[CentOS-virt] Xen Security patching
Hi Guys When is the next update of Hypervisor packages going to be released? There appears to be no changes to the main hypervisor RPMs since September (Even in the BETA / RC1 tree) and there are 5+ Xen Security Advisories with patches which need to be added. Security issues are handled and released in sync with public disclosure upstream with zero lag I can rebuild my own, but that's not really the point. In other news I've been doing some testing of the 3.10 kernel and so far so good! Thanks - Chris ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
Cancel my last email as I peeked at a server I set up last year w/o issue having multiple interfaces. Its working no issue. I don't recall but can you gentlemen tell me if there are any routes that need to be set? My guest VMs being on a 2nd or 3rd NIC interface can't get a IP via DHCP and when set statically cannot send/recv packets. I vaguely recall setting routes on the working box from last year but forgot :) - aurf On Nov 21, 2013, at 5:52 PM, Digimer wrote: It's not so much hard as it is knowing all the hops in your network. If anything along the chain has a low MTU, the whole route is effectively reduced. On 21/11/13 20:20, Nico Kadel-Garcia wrote: This is int4eresting stuff. I do note that the virt-manager tool, and NetworkManager, give *no* insight and detailed management sufficient to resolve this stuff. Note also that dancing through all the hoops to get this working, end-to-end, is one of the big reasons that most environments refuse to even *try* to use jumbo frames, as helpful as they sometimes are to heavy data transfers. On Thu, Nov 21, 2013 at 6:58 PM, Digimer li...@alteeve.ca wrote: On 21/11/13 18:20, aurfalien wrote: On Nov 21, 2013, at 2:45 PM, Digimer wrote: The 'vnetX' number doesn't relate to the interface, bridge or anything else. The vnetX number is a simple sequence that increments each time a VM is started. So don't think that you need 'vnet6'... it can be anything. The 'brctl show' output from earlier showed that both vnet0 and vnet1 were connected to br0. You can try using the bridge utils to remove them from br0 and connect them to br6 as a test. -- Digimer Well, when I remove vnet1 from br0 and add vnet1 to br1, I loose connectivity with my VMs. No biggy so I reboot my entire host. Then vnet1 show back under br0. I just don't understand enough about this to get a clue, depressing. - aurf Think of each bridge as if it were a physical switch. When you detached vnet1 from br0, you unplugged it from a switch. When you attached it to br1, you plugged it into another switch. If there is no connection out to your network/internet on a given switch, then anything plugged into that switch will go nowhere. Same with bridges. You seemed to indicate earlier that the main connection was on br6. Is this true? If so, then switch br6 is the switch with the uplink to your network. Plug a VM into it and you can route out through it. When you rebooted the VM, the hypervisor read the definition file. That definition file says to plug in the server to br0. So it makes sense that the reboot reconnected it to br0. If you want to use jumbo frames on the br0 switch, you need to set the larger MTU on the interfaces are all set to your desired MTU size. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
On 22/11/13 17:11, aurfalien wrote: Sorry guys, I've tried and tried, no dice. Seems like I am missing missing a vent1, vnet2, etc... to br0 association. I can see were the vnet# gets created upon VM startup. And based on how my VM xml file is set, will go to either br0, br1. br2, etc... But in my case, the only interface that works is vnet0 for all my VMs. In the CentOS virtual machine manager for whatever NIC you choose, there is a drop down option for virtual network interface. For source device, I only ever see a vnet0 to br0. For my other bridges, there is only eth# to vnet#. The configs for this are rather simple and I don't know were else to look; various /etc/sysconfig/network* files and the VM xml config. Everythings is set to the same MTU wether standard or jumbo, but no matter what, my VMs network interfaces work when set to vnet0 as its connected to br0. I cannot get br6 to show with vnet2 for example. Not even my vnet1 is connected to br1 but rather br0. However in the UI as mentioned before, i do not see a vnet1 to br1 relationship. Are there any other config files I can look at? - aurf Why do you have so many bridges? In almost all cases, only one bridge is needed. The bridge should connect to a real interface to get to the outside world. Then all VMs should point to that bridge. I think you might be over-complicating things. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] proper bridging technoque
On Nov 22, 2013, at 3:51 PM, Digimer wrote: On 22/11/13 18:11, aurfalien wrote: Cancel my last email as I peeked at a server I set up last year w/o issue having multiple interfaces. Its working no issue. I don't recall but can you gentlemen tell me if there are any routes that need to be set? My guest VMs being on a 2nd or 3rd NIC interface can't get a IP via DHCP and when set statically cannot send/recv packets. I vaguely recall setting routes on the working box from last year but forgot :) - aurf We're not all gentlemen. ;) So you have multiple separate networks? Well no, I have 1 network that my host is connected to. This host has 2 active NICs, eth0 1Gb (which has a corresponding br0) and eth6 10Gb (which has a corresponding br6). It also has 1 inactive or not connected NIC being eth1 which has a br1 associated with it. All and any VMs configured on this host can send/rcv packets while on br0. But when I set any of those VMs to use br6, no routing occurs. So while I have a bridge per NIC, I only have 1 network, 1 subnet, 1 gateway etc... I've looked at the diff between my working server having 6 NICs and my non working server have 2 active NICs and don't see any diff. - aurf ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-es] Ayuda con error al inicio del sistema /bin/awk: cannot execute binary file
Buenos días miembros de la lista. Soy usuario CentOS habitual hace ya varios años y tengo un problema, estuve tratando de recuperar la contraseña de root de un servidor con CentOS 6 como es habitual editando la linea de Kernel en el Grub añadiéndole un single, s o 1 después del quiet, sin embargo cuando intentaba bootear en modo monousuario en vez de darme un prompt me arrojaba el siguiente error: Activando espacio swap de /etc/fstab [ OK ] /dev/fd/8: line 2: /bin/awk: cannot execute binary file init: rcS post-stop process (1348) terminated with status 126 Después de eso no iniciaba el sistema y se quedaba ahí, lo peor del caso es que cuando deserte por recuperar el password de root el sistema ni siquiera iniciaba correctamente, la verdad no se si tengo mal editado el grub o que sera, por eso acudo a ustedes para solicitarles su ayuda si tienen conocimiento sobre como puedo solucionar esto. Mil gracias de antemano, feliz tarde. -- --- - Cordialmente *Alejandro CalderónAdministrador De Redes I**nformáticas* *gnunick* [image: skype] [image: Blogger]http://www.gnunick.blogspot.com/ [image: facebook] https://www.facebook.com/gnunick [image: twitter]https://twitter.com/#%21/NickKalderon [image: linkedIn] http://co.linkedin.com/in/alejocalderon [image: Google+] https://plus.google.com/u/0/103707175935519332398 Please do not send me Microsoft Office/Apple iWork Documents. Send OpenDocument instead! Por favor no me envíes documentos de Microsoft Office o de iWork, envíame documentos en formatos abiertos como los de OpenOffice. [image: eco] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y, en su caso, los ficheros anexos son propiedad de Alejandro Calderón, especialmente en lo que respecta a los datos personales, y se dirigen exclusivamente al destinatario referenciado. Si usted no lo es y lo ha recibido por error o tiene conocimiento del mismo por cualquier motivo, le ruego que me lo comunique por este medio y proceda a destruirlo o borrarlo, y que en todo caso se abstenga de utilizar, reproducir, alterar, archivar o comunicar a terceros el presente mensaje y ficheros anexos, todo ello bajo pena de incurrir en responsabilidades legales. El emisor no garantiza la integridad, rapidez o seguridad del presente correo, ni se responsabiliza de posibles perjuicios derivados de la captura, incorporaciones de virus o cualesquiera otras manipulaciones efectuadas por terceros. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Servidor con dos ips
Hola amigos yo aquí molestandoles porque sigo rompiéndome la cabeza y no logro que me funcione al 100% lo que trato de hacer aqui la explicación 1.- Cambie de puerto a mi apache del 80 al 8080 2.- Agregue estas reglas a mi firewall #nat para enviar al servidor windows con el aplicactivo por el puerto 80 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d www.eldominio1.com --dport 80 \ -j DNAT --to 192.168.0.2:80 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.2 --dport 80 -j ACCEPT #nat para enviar al servidor linux la web joomla por el puerto 8080 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d eldominio2.com --dport 8080 \ -j DNAT --to 192.168.0.1:8080 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.1 --dport 8080 -j ACCEPT 3.- Me funciona el segundo dominio pero soloc uando pongo el puerto 8080 al final es decir eldominio2.com:8080 ahí se direcciona al segundo dominio Gracias César ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Servidor con dos Ips
