Re: [CentOS] ip_conntrack: table full, dropping packet.
On Friday 18 April 2008 12:23, Masry Alex wrote: #that's what the mentioned article suggested..I'm not sure it's working! *raw -A PREROUTING -p tcp -m tcp --dport 80 -j NOTRACK Do you have a chain called NOTRACK? What is setup under it? COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT #no tracking needed for this -A INPUT -p tcp --dport 80 -j ACCEPT #that would be another question but I can't get rid of this while using ssh tunneling -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT OK, here is your problem. The above line should be the first line in your INPUT statement. IPTABLES reads top down so it executes the rules in the order they are placed. Since you have '--dport 80' rule before the 'ESTABLISHED,RELATED' rule it add the address to the conntrack. Every packet is being added to the conntrack making a bunch of tracking tracking the same host. If 'ESTABLISHED,RELATED' were first it would check to see if the host has already connected and allow them to continue to connect without adding then to the tracking table every time a packet comes. You want 'ESTABLISHED,RELATED first in all your rule chains. There is a way around this if you want '--dport 80' before the 'ESTABLISHED,RELATED' and that would be like this: -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT Your rules are a mix of Stateful and Non-Stateful chose one or the other. Preferable Stateful. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] network Interface
On Tuesday 22 April 2008 01:49, gopinath wrote: if i run ifconfig it displays the eth0 its ip and Hwaddress if i boot to Centos 5.1 or Redhat 7.3 the pc is able to communicated to everyone on the networks. Please help me out. How about check the configs against one another on all 3 systems. Could be you just fatfingered something when setting up. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems with KMail and signatures
Hello, For some reason KMail is all but coming to a stand still when I open messages with any kind of signature. So I goto the configuration page of KMail Security Crypo Back ends and I see nothing is checked off. So I hit rescan and get the error that is listed in the attachment. Anyone else having this issue? -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org attachment: kmail-gpg.png___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with KMail and signatures
On Thursday 24 April 2008 14:07, Anne Wilson wrote: On Thursday 24 April 2008 18:58:24 Anne Wilson wrote: On Thursday 24 April 2008 18:45:40 Robert Spangler wrote: Hello, For some reason KMail is all but coming to a stand still when I open messages with any kind of signature. So I goto the configuration page of KMail Security Crypo Back ends and I see nothing is checked off. So I hit rescan and get the error that is listed in the attachment. Anyone else having this issue? Standard CentOS kmail has no problems with signatures, so if you don't have a non-standard package I'd suggest checking your cryptography settings. Settings Configure KMail Security Crypto Backends. See what is available there. Sorry - I just re-read your message. When and where did you get that package? Does rpm -qi give any clue? It seems very odd if you had it working before. After more searching I found the problem. Seems my keymanager got cross wired and I had to resart it. Thnx for your help. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS mount problems
On Saturday 26 April 2008 09:05, Anne Wilson wrote: Bringing up interface borg2: RTNETLINK answers: File exists Error adding address 192.168.0.40 for eth0. but ifconfig shows the correct address for eth0. Apr 26 11:11:52 borg2 automount[2547]: create_udp_client: hostname lookup failed: No such process Apr 26 11:11:52 borg2 automount[2547]: create_tcp_client: hostname lookup failed: No such process Apr 26 11:11:52 borg2 automount[2547]: lookup_mount: exports lookup failed for .directory This is a firewall issue. If I turn off the firewall everything works. NFS and SMB are marked as trusted services, but it seems that is not enough. Which ports need to be opened to use these services? I googled and followed that advice, which didn't work, so now I have to ask here. https://www.redhat.com/archives/fedora-list/2008-March/msg02366.html Hmmm - I had opened 111 and 4000-4004, but it seems that they may be the wrong ones. OTOH, this is a huge list. Do I need all these open? First where are you trying to access this machine from? Local LAN or the Internet? If it is local LAN then why not trust the machine that is trying to connect instread of opening a bunch of ports? That is how I do things at home. Local machines are trusted so they can connect anytime on any port. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS mount problems
On Saturday 26 April 2008 10:19, Anne Wilson wrote: On Saturday 26 April 2008 14:29, Robert Spangler wrote: This is a firewall issue. If I turn off the firewall everything works. NFS and SMB are marked as trusted services, but it seems that is not enough. Which ports need to be opened to use these services? I googled and followed that advice, which didn't work, so now I have to ask here. https://www.redhat.com/archives/fedora-list/2008-March/msg02366.html Hmmm - I had opened 111 and 4000-4004, but it seems that they may be the wrong ones. OTOH, this is a huge list. Do I need all these open? First where are you trying to access this machine from? Local LAN or the Internet? If it is local LAN then why not trust the machine that is trying to connect instread of opening a bunch of ports? That is how I do things at home. Local machines are trusted so they can connect anytime on any port. That would be a sensible solution, but how do you set that up? Are you using some sort of GUI to control your firewall or are you editing the firewall file by hand? If you are using a GUI then check out how you can allow ip addresses. If you are editing the firewall file by hand (how I do it) then just add the add something like the following: -A INPUT -s 192.168.0.0/255.255.0.0 -i eth0 -m state --state NEW -j ACCEPT Here is a great tutorial for IPTABLES http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS mount problems
On Monday 28 April 2008 10:47, Philip R. Schaffner wrote: For relatively simple situations Firestarter may be worth a look as a GUI front end: http://www.fs-security.com/ There is an EL4 binary version on the above site, but it builds OK from SRPM on CentOS-5: http://superb-west.dl.sourceforge.net/sourceforge/firestarter/firestarter-1 .0.3-1.src.rpm Firestarter is in the Extra repos. No need to build from source. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos Freezing
Hello, For some reason at different times Centos will freeze and not allow me to do anything. This doesn't happen while I'm working on the system but after I have locked my session and then return. It could goes days without a lockup and then the next time I try to log in it'll be frozen. I would like to know if anyone else has seen this or knows of a fix or where I could start to look to find out if there is a process or something causing this. I normally have the same programs running so I don't think it could be caused by me starting and then leaving something new running. Thanks for your help. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Freezing
On Thursday 15 May 2008 21:51, Karanbir Singh wrote: Hi Robert, Robert Spangler wrote: For some reason at different times Centos will freeze and not allow me to do anything. This doesn't happen while I'm working on the system but after I have locked my session and then return. It could goes days without a lockup and then the next time I try to log in it'll be frozen. I would like to know if anyone else has seen this or knows of a fix or where I could start to look to find out if there is a process or something causing this. Not me, have not had such an issue. make sure you are completely yum-updated for a start. Always. Done nightly. :) I normally have the same programs running so I don't think it could be caused by me starting and then leaving something new running. I guess the reason why no one has replied to your post so far is that its hard to work out or even think about such issues without some more context. Do you have proprietary drivers installed for anything ? ndiswrapper for wifi ? grfx drivers for nvidia or ati ? Could there be a network issue ? Only thing I'm running that isn't in the repo's is the nVidia driver for my Geforce FX550. Oh, Thnx for the reply!! -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos Freezing
On Saturday 17 May 2008 08:12, B.J. McClure wrote: I had a similar situation on CentOS 4.x and on 5.0, different boxes. In both cases it was resolved by replacing a bad stick of RAM. If the box can be off line I would suggest a 24 hour run of memtest. On my systems it only occurred with the GUI running. Thnx. Yes, the box can be off-line for testing and I will try this. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Friday 23 May 2008 21:31, Fajar Priyanto wrote: Actually I have written a small tutorial on iptables, but I haven't translated it into english. I'll let you know when it's done. Hopefully it will be useful for others. Please have someone, or for that matter a few people, who have a good understanding of firewalls look over your tutorial before it is published. While you show a basic understanding of how firewalls work you lack the knowledge of true security. Just my observation. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPTables help
On Friday 23 May 2008 11:03, Fajar Priyanto wrote: On Thursday 22 May 2008 22:30:29 Joseph L. Casale wrote: I have a dual homed server in an install for someone who is very cost sensitive. This server originally is being setup as an Asterisk server, but now the simplest thing for me to do is also set it up to provide internet access for the small shop as well. So it will have one external, WAN facing nic that needs all incoming ports except UDP 5060 and 1 - 6 blocked for all but two ips. The internal, LAN facing NIC will need all ports except voip/dns/http blocked to it, and need to provide masquerading. I have limited experience with iptables and would love some guidelines. Any pointers would be greatly appreciated! Hi JLC, There are 2 ways to implement firewall: negative list and positive list. Looks like you want a very strict one that is positive list. Assuming eth0 is WAN, and eth1 is LAN (assuming 192.168.0.0/24)(please mind the word wrap): #Clear all rules and policies first: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -t nat -F Since you believe that he wants a very strict firewall why are you setting the default policy's to ACCEPT? Security 101, strict firewall drops everything from the start. Then you open the access you require, not the other way around. #Give access for localhost: iptables -I INPUT -i lo -j ACCEPT iptables -I OUTPUT -o lo -j ACCEPT #To make life easier: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #Allowing needed ports: iptables -A INPUT -i eth0 -m multiport -p udp --dport 5060,1:6 -s ipthatyouwantallow -j ACCEPT iptables -A INPUT -i eth1 -m multiport -p udp --dport 53,80,5060,1:6 -j ACCEPT iptables -A OUTPUT -m multiport -p udp --dport 53 -j ACCEPT iptables -A FORWARD -m multiport -p udp --dport 53,5060,1:6 -s ipthatyouallow -j ACCEPT iptables -A FORWARD -m multiport -p tcp --dport 80 -j ACCEPT First question you need to ask yourself is there any hosting services on this box that will require a connection form the WAN side. If not then you should change your input statements to allow only the LAN. You do not require the INPUT statements for packets that pass through the box as the FORWARD will handle all traffic passing through. Second question is if you are using ESTABLISHED,RELATED why are you not using NEW in the above rules? Third question is have you enables connection tracking? If you are using ESTABLISHED,RELATED then the system needs a way to keep track of the connection. If you want a 100% secure firewall then you will not allow any INPUT. All modification would have to be done from the box using a keyboard. If this is not an option then you can allow access from a trusted IP only and setup other security options. #For masquerading: iptables -t nat -A POSTROUTING -o eth0 -d ! 192.168.0.0/24 -j MASQUERADE If the WAN port is connected directly to the Internet then you should MASQ all out going traffic and anything that is heading to 192.168.0.0/24 should be dropped. #For logging (troubleshooting): iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** INPUT DROP ** ' iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** FORWARD DROP ** ' iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** OUTPUT DROP ** ' Logging any packets that make it this far is a good idea. #Finally dropping all other traffic (positive list firewall): iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP This should be at the top for the firewall not the ACCEPT you have there now. #Don't forget to save it: service iptables save I might make some mistakes up there, so the logging is very important. You Just a few. :) For your reading enjoyment. http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] FireFox
Can anyone tell me if there are plans to update Firefox to the new 3.0 for Centos 4.5? Seems like only the 1.5 version has been placed in the repos and I think it should be time for an upgrade. If I'm looking in the wrong place let me know also. Thnx. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FireFox
On Tuesday 27 May 2008 19:31, Stephen John Smoogen wrote: On Tue, May 27, 2008 at 5:22 PM, Robert Spangler [EMAIL PROTECTED] wrote: Can anyone tell me if there are plans to update Firefox to the new 3.0 for Centos 4.5? Seems like only the 1.5 version has been placed in the repos and I think it should be time for an upgrade. If I'm looking in the wrong place let me know also. Thnx. It will depend upon if Red Hat will release a version for Red Hat Enterprise Linux. The best bet will be that they will not release it until RHEL-4.7 goes into beta testing. Can I use one out of the Fedora's repos? If so, which repo? -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FireFox
On Tuesday 27 May 2008 20:19, MHR wrote: On Tue, May 27, 2008 at 5:02 PM, Robert Spangler [EMAIL PROTECTED] wrote: Can I use one out of the Fedora's repos? If so, which repo? You can just pull down the latest version from mozilla.org - they're pretty good about compatibility. I'd try it out in a different install directory, though, just to be sure, but you can always uninstall it and re-load the release version if it doesn't work right for you. I downloaded the tar file from Mozilla and placed it under my home Dir. Seems to be working fine presently. After some more tests if there are no issues I'll replace 1.5 with 2.0. Thank for your help. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables starting while disabled
On Saturday 14 June 2008 09:49, Joseph L. Casale wrote: chkconfig iptables off That was how I disabled it originally yet it was being started by something else. jlc Did you install another firewall front end? Something like Firestarter? -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding iptables
On Thursday 10 July 2008 18:08, MHR wrote: In following up on the rsh problem I was having earlier, I decided to try out the suggestion Felipe sent about using system-config-securitylevel-tui to open up ports 513 and 514, but that doesn't seem to do the job, either. # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere [snip] I hate reading the firewall like this. Could you post /etc/sysconfig/iptables? -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding iptables
On Thursday 10 July 2008 22:49, Filipe Brandenburger wrote: Could you post /etc/sysconfig/iptables? /etc/sysconfig/iptables doesn't necessarily reflect what is running right now, and you can't include the counters with it. I'm not interested in the counters I want to see how the rules are applied. Are you telling me that the GUI tool he is using to write the rules doesn't write them to the iptables file when he exits the program? An acceptable compromise would be posting the output of the iptables-save -c command, which doesn't have the two issues above. However, I still think that anyone handling firewalls on Linux using iptables should be familiar with the output of iptables -nvL which IMO is quite useful itself. I handle firewall rules quit nice thank you. Since you are in the mood to tell me I should know how to read this output please tell me what this means: [snip] Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere [/snip] What are we accepting here? All packets? If this is the case then there is no need for the rest of the rules in this chain. Oh, by the way I prefer to use iptables -L -v -n | less -SCi I also prefer not to write any rules in the FORWARDing chain except the rules that JUMP to predefined chains LAN or WAN. Make it easier to read the rules and know what applies to what interface at a glance also making it easier to add rules or remove them in the order you want. Again this is all personal preference. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] # chkconfig: kill at run level 3
On Friday 03 December 2010 19:30, Michael D. Berger wrote: In the control script of my daemon in /etc/init.d?, I have # chkconfig: 35 97 3 The result of this is that I have links: /etc/rc.d/rc1.d/K03... /etc/rc.d/rc3.d/S97... /etc/rc.d/rc5.d/S97... As mentioned in a previous thread, my complex daemon throws an exception when I shutdown. Perhaps things might be better if I had: /etc/rc.d/rc3.d/K03... Might this be a good idea? If so, how can I make it happen automatically? Check /etc/rc.d/rc6.d and insure that you have K??yourscriptname in there. It looks like your script demon was setup to be run but was never properly setup to be shut down. When shutting down the system the system is switched to run level 6. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to recreate eth0 - Realtek 8169sc
On Sunday 09 January 2011 13:33, Rudi Ahlers wrote: Our intranet's WAN interface just stopped working yesterday, and I can't figure it out. Look in /etc/sysconfig/network-scripts. There you should see ifcfg-eth# If ifcfg-eth0 isn't there copy ifcfg-eth1 to ifccfg-eth0 and then configure ifcfg-eth0 to the information needed for your WAN link. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] input/output error while copy
On Friday 14 January 2011 04:01, Ritika Garg wrote: When I give the command cp file1 file2 then the error comes: cp: cannot create regular file `file2': Input/output error This occurs sometimes and it occurs when I am giving the command inside a external hard disk which is mounted by ntfs-3g manually. Why does this error come? I believe it is self explanatory. Looks like you don't have write permissions on the drive. Check your permissions. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5.6 is out
On Friday 14 January 2011 05:45, Mister IT Guru wrote: On 13/01/2011 21:45, Daniel Heitmann wrote: On 13.01.2011, at 22:34, Ray Van Dolson wrote: You should probably give RH a call with your questions, or try this mailing list: Or wait a few more weeks for CentOS 6, if it's a money-issue. I assumed that this would be the case! Made me realise how much faith I have in the CentOS volunteers. Every time I've heard of a RHEL release, I brace myself and think WooHoo - CentOS in three months! Is this how other CentOS users feel when they hear a RHEL announcement? NO! This is a volunteer effort. You cannot expect them to have the newest release out days after it is announced. There is work that needs to be done before they can release the OS as CentOS. They do what they can when they can. After all it s free so why complain? You could always learn how to help them get the newest release out there if time is such an important issue. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to disable screen locking system-wide?
On Thursday 20 January 2011 09:14, Ross Walker wrote: On Jan 19, 2011, at 2:44 PM, Bob Eastbrook baconeater...@gmail.com wrote: By default, CentOS v5 requires a user's password when the system wakes up from the screensaver. This can be disabled by each user, but how can I disable this system-wide? Many of my users forget to do this, which results in workstations being locked up. Let's try this again... KDE has a multi-user x login feature that allows another user to start a new session keeping the existing session active. And if that doesn't work you could always; Press CTRL+ALT+F2-6 Logon Start a new X session with 'statrx -- :1' -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting traffic using iptables
On Monday 31 January 2011 07:46, Jobst Schmalenbach wrote: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $PROXY:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to $PROXY:3128 browser tell me invalid request. From the man pages: DNAT --to-destination ipaddr[-ipaddr][:port-port] You could combined these two rules into one with Multiport. Check the MAN pages. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 13:36, Carlos S wrote: I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 Shouldn't that be '--to-ports'? http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET # iptables-save service iptables save That should save the rules. However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help? Same place, /etc/sysconfig/iptables. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 16:43, Carlos S wrote: Thanks for the help. You are welcome. Robert, you pointed out the mistakes correctly. Not sure why I used iptables-save command at first place... Most likely because in ever other distro and web page that is the way to do it. It's just RH that it is different. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts - hostname alias for 127.0.0.1
On Monday 07 March 2011 15:22, the following was written: Keith Keller wrote: On Mon, Mar 07, 2011 at 10:34:24AM -0600, Sean Carolan wrote: Can anyone point out reasons why it might be a bad idea to put this sort of line in your /etc/hosts file, eg, pointing the FQDN at the loopback address? 127.0.0.1hostname.domain.com hostname localhost localhost.localdomain You can do this if you want. The host file is only used by the machine it is on. As to bad Idea it would depend on what you are trying to do and if the process you are trying to reach locally is listening on that ip address. I have only the short name configured on 127.0.0.1 Would the application work with a hosts entry like this? If the process what configured to listen on that interface, yes. 127.0.0.1hostname.dummy localhost localhost.localdomain (Make sure you pick .dummy so as not to interfere with any other DNS.) Why do you need the '.dummy'? short name should work fine. In theory you could leave off .dummy, but then you risk hostname being completed with the search domain in resolv.conf, which creates the problems already mentioned with putting hostname.domain.com in /etc/hosts. (I have not tested this at all!) Resolv.conf is not used for the hosts file, it is used for DNS. I have my short name configured to the lo interface and the FQDN to the real ip address. If I ping the short name I get this: etc $ ping -c 3 bms PING bms (127.0.0.1) 56(84) bytes of data. 64 bytes from bms (127.0.0.1): icmp_seq=1 ttl=64 time=0.038 ms 64 bytes from bms (127.0.0.1): icmp_seq=2 ttl=64 time=0.038 ms 64 bytes from bms (127.0.0.1): icmp_seq=3 ttl=64 time=0.037 ms If I ping the FQDN I get this: etc $ ping -c 3 bms.domain.com PING bms.domain.com (x.x.x.x) 56(84) bytes of data. 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=2 ttl=64 time=0.038 ms 64 bytes from bms.domain.com (x.x.x.x): icmp_seq=3 ttl=64 time=0.093 ms And giving it 127.0.0.1 would tell it others to ignore it, I think. Where did your user come up with this idea - clearly, they have *no* clue what they're doing, and need at least a brown bag lunch about TCP/IP, and they should not be allowed to dictate this. Their idea is a bug, and needs to be fixed. How do you figure this? The hosts file is ONLY used locally. If someone is looking you up they are using DNS if they don't have you configured in their hosts file. Their idea might be flaws but it is not bugs. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts - hostname alias for 127.0.0.1
On Tuesday 08 March 2011 12:39, the following was written: And giving it 127.0.0.1 would tell it others to ignore it, I think. Where did your user come up with this idea - clearly, they have *no* clue what they're doing, and need at least a brown bag lunch about TCP/IP, and they should not be allowed to dictate this. Their idea is a bug, and needs to be fixed. snip You guys do know that the names in your host file only apply to YOU on that machine right? It does not matter if you connect to 127.0.0.1 or something else UNLESS you specifically listen on a specific IP address on that machine AND you need to connect to that address from the machine itself. snip Let me expand on the above: if anyone on *any* other machine is trying to connect to that, it won't work. If they try to point a browser to it, unless they've done ssh -X to the server, they'll talk to their *own* machine, and it won't be found. Let me try another way to explain this to you. If you try to get to the site xyz.com and you open your browser and type that in you are using what to get the ip address of that service? Correct, DNS, as you don't have xyz.com listed in your LOCAL host file. In DNS the site xyz.com resolves to 1.1.1.1 Now you ssh (ssh -x) into the xyz server. The server has the following in its Hosts file; 127.0.0.1 xyz.com You open a browser the xyz servers X session what is going to resolve for xyz.com? Correct, 127.0.0.1 and if the system is configured correctly to listen on that address you will connect. Now lets say that the host file has the following; 127.0.0.1 xyz You are still logged into the server with your x session going. Now in your browser you type xyz. What address do you get and why? If you type xyz.com into the same browser what address do you get and why? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/hosts not resolving hostnames
On Friday 08 April 2011 14:32, the following was written: On Fri, Apr 8, 2011 at 1:27 PM, m.r...@5-cent.us wrote: Johan Martinez wrote: I have modified /etc/hosts file with IP address and hostname entries. However, host command is returning 'Host vhost1.example.com not found: 3(NXDOMAIN)'. Also, apache is returning error on start as '[error] (EAI 2)Name or service not known: Could not resolve host name vhost1.example.com-- ignoring!' . The ssh worked fine and resolved the hostname correctly (ssh from same system to itself - just for test). Am I missing something here? I thought /etc/hosts will be referred for all lookups. Any help?? Does /etc/resolv.conf exist? If so, what does /etc/nsswitch.conf say - files first? mark resolv.conf exists and nsswitch.conf has a following line: hosts: files dns Check /etc/host.conf that is the file that tells the system in what order to do it's lookups. Should be as follows: order hosts,bind SELinux was in enforcing mode, but I didn't see any errors in audit.log. Still I have disabled it for now. SELinux shouldn't play a role here. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bind issue on centos 5
On Thu July 5 2007 06:29, Indunil Jayasooriya wrote: [EMAIL PROTECTED] master]# cat example77.com.zone $TTL86400 @ IN SOA gateway.example77.com. root.example77.com. ( 2006101604 ; Serial 1800 ; Refresh 300; Retry 36 ; Expire 86400 ); Minimum NS gateway.example77.com. MX 10 gateway.example77.com. MX 20 mail.example77.com. A 192.168.0.3 gateway A192.168.0.3 mailA 192.168.0.2 But, I still get the same error. pls see below. Jul 5 15:50:32 gateway named[3548]: master/example77.com.zone:11: example77.com\032: bad owner name (check-names) This error is telling you that the error is in line 11. The error as some have already told you is the space. Sorry I didn't get back to you sooner. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new CentOS 5 install, 'Network is unreachable'
On Fri August 3 2007 23:13, [EMAIL PROTECTED] wrote: I've a new CentOS 5 minimalist install; this will be the name server from my prior thread. I have configured eth0 during setup with the static IP the unit will have when in production. During this setup phase, selinux is set to permissive. Setting up on a different network, I did this: dhclient eth0 and successfully got a private address; I also validated that the resolv.conf file was created by the dhclient-script and it was, accurately pointing to my gateway and listing a domain name server by IP. That's where the fun stops. Even pinging an IP, so as not to rely on name resolution, I get the dreaded 'Network is unreachable' error. OK if everything is setup correctly then I would first look to see if the firewall, on that system, is blocking then check the routing to ensure it is properly setup. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repost: SELinux questions, upon restarting BIND
On Fri August 17 2007 09:16, Ray Leventhal wrote: As this remains an issue for me, I'm reposting. Please forgive the redundancy, but I've been unable to find the answer and am hoping for some guidance. OK, are you running named in a chroot env? = Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing /usr/sbin/named (named_t) getattr access to /dev/random (tmpfs_t). For complete SELinux messages. run sealert -l 1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a = Have you done the above to get the complete message? -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos5 iptables expert needed
On Tue August 28 2007 12:27, Dave wrote: Hello, I'm setting up a centos5 router for a friend. It will direct traffic to an internal webserver, already in place, as well as run squid proxy. It should do nat and have a firewall with iptables. I've set up routers before for this purpose but always of the bsd type and using their firewalls. I understand the concepts, nat, packet filtering, etc. but i'm not getting iptales at all. If anyone is an expert on this i'd appreciate hearing from you. I have what are probably basic questions, i've read the docs, but i am lost. What does this network look like? How many NIC's in the router machine? I'm running a router/firewall here at home with 3 networks connected and I find the way I do things a lot better then any software setup out there. IPTABLES is simple. It works in a top to bottom flow. First rule it matches is executed. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What is eating my memory?
On Thu August 30 2007 00:08, William Warren wrote: easier waylog in as root and type the word free to get a much slimmer version of that information. If the numbers look odd(after posting them here) then the more expansive option below is needed. You don't need to log in as root to get this information. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] named rndc
On Fri September 21 2007 18:50, Craig White wrote:
[EMAIL PROTECTED] etc]# kill 26598
[EMAIL PROTECTED] etc]# service named restart
Stopping named:[FAILED]
Starting named:[ OK ]
After you have killed named start it with 'start' not 'restart'.
if I try...
# service named status
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key
# grep rndc named.conf
inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY;
rndc.key; };
include /etc/rndc.key;
This doesn't look right. My control section in named.conf is :
controls {
inet 127.0.0.1 allow { any; }
keys { rndc-key; };
No need for 'include '. Your rndc.conf should also be located in your
chroot /etc dir.
Take notice to what is in between {} in the keys statement. This has to match
what is in your rndc.conf file.
server localhost {
key rndc-key;
};
--
Regards
Robert
Smile... it increases your face value!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] is there an smp kernel?
On Mon October 15 2007 13:13, Jim Perrin wrote: On 10/15/07, Akemi Yagi [EMAIL PROTECTED] wrote: Well ... that SMP appears in uname -a even on a single-cpu system. Oops :-P I've only got multi-cpu systems these days and didn't test it out in a vm. Glad to see you're keeping me honest! Could it be that they are only shipping the SMP kernel? I should still work on systems with one cpu. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best laptop for CentOS
On Sat November 10 2007 09:34, Paul wrote: Unfortunately, at least here in France there's no ing way to have a laptop without Microsoft Windows installed. I'm 100% GNU/Linux since 2001 or so, but I must have paid for five or six licenses since. I thought that I read that someplace over in Europe that MS was forced to give credit for un-used windows licenses. Part of the Europeand Anti-trust action IIRC. I was just thinking the same thing. I also thought Windows has a sort of buy back program in their licenses? Were if you didn't use it you could return it for a refund. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Firfox plugins but no sound
Hello everyone, I run a 64bit system here and install flash plugins for firefox using nspluginwrapper. I get the movies but there is no sound. Flashplayer is: flash-plugin-9.0.48.0-release.i386.rpm nspluginwrappers are: nspluginwrapper-0.9.91.5-1.x86_64.rpm nspluginwrapper-i386-0.9.91.5-1.x86_64.rpm Any help in tracking this down would be great. Thnx. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firfox plugins but no sound
On Mon November 12 2007 12:28, Shibu C Varughese wrote: Robert Spangler wrote: Hello everyone, I run a 64bit system here and install flash plugins for firefox using nspluginwrapper. I get the movies but there is no sound. Just check if the user is added to the audio group, try to check this as root user..hope other multimedia apps don't have the sound problem. Everything else works without issues. Just the flashplayer doesn't have sound. :( -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firfox plugins but no sound
On Mon November 12 2007 13:30, Ross S. W. Walker wrote: Robert Spangler wrote: Hello everyone, I run a 64bit system here and install flash plugins for firefox using nspluginwrapper. I get the movies but there is no sound. Make sure the 32-bit alsa-lib is installed. alsa-lib.i3861.0.6-5.RHEL4 installed -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firfox plugins but no sound
On Mon November 12 2007 15:54, James Pearson wrote: On 12/11/2007, Robert Spangler [EMAIL PROTECTED] wrote: On Mon November 12 2007 13:30, Ross S. W. Walker wrote: Robert Spangler wrote: Hello everyone, I run a 64bit system here and install flash plugins for firefox using nspluginwrapper. I get the movies but there is no sound. Make sure the 32-bit alsa-lib is installed. alsa-lib.i3861.0.6-5.RHEL4 installed Can you playback sound using other 32 bit apps? e.g. using the 32 bit version of aplay? I have aplay but don't know if it's 32bit or not. What type of sound card do you have? class: AUDIO bus: PCI detached: 0 driver: snd-via82xx desc: VIA Technologies, Inc. VT8233/A/8235/8237 AC97 Audio Controller vendorId: 1106 deviceId: 3059 subVendorId: 1043 subDeviceId: 812a pciType: 1 pcidom:0 pcibus: 0 pcidev: 11 pcifn: 5 James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Scripting with sudo password
On Wed November 14 2007 14:41, James A. Peltier wrote: Completely off topic, but I'm sure someone out there is using scripts that require a sudo password of some sort, so I'll ask. What are people doing to automate tasks that required sudo passwords in order to run? sudo without a password is not an option for me, but I would like to be able to enter the password once have it saved and then read back when sudo is required. Question for you then, why is sudo without a password not an option? Check the man pages of sudoers. It is possible to setup a sudo user that is only allowed to run a set of command. This in effect only allows the user to run that one program (or as many as you setup) as sudo and no other. This has to be better then reading a password file that is lying around on a disk somewhere. Any examples? Plenty in the man pages. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firfox plugins but no sound
On Thu November 15 2007 06:04, James Pearson wrote: If you have a 64 bit distro installed, then aplay will be 64 bit - running: file `which aplay` Nope, but rpm -qa | grep alsa-util told me that I have the 64bit installed, which by the way does work fine. should confirm this. To run the 32 bit version you will need to download the 32 bit (i386) alsa-utils RPM - but don't install it. Extract the 32 bit aplay binary by doing something like: cd /tmp rpm2cpio alsa-utils-1.0.6-6.i386.rpm | cpio -idmv ./usr/bin/aplay Roger, downloaded and extracted file. However, as you are running CentOS4, you will need to make sure the snd_ioctl32 kernel module is loaded - it isn't by default i.e. modprobe snd_ioctl32 Also completed. Then test with the 32 bit aplay: alsaunmute 0 /tmp/usr/bin/aplay /usr/share/system-config-soundcard/sound-sample.wav No joy. it give the following output: ALSA lib pcm_hw.c:549:(snd_pcm_hw_start) SNDRV_PCM_IOCTL_START failed: Broken pipe and just sit there until I hit CTL-C Same as mine ... however, I had lots of issues with 32 bit apps and sound on 64 bit CentOS4 (not necessarily this sound card) - in the end I 'upgraded' to the ALSA 1.0.15 kernel drivers, libs and utils - which works much better Might have to walk down this same path Thnx for all your help and time. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firfox plugins but no sound
On Fri November 16 2007 06:06, James Pearson wrote: Might have to walk down this same path Thnx for all your help and time. The 32 bit kernel support for playback on 64 bit machines for older 2.6 kernels (including the RHEL4/CentOS4 kernel) didn't work properly until ALSA 1.0.15. RHEL4/CentOS4 is based on ALSA 1.0.6 As I said above, I've already been down this route - see: Thnx again. I'm not a big fan of installing software that can't be installed via yum. If it becomes too big of a problem then I'mm walk this path. Thnx again fro all your help. -- Regards Robert Smile... it increases your face value! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Trying to understand SELinux MSG
Hello,
I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be labeled file_t. If you have just added a new disk drive to the system you
can relabel it using the restorecon command. Otherwise you should relabel the
entire files system.
Allowing Access:
You can execute the following command as root to relabel your computer
system: touch /.autorelabel; reboot
Additional Information:
Source Context: user_u:system_r:pam_console_t
Target Context: system_u:object_r:file_t
Target Objects: / [ dir ]
Source: pam_console_appSource
Path: /sbin/pam_console_apply
Port: Unknown
Host: host1.mycompany.com
Source RPM Packages:pam-0.99.6.2-6.el5_5.2
Target RPM Packages:filesystem-2.4.0-3.el5.centos
Policy RPM: selinux-policy-2.4.6-316.el5
Selinux Enabled:True
Policy Type:targeted
MLS Enabled:True
Enforcing Mode: Enforcing
Plugin Name:file
Host Name: host1.mycompany.com
Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP
Fri Jul 15
07:31:24 EDT 2011 x86_64 x86_64
Alert Count:77
First Seen: Thu 08 Sep 2011 02:04:40 PM EDT
Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT
Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c
Line Numbers:
Raw Audit Messages :
host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied
{ read } for pid=690 comm=pam_console_app name=/ dev=md4 ino=2
scontext=user_u:system_r:pam_console_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
arch=c03e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=pam_console_app
exe=/sbin/pam_console_apply subj=user_u:system_r:pam_console_t:s0
key=(null)
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to understand SELinux MSG
On Thursday 08 September 2011 16:58, the following was written: I'm not a pro or anything, but this bug report gives a bit more info. Have you made any changes to the disk lately? https://bugzilla.redhat.com/show_bug.cgi?id=485921 find / -context *:file_t:* The above command will show you what file is causing the messages. Thank you for your response. I do not make changes to the disk other then software update and saving files. I run your command above and its output is as follows: ~ $ sudo find / -context *:file_t:* getfilecon(/proc/29073/task/29073/fd/4): No such file or directory getfilecon(/proc/29073/task/29073/fdinfo/4): No such file or directory getfilecon(/proc/29073/fd/4): No such file or directory getfilecon(/proc/29073/fdinfo/4): No such file or directory So it doesn't look like any files are labeled incorrectly. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to understand SELinux MSG
On Friday 09 September 2011 10:21, the following was written: That's the total output? Yep. Nothing more. I ran it again and here is the new output: [Fri Sep 09 10:40:20] [rjs@bms] /home/rjs ~ $ sudo find / -context *:file_t:* getfilecon(/proc/7408/task/7408/fd/4): No such file or directory getfilecon(/proc/7408/task/7408/fdinfo/4): No such file or directory getfilecon(/proc/7408/fd/4): No such file or directory getfilecon(/proc/7408/fdinfo/4): No such file or directory [Fri Sep 09 10:40:44] [rjs@bms] /home/rjs -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6: ethernet ifconfig up failure
On Sunday 11 September 2011 14:57, the following was written: So why is ifconfig eth0 up not connecting? Have you tried 'ifup eth0'? -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth enumeration order
On Monday 19 September 2011 11:04, the following was written: So How do you specifiy the order in which NICs are enumerated? or at least how to tell centos to stop messing with the 70-persistent-net.rules? Add the hardware addresses to their ifcfg-eth# files. HWADDR=xx:xx:xx:xx:xx:xx -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eth enumeration order
On Tuesday 20 September 2011 04:10, the following was written: On 19.09.2011 23:48, Robert Spangler wrote: On Monday 19 September 2011 11:04, the following was written: So How do you specifiy the order in which NICs are enumerated? or at least how to tell centos to stop messing with the 70-persistent-net.rules? Add the hardware addresses to their ifcfg-eth# files. HWADDR=xx:xx:xx:xx:xx:xx That's it?! What about udev? Do not know. Never had to touch udev rules for my network. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation of 6.0
On Tuesday 20 September 2011 17:39, the following was written: On Tuesday, September 20, 2011 04:44:35 PM Robert Nichols wrote: On 09/20/2011 02:49 PM, Craig White wrote: Guessing that you didn't look/watch the console on first boot but rather used ssh to connect from another station. If you haven't rebooted the system since the first boot, hook up a monitor/keyboard/mouse and see. Operation of the firstboot script depends on having a GUI installed. It doesn't get executed if you installed just the base system. Actually, this isn't correct. On my RHEL 6.1 system, on firstboot with a non-GUI console a curses-based (or a reasonable facsimile of a curses-based) text-mode configurator came up, and allowed me to configure networking and a number of other items. Do an install without GUI (not necessarily a minimal install, but a server install) and see what comes up on first boot. Like I said, that's what my RHEL 6.1 box did on first boot. I guess it would all depend on what ISO you are using then because I built a new system this weekend using 'CentOS-6.0-x86_64-minimal.iso' and upon reboot I never get anything for first boot. I had to edit my configuration files by hand to get the system online. NetworkManager is a POS and should be dropped. Of course this is my opinion and I stand by it. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BIND and a second server resolving itself
On Friday 07 October 2011 06:25, the following was written:
In the named.conf, located on main.example.com, I am adding my entire 16
IP block of addresses along with my localhost
options {
allow-recursion { localhost; xxx.xxx.xxx.xxx /29;};
allow-query { localhost; xxx.xxx.xxx.xxx/29; };
};
Maybe I am missing something here but if you are only allowing your entire 16
block to query/resolve on your DNS server why are you even running a DNS
server? Sounds like an over kill to me. Why not just setup the resolv.conf
file to use your Datacenter, Google or some other open DNS server to resolve
for YUM?
--
Regards
Robert
Linux
The adventure of a lifetime.
Linux User #296285
Get Counted
http://linuxcounter.net/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Emergency help needed on host network randomly stop working.
On Wednesday 12 October 2011 03:43, the following was written: Hi, This is a Centos 5.5 host with one xen guest. About 2 weeks ago, the host randomly lost network connection. By this I mean I could not connect to the services on it, or ping it. Also was the status of the guest. From serial console, I connected to the host, trying to see what happened. No clue (any error messages) in messages or dmesg. ifdown/ifup the interface did not help, either. Only rebooting was my only choice. Searching through Google, I got the information that some other guys met similar problem, and resolved by setting stp on with the bridge interface. I set it, too. And the problem still occurs. Any idea what I should check now? I am no expert but it sounds like you might be in the early stages of hardware failure. Next time this system stop responding check the following: 1. System interface state 2. Connected switch interface If the switch shows down but the system shows up I wold start by replacing the NIC on the system. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Friday 03 February 2012 08:07, the following was written: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Create your Bridge interface as you have found on the web. Remember you do not have to label it as br0, you can label it any number you want. After that is complete you just have to edit ifcfg-eth2 and ifcfg-eth3 to switch them to be part of the bridge with the following: snip DEVICE=eth# ONBOOT=yes BRIDGE=br# /snip If your configs have a 'HARDWARE=' leave that in there. the above should be all you need. Remember to replace the '#' with the correct information. Here is my config file for the interface connect to the bridge: snip # Realtek Semiconductor Co., Ltd. RTL-8110SC/8169SC Gigabit Ethernet DEVICE=eth0 #BOOTPROTO=static #BROADCAST=192.168.1.255 HWADDR=48:5B:39:2A:07:D5 #IPADDR=192.168.1.100 #NETMASK=255.255.255.0 #NETWORK=192.168.1.0 ONBOOT=yes BRIDGE=br0 /snip I would suggest that you only comment out the other lines by placing a '#' in the front that way you can back out easy if there are any problem as I have above. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Friday 03 February 2012 09:10, the following was written: On 02/03/2012 08:07 AM, Mihamina Rakotomandimby wrote: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Thank you. All packets appear on both interfaces, unless you use ebtables/iptables to restrict them. Really? Only hubs present packets to all interfaces. Linux work as a router not a hub. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] configure network bridge listing bridged intefaces
On Saturday 04 February 2012 19:18, the following was written: On 02/03/2012 11:56 PM, Robert Spangler wrote: On Friday 03 February 2012 09:10, the following was written: On 02/03/2012 08:07 AM, Mihamina Rakotomandimby wrote: Hi all, Having a 4 NIC server, I want to bridge eth2 and eth3, with a bridge named br0. Searching the web I only found about creating a file /etc/sysconfig/network-scripts/ifcfg-br0, but did not find where to explicitely list what ports will be bridged. Where is it configured? Thank you. All packets appear on both interfaces, unless you use ebtables/iptables to restrict them. Really? Only hubs present packets to all interfaces. Linux work as a router not a hub. A network bridge connects multiple network segments at the data link layer (Layer 2) of the OSI model. In Ethernet networks, the term bridge formally means a device that behaves according to the IEEE 802.1D standard. A bridge and a switch are very much alike; a switch being a bridge with numerous ports. Switch or Layer 2 switch is often used interchangeably with bridge. The OP was asking for help on configuring bridging. You reply made it sound like it wasn't necessary as All packets appear on both interfaces. That statement is false unless it has been configured that way. Which at that point in time we can assume that the OP hasn't configured it, thus the question. Nice textbook definition btw. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat PREROUTING chain
On Tuesday 14 February 2012 15:21, the following was written: Is there a way to add a rule to the nat table (CentOS 5.7) that would alter the port number of tcp packets destined for the server itself? I have ip_forwarding enabled, but the packets don't seem to hit the prerouting chain. I have the following redirect rule in the prerouting table. I also tried DNAT, but if the packets don't hit PREROUTING, it won't work either. iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 16079 packets, 896K bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 10.10.10.0/24 0.0.0.0/0 tcp dpt:25 redir ports 12345 aspen 2# cat /proc/sys/net/ipv4/ip_forward 1 Where are you applying this rule? On a firewall or on the SMTP server itself? If the firewall then you need to use DNAT Example: iptables -t nat -A PREROUTING -p tcp --dport Port -j DNAT --to-destination Server IP:Port If you only want this to happen on the inside of the firewall then you are also going to have to include the interface you want this rule to apply to. If it is on the SMTP server itself then you don't need forward to be turned on and you need to use REDIRECT Example: iptables -t nat -A PREROUTING -p tcp --dport Port -j REDIRECT --to-ports Port Also make sure no other rule is filtering the packets before this rule because if the packets are altered then this rule will never be used. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 software raid 10 with LVM - Need help with degraded drive and only one MBR
On Saturday 03 March 2012 00:35, the following was written: I escalated to the DC manager and this is what he replied: I'm sorry your having a hard time with software raid on your server and our install process. From what I remember talking with out techs long ago about this is, that when using raid10 and software raid, the bootloader cannot be installed on the software raid partition and has to be on a single drive. I am not 100% sure on this, and will confirm with my tech later tonight and to see what can be done to correct your issue. Do not let them tell you that you cannot boot from a software raid. I do it here all the time. The /boot has to be on a raid1 setup to boot. Everything else can be on a whatever raid you choose. Bottom line is if they caused you downtime then you should be compensated for it. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Running processes
Hello, I was wondering if anyone could tell me why so many processes are started on my system? Here is a list of them. I am trying to figure out why they are running and if I can stop them. Thnx. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root2 0.0 0.0 0 0 ? S 19:33 0:00 [migration/0] root3 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/0] root4 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/0] root5 0.0 0.0 0 0 ? S 19:33 0:00 [migration/1] root6 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/1] root7 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/1] root8 0.0 0.0 0 0 ? S 19:33 0:00 [migration/2] root9 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/2] root 10 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/2] root 11 0.0 0.0 0 0 ? S 19:33 0:00 [migration/3] root 12 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/3] root 13 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/3] root 14 0.0 0.0 0 0 ? S 19:33 0:00 [migration/4] root 15 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/4] root 16 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/4] root 17 0.0 0.0 0 0 ? S 19:33 0:00 [migration/5] root 18 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/5] root 19 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/5] root 20 0.0 0.0 0 0 ? S 19:33 0:00 [migration/6] root 21 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/6] root 22 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/6] root 23 0.0 0.0 0 0 ? S 19:33 0:00 [migration/7] root 24 0.0 0.0 0 0 ? SN 19:33 0:00 [ksoftirqd/7] root 25 0.0 0.0 0 0 ? S 19:33 0:00 [watchdog/7] root 26 0.0 0.0 0 0 ? S 19:33 0:00 [events/0] root 27 0.0 0.0 0 0 ? S 19:33 0:00 [events/1] root 28 0.0 0.0 0 0 ? S 19:33 0:00 [events/2] root 29 0.0 0.0 0 0 ? S 19:33 0:00 [events/3] root 30 0.0 0.0 0 0 ? S 19:33 0:00 [events/4] root 31 0.0 0.0 0 0 ? S 19:33 0:00 [events/5] root 32 0.0 0.0 0 0 ? S 19:33 0:00 [events/6] root 33 0.0 0.0 0 0 ? S 19:33 0:00 [events/7] root 34 0.0 0.0 0 0 ? S 19:33 0:00 [khelper] root 107 0.0 0.0 0 0 ? S 19:33 0:00 [kthread] root 118 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/0] root 119 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/1] root 120 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/2] root 121 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/3] root 122 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/4] root 123 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/5] root 124 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/6] root 125 0.0 0.0 0 0 ? S 19:33 0:00 [kblockd/7] root 126 0.0 0.0 0 0 ? S 19:33 0:00 [kacpid] root 291 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/0] root 292 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/1] root 293 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/2] root 294 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/3] root 295 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/4] root 296 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/5] root 297 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/6] root 298 0.0 0.0 0 0 ? S 19:33 0:00 [cqueue/7] root 301 0.0 0.0 0 0 ? S 19:33 0:00 [khubd] root 303 0.0 0.0 0 0 ? S 19:33 0:00 [kseriod] root 387 0.0 0.0 0 0 ? S19:33 0:00 [khungtaskd] root 388 0.0 0.0 0 0 ? S19:33 0:00 [pdflush] root 389 0.0 0.0 0 0 ? S19:33 0:00 [pdflush] root 390 0.0 0.0 0 0 ? S 19:33 0:00 [kswapd0] root 391 0.0 0.0 0 0 ? S 19:33 0:00 [aio/0] root 392 0.0 0.0 0 0 ? S 19:33 0:00 [aio/1] root 393 0.0 0.0 0 0 ? S 19:33 0:00 [aio/2] root 394 0.0 0.0 0 0 ? S 19:33 0:00 [aio/3] root 395 0.0 0.0 0 0 ? S 19:33 0:00 [aio/4] root 396 0.0 0.0 0 0 ? S 19:33 0:00 [aio/5] root 397 0.0 0.0 0 0 ? S 19:33 0:00 [aio/6] root 398 0.0 0.0 0 0 ? S 19:33 0:00 [aio/7] root 548 0.0 0.0 0 0 ? S 19:33 0:00 [kpsmoused] root 636 0.0 0.0 0 0 ? S 19:33 0:00 [ata/0] root 637 0.0 0.0 0 0 ? S 19:33 0:00 [ata/1] root 638 0.0 0.0 0 0 ? S 19:33 0:00 [ata/2] root 639 0.0 0.0 0 0 ? S 19:33 0:00 [ata/3] root 640 0.0 0.0 0 0 ? S 19:33 0:00 [ata/4] root 641 0.0 0.0 0 0 ? S 19:33 0:00 [ata/5] root 642 0.0 0.0 0 0 ? S 19:33 0:00 [ata/6] root 643 0.0 0.0 0 0 ? S 19:33 0:00 [ata/7] root 644 0.0 0.0 0 0 ? S 19:33 0:00 [ata_aux] root 654 0.0 0.0 0 0 ? S 19:33 0:00
Re: [CentOS] Running processes
On Thursday 08 March 2012 20:44, the following was written: From the looks of things, you have 8 CPUs (or cores), and these standard processes are being started on a 1 per core basis. I have a quad-core proc, and have 4 of each of those processes (0-3). That is what I was thinking but wasn't sure. Thnx. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] File permissions
Hello, I need to know if there is something I am missing about file permission as I believe I am seeing some strange stuff on my system. I have a directory as follows: drwxrwxrwx 7 root root 4096 Mar 10 13:35 temp In this directory I have a file: -rw-r--r-- 1 root root 137 Oct 30 02:16 208-109-248-33test As a normal user should I be able to rename this file? I believe that only root should be able to modify this file but as a normal user I am able to rename it without elevated privileges as so: temp $ mv 208-109-248-33test 208-109-248-33-mv [Sat Mar 10 13:41:05] /temp temp $ lt 208* -rw-r--r-- 1 root root 137 Oct 30 02:16 208-109-248-33-mv How is this possible? If it is possible what am I missing or not understanding? Thnx. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] File permissions
On Saturday 10 March 2012 13:45, the following was written: Thnx everyone. I was under the impression that even though you had access to the directory you still could not touch a file that you were not part of the owner or group unless the bits were set. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Wednesday 27 August 2008 19:27, Joseph L. Casale wrote: http://iptables.rlworkman.net/chunkyhtml/index.html Nice doc, any ideas on how to print it (or many chapters easily) so I can haul with me on my plane ride this weekend? Nope, but I'm open to suggestions. :) -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem with slave dns servers
On Thursday 28 August 2008 05:50, Mark Quitoriano wrote: hmmm... yeah i think is et everything to 300 which is not good. What is the recommended TTL settings? some sites recommend 4 days some 1 hour. On Thu, Aug 28, 2008 at 3:17 PM, Michel van Deventer [EMAIL PROTECTED] wrote: Hi, what is the TTL of your DNS records ? After TTL expires, the slaves don't respond to queries either, because the records aren't valid anymore. If your primary is down longer than the TTL of your DNS records you could reconfigure one of the slaves as a new primary or maybe consider making more than 1 primary. On Thu, 2008-08-28 at 09:01 +0200, Romeo Ninov wrote: Have you describe all the slave servers in you domain configuration (in registrant)? Mark Quitoriano wrote / napísal(a): Hi, I have 4 bind9 dns installed on centos 4. My primary dns server went down and all of my domains doesn't resolve even if the 3 slave dns is up and running. Im not sure where to configure this is it in my domain registration or in bind? It is not your TTL values that is the problem it is the EXPIRE value. TTL is used for the caching of the information and tells the cache when to remove the information. EXPIRE is the value that tell the slave how long the information it the zone file is good for when the master cannot be reached. Leave your TTL at 300 (5 min) and change the EXPIRE value to something like a week or more. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables masq traffic limiting
On Friday 29 August 2008 17:26, Joseph L. Casale wrote: Where is the correct place to control what traffic is masq'ed out? This is what I have, but I was told the Forward chain isn't the right place to do this? iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport --dports 80,443 -j ACCEPT So which table is the theoretically correct place to add all the ports/services I would want masq'ed out for internal clients? Postrouting is the correct one. After everything is routed it is MASQ before leaving the interface. -- Regards Robert Smile... it increases your face value! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables masq traffic limiting
On Friday 29 August 2008 17:52, Joseph L. Casale wrote: Postrouting is the correct one. After everything is routed it is MASQ before leaving the interface. That makes sense, but I am stuck at making the transition, should I simply pull the port specifications from my third line in the FORWARD chain to the first line in the POSTROUTING chain? iptables -A POSTROUTING -t nat -o $WAN -p tcp -m multiport --dports 80,443 -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Does that look groovy? If your WAN interface is using a public IP and your LAN is using a private IP range then you need to MASQ everything leaving your LAN like this; iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE No port or packet types are needed as everything needs to be MASQed. There is nothing you need to do to make the transition as all packets go though the Postrouting/Prerouting tables. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables masq traffic limiting
On Friday 29 August 2008 18:38, Joseph L. Casale wrote: No port or packet types are needed as everything needs to be MASQed. Sorry, I wasn't clear. I only want ports 80/443 translated for internal clients so I do need a rule of some sorts. We should be talking live. Why don't your join the #centos-social on freenode so we can chat real time? -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables masq traffic limiting
On Sunday 31 August 2008 22:31, Joseph L. Casale wrote: We should be talking live. Why don't your join the #centos-social on freenode so we can chat real time? Robert, Just got back from my trip and reading that Tutorial, it went on to state what I now find to be two distinct opposite thoughts. Its says at http://iptables-tutorial.frozentux.net/chunkyhtml/c962.html that you shouldn't filter in the NAT Postrouting chain as some streams of packets only have their first packet hit the chain and everything else is redirected hence the possibility exists that some packets can miss the rule. It seems the Filter Forward chain is the safest place to limit what gets masq'ed so internal clients could only have say port 80/443 but no ftp access as an example. That is correct. The only thing that should hit the NAT chain is what you have already decided should be allowed out. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with an odd issue I am experiencing
On Tuesday 09 September 2008 17:00, Scott Silva wrote: Either way, ethtool should show you detected and current link states on the connection ; That is not always the case. I cannot get ethtool to work. ~ $ /sbin/ethtool eth0 Settings for eth0: No data available And yes I have eth0 up and running. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with an odd issue I am experiencing
On Tuesday 09 September 2008 18:18, John R Pierce wrote:
Either way, ethtool should show you detected and current link states
on the connection ;
That is not always the case. I cannot get ethtool to work.
~ $ /sbin/ethtool eth0
Settings for eth0:
No data available
And yes I have eth0 up and running.
were you logged on as root? ('$' tends to imply you were not)...
sudo'er. Never log into root unless it really really have to.
$ /usr/sbin/ethtool eth0
Settings for eth0:
Cannot get device settings: Operation not permitted
Cannot get wake-on-lan settings: Operation not permitted
Cannot get message level: Operation not permitted
Cannot get link status: Operation not permitted
No data available
Compare what you got to what I posted.
You will see that you got 'Operation not permitted'
Where I got 'No data available'
--
Regards
Robert
It is not just an adventure.
It is my job!!
Linux User #296285
http://counter.li.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with an odd issue I am experiencing
On Tuesday 09 September 2008 18:20, Les Mikesell wrote: That is not always the case. I cannot get ethtool to work. ~ $ /sbin/ethtool eth0 Settings for eth0: No data available And yes I have eth0 up and running. Does mii-tool work? Nope. Don't understand why. Maybe a support issue. Never really looked into it. ~ $ /sbin/mii-tool eth0 SIOCGMIIPHY on 'eth0' failed: Bad address ~ $ /sbin/ifconfig eth0 Link encap:Ethernet HWaddr * inet addr:* Bcast:* Mask:255.255.255.0 inet6 addr: fe80::211:d8ff:fe95:657d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2647570 errors:0 dropped:0 overruns:0 frame:0 TX packets:2665320 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1542512190 (1.4 GiB) TX bytes:312597978 (298.1 MiB) Interrupt:185 Memory:fac0-0 -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with an odd issue I am experiencing
On Tuesday 09 September 2008 18:53, nate wrote: Robert Spangler wrote: And yes I have eth0 up and running. What network driver? On-board port: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13) Driver: sk98lin -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DNS Logging with Selinux enabled
On Friday 12 September 2008 14:56, Robert Nichols wrote: Josh Donovan wrote: Robert Nichols wrote: When I asked about a similar problem a while back, the SELinux folks told me that bind-chroot was not supported under SELinux because SELinux already provides better protection. That is wrong. Every release of Fedora comes out and people ask how to configure bind to work in a chroot with selinux enabled. As Fedora is a testbed for upstream, we should have these things ironed out. Possibly having a separate SELinux/Docs mailing list means they may not be aware of what is going on in the mainstream. Some of the old Fedora Docs are informative. Even a work in progress like http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Servers/DN SBIND/BINDChroot shows bind-chroot can work with SELinux Can work, yes. Does upstream care that it doesn't install and work cleanly, no. That's the word I got from upstream (fedora-selinux-list). bind-chroot works fine. The question is not if it work but if you are configuring it to work in that environment. With SELinux running and bind in a chroot environment it is allowed to write to slave/ and data/ (this is going from memory haven't had to setup bind-chroot in some time) As long as you setup your logging to data/ it will log everything and not complain. Only when you setup a custom server do you have issues. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Need help with an odd issue I am experiencing
On Friday 19 September 2008 23:38, David Petruzzella wrote: Robert Spangler wrote: On Tuesday 09 September 2008 18:53, nate wrote: Robert Spangler wrote: And yes I have eth0 up and running. What network driver? On-board port: Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13) Driver: sk98lin Downloading the latest driver from Marvell and compiling it did the trick. It turns out that it was a driver issue. Nice, can you give me a link to the file and what file you downloaded please? Thnx. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT - Monitoring tool
Hello everyone, While I know this isn't Centos related, you guys seems to be on top of your game around here. Sorry for the off-topic. I'm looking for a tool to monitor my servers and send either an email or page or both when something breaks. I would like it to monitor all sorts of services on the servers with one small detail, I'd like it to be able to confiugre so if the DBA need something monitor that is hosted on a shared system that they can only change what they are responsible for and not something else that is being monitored on that system. Is there such a program out there? -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Monitoring tool
On Tuesday 30 September 2008 05:32, Jim Wildman wrote: On Tue, 30 Sep 2008, Marcelo M. Garcia wrote: I have been using Nagios for monitoring the network and a few servers. It works fine. It's not the easiest thing to get it working properly. Regards M. Have not tried it, but I snipped this for future use. FAN Fully Automated Nagios (based on CentOS) http://sourceforge.net/projects/fannagioscd This looks interesting. Will have to read up on it some. Just wondering if I can configure it to allow many people to setup monitoring different way on the same device? Thnx for the link. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Monitoring tool
On Tuesday 30 September 2008 01:15, Rudi Ahlers wrote: Have you looked at Nagios or Groundwork? There are some howto's on http://www.howtoforge.net Was not aware of this site. Big Thnx! -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Monitoring tool
On Tuesday 30 September 2008 16:25, John R Pierce wrote: Robert Spangler wrote: This looks interesting. Will have to read up on it some. Just wondering if I can configure it to allow many people to setup monitoring different way on the same device? nagios monitors are configured by a script file on each monitored target system that script file could (in theory at least) include a bunch of other script files, each owned by a different user such that only that user could edit it would not this satisfy your management requirements? This might. Thnx. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for good web based DNS script to check nameservers
On Friday 10 October 2008 09:54, Rudi Ahlers wrote: Hi all, I'm looking for a good web based script / website that can do a full ananlysis on DNS namservers. Can someone please recommend something good to use? Try this one; http://www.checkdns.net/quickcheckdomainf.aspx And if possible, if it could show any errors, or even make suggestions (like TTL is too high, or you don't have an MX, please ad one, etc) TTL's are your choice. Who better then yourself can say if a TTL is to high or to low? Not every domain has a MX record if they don't have mail so again this is up to you. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables local forwarding
On Thursday 23 October 2008 09:53, Chan Chung Hang Christopher wrote: Try adding it manually to the iptables config. # vim /etc/sysconfig/iptables And then restart iptables. Not recommended. Do 'service iptables save' as Filipe posted. You will need to explain why this is 'Not recommended'. I do this all the time without issues. In fact this is how I build my tables. No GUI or save options. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables-save: INPUT DROP [26:8260]
On Tuesday 02 December 2008 17:58, Alexander Farber wrote: why does iptables-save print 2 numbers in square brackets? Is it used for anything? Is it number of inspected packets (and what's the other number then)? It is packetand byte counters. And what does *filter mean? Not sure -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables questionson CentOS
On Thursday 04 December 2008 04:21, Indunil Jayasooriya wrote: Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address 192.168.101.230 is the client PC iptables -t nat -A POSTROUTING -o eth0 -s 192.168.101.230 -j SNAT --to-source 1.2.3.4 -d www.centos.org Any idea to achieve it? And Also, the below rule excludes 1 ip. it works fine. iptables -t nat -A PREROUTING -p tcp -m multiport -s ! 192.168.1.9 --destination-port 80,465,995 -j DNAT --to-destination :3128 I want to exclude about 4 or 5 ips. let's say 192.168.1.11, 192.168.1.19, 192.168.1.20,192.168.1.25 Is there a way to do it? Hope to hear from you. I take it the firewall has 2 interfaces WAN and LAN. Without knowing how you have things setup now you could simple add the following: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -i LAN -s 192.168.1.11 -j DROP iptables -i LAN -s 192.168.1.19 -j DROP iptables -i LAN -s 192.168.1.25 -j DROP Should any of these ip's need access to the firewall then you nedd to place those rules before these. -- Regards Robert It is not just an adventure. It is my job!! Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls network address traslation different in centos?
On Wednesday 31 December 2008 16:05, chloe K wrote: ls the network address traslation in centos5.2 different? Nope. I disable the default iptable rule and use the following commands but I can't connect http://public:8080 from outside to this host 192.168.0.10 port 80 eth1 is public address eth0 is private address 192.168.0.1 iptables -F -t nat iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to 192.168.0.10:80 Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' Try these; iptables -F -t nat iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # !!! Following line is wrapped !!! iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 192.168.0.10:80 iptables -A FORWARD -i eth0 -j ACCEPT You could and should tighten these rules up. You should look into Stateful packet inspection for your firewall. If you are looking to learn how to write your own rules use the following; http://iptables.rlworkman.net/chunkyhtml/index.html -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ls network address traslation different in centos?
On Friday 02 January 2009 00:16, Kenneth Burgener wrote: On 1/1/2009 8:13 PM, Robert Spangler wrote: Your rules are in need of help. First off I am not even sure what you are doing will work, i.e.; --append or --table These are written as '-A' and '-t' --append and --table are legal syntax... # man iptables -t, --table table This option specifies the packet matching table which the command should operate on. If the... -A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination... Shorthand I find the best. Thnx for the clarification on this. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ftp and iptables
On Thursday 22 January 2009 17:28, Agile Aspect wrote: Regarding item (2), I would guess I would have to add the following entries: Active: - -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 20 --dport 4:6 -j ACCEPT All FTP connecting begin with port 21. Port 20 is a DATA connection. ip_conntrack_ftp will track connection needing the Data port open. Passive: -- -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4:6 --sport 4:6 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 4:6 --dport 4:6 -j ACCEPT Do you have a rule like this: -A OUTPUT --m state --state RELATED,ESTABLISHED -j ACCEPT If not you should place this in your rules. This rule eleminates the need to continuesly add rules to allow out going connection for allowed incoming connection. If you do then you should not need the OUTPUT rules you listed above. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network guru please help: baffled by missing file
On Friday 17 July 2009 08:14, Timothy Murphy wrote: The mirrorlist entry in my Fedora-11 /etc/yum.repos.d/fedora-update.repo reads: mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released - f$releaseverarch=$basearch As far as I can see, this means that yum is looking for the file metalink at mirrors.fedoraproject.org ? If I try sudo yum update I get: Why would you want to link to Fedora's Repo's? So you can have an unstalbe Centos box? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Split dns issues
On Monday 03 August 2009 00:36, Les Mikesell wrote: Drew wrote: It's a bit of bad form to use NAT and private addresses at all because the internet really wasn't designed to be segmented, but everyone does it. Why is NAT bad form? I don't mean to imply it shouldn't be used - it is pretty much a necessary evil now, but it doesn't fit the original IP design very well. From my standpoint as an admin, private IP's NAT are another tool to help secure my network. You can't attack what you can't see and even a misconfigured router or firewall won't expose my network to prying eyes. There are small problems like often needing split DNS, not being able to offer public services easily, not being able to track the source addresses meaningfully in logs, etc., but the real killer comes when your large Say what? How do you figure this? Unless you are not NAT'ing correctly. When NAT'ing only the destination address is changes and on the outbound only the source address is changed. So if you are logging you should still see the ip addresses. organization merges with another using the same private address range and you need to connect the networks. This can be worked around and has on many occasions at the office. The bigger problem is when you are just partnering with another company using the same range. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote: Here are my questions... 1. Is the BIND master/slave the appropriate approach? Yes, you should already have something like this in case the main/master server would fail. 2. Can I have each subnet be a master for itself and a slave for the other subnet? DNS is about domains not subnets. If each subnet was going to have it's own domain then the answer could be 'yes'. 3. Any pointers to applicable docs/examples? The ones that ship with the Bind package are good from what I understand. I have not looked at them so I cannot say one way or the other. If you are looking for a good book on the subject I would highly recommend O'Reilly's DNS and BIND 5th edition. 4. Can you recommend a front end for BIND (we have webmin installed but I have yet to start working with it)? How large is this domain and how many domains are there going to be? Is the DNS server going to be updated automatically or by hand? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 21:29, Hugh E Cruickshank wrote: From: Robert Spangler Sent: August 14, 2009 16:18 On Friday 14 August 2009 17:17, Hugh E Cruickshank wrote: Here are my questions... 1. Is the BIND master/slave the appropriate approach? Yes, you should already have something like this in case the main/master server would fail. I did have two independent DNS servers. One on our primary development server and one on our old production server. We have replaced the old production server but have not pulled it from service yet. I am now in the process of ensuring that all functionality of the old server has been migrated to either the new production servers or some place else. My current efforts on revising our internal DNS service is part of this review process. I would suggest placing one on each site. That way you can cut the traffic between sites for DNS lookups. I would also ensure that only one does the updates per domain. 2. Can I have each subnet be a master for itself and a slave for the other subnet? DNS is about domains not subnets. If each subnet was going to have it's own domain then the answer could be 'yes'. My bad! In my own mind I have been treating the two locations as domains while they are in fact only subnets. It should not take too much effort to translate my thinking to fact. The reason I asked is you should not have a shared domain that can be updated by more then one master. You risk losing data or valid data being over written. 3. Any pointers to applicable docs/examples? The ones that ship with the Bind package are good from what I understand. I have not looked at them so I cannot say one way or the other. If you are looking for a good book on the subject I would highly recommend O'Reilly's DNS and BIND 5th edition. As soon as I saw your book recommendation there was the sound of a loud AARRR! followed closely by the some mutterings that sounded much like I have that book! Why did I not think of it in the first place! Now where frack did I put it?. Of course knowing me by the time I find it I will have forgotten why I was looking for it (and will be an old edition to boot). Been there and done that. I now have a book shelf where I keep all my books and manuals. 4. Can you recommend a front end for BIND (we have webmin installed but I have yet to start working with it)? How large is this domain and how many domains are there going to be? Is the DNS server going to be updated automatically or by hand? It is not large probably less than 50 devices in total. The only automatic updating that I can foresee would be from the DHCP server. the only reason I asked about this was that I was thinking that it might be easier to administer and ensure valid BIND config files. If you are worried about valid config then you should be using the tools that come with Bind instead of relying on some third party software. named-checkconf for checking the configuration of Bind named-checkzone for checking the zone file. There are man pages for both that explain how to use them. Thanks for your input. You are welcome. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNS Server Recommendations
On Friday 14 August 2009 23:31, Hugh E Cruickshank wrote: If you are worried about valid config then you should be using the tools that come with Bind instead of relying on some third party software. named-checkconf for checking the configuration of Bind named-checkzone for checking the zone file. There are man pages for both that explain how to use them. I will check those out but what about the ease of use factor. Would you suggest something like webmin over had tailoring the config files? 'Ease of use' is subjective. I find them very easy to use and the man pages should be able to direct you. As to would I suggest a program, I prefer to do things by hand when it comes to DNS. The reason for this is so that I understand the internal workings and how things are setup. I am able to log into a server and look at the config files and understand how this server is working. Should the front end program be programmed with an unforeseen bug, I am still able to fix what the program has broken and keep my services up and running until the bug is fixed. I am the DNS support person for my companies global DNS infrastructure. The company I work for uses Men Mice as it's front end and I am thankful for this. The amount of DNS changes done daily is staggering and this tool helps a lot. I do not have experience with other DNS front ends. If I were supporting a small DNS setup (a hand full of domains that the records do not change often) I think I would prefer to do this by hand. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auto update
On Tuesday 25 August 2009 14:35, Ron Blizzard wrote: On Tue, Aug 25, 2009 at 6:37 AM, Johnny Hughesjoh...@centos.org wrote: If so, in CentOS 5.3 that package is called pirut and the individual file that runs is called puplet. It seems that puplet is not working correctly after the upgrade to 5.3, according to this bug: http://bugs.centos.org/view.php?id=3565 I get the same thing when running puplet from the commandline on my machine. We are looking at this issue now. I thought I was the only one who had the problem. My solution was to run 'yum update' every day (or every other day). I figured I had accidentally turned the service off when I was shutting down some of the other services. You can set this up to auto run with chkconfig service. chkconfig --level 35 yum on (to turn it on at boot) service yum start (to start the service) -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Build a Firewall (Can I learn to do this...)
On Thursday 01 October 2009 16:56, ML wrote: I have a home business circuit and I am gearing up to host my business affairs in my place. I have Comcast and 13 static IP's. I have an extra PIII 1U, 2 9gb SCSI, 1gb RAMm dual NICS. If you can, I would place a 3rd NIC into this device and use it for a DMZ and place all servers into that space keeping the internet facing server away from everything else. A lot easier to control thing. I have a box here with 4 NICs working nicely. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Rythmbox and MP3
Hello, Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Thnx -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rythmbox and MP3
On Sunday 11 October 2009 01:22, Lucian @ lastdot.org wrote: Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Usually rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1. el5.rf.i386.rpm does the job for me. Thank you for the reply. I have 4.8 installed and it seems that rpmforge doesn't have the rpm's for my distro No Match for argument: gstreamer-plugins-bad No Match for argument: gstreamer-plugins-ugly -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rythmbox and MP3
On Sunday 11 October 2009 05:35, lostson wrote: Can anyone tell me how to get the 2 in the Subject line to work? I have read a lot about adding this or that repo but still no joy as usually deps are missing. :( Personally I use rpmfusion repo which you can fine here http://rpmfusion.org/ After you enable the repos for your system then as root run yum install gstreamer-plugins-bad gstreamer-plugins-ugly This will get you the codecs you need to play mp3's This repo doesn't have anything for my Distro 4.8. Thanks for the reply. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Monday 19 October 2009 17:18, Bowie Bailey wrote: The logs on my mail server are filling up with this kind of thing: Oct 19 17:03:51 bnofmail kernel: REJECT: IN=eth0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=195.140.240.6 DST=XX.XX.XX.XX LEN=189 TOS=0x00 PREC=0x00 TTL=52 ID=6284 DF PROTO=TCP SPT=25 DPT=32776 WINDOW=65535 RES=0x00 ACK PSH URGP=0 The source port is always 25 and the destination is a high-numbered port. The destination address is the private IP of the server. These seem to be related to outgoing email connections based on the source IPs, but I don't know why they are not part of an established connection. The mail server seems to be running just fine regardless of these blocked connections. Any ideas? Are you running a mixed firewall rule set? Stateful and Connection or just one or the other? Since you state a private address, I'm going to assume you mean something in the 192.168 or similar space, is NATting an issue? -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudoers file
On Wednesday 28 October 2009 04:11, vijay shanker wrote: This file MUST be edited with the 'visudo' command as root. NO, it MUST not be edited with 'visudo'. YES, you should use 'visudo'. You can edit sudoer with vi or vim and save the changes too. Just read what it tells you you need to do in order to save it. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] combining iptables parameters
On Wednesday 28 October 2009 16:36, Marcus Moeller wrote: Dear Ryan. is there a way to combine iptables parameters like: iptables -A OUTPUT -p UDP -p TCP -d $IP1 -d $IP2 ? Each of those parameters is called a match, in IPTables-speak. You can specify multiple matches in one rule, but all matches are combined with an implicit logical AND. There is no way to get a logical OR amongst multiple matches in a single rule. If you want OR logic, you use multiple rules. So, your example could not work as single rule, because no single IP packet can be both TCP and UDP, and no single IP packet can have multiple destination IP addresses. IPTables tries to prevent you from creating nonsensical rules like that in most situations. You would have to specify the required match space across multiple rules, maybe something like this: iptables -A OUTPUT -p UDP -d $IP1-j DROP iptables -A OUTPUT -p TCP -d $IP1 -j DROP iptables -A OUTPUT -p UDP -d $IP2 -j DROP iptables -A OUTPUT -p TCP -d $IP2 -j DROP That's what I am doing atm. Thanks for the update. Even simpler; iptables -A OUTPUT -d $IP1 -j DROP iptables -A OUTPUT -d $IP2 -j DROP This will catch everything doesn't matter if its UDP or TCP or ICMP. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grub problems
On Wednesday 28 October 2009 15:47, m.r...@5-cent.us wrote: This is irritating: I've got a server I just upgraded to 5.4, then rebooted, only to discover that it just *sits* there at the grub boot menu. I looked at grub.conf, and uncommented hiddenmenu (which should have been done long ago). It *still* sits there when I reboot. Any clues, folks? mark grub.conf: #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-164.2.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-164.2.1.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-164.2.1.el5.img title CentOS (2.6.18-164.el5) root (hd0,0) kernel /vmlinuz-2.6.18-164.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-164.el5.img snip ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Looks OK. Can you boot this system at all? Have you tried to boot yhe old kernel, maybe there is an issue with the new one? If you cannot boot ayt all try a live CD and check the log files for a clue. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables -d fqdn instead of IP
On Wednesday 28 October 2009 16:44, Marcus Moeller wrote: does it work to define iptables rules with a fqdn as destination instead of an IP address? Or is it useful to resolve the name first using e.g. nslookup, writing the result to a variable which is then used within the -d statement? Best bet it to stay with the address. -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
