Re: [CentOS-es] Bloqueo youtube
Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Centos 7 and itk
Hello Sorry but I cannot provide logs today The matter seems to be that httpd version is 2.4.6 whereas httpd-itk is 2.2.x It tried to upgrade httpd-itk but the available release (2.4.7) requires httpd 2.4.7. Does anyone knows a reliable repository providing httpd 2.4.7 or higher for Centos 7? S. -Message d'origine- De : centos-boun...@centos.org [mailto:centos-boun...@centos.org] De la part de Nux! Envoyé : mercredi 11 mars 2015 18:41 À : CentOS mailing list Objet : Re: [CentOS] Centos 7 and itk My crystal balls have failed to provide enough error logs. Can you share some? -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Silvere Vautey - FCNET vau...@fcnet.fr To: centos@centos.org Sent: Wednesday, 11 March, 2015 15:40:32 Subject: [CentOS] Centos 7 and itk Hello I use mod-itk on several servers on CentOS 6 or CentOS 5 I have a new server with CentOS 7 and I would like to use itk. Installing it works fine using yum but it cannot be started, giving a lot of errors. Does anyone knows how to make it work? S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip, probablemente un sitio local con una advertencia. Se debe tener la precaución en este caso que solo el ip del resolver tenga permiso de salida al puerto 53/udp Son pequeños detalles que en conjunto pueden ayudar. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: David González Romero dgrved...@gmail.com /divdivFecha:12/03/2015 08:59 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divY porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] mysql replication - problems
On Thu, Mar 12, 2015 at 8:57 AM Tim Dunphy bluethu...@gmail.com wrote: Hey everybody, I'm trying to get mysql master/slave replication to work under SSL. I've created the certs for both the slave and the master. I've configured the master and slave my.cnf. And it does appear that replication is actually working. Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is MySQL (version 5.5.41-log). But there are two issues I'd like to resolve. One is that SSL appears to be disabled. If I look at both the master and the slave and do a 'show variables' command, I can see that it's recognizing the certs. But the 'have_openssl' and 'have_ssl' variables are showing as DISABLED. Watch, on the master: MariaDB [(none)] show variables like '%ssl%'; +---++ | Variable_name | Value | +---++ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath|| | ssl_cert | /etc/pki/tls/certs/mysql.crt | | ssl_cipher|| | ssl_key | /etc/pki/tls/private/mysql.key | +---++ 7 rows in set (0.01 sec) On the slave: mysql show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath| | | ssl_cert | /etc/pki/tls/certs/mysql-slave.crt | | ssl_cipher| | | ssl_key | /etc/pki/tls/private/mysql-slave.key | +---+--+ 7 rows in set (0.00 sec) And yet I clearly have SSL enabled in both configurations. In the master mysql configuration I have: [root@web2:~] #cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 *ssl* *ssl-ca=/etc/pki/CA/certs/ca.crt* *ssl-cert=/etc/pki/tls/certs/mysql.crt* *ssl-key=/etc/pki/tls/private/mysql.key* server-id = 1 log_bin = /var/log/mariadb/mysql-bin.log expire_logs_days= 10 max_binlog_size = 100M binlog_do_db= jokefire [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid On the mysql slave: [root@ops:~] #cat /etc/my.cnf [mysqld] # Settings user and group are ignored when systemd is used (fedora = 15). # If you need to run mysqld under different user or group, # customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd user=mysql http://fedoraproject.org/wiki/Systemduser=mysql *ssl* *server-id=2* *replicate-do-db=jokefire* *ssl-ca=/etc/pki/CA/certs/ca.crt* *ssl-cert=/etc/pki/tls/certs/mysql-slave.crt* *ssl-key=/etc/pki/tls/private/mysql-slave.key* thread_cache_size = 4 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 ;plugin-load=rpl_semi_sync_master=semisync_master.so ;plugin-load=rpl_semi_sync_slave=semisync_slave.so ;rpl_semi_sync_master_enabled=1 ;rpl_semi_sync_master_timeout=10 ;rpl_semi_sync_slave_enabled=1 ;performance_schema query_cache_size = 8MB innodb_buffer_pool_size = 199M general_log_file=/var/log/mysql/mysql.log general_log=1 log-error=/var/log/mysql/mysql_error_log log-slow-queries=/var/log/mysql/mysql_slow_log wait_timeout = 86400 [mysqld_safe] general_log_file=/var/log/mysql/mysql.log general_log=1 log-error=/var/log/mysql/mysql_error_log log-slow-queries=/var/log/mysql/mysql_slow_log pid-file=/var/run/mysqld/mysqld.pid innodb_buffer_pool_size = 199M wait_timeout = 28800 interactive_timeout = 28800 master-connect-retry=60 So my first question is, why is SSL not enabled in either database? I restarted the service on both machines before taking a look at the variables. The next problem I'm having is that I can't seem to get the replication user to connect. I had to use an account with more privileges (grant all) in order to connect from the slave to the master. I used this grant on the master to try and setup the replication user: GRANT REPLICATION SLAVE ON *.* TO 'jf_slave'@'ops.somewhere.com' IDENTIFIED BY 'secret' REQUIRE SSL; Then back on the slave I used this command to connect the slave to the master: mysql CHANGE MASTER TO MASTER_HOST='web2.somewhere.com', MASTER_USER='jf_slave', MASTER_PASSWORD='secret', MASTER_LOG_FILE='mysql-bin.02', MASTER_LOG_POS=34697, MASTER_SSL=1, MASTER_SSL_CA = '/etc/pki/CA/certs/ca.crt',
[CentOS] Updates repo - release candidate package?
Why is there a release candidate in Updates? bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.2 updates -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mysql replication - problems
Hey everybody, I'm trying to get mysql master/slave replication to work under SSL. I've created the certs for both the slave and the master. I've configured the master and slave my.cnf. And it does appear that replication is actually working. Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is MySQL (version 5.5.41-log). But there are two issues I'd like to resolve. One is that SSL appears to be disabled. If I look at both the master and the slave and do a 'show variables' command, I can see that it's recognizing the certs. But the 'have_openssl' and 'have_ssl' variables are showing as DISABLED. Watch, on the master: MariaDB [(none)] show variables like '%ssl%'; +---++ | Variable_name | Value | +---++ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath|| | ssl_cert | /etc/pki/tls/certs/mysql.crt | | ssl_cipher|| | ssl_key | /etc/pki/tls/private/mysql.key | +---++ 7 rows in set (0.01 sec) On the slave: mysql show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath| | | ssl_cert | /etc/pki/tls/certs/mysql-slave.crt | | ssl_cipher| | | ssl_key | /etc/pki/tls/private/mysql-slave.key | +---+--+ 7 rows in set (0.00 sec) And yet I clearly have SSL enabled in both configurations. In the master mysql configuration I have: [root@web2:~] #cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 *ssl* *ssl-ca=/etc/pki/CA/certs/ca.crt* *ssl-cert=/etc/pki/tls/certs/mysql.crt* *ssl-key=/etc/pki/tls/private/mysql.key* server-id = 1 log_bin = /var/log/mariadb/mysql-bin.log expire_logs_days= 10 max_binlog_size = 100M binlog_do_db= jokefire [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid On the mysql slave: [root@ops:~] #cat /etc/my.cnf [mysqld] # Settings user and group are ignored when systemd is used (fedora = 15). # If you need to run mysqld under different user or group, # customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd user=mysql *ssl* *server-id=2* *replicate-do-db=jokefire* *ssl-ca=/etc/pki/CA/certs/ca.crt* *ssl-cert=/etc/pki/tls/certs/mysql-slave.crt* *ssl-key=/etc/pki/tls/private/mysql-slave.key* thread_cache_size = 4 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 ;plugin-load=rpl_semi_sync_master=semisync_master.so ;plugin-load=rpl_semi_sync_slave=semisync_slave.so ;rpl_semi_sync_master_enabled=1 ;rpl_semi_sync_master_timeout=10 ;rpl_semi_sync_slave_enabled=1 ;performance_schema query_cache_size = 8MB innodb_buffer_pool_size = 199M general_log_file=/var/log/mysql/mysql.log general_log=1 log-error=/var/log/mysql/mysql_error_log log-slow-queries=/var/log/mysql/mysql_slow_log wait_timeout = 86400 [mysqld_safe] general_log_file=/var/log/mysql/mysql.log general_log=1 log-error=/var/log/mysql/mysql_error_log log-slow-queries=/var/log/mysql/mysql_slow_log pid-file=/var/run/mysqld/mysqld.pid innodb_buffer_pool_size = 199M wait_timeout = 28800 interactive_timeout = 28800 master-connect-retry=60 So my first question is, why is SSL not enabled in either database? I restarted the service on both machines before taking a look at the variables. The next problem I'm having is that I can't seem to get the replication user to connect. I had to use an account with more privileges (grant all) in order to connect from the slave to the master. I used this grant on the master to try and setup the replication user: GRANT REPLICATION SLAVE ON *.* TO 'jf_slave'@'ops.somewhere.com' IDENTIFIED BY 'secret' REQUIRE SSL; Then back on the slave I used this command to connect the slave to the master: mysql CHANGE MASTER TO MASTER_HOST='web2.somewhere.com', MASTER_USER='jf_slave', MASTER_PASSWORD='secret', MASTER_LOG_FILE='mysql-bin.02', MASTER_LOG_POS=34697, MASTER_SSL=1, MASTER_SSL_CA = '/etc/pki/CA/certs/ca.crt', MASTER_SSL_CERT = '/etc/pki/tls/certs/mysql.crt', MASTER_SSL_KEY = '/etc/pki/tls/private/mysql.key'; And when I start up the slave I see that there's a problem connecting from the slave to the master: mysql show slave status \G
Re: [CentOS] Java SSLv3 status on CentOS-6.6
On Wed, March 11, 2015 13:46, Grant McChesney wrote: On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne byrn...@harte-lyne.ca wrote: Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled? James: Check the java.security file for your JRE. I'm running OpenJDK 8 on Cent 6.6 and it's located at /usr/lib/jvm/jre/lib/security/java.security. I haven't made any changes to the java.security file, which shows SSLv3 is already disabled: jdk.tls.disabledAlgorithms=SSLv3 Grant Thank you. It is disabled here as well. [root@vhost04 ~ (master *%)]# which java /usr/bin/java [root@vhost04 ~ (master *%)]# ll /usr/bin/java lrwxrwxrwx. 1 root root 22 Jan 28 16:52 /usr/bin/java - /etc/alternatives/java [root@vhost04 ~ (master *%)]# ll /etc/alternatives/java lrwxrwxrwx. 1 root root 46 Jan 28 16:52 /etc/alternatives/java - /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java [root@vhost04 ~ (master *%)]# grep jdk.tls.disabledAlgorithms /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre/lib/security/java.security # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize 2048 jdk.tls.disabledAlgorithms=SSLv3 -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Gracias por responder Luis tu alternativa es válida respecto al host el problema es que solo se necesita bloquear a X equipos no a todos, algo adicional mi proxy es transparente y como sabes squid no bloquea conexiones seguras por el puerto https David sabes que uso esta regla para bloquear el puerto 443 por youtube pero igual en IE carga $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string 'youtube' --algo bm -j DROP $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string youtube.com --algo bm -j DROP De acuerdo a lo comenta nuestro amigo que usa fortiget y le pasa lo mismo no se que tiene ie que hace que cargue youtube, lo que voy a probar es que si cargan los videos eso no he probado porque la pantalla aparece con los videos pero no he probado si reproduce -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 07:32, Luis Hernán de la Barra wrote: Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip, probablemente un sitio local con una advertencia. Se debe tener la precaución en este caso que solo el ip del resolver tenga permiso de salida al puerto 53/udp Son pequeños detalles que en conjunto pueden ayudar. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: David González Romero dgrved...@gmail.com /divdivFecha:12/03/2015 08:59 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divY porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador
Re: [CentOS] Java SSLv3 status on CentOS-6.6
On Wed, Mar 11, 2015 at 12:03:01PM -0400, James B. Byrne wrote: Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled? According to these updates for openjdk java: java-1.6.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0085.html java-1.7.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0067.html java-1.8.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0069.html Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. All these announcements were posted to the enterprise-watch-list mailing list: https://www.redhat.com/mailman/listinfo/enterprise-watch-list -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updates repo - release candidate package?
On Thu, Mar 12, 2015 at 09:55:46AM -0400, James B. Byrne wrote: Why is there a release candidate in Updates? bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.2 updates Because that's the release that was used in the upstream (RHEL) package to address CVE-2014-8500. https://rhn.redhat.com/errata/RHSA-2014-1984.html -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] docker 1.5 in virt7-testing
On Fri, Feb 13, 2015 at 12:15:39PM +, Karanbir Singh wrote: hi guys, docker 1.5 is now in virt7-testing repos, please test and feedback so we can move to release.. thanks lokesh! - KB KB, Just curious what's the latest re: docker testing and release? Also, where do people report bugs/issues for docker on centos? (can't find any in my view on bugs.c.o) -- Lokesh Freenode, OFTC: lsm5 GPG: 0xC7C3A0DD pgpgnQjEeWl_U.pgp Description: PGP signature ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] CentOS 6 VM image for paravirtualizaton on CentOS Xen server
I'm looking at a CentOS 5 Xen server that I'd really like to put some more recent VM's. There are reasons not to touch it at the moment, so I can't upgrade it in place today. Has anyone successfully installed a CentOS 6 VM, paravirtualized, on a CentOS 5 Xen server , without significant Xen upgrades? If so, can I get a copy from a reputable source, or one that I can review before using? I'm having a bit of difficulty arranging a PXE enironment to do a paraviirtualized installation with, and there are apparently difficulties doing a paravirtualzed system with CD or DVD installation with Xen. Nico Kadel-Garcia nka...@gmail.com ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Network throughput testing software available for CentOS/Linux
On Thu, 12 Mar 2015, Digimer wrote: On 12/03/15 08:42 PM, Marcelo Ricardo Leitner wrote: I've used iperf a lot successfully. I have an RPM for EL6 on my repo here: https://alteeve.ca/an-repo/el6/RPMS/x86_64/iperf-2.0.5-11.el6.anvil.x86_64.rpm The source is there, and I would be surprised if it didn't build easily on EL7. https://alteeve.ca/an-repo/el6/SRPMS/iperf-2.0.5-11.el6.anvil.src.rpm +1 for iperf, and it's available on EPEL also https://dl.fedoraproject.org/pub/epel/6/x86_64/ EPEL6 has iperf and iperf3 while EPEL7 has just iperf3. netperf is also very good, but it's more complex to use and I'm not aware of packages for it. Marcelo I most likely compiled it from the EPEL repo, so I'd say to go get it there, not from my repo. Cheers - -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? Thanks, gentlemen, I appreciate it! I'll tell him to give iperf a try. Gilbert *** Gilbert Sebenste (My opinions only!) ** Staff Meteorologist, Northern Illinois University E-mail: seben...@weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** Twitter: http://www.twitter.com/NIU_Weather** Facebook: http://www.facebook.com/niu.weather * *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private
Ok, yeah I can understand that. I'll correct it. Still need a way to get
SSL enabled however. Any suggestions there?
Thanks
Tim
On Thu, Mar 12, 2015 at 11:40 AM, m.r...@5-cent.us wrote:
Tim Dunphy wrote:
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user
needs to have at least read permission to the locations where the ssl
files
are located. By default on Centos the /etc/pki/CA/private directory
has
its directory permissions to only allow the root user. If the mysql
user
cannot read all ssl files SSL will not work.
snip
Thanks for your reply! That answer actually makes complete sense. Ok, so
here is what I tried, so far without success. I gave the mysql group
ownership of all related directories. And changed group permissions so
that group can access them:
[root@web2:/etc] #ls -ld /etc/pki/CA
drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
[root@web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
Restarted the mariadb service. And when I took another look at the SSL
variable, it's still showing that SSL is not enabled:
snip
Some of those will *not* work. For example, you will has ssh issues
yourself is ~/.ssh is *anything* other than 700.
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private.
mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user needs
to have at least read permission to the locations where the ssl files are
located. By default on Centos the /etc/pki/CA/private directory has its
directory permissions to only allow the root user. If the mysql user
cannot read all ssl files SSL will not work.
2. Regarding your replication specific user not being able to connect to
the master. It may not work until SSL is fully working since you
specifically stated to require and SSL connection. So the symptom of this
might be resolved when SSL is fixed.
Thanks for your reply! That answer actually makes complete sense. Ok, so
here is what I tried, so far without success. I gave the mysql group
ownership of all related directories. And changed group permissions so that
group can access them:
[root@web2:/etc] #ls -ld /etc/pki/CA
drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
[root@web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
Restarted the mariadb service. And when I took another look at the SSL
variable, it's still showing that SSL is not enabled:
MariaDB [(none)] show variables like '%ssl%';
+---++
| Variable_name | Value |
+---++
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca| /etc/pki/CA/certs/ca.crt |
| ssl_capath||
| ssl_cert | /etc/pki/tls/certs/mysql.crt |
| ssl_cipher||
| ssl_key | /etc/pki/tls/private/mysql.key |
+---++
7 rows in set (0.00 sec)
Do you think I'm going about this in the right way? Is there anything else
I can try to resolve this?
Thanks
Tim
On Thu, Mar 12, 2015 at 10:42 AM, Alberto Rivera Laporte
arlapo...@gmail.com wrote:
On Thu, Mar 12, 2015 at 8:57 AM Tim Dunphy bluethu...@gmail.com wrote:
Hey everybody,
I'm trying to get mysql master/slave replication to work under SSL. I've
created the certs for both the slave and the master. I've configured the
master and slave my.cnf. And it does appear that replication is actually
working.
Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is
MySQL (version 5.5.41-log).
But there are two issues I'd like to resolve. One is that SSL appears to
be
disabled.
If I look at both the master and the slave and do a 'show variables'
command, I can see that it's recognizing the certs. But the
'have_openssl'
and 'have_ssl' variables are showing as DISABLED.
Watch, on the master:
MariaDB [(none)] show variables like '%ssl%';
+---++
| Variable_name | Value |
+---++
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca| /etc/pki/CA/certs/ca.crt |
| ssl_capath||
| ssl_cert | /etc/pki/tls/certs/mysql.crt |
| ssl_cipher||
| ssl_key | /etc/pki/tls/private/mysql.key |
+---++
7 rows in set (0.01 sec)
On the slave:
mysql show variables like '%ssl%';
+---+--+
| Variable_name | Value|
+---+--+
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| ssl_ca| /etc/pki/CA/certs/ca.crt |
| ssl_capath| |
| ssl_cert | /etc/pki/tls/certs/mysql-slave.crt |
| ssl_cipher| |
| ssl_key | /etc/pki/tls/private/mysql-slave.key |
+---+--+
7 rows in set (0.00 sec)
And yet I clearly have SSL enabled in both configurations.
In the master mysql configuration I have:
[root@web2:~] #cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
*ssl*
*ssl-ca=/etc/pki/CA/certs/ca.crt*
*ssl-cert=/etc/pki/tls/certs/mysql.crt*
*ssl-key=/etc/pki/tls/private/mysql.key*
server-id = 1
log_bin = /var/log/mariadb/mysql-bin.log
expire_logs_days= 10
max_binlog_size = 100M
binlog_do_db= jokefire
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
On the mysql slave:
[root@ops:~]
Re: [CentOS] mysql replication - problems
Tim Dunphy wrote:
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user
needs to have at least read permission to the locations where the ssl
files
are located. By default on Centos the /etc/pki/CA/private directory has
its directory permissions to only allow the root user. If the mysql user
cannot read all ssl files SSL will not work.
snip
Thanks for your reply! That answer actually makes complete sense. Ok, so
here is what I tried, so far without success. I gave the mysql group
ownership of all related directories. And changed group permissions so
that group can access them:
[root@web2:/etc] #ls -ld /etc/pki/CA
drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
[root@web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
Restarted the mariadb service. And when I took another look at the SSL
variable, it's still showing that SSL is not enabled:
snip
Some of those will *not* work. For example, you will has ssh issues
yourself is ~/.ssh is *anything* other than 700.
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private.
mark
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
On Thu, March 12, 2015 10:40 am, m.r...@5-cent.us wrote:
Tim Dunphy wrote:
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user
needs to have at least read permission to the locations where the ssl
files
are located. By default on Centos the /etc/pki/CA/private directory
has
its directory permissions to only allow the root user. If the mysql
user
cannot read all ssl files SSL will not work.
snip
Thanks for your reply! That answer actually makes complete sense. Ok, so
here is what I tried, so far without success. I gave the mysql group
ownership of all related directories. And changed group permissions so
that group can access them:
[root@web2:/etc] #ls -ld /etc/pki/CA
drwxrwxr-x. 6 root mysql 4096 Jan 20 15:58 /etc/pki/CA
[root@web2:/etc] #ls -ld /etc/pki/tls/{private,certs}
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/certs
drwxrwxr-x. 2 root mysql 4096 Mar 11 22:57 /etc/pki/tls/private
Restarted the mariadb service. And when I took another look at the SSL
variable, it's still showing that SSL is not enabled:
snip
Some of those will *not* work. For example, you will has ssh issues
yourself is ~/.ssh is *anything* other than 700.
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private.
I have my doubts about permissions on /etc/pki/tls/private and on private
key inside it as well. Somebody hopefully will correct me as I don't know
how it is implemented in mysql/mariadb, but I assume sanity. And sanity
suggests that the first process (mysqld_safe) that runs as root reads
private key (and likely certificate), then passes private key to the child
process(es) which runs as regular user that is not able to read private
key, but gets it from parent proces. My assumption comes from what apache
is doing (only apache used droppriv).
I would (roll perms/ownership) back to default, and try to check locally
using openssl whether daemon is using ssl/cert/key, maybe start mysql
daemon in debugger to see what is going on with reading private key. I
would also think of other reasons why your instance of mysql (or mariadb)
could not be able to use _your_ key and cert, see, e.g.:
http://forums.mysql.com/read.php?11,400856,401127
(your case may be different, I would just try think wider, but maybe
debugger will give you the direct lead).
Valeri
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6 - Persistant static routes
I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com wrote: I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 Create the file /etc/sysconfig/network-scripts/route-eth0 Add the following for each static route, incrementing the numeric for each: ADDRESS0=192.168.128.0 NETMASK0=255.255.128.0 GATEWAY0=40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On 12 March 2015 at 13:43, Robert Moskowitz r...@htt-consult.com wrote: I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in- debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I have used this document [0] in the past and it worked for me, let me know if it works for you. [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-networkscripts-static-routes-network-netmask-directives.html -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
On Thu, Mar 12, 2015 at 10:49 AM Tim Dunphy bluethu...@gmail.com wrote: No: /etc/pki/CA should NOT be group writeable. Ditto for /etc/pki/tls/cernts and private Ok, yeah I can understand that. I'll correct it. Still need a way to get SSL enabled however. Any suggestions there? I totally misread your configuration options and locations on your original post, my apologies. You indeed had what should be considered correct locations for the ssl cert and key files. So if it still not functioning I would defer you to the MysQL mailing list / support channels to see if they can assist you in figuring out any further. Best of luck once again. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
Hey Alberto, Perfect! Thanks for your response. Moving the certs and keys to an alternate location worked exactly right. Master: MariaDB [(none)] show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | YES | | have_ssl | YES | | ssl_ca| /opt/mysql/ca.crt| | ssl_capath| | | ssl_cert | /opt/mysql/mysql.crt | | ssl_cipher| | | ssl_key | /opt/mysql/mysql.key | +---+--+ 7 rows in set (0.01 sec) Slave: mysql show variables like '%ssl%'; +---++ | Variable_name | Value | +---++ | have_openssl | YES| | have_ssl | YES| | ssl_ca| /opt/mysql/ca.crt | | ssl_capath|| | ssl_cert | /opt/mysql/mysql-slave.crt | | ssl_cipher|| | ssl_key | /opt/mysql/mysql-slave.key | +---++ 7 rows in set (0.00 sec) At least now SSL is recognized by the systems. mysql show slave status \G *** 1. row *** Slave_IO_State: Waiting for master to send event Master_Host: web2.somewhere.com Master_User: jf_slave Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.06 Read_Master_Log_Pos: 27664 Relay_Log_File: mysqld-relay-bin.02 Relay_Log_Pos: 391 Relay_Master_Log_File: mysql-bin.06 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: tesdb Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 * Exec_Master_Log_Pos: 27664 Relay_Log_Space: 548* Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: Yes Master_SSL_CA_File: /opt/mysql/ca.crt Master_SSL_CA_Path: Master_SSL_Cert: /opt/mysql/mysql-slave.crt Master_SSL_Cipher: Master_SSL_Key: /opt/mysql/mysql-slave.key Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec) Thanks so much for all your help! This was very sanity-saving. :) Best! Tim On Thu, Mar 12, 2015 at 10:42 AM, Alberto Rivera Laporte arlapo...@gmail.com wrote: On Thu, Mar 12, 2015 at 8:57 AM Tim Dunphy bluethu...@gmail.com wrote: Hey everybody, I'm trying to get mysql master/slave replication to work under SSL. I've created the certs for both the slave and the master. I've configured the master and slave my.cnf. And it does appear that replication is actually working. Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is MySQL (version 5.5.41-log). But there are two issues I'd like to resolve. One is that SSL appears to be disabled. If I look at both the master and the slave and do a 'show variables' command, I can see that it's recognizing the certs. But the 'have_openssl' and 'have_ssl' variables are showing as DISABLED. Watch, on the master: MariaDB [(none)] show variables like '%ssl%'; +---++ | Variable_name | Value | +---++ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath|| | ssl_cert | /etc/pki/tls/certs/mysql.crt | | ssl_cipher|| | ssl_key | /etc/pki/tls/private/mysql.key | +---++ 7 rows in set (0.01 sec) On the slave: mysql show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca| /etc/pki/CA/certs/ca.crt | | ssl_capath| | | ssl_cert |
Re: [CentOS] Network throughput testing software available for CentOS/Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/15 04:29 PM, Gilbert Sebenste wrote: Hello everyone, A network engineer buddy of mine brought up for discussion with me that he'd like to do some throughput testing, but he's new to Linux/RedHat. Is there any software I can recommend to him that any of you find above par for CentOS 6/7? Thanks! Gilbert I've used iperf a lot successfully. I have an RPM for EL6 on my repo here: https://alteeve.ca/an-repo/el6/RPMS/x86_64/iperf-2.0.5-11.el6.anvil.x86_64.rpm The source is there, and I would be surprised if it didn't build easily on EL7. https://alteeve.ca/an-repo/el6/SRPMS/iperf-2.0.5-11.el6.anvil.src.rpm - -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVAfmcAAoJECChztQA3mh0w1IP/j/zfGFFzW11X+/Oz/QBr07g y4M+gYtPoNTRjQg96qufKo6m5C9RPWbNrC8z0SKw3sx0ZIfKithcNW9lznx0Hxyr P/aGnWXzmGY4R/P8hhZB9V73kVey3HNIJ8VOF59WlRrm1hGSUa8cftml0ns35LOd FD6g+vCpKXa+j/wKOmNYZfj3wAVi+c56hboedEV7T976A7IzM1r2Lm/XtrQg4Fo6 WlyM7j4f5OfY2kiwa/6/3hYjE794xddHhbCy1PePCpNLoigXQijvSfq8JP5qjaC4 OJv6CDITUD2O6YAcnF6R1h13LoU86Ro1a23v/qTtVBf+0dbDsSbkdrV+MihWbarD gnDG8PnDWRMdKD8xkUx5wMrXOcfC9hNM125Cf3QEZqhHNqWsJohyRLg3BjDE+Hg7 00MUgfux+eLPUjwIMcb2QFZFnXIsMOAx6dSnBceQhW2RJwnJMLdiZLcqSXt5Ehbb vMUdkNJcBqrOJ1ruhnL/gz6KzmZvWNYCdiUhvuMG6Th6fVb7HFeD6TujC7Nyw3uw Qj0zheWFjB/wnok3NfOc0RyPvoWbjpI5Pnu2OgcBMnfdNhqrSzxq+pXOrVJeSgfI YG9bq/MkQzqrYCPnLy1W+bAwgicyg34rCthdX4Kc3WOzJAeiLROFRLQWtDp/fIhq OwJEIHGYJ+Ng7l5f4WOo =rx3K -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Colocas antes en iptables una (o varias) regla que acepte las ips autorizadas. Cuidado que te pueden suplantar el ip de origen. Tal vez podrias fijar las mac con su ip en el servidor centos. Luis de la Barra www.wyzer.cl Consejos CentOS, Redes y Desarrollo Web div Mensaje original /divdivDe: César Martínez cmarti...@servicomecuador.com /divdivFecha:12/03/2015 17:29 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divPero con esa regla cierro a todos el puerto 443 la idea es solo cerrar a un deperminado número de ips el acceso al YouTube -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 15:20:41 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Prueba: $IPTABLES -A FORWARD -p tcp --dport 443 -j DROP Saludos, David El día 12 de marzo de 2015, 10:31, César Martinez cmarti...@servicomecuador.com escribió: Gracias por responder Luis tu alternativa es válida respecto al host el problema es que solo se necesita bloquear a X equipos no a todos, algo adicional mi proxy es transparente y como sabes squid no bloquea conexiones seguras por el puerto https David sabes que uso esta regla para bloquear el puerto 443 por youtube pero igual en IE carga $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string 'youtube' --algo bm -j DROP $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string youtube.com --algo bm -j DROP De acuerdo a lo comenta nuestro amigo que usa fortiget y le pasa lo mismo no se que tiene ie que hace que cargue youtube, lo que voy a probar es que si cargan los videos eso no he probado porque la pantalla aparece con los videos pero no he probado si reproduce -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 07:32, Luis Hernán de la Barra wrote: Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip, probablemente un sitio local con una advertencia. Se debe tener la precaución en este caso que solo el ip del resolver tenga permiso de salida al puerto 53/udp Son pequeños detalles que en conjunto pueden ayudar. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: David González Romero dgrved...@gmail.com /divdivFecha:12/03/2015 08:59 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divY porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de
[CentOS-announce] CESA-2015:0674 Important CentOS 6 kernel Security Update
CentOS Errata and Security Advisory 2015:0674 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0674.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
fbeee40ffef15ea96835436206634c74f5c11a4651b3f253f745947a13267d93
kernel-2.6.32-504.12.2.el6.i686.rpm
c2b2367d9b7ed37394bb37174deb4160d40b9bfeb0abb3fabe8800b84d3c9423
kernel-abi-whitelists-2.6.32-504.12.2.el6.noarch.rpm
6d85607a7807eff0f4c8f6d3e2b15e9a7f2c57b4db0581a6d3e05b93689c3a03
kernel-debug-2.6.32-504.12.2.el6.i686.rpm
3d896122315bdf009b49c5d926a12e22f625e11a0f626ae32f7da8eb355eee77
kernel-debug-devel-2.6.32-504.12.2.el6.i686.rpm
5312afe83ca1e4206d8bf46ce16cc1a21a903c4f43d4f1967abcebfcdac28b22
kernel-devel-2.6.32-504.12.2.el6.i686.rpm
6846cca6a6d5045ff838f3e185578bf46a7722f8337c303fbc7981e51da88ce0
kernel-doc-2.6.32-504.12.2.el6.noarch.rpm
3748172d580a7d212088844c88144db37f665559d55444d737281ba5b646d504
kernel-firmware-2.6.32-504.12.2.el6.noarch.rpm
0b977d2f1a5c692e718c7f6dee389db46241aea915a9e7cd7f1540c54e15f9f2
kernel-headers-2.6.32-504.12.2.el6.i686.rpm
4cf8dbb7255d71591c799f34209b1549f92347ad0caa136b85cfefd7cdfa3b6c
perf-2.6.32-504.12.2.el6.i686.rpm
5c460e014b0e1be2fe9c7f2000a2742bde4977cbf94d628085ff88326ca0f836
python-perf-2.6.32-504.12.2.el6.i686.rpm
x86_64:
7bde9958b908f4c2d0184ac3fa28d44539129d1e8f25a88fad9d79e239b995fa
kernel-2.6.32-504.12.2.el6.x86_64.rpm
c2b2367d9b7ed37394bb37174deb4160d40b9bfeb0abb3fabe8800b84d3c9423
kernel-abi-whitelists-2.6.32-504.12.2.el6.noarch.rpm
69bf5147a069af1ec61ff9961c22bf21af3fdd2758e7b546f3bb7c7a5339c833
kernel-debug-2.6.32-504.12.2.el6.x86_64.rpm
a8f91fd72c401b7696ce0244500574b772b28659ff291bab034955ce1b3022af
kernel-debug-devel-2.6.32-504.12.2.el6.x86_64.rpm
6ca0b08a83dfc5211bf59112807a77840f6872e9afb7550f33190c78506da723
kernel-devel-2.6.32-504.12.2.el6.x86_64.rpm
6846cca6a6d5045ff838f3e185578bf46a7722f8337c303fbc7981e51da88ce0
kernel-doc-2.6.32-504.12.2.el6.noarch.rpm
3748172d580a7d212088844c88144db37f665559d55444d737281ba5b646d504
kernel-firmware-2.6.32-504.12.2.el6.noarch.rpm
40490852a394ba558fd2c11860a6c1519b8b76c9e4d7b69807a6c4e12343562e
kernel-headers-2.6.32-504.12.2.el6.x86_64.rpm
b44912e00f0ff4225c2739d41a1461f0eb0623759012e0da81058c898a37dd02
perf-2.6.32-504.12.2.el6.x86_64.rpm
40432398edd4cdd9347e3016be46dae07f5e5f94c2c965df5aafcc1534d02618
python-perf-2.6.32-504.12.2.el6.x86_64.rpm
Source:
96437f63c16ff5ec85f88e479315b668fec710041b4e316214d1a3c555858231
kernel-2.6.32-504.12.2.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS] Network throughput testing software available for CentOS/Linux
Hello everyone, A network engineer buddy of mine brought up for discussion with me that he'd like to do some throughput testing, but he's new to Linux/RedHat. Is there any software I can recommend to him that any of you find above par for CentOS 6/7? Thanks! Gilbert *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] CEBA-2015:0676 CentOS 6 mlocate FASTTRACK BugFix Update
CentOS Errata and Bugfix Advisory 2015:0676
Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0676.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9d76f451da0b0d8f11a0f7fcccabe7b84338026ddc5f60353c0fb89910c253f0
mlocate-0.22.2-6.el6.i686.rpm
x86_64:
82003a710e7baf8904210c26ac9a800108f6a8916a5240fe7d713d6a5fdf52be
mlocate-0.22.2-6.el6.x86_64.rpm
Source:
f2296c5f7e3414b4da578f6b8578bc6b828aa05f9b13b5bf8618b5af7078ab10
mlocate-0.22.2-6.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, Mar 12, 2015 at 2:25 PM, Warren Young w...@etr-usa.com wrote: On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote: On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com wrote: I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 That’s only for RHEL 7: http://goo.gl/AtjIyI Aside from being irritating, that's just wrong. I'm using that syntax on Centos5, ADDRESS0=192.168.128.0 NETMASK0=255.255.128.0 GATEWAY0=40.53.24.3 This is the scheme used in prior versions of RHEL. I think both types of syntax will work in all versions. The GUI tools do the latter form. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, Mar 12, 2015 at 3:01 PM, Robert Moskowitz r...@htt-consult.com wrote: where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 That’s only for RHEL 7: http://goo.gl/AtjIyI Aside from being irritating, that's just wrong. I'm using that syntax on Centos5, AH, I think I see what I did wrong. I put that line in the ifcfg-eth0 when according to this page, it goes in the route-eth0 just like the old format. I will give that a try tomorrow... Yes, I missed that part. You can put a default gateway in the ifcfg- file with GATEWAY= but if you have more than one NIC you should only have one GATEWAY= entry for the NIC facing that router, and any routes in a route-xxx file should be through a router where the next hop specified is reachable though the xxx-named interface. The routes are added as the interfaces are brought up and will fail if the gateway specified isn't reachable - as might happen if they need to go through an interface that isn't up yet. If you only have one interface you don't have to worry about that - the default GATEWAY= can be in ifcfg-eth0 and the static route(s) through a different router on the same subnet go in route-eth0. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On 03/12/2015 04:12 PM, Les Mikesell wrote: On Thu, Mar 12, 2015 at 3:01 PM, Robert Moskowitz r...@htt-consult.com wrote: where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 That’s only for RHEL 7: http://goo.gl/AtjIyI Aside from being irritating, that's just wrong. I'm using that syntax on Centos5, AH, I think I see what I did wrong. I put that line in the ifcfg-eth0 when according to this page, it goes in the route-eth0 just like the old format. I will give that a try tomorrow... Yes, I missed that part. You can put a default gateway in the ifcfg- file with GATEWAY= but if you have more than one NIC you should only have one GATEWAY= entry for the NIC facing that router, and any routes in a route-xxx file should be through a router where the next hop specified is reachable though the xxx-named interface. The routes are added as the interfaces are brought up and will fail if the gateway specified isn't reachable - as might happen if they need to go through an interface that isn't up yet. If you only have one interface you don't have to worry about that - the default GATEWAY= can be in ifcfg-eth0 and the static route(s) through a different router on the same subnet go in route-eth0. What I really need to do is get RIP working on that router and get my servers to listen to RIP... One leap at a time! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, Mar 12, 2015 at 3:16 PM, Robert Moskowitz r...@htt-consult.com wrote: What I really need to do is get RIP working on that router and get my servers to listen to RIP... One leap at a time! The usual quick-fix in a small network is to make your default router know about everything else. That is, your internet-facing router knows the route to your internal router - and vice versa. Then if you send to a single default and have a destination address that the other router on the same network should handle, it will forward the packet for you _and_ send you an icmp redirect telling you that it will save time if you send to the other router yourself. That way the computers don't have to participate in real routing protocols. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Prueba: $IPTABLES -A FORWARD -p tcp --dport 443 -j DROP Saludos, David El día 12 de marzo de 2015, 10:31, César Martinez cmarti...@servicomecuador.com escribió: Gracias por responder Luis tu alternativa es válida respecto al host el problema es que solo se necesita bloquear a X equipos no a todos, algo adicional mi proxy es transparente y como sabes squid no bloquea conexiones seguras por el puerto https David sabes que uso esta regla para bloquear el puerto 443 por youtube pero igual en IE carga $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string 'youtube' --algo bm -j DROP $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string youtube.com --algo bm -j DROP De acuerdo a lo comenta nuestro amigo que usa fortiget y le pasa lo mismo no se que tiene ie que hace que cargue youtube, lo que voy a probar es que si cargan los videos eso no he probado porque la pantalla aparece con los videos pero no he probado si reproduce -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 07:32, Luis Hernán de la Barra wrote: Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip, probablemente un sitio local con una advertencia. Se debe tener la precaución en este caso que solo el ip del resolver tenga permiso de salida al puerto 53/udp Son pequeños detalles que en conjunto pueden ayudar. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: David González Romero dgrved...@gmail.com /divdivFecha:12/03/2015 08:59 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divY porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string
Re: [CentOS-es] Bloqueo youtube
Pero con esa regla cierro a todos el puerto 443 la idea es solo cerrar a un deperminado número de ips el acceso al YouTube -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 15:20:41 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Prueba: $IPTABLES -A FORWARD -p tcp --dport 443 -j DROP Saludos, David El día 12 de marzo de 2015, 10:31, César Martinez cmarti...@servicomecuador.com escribió: Gracias por responder Luis tu alternativa es válida respecto al host el problema es que solo se necesita bloquear a X equipos no a todos, algo adicional mi proxy es transparente y como sabes squid no bloquea conexiones seguras por el puerto https David sabes que uso esta regla para bloquear el puerto 443 por youtube pero igual en IE carga $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string 'youtube' --algo bm -j DROP $IPTABLES -I FORWARD -p tcp --dport 443 -m string --string youtube.com --algo bm -j DROP De acuerdo a lo comenta nuestro amigo que usa fortiget y le pasa lo mismo no se que tiene ie que hace que cargue youtube, lo que voy a probar es que si cargan los videos eso no he probado porque la pantalla aparece con los videos pero no he probado si reproduce -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 07:32, Luis Hernán de la Barra wrote: Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip, probablemente un sitio local con una advertencia. Se debe tener la precaución en este caso que solo el ip del resolver tenga permiso de salida al puerto 53/udp Son pequeños detalles que en conjunto pueden ayudar. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: David González Romero dgrved...@gmail.com /divdivFecha:12/03/2015 08:59 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divY porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, 12 Mar 2015 14:25:52 -0500, Warren Young w...@etr-usa.com wrote: ADDRESS0=192.168.128.0 NETMASK0=255.255.128.0 GATEWAY0=40.53.24.3 This is the scheme used in prior versions of RHEL. Are you saying this should not work in RHEL/Cent 7? It works fine for me in 5/6/7. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On 03/12/2015 03:51 PM, Les Mikesell wrote: On Thu, Mar 12, 2015 at 2:25 PM, Warren Young w...@etr-usa.com wrote: On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote: On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com wrote: I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 That’s only for RHEL 7: http://goo.gl/AtjIyI Aside from being irritating, that's just wrong. I'm using that syntax on Centos5, AH, I think I see what I did wrong. I put that line in the ifcfg-eth0 when according to this page, it goes in the route-eth0 just like the old format. I will give that a try tomorrow... ADDRESS0=192.168.128.0 NETMASK0=255.255.128.0 GATEWAY0=40.53.24.3 This is the scheme used in prior versions of RHEL. I think both types of syntax will work in all versions. The GUI tools do the latter form. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] Tapdisk processes being left behind when hvm domu's migrate/shutdown
Hi All, I'm seeing tapdisk processes not being terminated after a HVM vm is shutdown or migrated away. I don't see this problem with linux paravirt domu's, just windows hvm ones. xl.cfg: name = 'nathanwin' memory = 4096 vcpus = 2 disk = [ 'file:/mnt/gtc_disk_p1/nathanwin/drive_c,hda,w' ] vif = [ 'mac=00:16:3D:01:03:E0,bridge=vlan208' ] builder = hvm kernel = /usr/lib/xen/boot/hvmloader localtime = 0 on_poweroff = destroy on_reboot = restart on_crash = destroy vnc = 1 vncunused = 1 cpuid = [ '0:eax=1011', '1:eax=001001101110,ecx=101110111010001000100011,edx=0001000010111011', '2:eax=01010101001101011011', '7,0:eax=,ebx=,ecx=,edx=', '13,1:eax=xxx0', '10:ebx=', '11:edx=', '2147483650:eax=01100101011101000110111001001001,ebx=0010100101010010001011101100,ecx=01100110010101011010,edx=0010100101010010001011101110', '2147483651:eax=01010101010101110010,ebx=0010001000100010,ecx=0010001000100010,edx=0100111000100010', '2147483652:eax=001100110111011000110101,ebx=001001100010,ecx=00110111001100100010111000110010,edx=0010010011000111', '2147483656:eax=001100101000', ] Starting with the VM running initially on another host, I migrate it in: migration target: Ready to receive domain. Saving to migration stream new xl format (info 0x0/0x0/1450) Loading new save file incoming migration stream (new xl fmt info 0x0/0x0/1450) Savefile contains xl domain config WARNING: ignoring kernel directive for HVM guest. Use firmware_override instead if you really want a non-default firmware xc: progress: Reloading memory pages: 56320/11141935% xc: progress: Reloading memory pages: 1003520/1114193 90% DEBUG libxl__blktap_devpath 37 aio:/mnt/gtc_disk_p1/nathanwin/drive_c DEBUG libxl__blktap_devpath 40 /dev/xen/blktap-2/tapdev0 DEBUG libxl__blktap_devpath 37 aio:/mnt/gtc_disk_p1/nathanwin/drive_c DEBUG libxl__blktap_devpath 40 /dev/xen/blktap-2/tapdev2 migration target: Transfer complete, requesting permission to start domain. migration sender: Target has acknowledged transfer. migration sender: Giving target permission to start. migration target: Got permission, starting domain. migration target: Domain started successsfully. migration sender: Target reports successful startup. DEBUG libxl__device_destroy_tapdisk 66 type=aio:/mnt/gtc_disk_p1/nathanwin/drive_c disk=:/mnt/gtc_disk_p1/nathanwin/drive_c Migration successful. and now I have 2 tapdisk procs: gtc-vana-005 ~ # ps auxf | grep tapdisk root 32491 0.1 0.2 20364 4636 ?SLs 11:06 0:00 tapdisk root 32520 0.0 0.2 20364 4636 ?SLs 11:06 0:00 tapdisk Which seems odd given that the VM in question only has a single disk attached to it and the qemu proc indicates it's using tapdev2: root 32524 0.4 0.7 323208 15040 ?SLsl 11:06 0:00 /usr/lib/xen/bin/qemu-system-i386 -xen-domid 3 -chardev socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-3,server,nowait -mon chardev=libxl-cmd,mode=control -nodefaults -name nathanwin--incoming -vnc 127.0.0.1:0,to=99 -device cirrus-vga -global vga.vram_size_mb=8 -boot order=cda -smp 2,maxcpus=2 -device rtl8139,id=nic0,netdev=net0,mac=00:16:3d:01:03:e0 -netdev type=tap,id=net0,ifname=vif3.0-emu,script=no,downscript=no -incoming fd:13 -machine xenfv -m 4088 -drive file=/dev/xen/blktap-2/tapdev2,if=ide,index=0,media=disk,format=raw,cache=writeback gtc-vana-005 ~ # lsof -p 32520 | grep blktap-2 tapdisk 32520 root memCHR 246,2 886671 /dev/xen/blktap-2/blktap2 tapdisk 32520 root 19u CHR 246,2 0t0 886671 /dev/xen/blktap-2/blktap2 gtc-vana-005 ~ # lsof -p 32491 | grep blktap-2 tapdisk 32491 root memCHR 246,0 903999 /dev/xen/blktap-2/blktap0 tapdisk 32491 root 14u CHR 246,0 0t0 903999 /dev/xen/blktap-2/blktap0 I then migrate this VM off to another host: migration target: Ready to receive domain. Saving to migration stream new xl format (info 0x0/0x0/1450) Loading new save file incoming migration stream (new xl fmt info 0x0/0x0/1450) Savefile contains xl domain config WARNING: ignoring kernel directive for HVM guest. Use firmware_override instead if you really want a non-default firmware xc: progress: Reloading memory pages: 56320/11141935% xc: progress: Reloading memory pages: 1003520/1114193 90% DEBUG
Re: [CentOS] Centos 6 - Persistant static routes
On 03/12/2015 01:50 PM, Earl A Ramirez wrote: On 12 March 2015 at 13:43, Robert Moskowitz r...@htt-consult.com wrote: I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in- debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I have used this document [0] in the past and it worked for me, let me know if it works for you. [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-networkscripts-static-routes-network-netmask-directives.html Yes it did. Brings back some really old memories of doing this way some 10 years ago. Back when I built a firewall on Centos4 with lots of ethernets and Shorewall and stuff. thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Tapdisk processes being left behind when hvm domu's migrate/shutdown
On Thu, Mar 12, 2015 at 6:11 PM, Nathan March nat...@gt.net wrote: Hi All, I'm seeing tapdisk processes not being terminated after a HVM vm is shutdown or migrated away. I don't see this problem with linux paravirt domu's, just windows hvm ones. Interesting -- actually you get the same effect just starting and shutting down a guest. It creates two tapdisk processes, but on shutdown only destroys one. I'll look into it. -George ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Centos 6 - Persistant static routes
On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote: On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com wrote: I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 That’s only for RHEL 7: http://goo.gl/AtjIyI ADDRESS0=192.168.128.0 NETMASK0=255.255.128.0 GATEWAY0=40.53.24.3 This is the scheme used in prior versions of RHEL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mysql replication - problems
On Thu, Mar 12, 2015 at 10:49 AM Tim Dunphy bluethu...@gmail.com wrote: No: /etc/pki/CA should NOT be group writeable. Ditto for /etc/pki/tls/cernts and private I agree - Sorry I did not mean to imply that the directory permissions on /etc/pki/CA should be modified. However it was mentioned it as a probable issue for his ssl configuration on mysql/mariadb not . Ok, yeah I can understand that. I'll correct it. Still need a way to get SSL enabled however. Any suggestions there? Thanks Tim Here's a test I did on a vanilla Centos 7 with mariadb from the stock Centos repo, first with the locations you chose on your non-working scenario, and second with an alternate location chosen for the ssl key and cert files. First example: -- /etc/my.cnf.d/server.cnf [mysqld] ssl-key=/etc/pki/CA/private/test-key.pem ssl-cert=/etc/pki/CA/certs/test-cert.pem Here were the errors on startup from having the ssl files in that location which subsequently end up ssl being disabled, much like you are experiencing. -- /var/log/mariadb/mariadb.log 150312 13:37:51 InnoDB: Waiting for the background threads to start 150312 13:37:52 Percona XtraDB (http://www.percona.com) 5.5.40-MariaDB-36.1 started; log sequence number 0 150312 13:37:52 [Note] Plugin 'FEEDBACK' is disabled. SSL error: Unable to get private key from '/etc/pki/CA/private/test-key.pem' 150312 13:37:52 [Warning] Failed to setup SSL 150312 13:37:52 [Warning] SSL error: Unable to get private key 150312 13:37:52 [Note] Server socket created on IP: '0.0.0.0'. 150312 13:37:52 [Note] Event Scheduler: Loaded 0 events 150312 13:37:52 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.5.41-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server MariaDB [(none)] show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | DISABLED | | have_ssl | DISABLED snip Second example: Here is the results of the ssl key and cert files being moved to another specific location where the mysql user can read those files and restarting the service: -- /etc/my.cnf.d/server.cnf [mysqld] ssl-key=/etc/mysql/test-key.pem ssl-cert=/etc/mysql/test-cert.pem -- /var/log/mariadb/mariadb.log 150312 13:48:19 InnoDB: Waiting for the background threads to start 150312 13:48:20 Percona XtraDB (http://www.percona.com) 5.5.40-MariaDB-36.1 started; log sequence number 1597945 150312 13:48:20 [Note] Plugin 'FEEDBACK' is disabled. 150312 13:48:20 [Note] Server socket created on IP: '0.0.0.0'. 150312 13:48:20 [Note] Event Scheduler: Loaded 0 events 150312 13:48:20 [Note] /usr/libexec/mysqld: ready for connections. Version: '5.5.41-MariaDB' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Server MariaDB [(none)] show variables like '%ssl%'; +---+--+ | Variable_name | Value| +---+--+ | have_openssl | YES | | have_ssl | YES | snip If you want to maintain consistency and store the certificates in /etc/pki/* these should be the locations where they can be stored: #certs, including intermediates /etc/pki/tls/certs # keys /etc/pki/tls/private Here were the result of a third test: -- /etc/my.cnf.d/server.cnf [mysqld] ssl-key=/etc/pki/tls/private/test-key.pem ssl-cert=/etc/pki/tls/certs/test-cert.pem MariaDB [(none)] show variables like '%ssl%'; +---+---+ | Variable_name | Value | +---+---+ | have_openssl | YES | | have_ssl | YES | | ssl_ca| | | ssl_capath| | | ssl_cert | /etc/pki/tls/certs/test-cert.pem | | ssl_cipher| | | ssl_key | /etc/pki/tls/private/test-key.pem | +---+---+ Best, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tasks in /etc/cron.daily on CentOS 7?
On 11/03/2015 15:17, Niki Kovacs wrote: Hi, I just configured SquidAnalyzer, a nifty little network statistics tool that I'm using mainly in school networks to monitor network usage. I want to run the '/usr/bin/squid-analyzer' script once a day. I took a peek in /etc/cron.daily, and the package already installed an /etc/cron.daily/0squidanalyzer script. I wanted to know at what time CentOS ran the cron.daily scripts, so I typed crontab -l, but there was only no cronjobs defined for root. Here's how things look on a public Slackware64 14.0 server I administrate: # crontab -l ... # Run hourly cron jobs at 47 minutes after the hour: 47 * * * * /usr/bin/run-parts /etc/cron.hourly 1 /dev/null # # Run daily cron jobs at 4:40 every day: 40 4 * * * /usr/bin/run-parts /etc/cron.daily 1 /dev/null # # Run weekly cron jobs at 4:30 on the first day of the week: 30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1 /dev/null # # Run monthly cron jobs at 4:20 on the first day of the month: 20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1 /dev/null How is this handled on CentOS 7? Cheers, Niki CentOS / RHEL 7 use anacron for this [root@server~]# cat /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=45 # the jobs will be started during the following hours only START_HOURS_RANGE=3-22 #period in days delay in minutes job-identifier command 1 5 cron.daily nice run-parts /etc/cron.daily 7 25 cron.weekly nice run-parts /etc/cron.weekly @monthly 45 cron.monthlynice run-parts /etc/cron.monthly Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] Docs strategy and tactics [RFC]
As I discussed earlier with you, I am very much excited about this idea, bringing a new user friendly standard of writing as well as accessing the documentation. A couple of queries, The author writes up in markup language - possibly host the content on github - discussion over the content on mailing list - changes to be done - changes done -- seems fine till here. We define a markup language, style to be followed, author writes in this style. Now the main part is preparing for target location and delivering. -- If it has to be pushed to upstream, our tool chains converts the document according to the upstream guidelines, push it. When we are pushing to upstream repo, we don't care about what they do with it, we just convert the content according to their guidelines and push it. -- All good here. When git.centos.org is involved, we have to actually deal with the pushed content too. Right now centos.org/docs hosts content from RHEL. We have to generate the centos.org/docs from our repo. -- Is it right? Major change in how centos.org/docs work is required. -- Aren't we too much depending on github for these tasks? Any alternatives here? We promote the content using existing channels of our centos, and possibly upstream channels if content is pushed to them. -- All good here. Is the workflow I discussed in line with yours Karsten? I already have a couple of tools in mind for this but lets leave that thing to my GSOC proposal discussion with you. It would be nice to bring technical requirements too in this discussion. Regards, Kunaal Jain ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Network throughput testing software available for CentOS/Linux
On 12-03-2015 17:39, Digimer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/15 04:29 PM, Gilbert Sebenste wrote: Hello everyone, A network engineer buddy of mine brought up for discussion with me that he'd like to do some throughput testing, but he's new to Linux/RedHat. Is there any software I can recommend to him that any of you find above par for CentOS 6/7? Thanks! Gilbert I've used iperf a lot successfully. I have an RPM for EL6 on my repo here: https://alteeve.ca/an-repo/el6/RPMS/x86_64/iperf-2.0.5-11.el6.anvil.x86_64.rpm The source is there, and I would be surprised if it didn't build easily on EL7. https://alteeve.ca/an-repo/el6/SRPMS/iperf-2.0.5-11.el6.anvil.src.rpm +1 for iperf, and it's available on EPEL also https://dl.fedoraproject.org/pub/epel/6/x86_64/ EPEL6 has iperf and iperf3 while EPEL7 has just iperf3. netperf is also very good, but it's more complex to use and I'm not aware of packages for it. Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On Thu, Mar 12, 2015 at 01:43:27PM -0400, Robert Moskowitz wrote: I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? Are you using NetworkManager? I think you have to specifically remove it although I am not quite sure when RH made it the default (nor am I sure if it would override routes, but it frequently seems to cause issues.) Also, the article doesn't say add the lineifcfg-eth0. The article says add it to route-eth0. Was that just a typo on your part? -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - Persistant static routes
On 03/12/2015 08:46 PM, Scott Robbins wrote: On Thu, Mar 12, 2015 at 01:43:27PM -0400, Robert Moskowitz wrote: I know how to use 'ip' to set up a static route, e.g.: ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0 But if you reboot or restart network, you loose this. Thus you have to make it persistant. I found: http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html where it says to add to ifcfg-eth0: 192.168.128.0/17 via 40.53.24.3 But this did not work after the interface was restarted. So what is the proper to set up persistant static routes? Are you using NetworkManager? I think you have to specifically remove it although I am not quite sure when RH made it the default (nor am I sure if it would override routes, but it frequently seems to cause issues.) No NetworkManager on these systems. Also, the article doesn't say add the lineifcfg-eth0. The article says add it to route-eth0. Was that just a typo on your part? Misread on my part. My dyslexia at work (have to have something to blame!). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Cesar el objetivo de mi regla es precisamente PROBAR si al cerrar el 443 ese ie no te abre más el 443, si lo abre entonces cuelgo mis guantes y reconozco que hay brujeria en ie; sino tus reglas están mal. Saludos, David El día 12 de marzo de 2015, 18:45, César Martinez cmarti...@servicomecuador.com escribió: Hola Luis si de echo tengo una función con un for para validar eso el problema es que con la regla con string en internet explorer carga el youtube -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 16:22, Luis Hernán de la Barra wrote: Colocas antes en iptables una (o varias) regla que acepte las ips autorizadas. Cuidado que te pueden suplantar el ip de origen. Tal vez podrias fijar las mac con su ip en el servidor centos. Luis de la Barra www.wyzer.cl Consejos CentOS, Redes y Desarrollo Web div Mensaje original /divdivDe: César Martínez cmarti...@servicomecuador.com /divdivFecha:12/03/2015 17:29 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divPero con esa regla cierro a todos el puerto 443 la idea es solo cerrar a un deperminado número de ips el acceso al YouTube ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloqueo youtube
Hola Luis si de echo tengo una función con un for para validar eso el problema es que con la regla con string en internet explorer carga el youtube -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 12/03/15 16:22, Luis Hernán de la Barra wrote: Colocas antes en iptables una (o varias) regla que acepte las ips autorizadas. Cuidado que te pueden suplantar el ip de origen. Tal vez podrias fijar las mac con su ip en el servidor centos. Luis de la Barra www.wyzer.cl Consejos CentOS, Redes y Desarrollo Web div Mensaje original /divdivDe: César Martínez cmarti...@servicomecuador.com /divdivFecha:12/03/2015 17:29 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divPero con esa regla cierro a todos el puerto 443 la idea es solo cerrar a un deperminado número de ips el acceso al YouTube ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-docs] Docs strategy and tactics [RFC]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been thinking for a little while, and talking with people, about what would be a good documentation strategy for the CentOS Project. == tl;dnr aka Summary This is a proposal around creating new, short-format documentation about doing cool new things on top of CentOS Linux. These docs would support the work of the various SIGs (Cloud, Storage, Virt, etc.), in some cases living in the upstream project and rebuilt in to CentOS by SIGs. == Overview When it comes to all the documentation we can think about, there are several areas with clear importance: 1. Base CentOS Linux materials, which are numerous and include the upstream RHEL documentation set. These are focused on installation, configuration, and administration of various parts of a CentOS Linux instance or set of instances. 2. Doing cool things on top of CentOS Linux. 3. Content for working within the project, such as part of a SIG, how to ask questions on IRC, and how to conduct oneself on mailing lists. For item 3, we have some fairly robust and growing content, and I think that can continue to grow somewhat organically. We may want to adopt tooling and workflow from this proposal as it matures. For item 1, we are currently blocked from moving ahead by not being able to easily rebrand and reuse the RHEL doc set without the XML sources. Reworking external content is also an idea, but a similar pain for different reasons. I want to set aside this item for the purposes of this thread. Item 2 is the one where we can get some great traction: * Content that shows how to do things on top CentOS Linux is key for adoption of new use cases. * It's an area where we can lower the barriers to contribution greatly. * Many upstream projects can benefit from better content on how to use their software on CentOS Linux, and the Project benefits from the shared exposure. The below strategy proposal is focused around item 2. ## BEGIN PROPOSAL You've just installed CentOS Linux, great, congratulations -- you now have an expensive heater. What people need is content on how to /do something/ with that installation. -- Jim Perrin == Overview The overall idea is two basic parts: 1. Focus on short-form, how-to/tutorial content. In many cases, multiple docs/articles are linked together to show the various steps. For example, these ARMv8 posts from Jim: http://seven.centos.org/2015/03/centos-linux-7-and-arm/ http://seven.centos.org/2015/03/building-centos-linux-7-for-armv8/ 2. Docs that are about combining an upstream (usually via a SIG) either i) live in the upstream repo and are rebuilt in to CentOS, or ii) live in CentOS but are shared/socialized into the upstream project and its ecosystem. Goal here is to minimize our own ongoing maintenance by following the same upstream first, carry minimal patches philosophy that goes in to the way Fedora is built and RHEL is maintained. This is an example of an upstream we could contribute in to, using OpenShift Origin on top of CentOS Linux: https://blog.openshift.com/new-platform-new-docs-part/ A workflow might go like this; this is deliberately tooling unspecific, more on tools below. 1. A person has an idea, a draft, or polished piece of content that is about doing something with CentOS Linux. If properly licensed, it can be from an outside person brought in to the Project by one of us. (I.e., you find a great how-to licensed CC BY SA.) 2. Content is brought to centos-docs@centos.org for review of the next step. 3. CentOS Docs SIG[1] reviews and decides next approach: 3.1 If the doc is CentOS Linux or Project specific, canonical source goes to git.centos.org is published to centos.org/docs. It may require conversion to the preferred source format for building as a doc. 3.2 If the doc fits perfectly within an upstream as an example of how to deploy or use the upstream software on the CentOS platform, we push doc to the appropriate upstream(s). Link or copy is carried at centos.org/docs and appropriate wiki pages. 3.3 Unclear where doc fits, so author and SIG members engage with upstream project(s) to find out best way forward. 3.3.1 Write down each upstream preference as we learn. 4. Content is prepared for target location and delivered. 4.1 Document is edited for style, grammar, punctuation, etc. 4.2 Document is edited for ease of translation. 4.3 Conversion to a standard format, if required. 4.4 Check-in to version controlled system. 5. Publicity around document being available -- @centos, proper links across CentOS wiki and at /docs, possibly a blog post highlighting a new series of content, etc. 5.1 Potential interaction with Promo SIG here. == Tooling There are a few levels to think about here where it comes to thinking about a chunk of content: A. The markup used, standards around how it's written (avoid idioms, use the Oxford comma, etc.) B. Tools for editing that don't drive people crazy. C. Tools to
Re: [CentOS-es] Bloqueo youtube
Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] CentOS-announce Digest, Vol 121, Issue 3
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2015:0655 CentOS 6 pulseaudio FASTTRACK BugFix Update (Johnny Hughes) 2. CEBA-2015:0656 CentOS 6 SDL FASTTRACK BugFix Update (Johnny Hughes) 3. CEBA-2015:0657 CentOS 6 ibus FASTTRACK BugFix Update (Johnny Hughes) 4. CEBA-2015:0658 CentOS 6 gnome-settings-daemon FASTTRACK BugFix Update (Johnny Hughes) 5. CEEA-2015:0659 CentOS 6 dracut Enhancement Update (Johnny Hughes) 6. CEBA-2015:0665 CentOS 6 man-pages-ja FASTTRACKBugFix Update (Johnny Hughes) 7. CEBA-2015:0664 CentOS 6 icu FASTTRACK BugFix Update (Johnny Hughes) 8. CEBA-2015:0663 CentOS 6 fprintd FASTTRACK BugFix Update (Johnny Hughes) 9. CEBA-2015:0666 CentOS 6 gstreamer-plugins-good FASTTRACK BugFix Update (Johnny Hughes) 10. CEBA-2015:0667 CentOS 6 man-pages-fr FASTTRACKBugFix Update (Johnny Hughes) 11. CEBA-2015:0668 CentOS 6 enchant FASTTRACK BugFix Update (Johnny Hughes) 12. CEBA-2015:0670 CentOS 6 environment-modules FASTTRACK BugFix Update (Johnny Hughes) 13. CEBA-2015:0671 CentOS 6 chkconfig FASTTRACK BugFix Update (Johnny Hughes) 14. CESA-2015:0672 Moderate CentOS 6 bind SecurityUpdate (Johnny Hughes) 15. CEBA-2015:0669 CentOS 5 crash BugFix Update (Johnny Hughes) -- Message: 1 Date: Wed, 11 Mar 2015 11:09:21 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2015:0655 CentOS 6 pulseaudio FASTTRACK BugFix Update Message-ID: 2015030921.ga34...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2015:0655 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0655.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e4975f36073d153afc05f97df273e4bc27a530b00092571b5c374317bfbca084 pulseaudio-0.9.21-21.el6.i686.rpm c4b6760734cdcc35bd09dab81db39245e7ced9b007e9028dd9c6fe20166179b2 pulseaudio-esound-compat-0.9.21-21.el6.i686.rpm 6df9ddacba16a4b8a50e6bb9ee9efddb789d51ba84bbfbc855dfe63c83f7e7fa pulseaudio-gdm-hooks-0.9.21-21.el6.i686.rpm 606f945f55cf25d4ad1560ea7adb1bf86a0ce0eb58df63cd8ecf87b32f1d4a3c pulseaudio-libs-0.9.21-21.el6.i686.rpm 58ddbfca845b279d2baf46205b7c7052db8f2423e9b4f7b7ba8c8036e8493fd1 pulseaudio-libs-devel-0.9.21-21.el6.i686.rpm b546f6ad09df7f6add6f0d022132c59d3d94edeb70655caa36d221c4d3cc2eb7 pulseaudio-libs-glib2-0.9.21-21.el6.i686.rpm 84289b11dcf4bfb6eebdf0130c1820d737bf79341e3fb578d52be0dd628ec490 pulseaudio-libs-zeroconf-0.9.21-21.el6.i686.rpm 1d3744c299816f362b46c8e96c71346253f9089be67cc1a106b95a4b473fe29f pulseaudio-module-bluetooth-0.9.21-21.el6.i686.rpm fa96af8f6c553d38d33239c34334dbd089aceeb32aeabd8e41d707d441d978b1 pulseaudio-module-gconf-0.9.21-21.el6.i686.rpm 751d3862eac2cb6a7cd17fb9202435aafb04aea8e77581469682f0a48afd7690 pulseaudio-module-x11-0.9.21-21.el6.i686.rpm 43398b3e806cb5640c603bdfe7ffa4b7cbd427f72808bae130362d74db8bc333 pulseaudio-module-zeroconf-0.9.21-21.el6.i686.rpm b3badf869a14b2992de00f4c32910af0cbda62e17e74d60b604fb6597b93c25a pulseaudio-utils-0.9.21-21.el6.i686.rpm x86_64: 3e4ca86ddc297736944bcfdb50d14ecba40fa398eb61d8cb7c1d68130c860914 pulseaudio-0.9.21-21.el6.x86_64.rpm 7dae9e466bc41225817518d596c87fefaef7cca3059d8563a87782d18d97dc91 pulseaudio-esound-compat-0.9.21-21.el6.x86_64.rpm e588fb3c36c15d0864c9c26550b75ebf26f7ac9669c83fca31d821b835cf2940 pulseaudio-gdm-hooks-0.9.21-21.el6.x86_64.rpm 606f945f55cf25d4ad1560ea7adb1bf86a0ce0eb58df63cd8ecf87b32f1d4a3c pulseaudio-libs-0.9.21-21.el6.i686.rpm a5ec585204e0fe6ae10b05bbadf820bc657136c800bffcdfee4ee38b25d3e99a pulseaudio-libs-0.9.21-21.el6.x86_64.rpm 58ddbfca845b279d2baf46205b7c7052db8f2423e9b4f7b7ba8c8036e8493fd1 pulseaudio-libs-devel-0.9.21-21.el6.i686.rpm cf66ae46082155294cfb5212acf3999469c97ffc1dba7bde60480e0ec1378b5a pulseaudio-libs-devel-0.9.21-21.el6.x86_64.rpm b546f6ad09df7f6add6f0d022132c59d3d94edeb70655caa36d221c4d3cc2eb7 pulseaudio-libs-glib2-0.9.21-21.el6.i686.rpm ce2f148217e9b43203d84e94a81f2c5dbc23c772a75b6bc4db2e6161b7d95559 pulseaudio-libs-glib2-0.9.21-21.el6.x86_64.rpm 84289b11dcf4bfb6eebdf0130c1820d737bf79341e3fb578d52be0dd628ec490 pulseaudio-libs-zeroconf-0.9.21-21.el6.i686.rpm
Re: [CentOS-es] Bloqueo youtube
Cesar, Siempre es más costoso hacer búsqueda de un string sobre un bloque de datos, lo que puede perjudicar el desempeño. Se recomienda ordenar los criterios comenzando con el más simple, como protocolo tcp, continuar con el puerto 80 o 443, probablemente incluir los segmentos de red destino para finalmente realizar la búsqueda por string. Honestamente prefiero utilizar un proxy como squid para filtrar contenidos web. En tu red puedes configurar Proxy auto discovery o configurar como transparent-proxy. Saludos. Luis de la Barra www.wyzer.cl Enviado desde Samsung Mobile div Mensaje original /divdivDe: César Martinez cmarti...@servicomecuador.com /divdivFecha:11/03/2015 18:48 (GMT-04:00) /divdivA: centos-es@centos.org /divdivAsunto: Re: [CentOS-es] Bloqueo youtube /divdiv /divAdicional a esto alguien sabe si es cierto que si se usa string el desempeño de la red baja es decir que se hace un poco lento, no se si alguien trabaje ya con string y pueda dar un criterio de esto, gracias -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 16:05, César Martinez wrote: El problema es que no manejo yo este servidor, por eso la idea es meterlo en un bucle que lea un archivo de texto donde estan las ips bloqueadas, de esta forma el operador via webmin agrega la ip al archivo, reincia el firewall y el squid y listo, pero el lio es que si lo hago por ip debe entrar a la consola par agregar nueva ip y esto es un lio para el. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloqueo youtube
Y porque no pruebas cerrando todo el puerto 443... es lo que quiero que pruebes, porque si usas una regla del tipo iptables ... -dport 443 youtube.com El DNS bloqueará el IP que en el instante de levantarse el IPtables haya agarrado como youtube.com; y según creo youtube.com tiene varios IP que responden a ese nombre. Prueba bloquear todo el trafico al puerto 443 y luego intenta de nuevo. Saludos, David El día 12 de marzo de 2015, 7:30, César Martínez cmarti...@servicomecuador.com escribió: Hola David aplique una regla para cerrar el puerto 443 de YouTube pero en ie se abre -- Saludos César Martínez Ingeniero de Sistemas Enviado desde mi móvil Samsung Galaxy El 12 de marzo de 2015 05:18:08 GMT-05:00, David González Romero dgrved...@gmail.com escribió: Sigo pensando que si cierras el puerto 443 no te debería abrir... Saludos, David El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo l.hua...@gmail.com escribió: Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo mismo, todo bloqueado pero el ie8 pasa y visualiza youtube sólo con https. ¿La magia de Bill? Claro q carga el sitio, las imágenes, pero no cargan los vídeos. Curioso problema con ie8. El 11/03/2015 15:19, César Martinez cmarti...@servicomecuador.com escribió: No me marca nada en el log del firewall la alternativa momentanea es bloquear por ip ahí si no carga en IE seguiré buscando la solución, gracias a todos y si alguien tiene alguna otra idea gracias. -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 10:17, Emilio Alvarado wrote: Que ves en el log de iptables? Emilio Alvarado El 10 de marzo de 2015 17:35:31 César Martinez cmarti...@servicomecuador.com escribio: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Network throughput testing software available for CentOS/Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/15 08:42 PM, Marcelo Ricardo Leitner wrote: On 12-03-2015 17:39, Digimer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/15 04:29 PM, Gilbert Sebenste wrote: Hello everyone, A network engineer buddy of mine brought up for discussion with me that he'd like to do some throughput testing, but he's new to Linux/RedHat. Is there any software I can recommend to him that any of you find above par for CentOS 6/7? Thanks! Gilbert I've used iperf a lot successfully. I have an RPM for EL6 on my repo here: https://alteeve.ca/an-repo/el6/RPMS/x86_64/iperf-2.0.5-11.el6.anvil.x86_64.rpm The source is there, and I would be surprised if it didn't build easily on EL7. https://alteeve.ca/an-repo/el6/SRPMS/iperf-2.0.5-11.el6.anvil.src.rpm +1 for iperf, and it's available on EPEL also https://dl.fedoraproject.org/pub/epel/6/x86_64/ EPEL6 has iperf and iperf3 while EPEL7 has just iperf3. netperf is also very good, but it's more complex to use and I'm not aware of packages for it. Marcelo I most likely compiled it from the EPEL repo, so I'd say to go get it there, not from my repo. Cheers - -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVAkBnAAoJECChztQA3mh0EhQQAJOtbXEzpsPSmk6vFgwHaZ47 ZUXWUYH0pb3mij/w99vRck/SP2vjJkQJY6T+SFqoG/otJBGk7SKvAr9uBz53ocyd HjgP0NAUUKrIcRnJm6YARzNAky2i5paFIJw5IpIQvtC2U6JjbhRNnAeNEb0I/xCQ Wr8mutfmkGilTbBl3S9ggof4PvB5CaXOCbWFohy/Kmo7xQGxZ92o06pGOpBf1R+A X9SQqJfqjp4hS0N3uPr92aYvJ0Bugq3/nQbZHqAYHw0ri4suINz0DUQ/MKv9niC2 HPApvGMaH/s04n/mgNMoyPq4eIxhaJuv0XhluFzgEl6nDlftRNZwZiTYvowCcybX eWsx4lcKiXWjAr/c/wLFJ7G27Jvlm13K2FxxSG5Epe0qX6lk3FKweraM1SeqewnP Ao22KVjJHFc0eCP/iUsA5qHpS6+Zg/zh8SOiEds3v+VYolCPn2L0G2B7kWOMJAlc +YgsULi7u4iH9oxWFUO1Lt36GKYb50A70Lgg/zkuhYCe+QoPrwSkKuyUuDiFSGF3 H+Oz+Orrib6w9O+sswIUkZEwc6NGKZSjDmitV40/5wpX2TJ7WTbI5YhFLyYW7QPm TnTwgqO6o4RBpIQOYPQitoBUvnqDynKqoL1wM/CpdJxU/tUwuic8zI3jBBe8unGo VlRKkdA00NTz613aIPZ9 =5Sbl -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Bloqueo youtube
Intenta eliminando los temporales de loa navegadores a ver si en realidad ingresa El 11/03/2015 09:04, César Martinez cmarti...@servicomecuador.com escribió: Gracias amigo pero igual se demora pero al final carga el sitio son en ie -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 08:22, Roberto Bermúdez wrote: Amigo no te funciona la siguiente regla? iptables -I FORWARD -p tcp -m string --string www.youtube.com --dport 443 --algo bm –j DROP o REJECT El 10/03/2015 15:35, César Martinez cmarti...@servicomecuador.com escribió: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Bloqueo youtube
Si de echo estoy vaciando con ccleaner y luego por si las moscas le hago control + f5 -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 09:07, Roberto Bermúdez wrote: Intenta eliminando los temporales de loa navegadores a ver si en realidad ingresa El 11/03/2015 09:04, César Martinez cmarti...@servicomecuador.com escribió: Gracias amigo pero igual se demora pero al final carga el sitio son en ie -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 11/03/15 08:22, Roberto Bermúdez wrote: Amigo no te funciona la siguiente regla? iptables -I FORWARD -p tcp -m string --string www.youtube.com --dport 443 --algo bm –j DROP o REJECT El 10/03/2015 15:35, César Martinez cmarti...@servicomecuador.com escribió: Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que hace proxy firewall en este servidor bloqueo sitios https con un post que Epe tiene publicado en ecualug y acoplado un poco de mi parte, puedo bloquear cualquier sitio https menos youtube, bueno más bien youtube a medias porque se bloquea en todos los navegadores excepto internet explorer llevo ya como dos semanas tratando de solventar esto y no funciona, no bloqueo por ips ya que algunas ips de youtube funcionan para gmail y google, de pronto alguien a logrado cerrar youtube en todos los navegadores y pueda ayudarme, aquí al regla con al que bloqueo $IPTABLES -I FORWARD -s 192.168.0.1/24 -p tcp -m string --string facebook --algo kmp -j REJECT -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