Hola amigos yo aqui molestandoles porque sigo rompiendome la cabeza y no logro que me funcione al 100% lo que trato de hacer aqui la explicación 1.- Cambie de puerto a mi apache del 80 al 8080 2.- Agregue estas reglas a mi firewall #nat para enviar al servidor windows con el aplicactivo por el puerto 80 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d www.eldominio1.com --dport 80 \ -j DNAT --to 192.168.0.2:80 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.2 --dport 80 -j ACCEPT #nat para enviar al servidor linux la web joomla por el puerto 8080 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d eldominio2.com --dport 8080 \ -j DNAT --to 192.168.0.1:8080 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.1 --dport 8080 -j ACCEPT 3.- Me funciona el segundo dominio pero soloc uando pongo el puerto 8080 al final es decir eldominio2.com:8080 ahí se direcciona al segundo dominio Gracias César Los dos dominios deben apuntar a la misma ip. En la configuración de Apache tienes que activar /NameVirtualHost *:80 / // /y crear dos virtualhost uno de ellos de tipo proxy:/ // VirtualHost *:80 DocumentRoot /var/www7proxy ServerName dominio_interno.com CustomLog logs/interno_log common ErrorLog logs/error_interno_log IfModule mod_proxy.c ProxyRequests Off ProxyPass / http://192.168.0.3/ ProxyPassReverse / http://192.168.0.3/ /IfModule /VirtualHost El otro virtualhost es normal y se`rá el del Joomla. *Salutacions.* *Jacint Nieto**Carbonell**| *Cap de xarxes i serveis | ci...@tecnocampus.cat| TecnoCampus Mataró-Maresme (Edifici universitari) | Avinguda Ernest Lluch, 32 (Porta Laietana) 08302 Mataró (Barcelona) | Tel. 937415567 - 10607 - 637 059 088 | Fax 93 169 65 05 | *http://www.tecnocampus.cat http://www.tecnocampus.cat/* *De:* César Martínez [mailto:cmarti...@servicomecuador.com] *Enviat:* dimecres, 20 / novembre / 2013 20:12 *Per a:* Jacint Nieto Carbonell *Tema:* Re: [CentOS-es] Servidor con dos Ips Hola cambie los dns del nuevo dominio estoy esperando que se haga el refresh para probar -- Saludos César Martinez Mora Ingeniero de Sistemas Servicom Enviado desde mi mobile Samsung galaxy Jacint Nieto Carbonell ci...@tecnocampus.cat escribió: Hola Cesar, tienes ya la solucion? Entendiste mi correo a la lista ? Jacinto Enviat des del meu dispositiu de butxaca BlackBerry. [http://www.tecnocampus.cat/admin_newsletter/images/newsletter_TCM2_03b.png]http://www.tecnocampus.cat/newsletter/newsletter.html CONFIDENCIALITAT Aquesta informació és confidencial, personal i intransferible i només va dirigida a la/les adreça/ces indicades. Qualsevol modificació, retransmissió, difusió o altre ús d'aquesta informació per persones o entitats diferents a la persona a qui va dirigida està prohibida. Si vostè l'ha rebut per error, li preguem que ho reenviï a descone...@tecnocampus.catmailto:descone...@tecnocampus.com, i esborri el missatge original juntament amb els ! seus fitxers annexos sense llegir-lo ni gravar-lo. Gràcies. Abans d'imprimir-lo, assegura't de que és realment necessari. EL MEDI AMBIENT ÉS COSA DE TOTS. CONFIDENCIALIDAD La presente información es confidencial, personal e intransferible y sólo va dirigida a la/s dirección/es indicadas. Cualquier modificación, retransmisión, difusión u otro uso de esta información por personas o entidades diferentes a la persona a la que va dirigida está prohibida. Si usted lo ha recibido por error, le rogamos que lo reenvie a descone...@tecnocampus.com, y borre el mensaje original junto con sus ficheros anexos sin leerlo ni grabarlo. Gracias. Antes de imprimir, asegúrese que es realmente necesario hacerlo. EL MEDIO AMBIENTE ES COSA DE TODOS. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Servidor con dos Ips
Haber, puedes decirme por favor esta informacion: 0) Cuantas Ips reales tienes? 1) En tu dns exterior, que ip esta apuntando tus dominios 2) En tu fw solo debera de ser fw y no proxy, dns, etc ... si lo tienes de esa manera, pues ni modo... que ip tienes 3) en tu servidor interno de igual manera que ip tienes y cuales son los puertos a mapear desde el fw a tu servidor www y de esa manera hacemos cesarea para que salga el chamaco ... saludos 2013/11/22 César Martinez cmarti...@servicomecuador.com Hola amigos yo aqui molestandoles porque sigo rompiendome la cabeza y no logro que me funcione al 100% lo que trato de hacer aqui la explicación 1.- Cambie de puerto a mi apache del 80 al 8080 2.- Agregue estas reglas a mi firewall #nat para enviar al servidor windows con el aplicactivo por el puerto 80 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d www.eldominio1.com --dport 80 \ -j DNAT --to 192.168.0.2:80 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.2 --dport 80 -j ACCEPT #nat para enviar al servidor linux la web joomla por el puerto 8080 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d eldominio2.com --dport 8080 \ -j DNAT --to 192.168.0.1:8080 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.1 --dport 8080 -j ACCEPT 3.