons.
She will take a secure Linux system and make it vulnerable.
She won't know what she is doing.

You may think I'm being unfair to her...and I am.
She is not computer literate.  She is literate in other things.
She calls her PC her brain because someone explained the PC was the
brain.  She doesn't know what a hard disk is...she doesn't know the
difference between program and data...she doesn't know how to find
things unless those things are icons on the desktop...she needs help
configuring her printer and ethernet.  Once configured, she is happy.

As I say, I 

Re: log in through root

[Rick Sewill]

On 03/28/2010 12:04 PM, bruce wrote:
 hey...
 
 as a guy who's been running different variants of unix/sun/vax vma for
 ~25 years... you can run as root/user with equal ability to screw up
 if you don't know what you're doing! running as a user implies that
 you can't do certain things/apps on a system.. but who's to say that
 someone didn't open up the system to allow users to run thoses
 dangerous apps as a user!
 
 bottom line, people should know what the heck they're doing when they
 start to play on the system..
 
 as to your issues with windows... what kind of virus system/apps are
 you running to prevent viruses from being able to be downloaded on the
 box???
 
 if you have good anti-virus apps running, and they're updated on a
 frequent basis.. the system should be ok, unless she's going to sites
 that are probably good breeding grounds for getting infected. in which
 case, you should tell her to stay the hell away from those sites...
 
 peace..
 


It was Norton anti-virus...and I updated to the latest patches.
I updated Windows to the latest patches.
I updated IE to IE 8, hoping that would slow down problems.

Unfortunately, you hit the nail on the head.
Took her only a few days to get infected again.

She told me she was visiting hundreds of web sites looking for pictures.
I don't think any anti-virus apps, even if kept up to date, could help.

I am stuck what to do.  She doesn't want me switching her to Linux.

She wants her Creative Memories software to work.
She is comfortable clicking the IE icon to get to Yahoo! mail.

She's learned how to find pictures and how to print pictures.

She wants to go to hundreds of web sites looking for pictures.
It's something, she believe, the PC should be able to do.
She doesn't understand why her PC can't be kept safe.

I was hoping against hope, switching her to Linux would slow the problem
down.  I doubt if anything can be done to prevent it.

I'm afraid I took this off-topic.  Sorry to everyone for doing that.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: log in through root

[Rick Sewill]

On 03/28/2010 02:49 PM, Sam Sharpe wrote:
 On 28 March 2010 20:26, agraham agra...@g-b.net wrote:
 On 28/03/10 09:29, Rajanish Kumar wrote:
 Hi!
   I have already installed Fedora 12 .I have given root password...and
 finally added a user name rajanish
 .I am log in through rajanishbut i have not accessing throgh root...I want
 to log in through root because i want to learn administrative property.
   please help me to guide log in through root..
 
 At the login prompt (or your graphical login program - gdm, kdm etc)
 use the username root and password that you set when installing Fedora.
 
 Nice idea, but it won't work unless you enable it:
 http://linuxers.org/quick-tips/fedora-12-enable-root-login-gui
 
 Please ignore all those that present horror stories and FUD about root,
 you have to learn somehow and the best way is to mess around as root.
 
 I disagree and I am a professional Linux sysadmin. I never login as root.
 
 Unlike a normal user, your path with will include /sbin so you won't
 need to prepend root commands with a path e.g. /sbin/ifconfig.
 
 You can add /sbin and /usr/sbin to your normal path if this is a
 problem for you. I do this and then I login as a normal user and use
 sudo or su -c to prefix any commands I want to run as root.
 
 And if you happen to do something like  rm -rf /, just re-install and
 start-over, I'm sure you'll learn from your mistakes like we all did.
 
 No comment ;o)
 
 --
 Sam

rm -rf / doesn't just happen on Linux...one of my coworkers did
rm -rf * on Solaris...he thought he was one place, but he was at /

You should have heard his language.
On second thought...no you shouldn't.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ogm video

[Rick Sewill]

On 03/28/2010 03:46 PM, Michael Miles wrote:
 Can anyone tell me how to get codec for ogm video files
 
 Vlc no
 mplayer no
 smplayer no
 xine no
 
 
 I have tried to convert
 I used all I could find
 
 
 All say no codec
 
 
 I can't seem to find codec

Not heard of ogm before.

yum search ogm
gave a number of choices, including ogmtools.

yum install ogmtools

followed by
man ogmdemux
seems to imply ogmdemux can extract streams from an OGM.

Please read the notes part of the man page...it says,
What not works:

*  Headers  created by older OggDS (DirectShow) filter versions are
   not supported (and probably never will be).


First see if
ogminfo name-of-your-file
gives any useful information to see if these tools work on the file.

Perhaps you can extract the streams and play them separately?

Not sure if this will help or not.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ogm video

[Rick Sewill]

On 03/28/2010 05:50 PM, Michael Miles wrote:
 On 03/28/2010 03:06 PM, Tim wrote:
 Can you supply a sample OGM video (a weblink to one)?  I don't recall
 having problems playing them in the past, but I can't find one at the
 moment.


 Limite de Segurança.ogm
 
 unfortunately this has to be downloaded with torrent
 http://www.kickasstorrents.com/t524772.html
 
 
 try it
 
 I do believe it is an older file
 
 Good quality but it is only a codec that is stopping it
 
 ogmdemux splits it and ogmjoin reassembles
 
 I have changed the format to avi and changed fourcc to xvid but the 
 players still wont work
 sound is there but no video
 
 I have installed every codec under the sun but no joy there
 
 I opened a virtual windows os and intalled klite codec pack
 xillisoft converted it no problem
 
 on the linux side no way
 
 Michael Miles
 

It may not help, but I am curious.

When you split it, you get a number of files.
If you do the command,
file name of files you got by splitting
what does the file command tell you?

I am hoping the file command can identify the video file type.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Routing choice under user control per application instance?

[Rick Sewill]

On Thu, 2010-03-18 at 14:07 -0600, S P Arif Sahari Wibowo wrote: 
 Hi!
 
 I am wondering whether it is possible to choose TCP/IP routing 
 for a specific instance of an application - chosen on user-level 
 when the application is started?
 
 More specifically I have a workstation with 2 Internet 
 connections (different devices), and I would like to have some 
 applications connecting to Internet using one connection while 
 other applications connecting to Internet using the other 
 connection, where I choose which application instance use which 
 connection.
 
 I control the whole workstation (root, hardware) so I can do 
 whatever on the machine, but not the router / connection.
 
 Any idea?

I have not done what you are requesting.

I did an Internet search and came to the following conclusions:
1) You can mark packets using iptables.
   The marking can be based on type of traffic, ex: html, smtp, etc.

2) You then use ip routing to do what is called policy routing.
   You have multiple routing tables.
   The routing table to be used will be selected based on the marking.

I will suggest you look at the following URL and see if it helps you.

This URL is not for the faint of heart:
http://linux-ip.net/html/adv-multi-internet.html

The key overview to understand this URL is the summary near the top:
Quoting from the URL,
...Before beginning let's outline the process we are going to follow. 

  * Copy the main routing table to another routing table and set the
alternate default route [38]. 

  * Use iptables/ipchains to mark traffic with fwmark. 

  * Add a rule to the routing policy database. 

  * Test!

I have not personally done this.
I can't do much more than give you the URL reference.
You will need to determine if this as a possible solution for you.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Backup, what system files are *really* important?

[Rick Sewill]

  
  /opt (and /usr/local) are likely to contain stuff that wasn't installed
  via rpm or yum, thus needs to be preserved. That's all. YMMV.
  
 
 what about /var ?
 
 /var/www/html
 /var/www/named
 /var/lib/dhcpd
 /var/lib/imap
 /var/cache/samba
 

Did they move /var/named to /var/www/named?
At one time I needed to do my own DNS and have a /var/named 
laying around.  I guess it depends what's in the /etc/named.conf file.

Probably all of /var/lib should be examined -- I don't know where
asterisk, mysql, or other packages keep their data.

And /var/spool/cron -- if you have any user cron jobs.

All of /var/spool should be examined for directories to back up.

And ... /sbin/ifup-local and /sbin/ifdown-local if you have those files.
Those files, if present, are referenced from files in the 
/etc/sysconfig/network-scripts directory.  I'm sure there's a good
reason those files are in /sbin; I wish they were in /usr/local/sbin.

And consider /root -- it's up to you whether you want to back this up

And /boot/grub/grub.conf -- /etc/grub.conf is a symbolic link.
I dual boot so my grub.conf has other boot directives in it.

Hopefully, /etc/grub.conf is the only symbolic link to worry about.
I did find /etc -type l and grub.conf was the only symbolic link
pointing to something I needed to worry about.

I'd check for symbolic links in the directories you back up.

Do hard links cause backup problems?
Are there any hard links one has to worry about when doing backups?
At this moment, I can't think of any.

I haven't had to create any block or character special files in the
/dev directory in a while.  I suggest you keep a text file detailing 
any special /dev files you might have created.  I am thinking of the 
case where you are doing something with a device driver for something
that is not supported in FC12.  Hopefully, this won't apply.  
I'd keep a text file detailing anything like this in my /root.

Finally, I'd examine the sub-directories in /usr/src.
Before FC12, my webcam wasn't supported.  I kept source code
in /usr/src/redhat/SOURCES for building a driver for my webcam.
You may have something in /usr/src/redhat/SOURCES or 
/usr/src/redhat/RPMS that you need to add to FC12.  If possible,
keep information in a text file describing where you got the
code rather than try to back up /usr/src/redhat...but as a last
resort, be prepared to back up stuff, if necessary.

I'd actually keep a text file detailing any changes 
I make that are not part of standard Fedora.
It's easier to go to a text file where I keep a list of things from 
livnia or source files I need to get something working that isn't
supported, then to discover something is missing and have to remember 
where I got it and how I had to install it.

I'd also generate a text file, on a regular basis,
yum list all  /root/yum-list-$(date '+%Y%m%d').lst
so I have a list of Fedora packages that were in my system.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: Fedora 12: Cannot boot with kernel-2.6.32.9-67.fc12.x86_64

[Rick Sewill]

On Mon, 2010-03-08 at 09:19 -0600, John Thompson wrote: 
 On 03/08/2010 03:32 AM, Fred Williams wrote:
 
  If all I need to do is try running without the proprietary NVidia
  driver,
  please let me know specifically how to disable that driver the easiest
  possible way. �Translation: so that I can just boot back into an older
  kernel and continue using the proprietary NVidia driver if I decide
  to do that.
 
 In your /etc/X11/xorg.conf you need to change the driver from nvidia
 (the proprietary driver) to nv (the open source driver).
 
 Section Device
 Identifier Device0
 Driver nvidia  #  = THIS LINE
 VendorName NVIDIA Corporation
 BoardName  GeForce 6600 GT
 Option AccelMethod XAA # not EXA
 
 BTW, what I do when I update the kernel is first boot into runlevel 3,
 then build the proprietary driver modules, and then change to runlevel 5.
 
 -- 
 
 -John (j...@os2.dhs.org)


When I upgraded to Fedora 12, 

I had an error, to the effect, hardware was already in use.
I found the nouveau driver had the hardware.
My xorg.conf file was using the nv driver.
Not thinking, I changed from the nv driver to the nouveau driver. 

Searching the Internet, for the words, blacklist nouveau,
I found the following comment at URL:
http://linux.derkeiler.com/Mailing-Lists/Fedora/2010-01/msg02113.html

The summary of the comment was, if you use the rpmfusion repository,
for the nvidia module, it will automatically blacklist nouveau?

If I do an Internet, search for the words, blacklist nouveau nv,
I find indications some people, not sure who, claimed the nouveau
driver has passed up the nv driver, and has been made the default.

Questions please:
1) Are there 3 drivers, nvidia, nv, nouveau?
2) If there are 3 drivers, how did people decide which driver to use?
   My questions on this subject, are as follows:
   a) Is the nouveau driver now considered better than the nv driver?
  If the nouveau driver is considered better, I am curious why?
   b) Is it true the nvidia driver is faster than the nouveau driver?
  I wanted to use the free driver, if possible, so I was using nv.
  I switched to nouveau because that seemed to be the new default.
  I am wondering what I am giving up not using the nvidia driver.

-Rick

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ssh to my computer behind NAT

[Rick Sewill]

On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote: 
 Dear list!
 I would like to be able to ssh to my home computer located behind my
 ISP' NAT. I know, I can tunnel to it through some middle host and
 actually I'm doing it at the moment. But I'm fancy is there a better
 solution? Is there a possibility of not using any computer at the
 middle to connect to my home system from the outside world? Can I
 connect to it directly using some magic setup? Any thoughts?
 -- 
 Hiisi.
 Registered Linux User #487982. Be counted at: http://counter.li.org/
 --
 Spandex is a privilege, not a right.

You said something about a middle host.  This middle host confuses me.
Is this middle host controlled by the ISP?  What is this middle host?

When I worked for a certain company, I had to ssh to a gateway host.
They didn't want anyone able to ssh directly to their internal LAN.
When you said middle host, I thought of that company and their gateway.

I would be surprised if an ISP requires you to go to a middle host.
I would expect an ISP to use the NAT where only IP addresses change.
I would expect an ISP to forward all ports to your assigned IP address.

If the ISP provided a router to you, that is doing NAT,
you should be able to configure that router to forward your ssh port.

I would not be surprised if a company requires you to go to a gateway.

If it's a company gateway, we mustn't help you defeat their security.

I don't want to discuss whether having a gateway adds to security.
Personally, I believe all devices in the internal LAN must be secure.
I do not believe security can be done solely at the border of a LAN.

Do you control the device that is doing NAT for you or does the ISP?
If controlled by the ISP, did the ISP provide a way to configure it?

As others have said and will say, one needs to have the NAT device
port forward the appropriate port (whatever port you use for ssh)
to your host.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ssh to my computer behind NAT

[Rick Sewill]

On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote: 
 2010/3/9 Rick Sewill rsew...@gmail.com:
  On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:
  Dear list!
  I would like to be able to ssh to my home computer located behind my
  ISP' NAT. I know, I can tunnel to it through some middle host and
  actually I'm doing it at the moment. But I'm fancy is there a better
  solution? Is there a possibility of not using any computer at the
 --SNIP--
 
  If it's a company gateway, we mustn't help you defeat their security.
 
  I don't want to discuss whether having a gateway adds to security.
  Personally, I believe all devices in the internal LAN must be secure.
  I do not believe security can be done solely at the border of a LAN.
 
  Do you control the device that is doing NAT for you or does the ISP?
  If controlled by the ISP, did the ISP provide a way to configure it?
 
  As others have said and will say, one needs to have the NAT device
  port forward the appropriate port (whatever port you use for ssh)
  to your host.
 
 
 
 You and other, thank for your responses. Sorry I didn't make it clear.
 I don't have any router. I'm connected to Internet via LAN. My IP
 address is something like 192.168.3.20 and I use ISP' router IP
 (192.168.0.1) as a gateway (I don't have any access to the router).
 So, I decided its called NAT. Am I wrong here? I don't know. I know
 only that I can't reach my computer from the outside of the LAN. So, I
 did the following: on the target computer I ran:
 ssh -R 10002:localhost:22 u...@middle.host (it's a computer somewhere
 and I have ssh access there)
 Now I can connect to the target computer in a few steps:
 1. connect to middle.host:
 ssh u...@middle.host
 2. and from there:
 ssh hi...@home.computer -p 10002
 See, it's not very convenient and I'm not sure whether it's possible
 to use VNC using this setup (as I would like to).  So, is there any
 better solution?
 -- 
 Hiisi.
 Registered Linux User #487982. Be counted at: http://counter.li.org/
 --
 Spandex is a privilege, not a right.

Your explanation of a middle host is good.  
I didn't understand what you were doing, previously.

Your description of NAT is fine.  Your ISP is doing NAT.

My first thought is to say, talk to the ISP.
The ISP should have a way for you to configure their NAT router
to forward the ssh port to your host.

I have difficulty thinking why the ISP wouldn't let you configure
their NAT router to forward the ssh port to your host...unless.

I hadn't thought of it before, but putting customers behind a NAT
router, and not letting customers configure the NAT router to 
forward ports, might be a way to prevent customers running servers.

Is this what the ISP is trying to do?  Stop customers running servers?

If a customer wants to run a server, even an ssh server,
which is what you wish to do, does the ISP wish to charge more money?

If the ISP is deliberately stopping you, I'd say get another ISP.
If you can't get another ISP, I don't know what to suggest.


-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: ssh to my computer behind NAT

[Rick Sewill]

On Tue, 2010-03-09 at 00:08 -0600, Rick Sewill wrote: 
 On Tue, 2010-03-09 at 08:40 +0300, Hiisi wrote: 
  2010/3/9 Rick Sewill rsew...@gmail.com:
   On Tue, 2010-03-09 at 00:49 +0300, Hiisi wrote:
   Dear list!
   I would like to be able to ssh to my home computer located behind my
   ISP' NAT. I know, I can tunnel to it through some middle host and
   actually I'm doing it at the moment. But I'm fancy is there a better
   solution? Is there a possibility of not using any computer at the
  --SNIP--
  
   If it's a company gateway, we mustn't help you defeat their security.
  
   I don't want to discuss whether having a gateway adds to security.
   Personally, I believe all devices in the internal LAN must be secure.
   I do not believe security can be done solely at the border of a LAN.
  
   Do you control the device that is doing NAT for you or does the ISP?
   If controlled by the ISP, did the ISP provide a way to configure it?
  
   As others have said and will say, one needs to have the NAT device
   port forward the appropriate port (whatever port you use for ssh)
   to your host.
  
  
  
  You and other, thank for your responses. Sorry I didn't make it clear.
  I don't have any router. I'm connected to Internet via LAN. My IP
  address is something like 192.168.3.20 and I use ISP' router IP
  (192.168.0.1) as a gateway (I don't have any access to the router).
  So, I decided its called NAT. Am I wrong here? I don't know. I know
  only that I can't reach my computer from the outside of the LAN. So, I
  did the following: on the target computer I ran:
  ssh -R 10002:localhost:22 u...@middle.host (it's a computer somewhere
  and I have ssh access there)
  Now I can connect to the target computer in a few steps:
  1. connect to middle.host:
  ssh u...@middle.host
  2. and from there:
  ssh hi...@home.computer -p 10002
  See, it's not very convenient and I'm not sure whether it's possible
  to use VNC using this setup (as I would like to).  So, is there any
  better solution?
  -- 
  Hiisi.
  Registered Linux User #487982. Be counted at: http://counter.li.org/
  --
  Spandex is a privilege, not a right.
 
 Your explanation of a middle host is good.  
 I didn't understand what you were doing, previously.
 
 Your description of NAT is fine.  Your ISP is doing NAT.
 
 My first thought is to say, talk to the ISP.
 The ISP should have a way for you to configure their NAT router
 to forward the ssh port to your host.
 
 I have difficulty thinking why the ISP wouldn't let you configure
 their NAT router to forward the ssh port to your host...unless.
 
 I hadn't thought of it before, but putting customers behind a NAT
 router, and not letting customers configure the NAT router to 
 forward ports, might be a way to prevent customers running servers.
 
 Is this what the ISP is trying to do?  Stop customers running servers?
 
 If a customer wants to run a server, even an ssh server,
 which is what you wish to do, does the ISP wish to charge more money?
 
 If the ISP is deliberately stopping you, I'd say get another ISP.
 If you can't get another ISP, I don't know what to suggest.
 

I just thought of another possibility the ISP might be doing.

Are you, and some other customers of the ISP, sharing the same public
IP address?  Doing so would reduce the number of public IP addresses
the ISP would need.  I'd be very, very surprised if an ISP did this.
I'd be more than surprised.  I'd be shocked.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines