RE: [Security Firewall] MNF2 NETA don't start from web

Mon, 17 Jan 2005 02:46:58 -0800 

Hi Forin,
        A question about the paranoid security level. The first couple of times 
I setup beta 2 using the default level I could never manage to su to root. I 
kept on getting an error message about an incorrect password. It wasn't until I 
reduced the level to High that I was able to su to root at the console. Is that 
expected? If so, how does one use the root account?

pka

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florin
Sent: Monday, January 17, 2005 4:19 AM
To: [EMAIL PROTECTED]
Cc: [email protected]
Subject: Re: [Security Firewall] MNF2 NETA don't start from web

Hi there,

in MNF2 you are not supposed to change the security level. MNF2 is set as
default to the paranoid level. Forget about everything you have tried with
netstat, etc (use netstat -an |grep LISTEN). Also, you are supposed to try
shorewall clear and not shorewall stop because it's not the same thing ...

I don't know what else I can say here because I don't seem to find any
other relevant information in your mail ...

good luck,


>Manuel Acevedo Chavira <[EMAIL PROTECTED]> writes:

>       Hi, thanks for you advise, but the problem is that i tried this, with
> shorewall stop i just can ping from
>       the client, but i can't to initialize the back end, at the begining i 
> was
> looking for some error in the logs files
>       and i found in /var/log/auth.log
> 
>               sshd[3238]: Received signal 15; terminating
>               sshd[4692]: Server listening on :: port 22
>               sshd[4692]: error: Bind to port 22 on 0.0.0.0 failed
>                               Adress already in use
> 
>       and then i changed in /etc/ssh/sshd_config to add the line
>               ListenAdress 0.0.0.0
> 
> 
>       and the problems in sshd was out, whitout this change netstat -ln show 
> in
> sshd
> 
>               Proto   Recv-Q  Send-Q  Local Adress    Foreign Address State
> 
>               tcp     0               0               :::22                   
> :::*                    LISTEN
>               tcp     0               0               :::8443         :::*    
>                 LISTEN
> 
>       and whith this change netstat -ln show in sshd
> 
>               Proto   Recv-Q  Send-Q  Local Adress    Foreign Address State
> 
>               tcp     0               0               0.0.0.0:22              
> 0.0.0.0:*                       LISTEN
>               tcp     0               0               :::8443         :::*    
>                         LISTEN
> 
>       and the error log don't show any more, for that i thinked that is a 
> problem
> with 8443, i disable ipv6
>       in modprobe.conf adding
>               alias net-pf-10 off
>               alias ipv6      off
> 
>               after netstat -ln show
> 
>               Proto   Recv-Q  Send-Q  Local Adress    Foreign Address State
> 
>               tcp     0               0               0.0.0.0:22              
> 0.0.0.0:*                       LISTEN
>               tcp     0               0               0.0.0.0:8443    
> 0.0.0.0:*                       LISTEN
> 
> 
>               and the same problem from the client i can't to see the back 
> end, then i
> back the initial configuration
>               because i installed in another pc the MNF beta 2, and my 
> sorprise was, all
> right!!!!!!! whitout changes, i can           see the
>               back end, then i reinstall the MNF in the pc with the problem, 
> but :(, the
> same problem, it's very confused
>               i don't understand what's the problem, in this pc i have been 
> installed
> the fisrt MNF and all right, and with
>               the new MNF i don't see the back end, in both cases i choose 
> security
> nevel to estandar.
> 
>               thanks very much, i hope you can understand me, and excuse me 
> for my
> english
> 
> 
> -----Mensaje original-----
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] nombre de Dieter
> Sch�tze
> Enviado el: Viernes, 14 de Enero de 2005 04:15 p.m.
> Para: [email protected]
> Asunto: Re: [Security Firewall] MNF2 NETA don't start from web
> 
> 
> 
> Am Freitag, den 14.01.2005, 13:25 -0600 schrieb Manuel Acevedo Chavira:
> >     Hi, last month i installed the new MNF beta 2 but i can't to see the web
> > page from
> >     any client with https://192.168.1.20:8443  and i don't know what's
> > happening.
> >     in /etc/httpd/logs-naat/httpd2-naat.ssl_error_log shows
> >
> >     [warn] RSA server certificate CommonName (CN) 'localhost.ai4h3R' does 
> > NOT
> > match server name!?
> >
> >     any ideas?
> logon direct on the Konsole change to su.
> stop the shorewall with service shorewall stop.
> Now test it from the client ones more.
> Configure your MNF and restart, if you have everything correct
> configured you can logon from the client again.
> 
> The certificate is the standard certificate thats normal with
> localhost.xxxx you can make a better certificate if you want, but no
> real certificate without paying. ;-)
> 
> Dieter
> 
> 
> 
> ____________________________________________________
> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com
> Join the Club : http://www.mandrakeclub.com
> ____________________________________________________

-- 
Florin                          http://www.mandrakesoft.com
                                http://people.mandrakesoft.com/~florin/



____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to