- Me funciona el segundo dominio pero soloc uando pongo el puerto 8080 al final es decir eldominio2.com:8080 ahí se direcciona al segundo dominio Gracias César Los dos dominios deben apuntar a la misma ip. En la configuración de Apache tienes que activar /NameVirtualHost *:80 / // /y crear dos virtualhost uno de ellos de tipo proxy:/ // VirtualHost *:80 DocumentRoot /var/www7proxy ServerName dominio_interno.com CustomLog logs/interno_log common ErrorLog logs/error_interno_log IfModule mod_proxy.c ProxyRequests Off ProxyPass / http://192.168.0.3/ ProxyPassReverse / http://192.168.0.3/ /IfModule /VirtualHost El otro virtualhost es normal y se`rá el del Joomla. *Salutacions.* *Jacint Nieto**Carbonell**| *Cap de xarxes i serveis | ci...@tecnocampus.cat| TecnoCampus Mataró-Maresme (Edifici universitari) | Avinguda Ernest Lluch, 32 (Porta Laietana) 08302 Mataró (Barcelona) | Tel. 937415567 - 10607 - 637 059 088 | Fax 93 169 65 05 | *http://www.tecnocampus.cat http://www.tecnocampus.cat/ * *De:* César Martínez [mailto:cmarti...@servicomecuador.com] *Enviat:* dimecres, 20 / novembre / 2013 20:12 *Per a:* Jacint Nieto Carbonell *Tema:* Re: [CentOS-es] Servidor con dos Ips Hola cambie los dns del nuevo dominio estoy esperando que se haga el refresh para probar -- Saludos César Martinez Mora Ingeniero de Sistemas Servicom Enviado desde mi mobile Samsung galaxy Jacint Nieto Carbonell ci...@tecnocampus.cat escribió: Hola Cesar, tienes ya la solucion? Entendiste mi correo a la lista ? Jacinto Enviat des del meu dispositiu de butxaca BlackBerry. [ http://www.tecnocampus.cat/admin_newsletter/images/newsletter_TCM2_03b.png ]http://www.tecnocampus.cat/newsletter/newsletter.html CONFIDENCIALITAT Aquesta informació és confidencial, personal i intransferible i només va dirigida a la/les adreça/ces indicades. Qualsevol modificació, retransmissió, difusió o altre ús d'aquesta informació per persones o entitats diferents a la persona a qui va dirigida està prohibida. Si vostè l'ha rebut per error, li preguem que ho reenviï a descone...@tecnocampus.catmailto:descone...@tecnocampus.com, i esborri el missatge original juntament amb els ! seus fitxers annexos sense llegir-lo ni gravar-lo. Gràcies. Abans d'imprimir-lo, assegura't de que és realment necessari. EL MEDI AMBIENT ÉS COSA DE TOTS. CONFIDENCIALIDAD La presente información es confidencial, personal e intransferible y sólo va dirigida a la/s dirección/es indicadas. Cualquier modificación, retransmisión, difusión u otro uso de esta información por personas o entidades diferentes a la persona a la que va dirigida está prohibida. Si usted lo ha recibido por error, le rogamos que lo reenvie a descone...@tecnocampus.com, y borre el mensaje original junto con sus ficheros anexos sin leerlo ni grabarlo. Gracias. Antes de imprimir, asegúrese que es realmente necesario hacerlo. EL MEDIO AMBIENTE ES COSA DE TODOS. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos cordiales -- Lic. Domingo Varela Yahuitl IT/Specialist -- Linux/Unix/Win System Administrator and Technical Support Web Site: http://www.linuxsc.net Twitter: http://www.twitter.com/linuxsc MSN: domin...@yahoo.com
Re: [CentOS-es] Servidor con dos Ips
Hola Domingo gracias por responder, contesto tus preguntas 0) Cuantas Ips reales tienes? respuesta: 1 Ip que me da mi ISP 1) En tu dns exterior, que ip esta apuntando tus dominios Respuesta: igual al ip que me dio mi ISP 2) En tu fw solo debera de ser fw y no proxy, dns, etc ... si lo tienes de Respuesta: Actualmente es fw y dns y este otro dominio donde funcionará la web esa manera, pues ni modo... que ip tienes Respuesta a que te refieres con que ips tienes las de la lan o de la wan? 3) en tu servidor interno de igual manera que ip tienes y cuales son los puertos a mapear desde el fw a tu servidor www Respuesta La ip de la lan del servidor linux es 192.168.0.1 y del windows 192.168.0.2 El windows usa iis por el puerto 80 y el linux el apache por el 8080 Gracias César 0) Cuantas Ips reales tienes? 1) En tu dns exterior, que ip esta apuntando tus dominios 2) En tu fw solo debera de ser fw y no proxy, dns, etc ... si lo tienes de esa manera, pues ni modo... que ip tienes 3) en tu servidor interno de igual manera que ip tienes y cuales son los puertos a mapear desde el fw a tu servidor www ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Servidor con dos Ips
ok, ahora bien lo que tienes que hacer es lo siguiente, vamos a usar el ARP y el ROUTE 1) arp -Ds ip_real_del_FW eth0 pub ( asumo que la eth0 es la tarjeta de acceso a internet) 2) route add ip_real_del_FW dev eth1 (aqui la eth1 es tu lan 192.168.x.x) 3) iptables -A PREROUTING -t nat -i eth0 -p tcp -d ip_real_del_FW --dport 80 -j DNAT --to-destination 192.168.0.1:80 4) iptables -A FORWARD -i eth0 -p tcp -d 192.168.0.1 --dport 80 -j ACCEPT ... a) iptables -A PREROUTING -t nat -i eth0 -p tcp -d ip_real_del_FW --dport 80 -j DNAT --to-destination 192.168.0.2:8080 b) iptables -A FORWARD -i eth0 -p tcp -d 192.168.0.2 --dport 8080 -j ACCEPT ... ... x) iptables -A PREROUTING -t nat -i eth0 -p tcp -d ip_real_del_FW --dport 80 -j DNAT --to-destination 192.168.0.x:8080 y) iptables -A FORWARD -i eth0 -p tcp -d 192.168.0.x --dport 80 -j ACCEPT Ejecutas finalmente un arp y te mostraran los MP con un *, ie buscas la o las ips que estan mapeadas y un iptables -L -n -v 2013/11/22 César Martinez cmarti...@servicomecuador.com Hola Domingo gracias por responder, contesto tus preguntas 0) Cuantas Ips reales tienes? respuesta: 1 Ip que me da mi ISP 1) En tu dns exterior, que ip esta apuntando tus dominios Respuesta: igual al ip que me dio mi ISP 2) En tu fw solo debera de ser fw y no proxy, dns, etc ... si lo tienes de Respuesta: Actualmente es fw y dns y este otro dominio donde funcionará la web esa manera, pues ni modo... que ip tienes Respuesta a que te refieres con que ips tienes las de la lan o de la wan? 3) en tu servidor interno de igual manera que ip tienes y cuales son los puertos a mapear desde el fw a tu servidor www Respuesta La ip de la lan del servidor linux es 192.168.0.1 y del windows 192.168.0.2 El windows usa iis por el puerto 80 y el linux el apache por el 8080 Gracias César 0) Cuantas Ips reales tienes? 1) En tu dns exterior, que ip esta apuntando tus dominios 2) En tu fw solo debera de ser fw y no proxy, dns, etc ... si lo tienes de esa manera, pues ni modo... que ip tienes 3) en tu servidor interno de igual manera que ip tienes y cuales son los puertos a mapear desde el fw a tu servidor www ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Saludos cordiales -- Lic. Domingo Varela Yahuitl IT/Specialist -- Linux/Unix/Win System Administrator and Technical Support Web Site: http://www.linuxsc.net Twitter: http://www.twitter.com/linuxsc MSN: domin...@yahoo.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Servidor con dos ips
En el httpd.conf deberias haber creado algo así como /etc/httpd/conf/httpd.conf Listen 192.168.0.1:8080 ó puedes dejarlo en el 80 Las reglasd e Iptables dejarlar tal cual como están o si decides dejar esta variable en 80 entonces cambia el correspondiente al 80. Ahora bien... www.eldominio1.com debería llegar al servidor 0.2 pero el otro, salvo que tengas el registro DNS adecuado no llegará salvo que reintegres el virtual host, pero escuchando en el mismo puerto de Listen. Por otra parte, debes tener en tu IPtables las reglas de Politicas globales en ACCEPT y luego REJECT en los puertos que no deseas publicar iptables -A INPUT -s 0/0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 8080 -j ACCEPT Deja forward por defecto en ACCEPT y despues puedes hacer al final del script de iptables iptables -A INPUT -s 0/0 -p all -j REJECT Lo otro se me ocurre es que pases tu site de joomla a Windows y trabajes el Web server directo ahi. Suerte, David El 22 de noviembre de 2013 18:16, César Martinez cmarti...@servicomecuador.com escribió: Hola amigos yo aquí molestandoles porque sigo rompiéndome la cabeza y no logro que me funcione al 100% lo que trato de hacer aqui la explicación 1.- Cambie de puerto a mi apache del 80 al 8080 2.- Agregue estas reglas a mi firewall #nat para enviar al servidor windows con el aplicactivo por el puerto 80 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d www.eldominio1.com --dport 80 \ -j DNAT --to 192.168.0.2:80 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.2 --dport 80 -j ACCEPT #nat para enviar al servidor linux la web joomla por el puerto 8080 $IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d eldominio2.com --dport 8080 \ -j DNAT --to 192.168.0.1:8080 $IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.0.1 --dport 8080 -j ACCEPT 3.- Me funciona el segundo dominio pero soloc uando pongo el puerto 8080 al final es decir eldominio2.com:8080 ahí se direcciona al segundo dominio Gracias César ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] dovecot informational/error messages?
I'm getting the message Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot informational/error messages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timothy Murphy said the following on 22/11/2013 14:12: Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages? If 192.168.2.3 is a Windows host, it could be infected; had a similar issue with one of my customers. In any case, that log entry says that 192.168.2.3 is opening a TCP connection to IMAP port of 192.168.2.5 and closing it without any IMAP handshake Ciao, luigi - -- / +--[Luigi Rosa]-- \ The more complex the mind, the greater the need for the simplicity of play. --James Kirk, Shore Leave -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKPXI8ACgkQ3kWu7Tfl6ZRr3wCdHtp4cwDfXb/WgzpEU5QG6fGr 1FEAoMVqc7VGL2iBe17hh2Lc+aEj4v+c =9tSp -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot informational/error messages?
Luigi Rosa wrote: Nov 22 13:06:56 grover dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.2.3, lip=192.168.2.5, TLS: Disconnected every second on my CentOS-6.4 server. Is this purely an informational message? Or is it an error message? And in either case, how can I stop the flood of messages? If 192.168.2.3 is a Windows host, it could be infected; had a similar issue with one of my customers. Thanks for your response. But in fact it is a Linux laptop, running KMail. In any case, that log entry says that 192.168.2.3 is opening a TCP connection to IMAP port of 192.168.2.5 and closing it without any IMAP handshake I've managed to stop the flood, though I'm not sure which of the steps I took had this effect. 1) I created a self-signed certificates /etc/pki/dovecot/certs/dovecot.pem and /etc/pki/dovecot/private/dovecot.pem on the server, and copied the first to /etc/pki/dovecot/certs and /etc/pki/tls/certs on the laptop. (I already had standard signed TLS certificates on both.) 2) I found that KMail on the laptop had the connection setting set to SSL/TLS on port 993, which I changed to STARTTLS on port 143. 3) I re-started dovecot on the server 4) I re-booted the laptop. Now the flood of messages in /var/log/maillog seems to have stopped. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SSSD with 389DS
Hi! We are setting up an environment with two 389DS configured as master-consumer. The DIT holds about 70.000 user records. A couple of other machines running SSSD will be using the 389DS setup for all user info lookups that would normally go to passwd/shadow. There are also other applications that will be querying the 389DS for various other user data. All servers are running CentOS6. In total I would estimate that SSSD would be handling about 400 queries per second. How should I configure SSSD to get the most out of it? Cache refreshes, (negative) timeouts, expirations, enumerations? Regards, Mitja -- -- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8877, fax: +386 1 479 88 78 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome
On 11/21/2013 11:40 AM, Darr247 wrote: On 2013-11-21 @14:41 zulu, Wes James scribed: It is with the script on this page: http://chrome.richardlloyd.org.uk/ Be aware some on this list consider that script criminal. At what point does it become less hassle to spin up a virtual machine with a distro recent-enough to run the latest Chrome? Virtualization is a wedge that puts more space between your rocks and your hard places. Just for kicks, I downloaded a Chromium OS image and had it running in VMware Player in a few minutes. It wasn't as snappy as a native install, but it was usable. I could have signed in to Google and picked up my bookmarks if I'd wanted. Having said that, I don't have any experience with either KVM or kidnapping libraries from other distros. I don't know which is harder and/or more fun (depends on what you're looking to get out of the experience), but it might be an option. -- -Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nfs4, idmapd, users with same name, different uid?
On Wed, Aug 28, 2013 at 11:29 AM, Les Mikesell lesmikes...@gmail.com wrote: This is a small lab-type setting but I'm trying to merge two sets of machines set up by different groups to have a common home directory server that all the others automount. The number of users is small enough that I'll just 'usermod' them into the same uid numbers, but I don't see why it is worth running the idmapd daemon at all, when all it does is map everyone to nobody if you forget to set the domains identically. And after fixing the uids to match, is there any advantage to nfsv4 at all? Reviving an old thread... I had this all working with an initial set of users across several machines where all users had the same user id and idmapd.conf had the same Domain set./home is exported from one machine, and everything showed the right ownership. However, when I add new users, again keeping the same uid numbers across all hosts, the mounted instances show as 'nobody' for the new users.Is there some magic short of a reboot to make it recognize the new user ids? A reboot does fix it, 'service rpcidmapd restart or force-reload' does not, unmounting /home and remounting also does not. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome
Most of us using CentOS/RHEL are in an enterprise environment where that sort of thing just isn't allowed. A supported, updated, secured version of chrome/chromium is essential for our CentOS environment, and I venture to guess many others' (including RHEL users). On Fri, Nov 22, 2013 at 11:22 AM, Chris Beattie cbeat...@geninfo.com wrote: On 11/21/2013 11:40 AM, Darr247 wrote: On 2013-11-21 @14:41 zulu, Wes James scribed: It is with the script on this page: http://chrome.richardlloyd.org.uk/ Be aware some on this list consider that script criminal. At what point does it become less hassle to spin up a virtual machine with a distro recent-enough to run the latest Chrome? Virtualization is a wedge that puts more space between your rocks and your hard places. Just for kicks, I downloaded a Chromium OS image and had it running in VMware Player in a few minutes. It wasn't as snappy as a native install, but it was usable. I could have signed in to Google and picked up my bookmarks if I'd wanted. Having said that, I don't have any experience with either KVM or kidnapping libraries from other distros. I don't know which is harder and/or more fun (depends on what you're looking to get out of the experience), but it might be an option. -- -Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome
On Fri, Nov 22, 2013 at 11:22 AM, Chris Beattie cbeat...@geninfo.com wrote: On 11/21/2013 11:40 AM, Darr247 wrote: On 2013-11-21 @14:41 zulu, Wes James scribed: It is with the script on this page: http://chrome.richardlloyd.org.uk/ Be aware some on this list consider that script criminal. At what point does it become less hassle to spin up a virtual machine with a distro recent-enough to run the latest Chrome? Virtualization is a wedge that puts more space between your rocks and your hard places. Just for kicks, I downloaded a Chromium OS image and had it running in VMware Player in a few minutes. It wasn't as snappy as a native install, but it was usable. I could have signed in to Google and picked up my bookmarks if I'd wanted. Having said that, I don't have any experience with either KVM or kidnapping libraries from other distros. I don't know which is harder and/or more fun (depends on what you're looking to get out of the experience), but it might be an option. -- -Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Apologies for top posting!! I'll try again: Most of us using CentOS/RHEL are in an enterprise environment where that sort of thing just isn't allowed. A supported, updated, secured version of chrome/chromium is essential for our CentOS environment, and I venture to guess many others' (including RHEL users). -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix relay on Comcast
On Thu, Nov 21, 2013 at 9:08 PM, Lists li...@benjamindsmith.com wrote: How to get postfix working on CentOS 6 and Comcast. Recently, they've changed their policies regards email relay and require authentication even to send email. (they no longer use IP address ranges, presumably in an attempt to curb outgoing SPAM) Requiring auth is how it should be. tangent Now if Comcast would provide IMAP access instead of just POP3 to customers... /tangent I didn't see an updated howto anywhere on the Interwebs, thought I'd point out what I had to do. The part that had me stumped for longer than I care to admit was having to install cyrus-sasl-plain rpm - EL5 apparently had that installed as part of the cyrus-sasl package. I've seen write-ups for relaying mail through Gmail using Postfix. Thanks for sharing. 1) yum install postfix cyrus-sasl-plain; # note that cyrus-sasl-plain is NOT installed by default but is needed by this config. 2) Create file /etc/postfix/passwords. Replace USERNAME with your user name, and password with your password. Note: your username is typically your email address without the domain name. # smtp.comcast.net:587 USERNAME:password smtp.comcast.net usern...@comcast.net:password # 3) makemap passwords; 4) Edit /etc/postfix/main.cf # relayhost = [smtp.comcast.net]:587 smtpd_sasl_auth_enable = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/passwords # note that with no security options on, we're using sasl-plain installed above. smtp_sasl_security_options = # You might need this, you may not. #sender_canonical_maps = regexp:/etc/postfix/sender_rewrite # 5) Create file /etc/postfix/sender_rewrite. Note that not all Comcast customers need this, I didn't when I authenticated as above. Obviously, replace USERNAME with your user name. # /^([^@]*)@.*$/ usern...@comcast.net # 6) service postfix stop; sleep 5; service postfix start ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Google Chrome
On 11/22/2013 11:29 AM, Phelps, Matt wrote: Most of us using CentOS/RHEL are in an enterprise environment where that sort of thing just isn't allowed. A supported, updated, secured version of chrome/chromium is essential for our CentOS environment, and I venture to guess many others' (including RHEL users). What happens if there comes a time when Johnny's heavy wizardry isn't enough to keep Chrome running on CentOS? Or if he just doesn't have time to do it? The browser that you need won't run on the OS which you can't change. You have a Kobayashi Maru scenario. You can't win unless you can change the rules. I do something similar, but in my case, I provide virtual machines loaded with older versions of Internet Explorer for QA testers. The testers can't do any permanent damage to the VMs that the hypervisor won't fix when it reverts the VM after the tester logs off. Meanwhile, the version of IE on the testers' main machines is kept up-to-date. -- -Chris ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Crash and automatical reboot when using the NVIDIA card
David McGiven davidmcgivenn@... writes: Hello there, I'm running a Supermicro server with the latest CentOS 6.4 versions (kernel : 2.6.32-358.23.2.el6.x86_64) and the latest nvidia driver (331.20). A few minutes after using the GPU for doing some HPC calculations, the server crashes and reboots itself. This is happening every time. I know it will be rebooted but I don't know when. Sometimes it's 20 minutes after starting using it. Sometimes it's 2 hours. If I unplug the GPU card and put some stress on the server, it works ok. So I suspect there's a bug in the kernel/nvidia driver. I can't find any messages on /var/log/messages. What should I do ? Should I file a bug on the centos bugtracking system ? Is there anyway I can gather more information ? The server is in a remote location so I have a hard time accessing the console. Thanks. Hi there, I also have the same problem with all my 4 Supermicro machines. I don't know why it happens but nvidia driver seems to be blamed for me. I'm using CentOS 6.3 and nVidia driver version 304.54 or 319.37. Best, Panruo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Crash and automatical reboot when using the NVIDIA card
Panruo Wu wrote: David McGiven davidmcgivenn@... writes: I'm running a Supermicro server with the latest CentOS 6.4 versions (kernel 2.6.32-358.23.2.el6.x86_64) and the latest nvidia driver (331.20). A few minutes after using the GPU for doing some HPC calculations, the server crashes and reboots itself. This is happening every time. I know it will be rebooted but I don't know when. Sometimes it's 20 minutes after starting using it. Sometimes it's 2 hours. snip I also have the same problem with all my 4 Supermicro machines. I don't know why it happens but nvidia driver seems to be blamed for me. I'm using CentOS 6.3 and nVidia driver version 304.54 or 319.37. On our Dell R720s, I'm using the kmod-nvidia from elrepo. They don't crash... and that even when they're running week-long jobs. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Crash and automatical reboot when using the NVIDIA card
Panruo Wu armiuswu@... writes: David McGiven davidmcgivenn at ... writes: Hello there, I'm running a Supermicro server with the latest CentOS 6.4 versions (kernel : 2.6.32-358.23.2.el6.x86_64) and the latest nvidia driver (331.20). A few minutes after using the GPU for doing some HPC calculations, the server crashes and reboots itself. This is happening every time. I know it will be rebooted but I don't know when. Sometimes it's 20 minutes after starting using it. Sometimes it's 2 hours. If I unplug the GPU card and put some stress on the server, it works ok. So I suspect there's a bug in the kernel/nvidia driver. I can't find any messages on /var/log/messages. What should I do ? Should I file a bug on the centos bugtracking system ? Is there anyway I can gather more information ? The server is in a remote location so I have a hard time accessing the console. Thanks. Hi there, I also have the same problem with all my 4 Supermicro machines. I don't know why it happens but nvidia driver seems to be blamed for me. I'm using CentOS 6.3 and nVidia driver version 304.54 or 319.37. Best, Panruo Hi David, I think I might have found a way to work around this. In short, just set the persistence mode of your GPU on, so that nVidia drive will not be unloaded when the GPU is idling. I suspect the frequent load/unload of nvidia driver might have bugs and mess up the kernel. To set the persistence mode on: $ nvidia-smi -pm 1 Let me know if this works for you. I have a node running strong after 4 hours of running all the cuda 5.5 samples over and over. No crashes so far. Panruo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Finally.... CentOS on iMac core 2
I've been trying several combinations of OSX, CentOS to try and get CentOS installed on an old iMac. I finally first installed OS X, then installed CentOS in the open space after OS X. With refit installed and selecting CentOS, it starts booting but get a screen that a boot device can't e found. So I then install Xubuntu with the option to replace OS X. After Xbuntu is installed and then do a reboot the grub screen comes up and I can now select CentOS and it will boot. Can someone explain why this is? I can't just install CentOS on the whole disk, as I get the blinking mac disk with question mark. Thanks, -wes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RAM Requirements
Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 11/22/2013 9:35 PM, Mark LaPierre wrote: I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. its the GUI installer, try (at the grub boot: prompt), /*linux text */ then, choose the minimum packages, etc, and get a basic config. the text mode installer's disk utilities are ugly, sometimes its easiest to setup the disks ahead of time manually, then just tell the text installer to use your partitions as-is. // -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
Wow! RH9 was discontinued in 2004! It is likely that a machine from that era has the ability to run CentOS 6.4 both in terms of resources and the availability of drivers. Cheers, Cliff On Sat, Nov 23, 2013 at 6:35 PM, Mark LaPierre marklap...@aol.com wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 23/11/13 00:35, Mark LaPierre wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. CentOS is binary compatible to Red Hat Enterprise Linux, so it shares the same minimum requirements. http://www.redhat.com/resourcelibrary/articles/articles-red-hat-enterprise-linux-6-technology-capabilities-and-limits So assuming a machine that old is 32-bit; * RAM: 512MB minimum / 1 GB/logical CPU recommended * Disk: 1GB minimum / 5GB recommended -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
unlikely.. not ...likely... Cheers, Cliff On Sat, Nov 23, 2013 at 6:51 PM, Cliff Pratt enkiduonthe...@gmail.comwrote: Wow! RH9 was discontinued in 2004! It is likely that a machine from that era has the ability to run CentOS 6.4 both in terms of resources and the availability of drivers. Cheers, Cliff On Sat, Nov 23, 2013 at 6:35 PM, Mark LaPierre marklap...@aol.com wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 11/23/2013 07:35 AM, Mark LaPierre wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. Hi Mark, I recently installed CentOS 6.4 on a 386 system with 512kb of memory. I had to use a kickstart file to achieve this as the text installer does not give you any opportunity to partition the disk to your specification. Regards ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos