While you are at it... why not use subversion? It has a lot of nice features that CVS doesn't have.
http://en.wikipedia.org/wiki/Subversion http://subversion.tigris.org/ Michael L Torrie wrote: > On Fri, 2006-12-01 at 10:20 -0700, Dustin McQuay wrote: >> Hey UUG!, >> >> I am having trouble getting a box (I'll refer to it as the server) at my >> house set up as a cvs server. I am pretty sure the problem is the >> firewall running directly on the box (iptables). It is behind a router >> so I have traffic on TCP port 2401 being forwarded to it. I am pretty >> sure we don't need to worry about the router being the problem because I >> am also forwarding traffic on TCP port 80 to the same box and it is >> dishing out web pages just fine. > > Is there a reason you are using the CVS server (which is insecure) > instead of cvs without a server over ssh? CVS over ssh is by far the > most appropriate and preferred way for accessing CVS (except for > anonymous CVS). > > Just do > > export CVS_RSH=ssh > export [EMAIL PROTECTED]:/var/cvs > > then do a standard cvs co. Ssh will prompt you for your password and it > will then do all the magic stuff. You don't need any server stuff set > up at all on cvs, except for sshd itself. > > > Michael > >> >> Some background to the server I am having problems with: It has cvs >> installed. It is running >> Fedora Core 5 with a minimal number of installed packages. There exists >> a group called cvs >> and a user called dmcquay who is a member of the group. The cvs group >> owns the cvs repository. >> ================================================================= >> $ uname -a >> Linux gateway-tablet.app.byu.edu 2.6.17-1.2187_FC5 #1 Mon Sep 11 >> 01:17:06 EDT 2006 i686 athlon i386 GNU/Linux >> $ cvs --version >> Concurrent Versions System (CVS) 1.11.22 (client/server) >> ================================================================= >> >> >> I set up a cvs repository on the server just fine. Then on my laptop I >> did the following- >> ================================================================= >> $ export CVSROOT=:pserver:[EMAIL PROTECTED]:/var/cvs >> $ cvs login >> Logging in to :pserver:[EMAIL PROTECTED]:2401/var/cvs >> CVS password: >> cvs [login aborted]: connect to myserver.mydomain.org(64.20.33.115):2401 >> failed: Connection refused >> ================================================================= >> >> >> Here is some info about the CVS repository I set up- >> ================================================================= >> $ cd /var >> $ ll | grep cvs >> drwxr-xr-x 3 root cvs 4096 Nov 18 17:00 cvs >> $ ll cvs >> total 8 >> drwxrwxr-x 3 root cvs 4096 Nov 18 17:00 CVSROOT >> ================================================================= >> >> >> I didn't know why this was failing, so I ran nmap from my laptop and got >> the following- >> ================================================================= >> $ nmap synchros.dynsns.org -p 2401 >> >> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-12-01 09:44 MST >> Interesting ports on 64.20.33.4: >> PORT STATE SERVICE >> 2401/tcp closed cvspserver >> ================================================================= >> >> So I tried to open up port 2401 using the system-config-securitylevel >> command. Pay special >> attention to the Other ports section of the firewall configuration- >> ================================================================= >> $ system-config-securitylevel >> >> ┌─────────────────┤ Firewall Configuration - Customize ├─────────────────┐ >> │ │ >> │ You can customize your firewall in two ways. First, you can select │ >> │ to allow all traffic from certain network interfaces. Second, you │ >> │ can allow certain protocols explicitly through the firewall. Specify │ >> │ additional ports in the form 'service:protocol', such as 'imap:tcp'. │ >> │ │ >> │ Trusted Devices: [ ] eth0 │ >> │ │ >> │ MASQUERADE Devices: [ ] eth0 │ >> │ │ >> │ [*] SSH [*] Telnet [*] FTP │ >> │ Allow incoming: [*] WWW (HTTP) [*] Samba [*] Mail (SMTP) │ >> │ [*] Secure WWW (HTTPS) │ >> │ Other ports cvspserver:tcp___________ │ >> │ │ >> │ ┌────┐ │ >> │ │ OK │ │ >> │ └────┘ │ >> │ │ >> │ │ >> └────────────────────────────────────────────────────────────────────────┘ >> >> $ /sbin/service iptables restart >> Flushing firewall rules: [ OK ] >> Setting chains to policy ACCEPT: filter [ OK ] >> Unloading iptables modules: [ OK ] >> Applying iptables firewall rules: [ OK ] >> Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]ntrack_ftp >> ================================================================= >> >> >> Then I checked nmap again to see if that opened up the port. Nope. One >> time I was able >> to get it to say filtered, but not open and the CVS login still wouldn't >> work when the state >> was filtered. I am guessing it needs to be open- >> ================================================================= >> $ nmap mybox.mydomain.org -p 2401 >> >> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-12-01 09:31 MST >> Interesting ports on noptr.cpxserver.com (64.20.49.210): >> PORT STATE SERVICE >> 2401/tcp closed cvspserver >> ================================================================= >> >> >> Then I tried doing the cvs login again. This time the response the same- >> ================================================================= >> $ export CVSROOT=:pserver:[EMAIL PROTECTED]:/var/cvs >> $ cvs login >> Logging in to :pserver:[EMAIL PROTECTED]:2401/var/cvs >> CVS password: >> cvs [login aborted]: connect to myserver.mydomain.org(64.20.33.115):2401 >> failed: Connection refused >> ================================================================= >> >> >> I also got some informtion from IP tables which seems to show that >> cvspserver should be open >> just like the others. >> ================================================================= >> $ /sbin/iptables -L >> Chain INPUT (policy ACCEPT) >> target prot opt source destination >> RH-Firewall-1-INPUT all -- anywhere anywhere >> >> Chain FORWARD (policy ACCEPT) >> target prot opt source destination >> RH-Firewall-1-INPUT all -- anywhere anywhere >> >> Chain OUTPUT (policy ACCEPT) >> target prot opt source destination >> >> Chain RH-Firewall-1-INPUT (2 references) >> target prot opt source destination >> ACCEPT all -- anywhere anywhere >> ACCEPT icmp -- anywhere anywhere icmp any >> ACCEPT ipv6-crypt-- anywhere anywhere >> ACCEPT ipv6-auth-- anywhere anywhere >> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns >> ACCEPT udp -- anywhere anywhere udp dpt:ipp >> ACCEPT tcp -- anywhere anywhere tcp dpt:ipp >> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:cvspserver >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https >> ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns >> ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn >> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds >> REJECT all -- anywhere anywhere reject-with icmp-host-prohibited >> ================================================================= >> >> >> It seemed odd to me that nmap sees the port as closed, yet iptables >> reports it as opened. So, >> just to rule the router out of the equation, I installed and ran nmap on >> localhost port 2401 >> from the server- >> ================================================================= >> $ nmap localhost -p 2401 >> >> Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-12-01 10:18 MST >> Interesting ports on synchros.dyndns.org (127.0.0.1): >> PORT STATE SERVICE >> 2401/tcp closed cvspserver >> ================================================================= >> >> >> I just don't know what is going on. I tried messing with iptables on the >> command line >> instead of using the system-config-securitylevel command. That didn't >> fix the problem. >> Plus, it looks like iptables is reporting that port as open anyway. The >> problem must be somewhere >> else. Why can't I get an "open" status for port 2401 in nmap and why >> can't I do a cvs login? >> I'm so confused. Any help would be greatly appreciated. >> >> >> Thanks in advance, >> Dustin McQuay >> >> -------------------- >> BYU Unix Users Group >> http://uug.byu.edu/ >> >> The opinions expressed in this message are the responsibility of their >> author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. >> ___________________________________________________________________ >> List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list >> > > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
