[CentOS] [SOLVED] RAID5 suddenly broken

[Mathieu Baudier]

> [root@livecd ~]# mdadm --misc -E /dev/md0
> mdadm: No md superblock detected on /dev/md0.
> [root@livecd ~]# mdadm --misc -Q /dev/md0
> /dev/md0: is an md device which is not active
> /dev/md0: No md super block found, not an md component.
> [root@livecd ~]# mdadm --misc -D /dev/md0
> mdadm: md device /dev/md0 does not appear to be active.

I could fix the issue.

Since the information on internet is a bit messy and scary here is a
summary of the problem and of the solution, for future reference:

## PROBLEM
Due to some failure related to suspend the RAID5 array became inconsistent.
The symptom was that the superblock (which allow auto-configuration of
the RAID array) was not recognized.

But the underlying member partitions were still recognized as per the
following command:
> [root@livecd ~]# mdadm -E /dev/sd*3
which provided details about their states

## SOLUTION
(detailed output of the commands at the end of the post)

# Assemble the array with force option
mdadm -v --assemble --force /dev/md0 /dev/sd{a,b,c,d}3

# NOTE: assembling without force option was not enough
[root@livecd ~]# mdadm -v --assemble /dev/md0 /dev/sd{a,b,c,d}3
...
mdadm: /dev/md0 assembled from 2 drives - not enough to start the
array while not clean - consider --force.

# Check state
mdadm -D /dev/md0
...
Number   Major   Minor   RaidDevice State
   0   830  active sync   /dev/sda3
   1   001  removed
   2   8   512  active sync   /dev/sdd3

# Add missing partitions to the array
mdadm /dev/md0 -a /dev/sdb3
mdadm /dev/md0 -a /dev/sdc3

# Check that it is now OK
mdadm -D /dev/md0
...
Number   Major   Minor   RaidDevice State
   0   830  active sync   /dev/sda3
   1   8   191  spare rebuilding   /dev/sdb3
   2   8   512  active sync   /dev/sdd3

   3   8   35-  spare   /dev/sdc3

# and watch it rebuild:
...
 Rebuild Status : 3% complete

Many thanks to the CentOS LiveCD team, they saved the day.

Cheers,

Mathieu

## DETAILED OUTPUT

[root@livecd ~]# mdadm -v --assemble --force /dev/md0 /dev/sd{a,b,c,d}3
mdadm: looking for devices for /dev/md0
mdadm: /dev/sda3 is identified as a member of /dev/md0, slot 0.
mdadm: /dev/sdb3 is identified as a member of /dev/md0, slot 1.
mdadm: /dev/sdc3 is identified as a member of /dev/md0, slot 1.
mdadm: /dev/sdd3 is identified as a member of /dev/md0, slot 2.
mdadm: added /dev/sdc3 to /dev/md0 as 1
mdadm: added /dev/sdd3 to /dev/md0 as 2
mdadm: added /dev/sda3 to /dev/md0 as 0
mdadm: /dev/md0 has been started with 2 drives (out of 3).

[root@livecd ~]# mdadm -D /dev/md0
/dev/md0:
Version : 0.90
  Creation Time : Tue Dec  1 12:01:05 2009
 Raid Level : raid5
 Array Size : 409592832 (390.62 GiB 419.42 GB)
  Used Dev Size : 204796416 (195.31 GiB 209.71 GB)
   Raid Devices : 3
  Total Devices : 2
Preferred Minor : 0
Persistence : Superblock is persistent

Update Time : Wed Aug 17 14:47:36 2011
  State : clean, degraded
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

 Layout : left-symmetric
 Chunk Size : 256K

   UUID : 7533411a:f066a145:1e89d48e:1a8374a3
 Events : 0.38857

Number   Major   Minor   RaidDevice State
   0   830  active sync   /dev/sda3
   1   001  removed
   2   8   512  active sync   /dev/sdd3


[root@livecd ~]# mdadm /dev/md0 -a /dev/sdb3
mdadm: re-added /dev/sdb3
[root@livecd ~]# mdadm /dev/md0 -a /dev/sdc3
mdadm: added /dev/sdc3
[root@livecd ~]# mdadm -D /dev/md0
/dev/md0:
Version : 0.90
  Creation Time : Tue Dec  1 12:01:05 2009
 Raid Level : raid5
 Array Size : 409592832 (390.62 GiB 419.42 GB)
  Used Dev Size : 204796416 (195.31 GiB 209.71 GB)
   Raid Devices : 3
  Total Devices : 4
Preferred Minor : 0
Persistence : Superblock is persistent

Update Time : Wed Aug 17 14:47:36 2011
  State : clean, degraded, recovering
 Active Devices : 2
Working Devices : 4
 Failed Devices : 0
  Spare Devices : 2

 Layout : left-symmetric
 Chunk Size : 256K

 Rebuild Status : 0% complete

   UUID : 7533411a:f066a145:1e89d48e:1a8374a3
 Events : 0.38857

Number   Major   Minor   RaidDevice State
   0   830  active sync   /dev/sda3
   1   8   191  spare rebuilding   /dev/sdb3
   2   8   512  active sync   /dev/sdd3

   3   8   35-  spare   /dev/sdc3
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Marc Deop i Argemí]

On 17/08/2011 23:51, Dotan Cohen wrote:
> In VIM one can easily change colours with ":set backgorund=dark". This
> doesn't actually change the background, but rather uses a colour
> scheme that is designed for a dark background. Is there any quick
> command like this for bash? I don't want to edit the whole config file
> if there is a quick way to get a better colour scheme.
>
> Thanks.
>

No, there is not such option in bash.

There are some terminal applications that allow to change the
colourscheme though (like konsole)

Regards
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Marc Deop i Argemí]

On 18/08/2011 4:13, Craig White wrote:
> On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
>> Hi,
>>
>> I'm looking for a firewall (preferably on Linux / UNIX) that could
>> automatically block bandwidth abusers as soon as a connection goes
>> over a certain speed, or limit - i.e. either more than say 3Mb/s or
>> 10GB in a giving period (like weekly / monthly).
>>
>> But, I need it to block the IP to, or where the traffic comes from, or
>> goes to. i.e. a user logs into a web server and upload a LOT of data,
>> then the firewall should block him, but not other people.
>>
>> Or, someone uploads a small bit of data but downloads a lot of data
>> and then get's blocked.
>> But I need to set thresholds
>> And I should be able to exclude certain IP's / domains from the limits.
>>
>> Does this make sense?
>>
>> Can this be done with iptables? If so, how?
>>
>> If not, what else could I use for this?
>>
>>
>> A normal DDOS prevention firewall doesn't really work since it only
>> blocks traffic coming in. But I need to limit traffic going out as
>> well.
>>
>> The servers behind the firewall will serve mail, http, ftp, sql and SSH
> 
> http://tinyurl.com/3n5yn8u

Would you mind providing the url without using such url shorteners?

Thanks,

Regards
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 4:13 AM, Craig White  wrote:
> On Wed, 2011-08-17 at 21:50 +0200, Rudi Ahlers wrote:
>> Hi,
>>
>> I'm looking for a firewall (preferably on Linux / UNIX) that could
>> automatically block bandwidth abusers as soon as a connection goes
>> over a certain speed, or limit - i.e. either more than say 3Mb/s or
>> 10GB in a giving period (like weekly / monthly).
>>
>> But, I need it to block the IP to, or where the traffic comes from, or
>> goes to. i.e. a user logs into a web server and upload a LOT of data,
>> then the firewall should block him, but not other people.
>>
>> Or, someone uploads a small bit of data but downloads a lot of data
>> and then get's blocked.
>> But I need to set thresholds
>> And I should be able to exclude certain IP's / domains from the limits.
>>
>> Does this make sense?
>>
>> Can this be done with iptables? If so, how?
>>
>> If not, what else could I use for this?
>>
>>
>> A normal DDOS prevention firewall doesn't really work since it only
>> blocks traffic coming in. But I need to limit traffic going out as
>> well.
>>
>> The servers behind the firewall will serve mail, http, ftp, sql and SSH
> 
> http://tinyurl.com/3n5yn8u
>
> Craig


We already monitor traffic usage on the switches with cacti via SNMP.


But, I need to block traffic abusers automatically. from any IP
address, to any IP address.

The firewalls we have, and have tested all need a set of IP addresses
to throttle, which won't work in this case.
A user can login from any IP address on the internet, and either
upload or download exsesively and we need to block that IP address as
soon as it's reaches a certain (pre-set by us) threshold


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Keith Roberts]

On Thu, 18 Aug 2011, Marc Deop i Argemí wrote:


To: CentOS mailing list 
From: Marc Deop i Argemí 
Subject: Re: [CentOS] Change bash colours like in VIM

On 17/08/2011 23:51, Dotan Cohen wrote:

In VIM one can easily change colours with ":set backgorund=dark". This
doesn't actually change the background, but rather uses a colour
scheme that is designed for a dark background. Is there any quick
command like this for bash? I don't want to edit the whole config file
if there is a quick way to get a better colour scheme.

Thanks.



No, there is not such option in bash.

There are some terminal applications that allow to change the
colourscheme though (like konsole)


In a konsole terminal window look under Settings->Schema for 
some preset colour schemes. Also take a look under 
Settings->Configure Konsole->Schema for more advanced 
options :)


Personally I like white text on a black background.

Kind Regards,

Keith Roberts

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Marc Deop i Argemí]

On 18/08/2011 12:26, Keith Roberts wrote:
> On Thu, 18 Aug 2011, Marc Deop i Argemí wrote:
>
>> To: CentOS mailing list 
>> From: Marc Deop i Argemí 
>> Subject: Re: [CentOS] Change bash colours like in VIM
>>
>> On 17/08/2011 23:51, Dotan Cohen wrote:
>>> In VIM one can easily change colours with ":set backgorund=dark". This
>>> doesn't actually change the background, but rather uses a colour
>>> scheme that is designed for a dark background. Is there any quick
>>> command like this for bash? I don't want to edit the whole config file
>>> if there is a quick way to get a better colour scheme.
>>>
>>> Thanks.
>>>
>>
>> No, there is not such option in bash.
>>
>> There are some terminal applications that allow to change the
>> colourscheme though (like konsole)
>
> In a konsole terminal window look under Settings->Schema for some
> preset colour schemes. Also take a look under Settings->Configure
> Konsole->Schema for more advanced options :)
>
> Personally I like white text on a black background.
>
> Kind Regards,
>
> Keith Roberts
>
> -
> Websites:
> http://www.karsites.net
> http://www.php-debuggers.net
> http://www.raised-from-the-dead.org.uk
>
> All email addresses are challenge-response protected with
> TMDA [http://tmda.net]
> -
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

The best colourscheme for the eyes is a dark background with an even
darker text color.

And the worst would be dark background with light color for the text
(although many "geeks" use that combination...)

Regards
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SAS storage arrays, C6, and SES lights

[Pasi Kärkkäinen]

On Tue, Aug 16, 2011 at 07:03:01AM -0700, John R Pierce wrote:
> On 08/16/11 12:59 AM, Pasi Kärkkäinen wrote:
> > ie. you need a daemon/tool that monitors status of disks,
> > and keeps the Linux disk<->  ses slot mapping up-to-date.
> 
> i'm amazed this doesn't exist.   isn't this a really common problem with 
> storage arrays?
> 

It is. I guess that's one of the reasons why many people still use hardware 
RAID adapters.. 
(firmware of the hardware RAID adapter takes case of the SES/LED management.)

Someone should start an opensource project to build this kind of management 
daemon
for software RAID on Linux. It's not very difficult.. someone just has to do it 
:)

The only solution that I'm aware right now is Linux dm-raid.. 
I think it can handle some LEDs on some chassises. But that's implemented in 
kernel-driver..

-- Pasi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SAS storage arrays, C6, and SES lights

[Pasi Kärkkäinen]

On Wed, Aug 17, 2011 at 02:26:51PM +0800, Christopher Chan wrote:
> OpenIndiana has all that builtin...
> 

Well in a way. Afaik out-of-the-box opensolaris/openindiana FMA (Fault 
Management Agent)
only works with some certain Sun/Oracle chassises.

It requires plugins for other models.

-- Pasi

> /me ducks.
> - Original Message - 
> From: "John R Pierce" 
> To: 
> Sent: Tuesday, August 16, 2011 10:03 PM
> Subject: Re: [CentOS] SAS storage arrays, C6, and SES lights
> 
> 
> On 08/16/11 12:59 AM, Pasi Kärkkäinen wrote:
> > ie. you need a daemon/tool that monitors status of disks,
> > and keeps the Linux disk<->  ses slot mapping up-to-date.
> 
> i'm amazed this doesn't exist.   isn't this a really common problem with
> storage arrays?
> 
> 
> 
> -- 
> john r pierceN 37, W 122
> santa cruz ca mid-left coast
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos Gotcha: YUM Groupinstall

[James Pearson]

david wrote:
> Folks
> 
> I have encountered a situation with YUM that isn't what I expected.
> 
> Let's suppose I want to install a group, call it G.  My first 
> question would be -- is the group already installed.  Realize all of 
> this is scripted.
> 
> So, I use
>yum groupinfo
> and I see the list of installed groups, and those not yet installed.
> 
> If group G is in the list of installed groups, one would think that 
> there's no point in issuing a "groupinstall".
> 
> But, to my surprise, a group can be listed as "installed", only to 
> find that a groupinstall will actually do a lot of installs.
> 
> So, I had to adapt my script to perform a "groupinfo G", parse the 
> modules, and individually test them to see if they need installation.
> 
> I do not understand this behavior -- group G is shown as "installed", 
> but it really isn't.

If you need the group installed, why not just issue the 'yum 
groupinstall' - if all the RPMS are already installed, then yum does 
nothing - if not, it will install what you need - i.e. yum will do what 
you need without extra scripting.

James Pearson
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] using posfix on the local LAN, with internet FQDN

[Rudi Ahlers]

Hi all,

I hope someone can help me with this please.


One of our clients has an in-house Postfix mailserver which basically
downloads mail for the individual users from our mail server hosted on
the web using fetchmail.
They use our SMTP server to send mail. Their email clients are then
setup to get & send mail from the server, on 192.168.2.254 (for POP3 &
SMTP).  All mail between them on the local LAN gets send to each other
via the server, and not the internet.

This works quite well, but as soon as someone sends mail from the
Linux server directly (it has webmin + usermin installed and has a
basic webmail interface for when they're out of the office) it sends
mail using the local machine name, instead of the domain name.
for example, mail comes from esther@ser001.rewards.local.

How do I tell Postfix to automaticlly send mail from
@ instead?


Sorry for asking this, but I don't know Postfix very well and don't
know what to call to, to search on google.

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

[Leen de Braal]

> Hi all,
>
> I hope someone can help me with this please.
>
>
> One of our clients has an in-house Postfix mailserver which basically
> downloads mail for the individual users from our mail server hosted on
> the web using fetchmail.
> They use our SMTP server to send mail. Their email clients are then
> setup to get & send mail from the server, on 192.168.2.254 (for POP3 &
> SMTP).  All mail between them on the local LAN gets send to each other
> via the server, and not the internet.
>
> This works quite well, but as soon as someone sends mail from the
> Linux server directly (it has webmin + usermin installed and has a
> basic webmail interface for when they're out of the office) it sends
> mail using the local machine name, instead of the domain name.
> for example, mail comes from esther@ser001.rewards.local.
>
> How do I tell Postfix to automaticlly send mail from
> @ instead?
>

I have this in main.cf:

myhostname = mail.braha.nl
myorigin = $mydomain

Think the second one is what you need.

>
> Sorry for asking this, but I don't know Postfix very well and don't
> know what to call to, to search on google.
>
> --
> Kind Regards
> Rudi Ahlers
> SoftDux
>
> Website: http://www.SoftDux.com
> Technical Blog: http://Blog.SoftDux.com
> Office: 087 805 9573
> Cell: 082 554 7532
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
L. de Braal
BraHa Systems
NL - Terneuzen
T +31 115 649333
F +31 115 649444

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

[Spook ZA]

Hi Rudy

On 18 August 2011 14:49, Rudi Ahlers  wrote:
> Hi all,
>
> I hope someone can help me with this please.
>
>
> One of our clients has an in-house Postfix mailserver which basically
> downloads mail for the individual users from our mail server hosted on
> the web using fetchmail.
> They use our SMTP server to send mail. Their email clients are then
> setup to get & send mail from the server, on 192.168.2.254 (for POP3 &
> SMTP).  All mail between them on the local LAN gets send to each other
> via the server, and not the internet.
>
> This works quite well, but as soon as someone sends mail from the
> Linux server directly (it has webmin + usermin installed and has a
> basic webmail interface for when they're out of the office) it sends
> mail using the local machine name, instead of the domain name.
> for example, mail comes from esther@ser001.rewards.local.
>
> How do I tell Postfix to automaticlly send mail from
> @ instead?
>

This comes straight out of the main.cf file and may be of some assistance:

# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld

# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites.  If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
#myorigin = $myhostname



>
> Sorry for asking this, but I don't know Postfix very well and don't
> know what to call to, to search on google.
>
> --
> Kind Regards
> Rudi Ahlers
> SoftDux

Regards,
  Andy.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 3:00 PM, Leen de Braal  wrote:
> myhostname = mail.braha.nl
> myorigin = $mydomain
>
> Think the second one is what you need.
>
>>
> L. de Braal
> BraHa Systems
> NL - Terneuzen
> T +31 115 649333
> F +31 115 649444
>
> ___


I actually had "theirdomain.com" in both otions, but changed the
second option to "$mydomain" and that didn't make any difference
either.



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Keith Roberts]

On Thu, 18 Aug 2011, Marc Deop i Argemí wrote:

*snip*


The best colourscheme for the eyes is a dark background with an even
darker text color.

And the worst would be dark background with light color for the text
(although many "geeks" use that combination...)


I find the white background on some html manuals, like php 
and mysql give me a headache and eye strain after a while.


So for my local downloaded copy of php docs, Smarty docs, 
and MySQL docs I use these scripts to change the background 
colour for those html manuals:


#!/bin/bash

# bash script to change BGCOLOR on all mysql document 
# files in CWD

# this file needs to be in and run from the
# mysql html document directory

for file in *.html
do
# display a listing of all files in CWD
#ls -l "$file"

# show progress of script
echo "Processing $file";

# -i sed option writes changes to current file being 
processed

#
# this changes BGCOLOR from white to a purple color
# - choose your background color by editing #BC88FF
# - to the hex color value of your choice
sed -i s/bgcolor=\"white\"/bgcolor=\"\#C7E2FF\"/g 
"$file"

done
exit 0


and for the PHP manual I use a PHING project script to add
a stylesheet declaration to each html page:



basedir=".">


  




  




  

  

  


  



  




Plus you will need the stylesheet for the php manual in the 
/php-chunked-xhtml *.html docs directory:


# MY-style.css

body {
 background-color: #66CC33;
}

.phpcode {
 background-color: #CC;
 padding-top: 10px;
 padding-bottom: 10px;
 padding-left: 12px;
 width: auto;
}

and for the Smarty 2.6 html manual I use:

#!/bin/bash

# bash script to change BGCOLOR on all smarty document files in CWD
# this file needs to be in and run from the smarty document html directory

for file in *.html
do
# display a listing of all files in CWD
#ls -l "$file"

# show progress of script
echo "Processing $file";

# -i sed option writes changes to current file being 
processed

#
# this changes BGCOLOR from white to a purple color
# - choose your background color by editing #BC88FF
# - to the hex color value of your choice
sed -i s/bgcolor=\"white\"/bgcolor=\"\#C7E2FF\"/g 
"$file"
done 
exit 0



Kind Regards,

Keith Roberts

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart installation error

[James Pearson]

Anshul Chauhan wrote:
> hi,
> 
> Dhcp seems to be working fine as i'm getting the ip on my client and its
> booting with prelinux but after
> starting it gives this error after detecting all the hardware and trying for
> the kickstart file
> *
> Kickstart Error : Error opening kickstart file (null) bad address*
> 
> 
> this is my prelinux files
> 
> *[root@localhost ~]# cat /tftpboot/linux-install/pxelinux.cfg/default*
> default local
> timeout 100
> prompt 1
> display msgs/boot.msg
> F1 msgs/boot.msg
> F2 msgs/general.msg
> F3 msgs/expert.msg
> F4 msgs/param.msg
> F5 msgs/rescue.msg
> F7 msgs/snake.msg
> 
> label local
>   localboot 1
> 
> label 0
>   localboot 1
> 
> label 1
>   kernel CentosFTP/vmlinuz
>   append initrd=CentosFTP/initrd.img ramdisk_size=7000 ks=/var/ftp/pub/ks.cfg
> 
> *[root@localhost ~]# cat /tftpboot/linux-install/CentosFTP/ks.cfg*
> #use FTP installation media
> url --url ftp://192.168.0.1/pub/ks.cfg
> 
> checked the NFS share its working fine and FTP also seems to be working fine
> on browser.

The ks syntax on append line doesn't look right - I think you should 
just use "ks=ftp://192.168.0.1/pub/ks.cfg";

James Pearson

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

[Leen de Braal]

> On Thu, Aug 18, 2011 at 3:00 PM, Leen de Braal  wrote:
>> myhostname = mail.braha.nl
>> myorigin = $mydomain
>>
>> Think the second one is what you need.
>>
>>>
>> L. de Braal
>> BraHa Systems
>> NL - Terneuzen
>> T +31 115 649333
>> F +31 115 649444
>>
>> ___
>
>
> I actually had "theirdomain.com" in both otions, but changed the
> second option to "$mydomain" and that didn't make any difference
> either.
>

I presume you did reload or restart postfix

>
>
> --
> Kind Regards
> Rudi Ahlers
> SoftDux
>
> Website: http://www.SoftDux.com
> Technical Blog: http://Blog.SoftDux.com
> Office: 087 805 9573
> Cell: 082 554 7532
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
L. de Braal
BraHa Systems
NL - Terneuzen
T +31 115 649333
F +31 115 649444

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using posfix on the local LAN, with internet FQDN

[Stephen Cox]

On Thu, Aug 18, 2011 at 3:01 PM, Spook ZA  wrote:
> #mydomain = domain.tld
Uncomment this and set accordingly.

> myorigin = $mydomain
Keep this.

And reload the settings and watch the maillog for any errors
/etc/init.d/postfix reload | tail -f /var/log/maillog

-- 
Stephen Cox
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 6 and IPv6 neighbor proxy

[Helmut Drodofsky]

To route a subnet in ipv6 there are two possibilities:
-  add route commands for the subnet in each computer
-  or use neighbor proxy in the router server
I prefer neighbor proxy.
 
So I have to activate neighbor proxy in the router:
sysctl -w net.ipv6.conf.all.proxy_ndp=1
 
and I have to add entries for each client in the subnet like 
ip -6 neigh add proxy 2001:0:0:1:211:d8ff:fe97:3273 dev eth0
 
This works well but is lost on reboot.
 
For the sysctl command there is /etc/sysctl.conf for permanent configuration.
 
If I create a file route-eth0 in the directory /etc/sysconfig/network-scripts/ 
with the above ip neighbor command, the interface eth0 is immediately down.
 
Restart of network brings:
Bringing up interface eth0:  Error: Unknown connection: 
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03.
   [FAILED]
All Interfaces are NetworkManager controlled.
 
Ask for help: 
-  where can I store the command for a permanent configuration? 
-  Shall I not further use NetworkManager?
 
Thank you for help in advance
 
Helmut
 ___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and IPv6 neighbor proxy

[Steve Clark]

On 08/18/2011 11:10 AM, Helmut Drodofsky wrote:


To route a subnet in ipv6 there are two possibilities:

-add route commands for the subnet in each computer

-or use neighbor proxy in the router server

I prefer neighbor proxy.

So I have to activate neighbor proxy in the router:

sysctl -w net.ipv6.conf.all.proxy_ndp=1

and I have to add entries for each client in the subnet like

ip -6 neigh add proxy 2001:0:0:1:211:d8ff:fe97:3273 dev eth0

This works well but is lost on reboot.

For the sysctl command there is /etc/sysctl.conf for permanent configuration.

If I create a file route-eth0 in the directory /etc/sysconfig/network-scripts/ 
with the above ip neighbor command, the interface eth0 is immediately down.

Restart of network brings:

Bringing up interface eth0:  Error: Unknown connection: 
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03.

   [FAILED]

All Interfaces are NetworkManager controlled.

Ask for help:

-where can I store the command for a permanent configuration?

-Shall I not further use NetworkManager?

Thank you for help in advance

Helmut



I would never use NetworkManager on a server.  It has never caused me anything 
but problems.

My $.02


--
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] stupid question about kickstart file

[Eero Volotinen]

Hi,

Is is possible to use kickstart file to install rhel from dvd drive?
Mainly idea is to clone one anaconda.ks file to about twenty
machines.?
examples? ftp/http/dhcp is not possible due to network limitations.

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] stupid question about kickstart file

[Joseph L. Casale]

>Is is possible to use kickstart file to install rhel from dvd drive?
>Mainly idea is to clone one anaconda.ks file to about twenty
>machines.?
>examples? ftp/http/dhcp is not possible due to network limitations.

Of course. Check the manual, it specifies places to look when you specify
the ks file in the append section.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] stupid question about kickstart file

[Tom H]

On Thu, Aug 18, 2011 at 12:25 PM, Eero Volotinen  wrote:
>
> Is is possible to use kickstart file to install rhel from dvd drive?
> Mainly idea is to clone one anaconda.ks file to about twenty
> machines.?
> examples? ftp/http/dhcp is not possible due to network limitations.

I do this when creating VirtualBox VMs on my MacBook.

Boot from the DVD/ISO, press "tab" at the first install screen, and
point to your ks file with "ks=,,,".
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

On Thu, 2011-08-18 at 19:20 +0200, Patrick Lists wrote:

> Lmgtfy means "let me google that for you". Posting such an url is a 
> pretty standard response to people who ask for help without first
> making an effort to find some answers (by googling, etc.). The hint
> is: do your homework first and don't expect spoonfeeding.

Thanks Patrick. I do do my own research first, usually via Google or my
own technical web pages. I usually get good answers most of the time.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Dotan Cohen]

On Thu, Aug 18, 2011 at 12:34, Marc Deop i Argemí  wrote:
> On 17/08/2011 23:51, Dotan Cohen wrote:
>> In VIM one can easily change colours with ":set backgorund=dark". This
>> doesn't actually change the background, but rather uses a colour
>> scheme that is designed for a dark background. Is there any quick
>> command like this for bash? I don't want to edit the whole config file
>> if there is a quick way to get a better colour scheme.
>>
>> Thanks.
>>
>
> No, there is not such option in bash.
>
> There are some terminal applications that allow to change the
> colourscheme though (like konsole)
>

Thanks. Most of the time when I'm in a terminal it is through an
emulator such as Konsole.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Dotan Cohen]

On Thu, Aug 18, 2011 at 13:26, Keith Roberts  wrote:
> In a konsole terminal window look under Settings->Schema for some preset
> colour schemes. Also take a look under Settings->Configure Konsole->Schema
> for more advanced options :)
>

Thanks. Keith.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] stupid question about kickstart file

[Joseph L. Casale]

>Boot from the DVD/ISO, press "tab" at the first install screen, and
>point to your ks file with "ks=,,,".

Right, but that doesn't answer his question. The op does not have
ip connectivity:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-startinginstall.html


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

Let's try again:


I need to automatically block any user who abuses bandwidth, either
incoming or outgoing. I should be able to set the limits, in either
rate/s or usage/s: 1Mb/s or 10GB/h, for example.

Then, any users, connecting from anywhere, on any IP should be blocked
- either if he uploads or downloads (i.e ingres & outgres) for a
specific amount of time.


My research:

The firewalls which we've tried (both normal Linux iptables and
hardware based firewalls) can do this, as long as I can specify the
IP's to block - this is standard for an office-type firewall.
BUT, I don't have a range of IP's to specify since these particular
servers are on the internet, thus any possible IP on the net could
connect to the server.


I also need to exclude certain IP's from this rule (i.e. for backup
servers which actually need to transfer a lot of traffic).

To some degree this would mean "traffic accounting", but that just
keeps a log of traffic usage. And we already measure traffic use with
cacti & SNMP. Cacti can send us an email if a certain amount of
bandwidth is used up, but it doesn't tell the firewall to block the
offending IP address.

DDOS protection type firewalls doesn't help much either since they
only block incoming "attacks", but not really normal uploads. They
also don't block outgoing traffic once the condition is met.

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:

> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.

First question is:

(a) how can you get the IP address ?

(b) how can you introduce a, or use an existing, system to record and
store the data amounts (bandwidth) and IP addresses ?

(c) how long will this information be retained before being discarded ?

(d) how can you monitor on every change to the data amount ?

(e) will it do both IP4 and IP6 ?

(f) what mechanism can you use to block the IP address ... IP Tables via
simple BASH command ?


Its an interesting requirement.




-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:09 PM, Always Learning  wrote:
>
> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
>
>> I need to automatically block any user who abuses bandwidth, either
>> incoming or outgoing. I should be able to set the limits, in either
>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>
> First question is:
>
> (a) how can you get the IP address ?

I don't fully understand your question?
How do you get any IP address from any machine that connects to a
server on the internet? netstat shows the IP's,
/var/log/http/access.log shows the IP's and I'm sure it's listed in
other places as well.

We currently use ntop to monitor the server's usage, but there's no
way to automatically block an abusive IP.


>
> (b) how can you introduce a, or use an existing, system to record and
> store the data amounts (bandwidth) and IP addresses ?

What do you mean?


>
> (c) how long will this information be retained before being discarded ?

How long will what information be retained? And what for? I don't
understand the nature of this question?

>
> (d) how can you monitor on every change to the data amount ?

Again, I don't understand what you mean?


>
> (e) will it do both IP4 and IP6 ?

Does it matter? IPV6 is already being used on a wide scale. iptables
support both

>
> (f) what mechanism can you use to block the IP address ... IP Tables via
> simple BASH command ?

if that will do the trick, yes. Any way to block the IP would be fine.
iptables would probably be easiest.


Ideally I would like to get a dedicated firewall, or dedicated Linux /
UNIX firewall appliance for this purpose as it needs to monitor and
protect a whole bunch of servers

>
>
> Its an interesting requirement.
>
>
>
>
> --
> With best regards,
>
> Paul.
> England,
> EU.
>







-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Les Mikesell]

On 8/18/2011 2:01 PM, Rudi Ahlers wrote:
> Let's try again:
>
>
> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>
> Then, any users, connecting from anywhere, on any IP should be blocked
> - either if he uploads or downloads (i.e ingres&  outgres) for a
> specific amount of time.

Those requirements don't mesh very well with the real world.  That is, 
people use use a network that they've been provided or paid for aren't 
necessarily 'abusing' anything, and blocking access at times when the 
network isn't fully loaded doesn't help anyone.  What's the big picture 
here?  Don't you really need QOS to throttle certain things at peak 
times only?

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

If there isn't an existing system, or systems you can use together, your
only alternative is to create a system to satisfy your requirement. I
was speculating on the essentials.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Mike]

On Thu, 18 Aug 2011, Rudi Ahlers wrote:

> Let's try again:
>
>
> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>
> Then, any users, connecting from anywhere, on any IP should be blocked
> - either if he uploads or downloads (i.e ingres & outgres) for a
> specific amount of time.
>

As one might imagine there is at least one commercial product that seems 
to fit the bill.

http://www.aspirantinfotech.com/downloads/Cyberoam/pdf/Managing-bandwidth-the-User-based-approach.pdf

I mention this as I thought it was well written and thorough.  After 
reading the pdf seems to me there ought to be something open source based 
upon perhaps this:  http://lartc.org/lartc.html

Anyway maybe some food for thought.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:21 PM, Les Mikesell  wrote:
> On 8/18/2011 2:01 PM, Rudi Ahlers wrote:
>> Let's try again:
>>
>>
>> I need to automatically block any user who abuses bandwidth, either
>> incoming or outgoing. I should be able to set the limits, in either
>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>
>> Then, any users, connecting from anywhere, on any IP should be blocked
>> - either if he uploads or downloads (i.e ingres&  outgres) for a
>> specific amount of time.
>
> Those requirements don't mesh very well with the real world.  That is,
> people use use a network that they've been provided or paid for aren't
> necessarily 'abusing' anything, and blocking access at times when the
> network isn't fully loaded doesn't help anyone.  What's the big picture
> here?  Don't you really need QOS to throttle certain things at peak
> times only?
>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
>
> ___


Les, it's not really about blocking people who paid.

the servers in question provide a free service and no money is
generated from it, but the client still pays for bandwidth so we'd
like to cap heavy users a bit to avoid expensive bills.


I know the requirements are strange, but I'm really hoping I could
find something that could do this for us.
Right now they have someone who monitors ntop and block IP's that way
around, but it's inefficient and a salary which could have been spent
elsewhere.

Bandwidth in our country is exuberantly expensive, probably about 20x
the price of bandwidth in the USA



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Les Mikesell]

On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
> On Thu, Aug 18, 2011 at 9:09 PM, Always Learning  wrote:
>>
>> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
>>
>>> I need to automatically block any user who abuses bandwidth, either
>>> incoming or outgoing. I should be able to set the limits, in either
>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>
>> First question is:
>>
>> (a) how can you get the IP address ?
>
> I don't fully understand your question?
> How do you get any IP address from any machine that connects to a
> server on the internet? netstat shows the IP's,

You said 'user' which may or may not map to a consistent, single, IP 
address.

> /var/log/http/access.log shows the IP's and I'm sure it's listed in
> other places as well.

Are these web browser clients, locally attached PCs, or what?

> We currently use ntop to monitor the server's usage, but there's no
> way to automatically block an abusive IP.

What's 'abusive'?  If they are using a web app, let the app monitor the 
connection of a logged in user and handle them appropriately.

>
> Ideally I would like to get a dedicated firewall, or dedicated Linux /
> UNIX firewall appliance for this purpose as it needs to monitor and
> protect a whole bunch of servers

A separate box won't know what is going on.  Suppose you have a remote 
mail server relaying in or out for a large number of users.  The 
intermediate box will see a lot of smtp traffic to/from one IP, but it 
will correspond to a lot of users.  Likewise for web users behind a 
company proxy.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:25 PM, Mike  wrote:
> On Thu, 18 Aug 2011, Rudi Ahlers wrote:
>
>> Let's try again:
>>
>>
>> I need to automatically block any user who abuses bandwidth, either
>> incoming or outgoing. I should be able to set the limits, in either
>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>
>> Then, any users, connecting from anywhere, on any IP should be blocked
>> - either if he uploads or downloads (i.e ingres & outgres) for a
>> specific amount of time.
>>
>
> As one might imagine there is at least one commercial product that seems
> to fit the bill.
>
> http://www.aspirantinfotech.com/downloads/Cyberoam/pdf/Managing-bandwidth-the-User-based-approach.pdf
>
> I mention this as I thought it was well written and thorough.  After
> reading the pdf seems to me there ought to be something open source based
> upon perhaps this:  http://lartc.org/lartc.html
>
> Anyway maybe some food for thought.
> ___
>


Thanx. We already tried the cyberoams, but they didn't work as
expected since they manage bandwidth on a per-user basis, and our
"users" come from the world-wide-web.


I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain threshold, it just slows everything down.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Patrick Lists]

On 08/18/2011 08:45 PM, Rudi Ahlers wrote:
> And you obviously think I didn't do my homework?
>
> Did you see my specific requirement? Or did you just see "how" and
> "firewall" and assumed "google" ?

I was not referring to you Rudi. Merely pointing out the lmgtfy concept 
which imho seemed lost on Paul.

And yes I did look at your requirements but don't have the answer for 
you. Maybe a combination of iptables and tc perhaps with connection 
tracking thrown in?

Regards,
Patrick

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:29 PM, Les Mikesell  wrote:
> On 8/18/2011 2:15 PM, Rudi Ahlers wrote:
>> On Thu, Aug 18, 2011 at 9:09 PM, Always Learning  wrote:
>>>
>>> On Thu, 2011-08-18 at 21:01 +0200, Rudi Ahlers wrote:
>>>
 I need to automatically block any user who abuses bandwidth, either
 incoming or outgoing. I should be able to set the limits, in either
 rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>>
>>> First question is:
>>>
>>> (a) how can you get the IP address ?
>>
>> I don't fully understand your question?
>> How do you get any IP address from any machine that connects to a
>> server on the internet? netstat shows the IP's,
>
> You said 'user' which may or may not map to a consistent, single, IP
> address.

well, a 'user' is anyone accessing the server from the internet, so
the IP's will change the whole time.

>
>> /var/log/http/access.log shows the IP's and I'm sure it's listed in
>> other places as well.
>
> Are these web browser clients, locally attached PCs, or what?


web / SQL / SMTP / POP3 clients, connecting from the internet.

>
>> We currently use ntop to monitor the server's usage, but there's no
>> way to automatically block an abusive IP.
>
> What's 'abusive'?  If they are using a web app, let the app monitor the
> connection of a logged in user and handle them appropriately.

yes, but no monitor can block their IP, that I'm aware of.

>
>>
>> Ideally I would like to get a dedicated firewall, or dedicated Linux /
>> UNIX firewall appliance for this purpose as it needs to monitor and
>> protect a whole bunch of servers
>
> A separate box won't know what is going on.  Suppose you have a remote
> mail server relaying in or out for a large number of users.  The
> intermediate box will see a lot of smtp traffic to/from one IP, but it
> will correspond to a lot of users.  Likewise for web users behind a
> company proxy.

For this very reason I need to exclude certain IP's from the limits.


>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Mike]

>
> I have read through that document link on
> http://lartc.org/lartc.html#AEN1393 and the closest I could get is
> rate limiting, but that doesn't actually block the IP if it goes over
> a certain threshold, it just slows everything down.

So I'm not sure I fully understand your requirements.  Why isn't slowing 
the user to zero or at least near zero sufficient?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Les Mikesell]

On 8/18/2011 2:27 PM, Rudi Ahlers wrote:
>
>>> I need to automatically block any user who abuses bandwidth, either
>>> incoming or outgoing. I should be able to set the limits, in either
>>> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
>>>
>>> Then, any users, connecting from anywhere, on any IP should be blocked
>>> - either if he uploads or downloads (i.e ingres&outgres) for a
>>> specific amount of time.
>>
>> Those requirements don't mesh very well with the real world.  That is,
>> people use use a network that they've been provided or paid for aren't
>> necessarily 'abusing' anything, and blocking access at times when the
>> network isn't fully loaded doesn't help anyone.  What's the big picture
>> here?  Don't you really need QOS to throttle certain things at peak
>> times only?
>>

>
> Les, it's not really about blocking people who paid.
>
> the servers in question provide a free service and no money is
> generated from it, but the client still pays for bandwidth so we'd
> like to cap heavy users a bit to avoid expensive bills.

Are you paying for bandwidth by total bits transferred or by peak or 
95th percentile rate?

> I know the requirements are strange, but I'm really hoping I could
> find something that could do this for us.
> Right now they have someone who monitors ntop and block IP's that way
> around, but it's inefficient and a salary which could have been spent
> elsewhere.

You should be able to automate what you are doing with ntop.  Or use a 
netflow collector to centralize the traffic counting and translate your 
rules into iptables settings.

-- 
   Les Mikesell
lesmikes...@gmail.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:38 PM, Mike  wrote:
>>
>> I have read through that document link on
>> http://lartc.org/lartc.html#AEN1393 and the closest I could get is
>> rate limiting, but that doesn't actually block the IP if it goes over
>> a certain threshold, it just slows everything down.
>
> So I'm not sure I fully understand your requirements.  Why isn't slowing
> the user to zero or at least near zero sufficient?

How do I slow one user down, without affecting the others?
The way I understand rate limiting is that you rate limit a certain
protocol / port, or IP / IP range.

So, how would I automatically slow down someone (on any IP address,
and accessing any protocol) once he hits a certain threshold / limit?


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:38 PM, Les Mikesell  wrote:
>
> Are you paying for bandwidth by total bits transferred or by peak or
> 95th percentile rate?
>

We pay per MB and the servers are connected to a 100MB/s port.


>
> You should be able to automate what you are doing with ntop.  Or use a
> netflow collector to centralize the traffic counting and translate your
> rules into iptables settings.
>

Really? That would be great.

But, I'm not a programmer, so I don't know where to start. And, I need
to protect a whole bunch of servers, so ideally this should be done
either on a central gateway which connects on the other side of the
switch, or a firewall appliance.

Any suggestions?


> --
>   Les Mikesell
>    lesmikes...@gmail.com
>



-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Patrick Lists]

On 08/18/2011 09:31 PM, Rudi Ahlers wrote:
[snip]
> I have read through that document link on
> http://lartc.org/lartc.html#AEN1393 and the closest I could get is
> rate limiting, but that doesn't actually block the IP if it goes over
> a certain threshold, it just slows everything down.

How about the netfilter quota, fuzzy and iplimit extensions?

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.4

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.5

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.13

Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Mike]

On Thu, 18 Aug 2011, Rudi Ahlers wrote:


On Thu, Aug 18, 2011 at 9:38 PM, Mike  wrote:


I have read through that document link on
http://lartc.org/lartc.html#AEN1393 and the closest I could get is
rate limiting, but that doesn't actually block the IP if it goes over
a certain threshold, it just slows everything down.


So I'm not sure I fully understand your requirements.  Why isn't slowing
the user to zero or at least near zero sufficient?


How do I slow one user down, without affecting the others?
The way I understand rate limiting is that you rate limit a certain
protocol / port, or IP / IP range.

So, how would I automatically slow down someone (on any IP address,
and accessing any protocol) once he hits a certain threshold / limit?



I think I understand now and the short answer is that you can't!  In other 
words you're saying that say "Steve" is using a ton of bandwidth so you 
want to block him.  But "Fred" and 10 other users that may be at the same 
IP address are fine and you don't want to block them.  I mean you could 
conceptually at least block the IP/Source port that "Steve" is "coming 
from" right now.  But the source port (and perhaps IP) will eventually 
change and your block is now useless.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[John R Pierce]

On 08/18/11 12:43 PM, Rudi Ahlers wrote:
> But, I'm not a programmer, so I don't know where to start.


hire one.  your needs and requirements are vague and unique, no off the 
shelf solution will do exactly what it is you want.  you also need to 
start thinking of your requirements in more precise terms, what the 
thresholds of traffic that will trigger and reset these blocks or 
throttles.   you probably want to tie this into QoS so that when your 
algorithm determines that a specific host is over its threshold, you 
throttle it rather than block it entirely.   messy messy messy.



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Thu, Aug 18, 2011 at 9:52 PM, Mike  wrote:
> On Thu, 18 Aug 2011, Rudi Ahlers wrote:
>
>> On Thu, Aug 18, 2011 at 9:38 PM, Mike  wrote:

 I have read through that document link on
 http://lartc.org/lartc.html#AEN1393 and the closest I could get is
 rate limiting, but that doesn't actually block the IP if it goes over
 a certain threshold, it just slows everything down.
>>>
>>> So I'm not sure I fully understand your requirements.  Why isn't slowing
>>> the user to zero or at least near zero sufficient?
>>
>> How do I slow one user down, without affecting the others?
>> The way I understand rate limiting is that you rate limit a certain
>> protocol / port, or IP / IP range.
>>
>> So, how would I automatically slow down someone (on any IP address,
>> and accessing any protocol) once he hits a certain threshold / limit?
>>
>
> I think I understand now and the short answer is that you can't!  In other
> words you're saying that say "Steve" is using a ton of bandwidth so you want
> to block him.  But "Fred" and 10 other users that may be at the same IP
> address are fine and you don't want to block them.  I mean you could
> conceptually at least block the IP/Source port that "Steve" is "coming from"
> right now.  But the source port (and perhaps IP) will eventually change and
> your block is now useless.
>
> ___



No, not quite.


Steve will have a different IP from Fred. I don't care so much about
the users as such, but rather the IP where the connection is from, and
to.
i.e. I don't need to know what the user's name is, nor match him to a
DB like LDAP or something. I purely need to block an abusive IP.

BUT, if Steve changes his IP to circumvent the block, then his new IP
should be blocked as well.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[John R Pierce]

On 08/18/11 12:56 PM, Rudi Ahlers wrote:
> BUT, if Steve changes his IP to circumvent the block, then his new IP
> should be blocked as well.

how would you know this?



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Les Mikesell]

On 8/18/2011 4:38 PM, John R Pierce wrote:
> On 08/18/11 12:56 PM, Rudi Ahlers wrote:
>> BUT, if Steve changes his IP to circumvent the block, then his new IP
>> should be blocked as well.
>
> how would you know this?

If he is using pop, imap, authenticated smtp, web services with a logged 
in session, ssh, etc., the applications know the user and may be logging 
it.  But there is nothing central or standard to collate this 
information, and there are various circumstances that will cause many 
users to have the same IP source or one user to have several.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

On Thu, 2011-08-18 at 21:33 +0200, Patrick Lists wrote:

> And yes I did look at your requirements but don't have the answer for 
> you. Maybe a combination of iptables and tc perhaps with connection 
> tracking thrown in?

IP tables would be a good place to link-in; perhaps route requests to a
specific port or internal IP address and then examine the traffic before
routing it to the correct destination.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

On Thu, 2011-08-18 at 21:27 +0200, Rudi Ahlers wrote:

> Bandwidth in our country is exuberantly expensive, probably about 20x
> the price of bandwidth in the USA

Een oplossing voor Zuid Afrika ?

If your country has good internal Internet connections, host the site in
Europe or the USA where bandwidth is a lot cheaper ?


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[John Jasen]

Apologies for top posting.

I fear you will either have to work with cacti bandwidth alerts,
figuring out how to grab the client IP and push it into iptables; find
another way to get the client IP out of cacti and into iptables; or look
into the QoS capabilities within Linux.


On 08/18/2011 03:01 PM, Rudi Ahlers wrote:
> Let's try again:
> 
> 
> I need to automatically block any user who abuses bandwidth, either
> incoming or outgoing. I should be able to set the limits, in either
> rate/s or usage/s: 1Mb/s or 10GB/h, for example.
> 
> Then, any users, connecting from anywhere, on any IP should be blocked
> - either if he uploads or downloads (i.e ingres & outgres) for a
> specific amount of time.
> 
> 
> My research:
> 
> The firewalls which we've tried (both normal Linux iptables and
> hardware based firewalls) can do this, as long as I can specify the
> IP's to block - this is standard for an office-type firewall.
> BUT, I don't have a range of IP's to specify since these particular
> servers are on the internet, thus any possible IP on the net could
> connect to the server.
> 
> 
> I also need to exclude certain IP's from this rule (i.e. for backup
> servers which actually need to transfer a lot of traffic).
> 
> To some degree this would mean "traffic accounting", but that just
> keeps a log of traffic usage. And we already measure traffic use with
> cacti & SNMP. Cacti can send us an email if a certain amount of
> bandwidth is used up, but it doesn't tell the firewall to block the
> offending IP address.
> 
> DDOS protection type firewalls doesn't help much either since they
> only block incoming "attacks", but not really normal uploads. They
> also don't block outgoing traffic once the condition is met.
> 


-- 
-- John Jasen (jja...@realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Always Learning]

On Thu, 2011-08-18 at 21:56 +0200, Rudi Ahlers wrote:
> 
> BUT, if Steve changes his IP to circumvent the block, then his new IP
> should be blocked as well.

How will you know Steve has successfully circumvented your block until
until the same Steve, with IP2, eventually exceeds the 'quota' ?  

And if Steve gets away with that, he can probably try again with IP3 and
IP4 etc. - making a mockery of your bandwidth restriction.


-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem getting eth0 up

[Ross Walker]

On Aug 17, 2011, at 10:58 AM, Alfred von Campe  wrote:

> On Aug 17, 2011, at 9:58, Lisandro Grullon wrote:
> 
>> In a second note about the multi-NIC, i would focus in the actual card that 
>> have the connections
> 
> That's my point, I only have one NIC (it's a desktop system) yet NM created 
> two config files, one with ONBOOT=no and the other with ONBOOT=yes.  I 
> reinstalled the system yet again, and this time there was only one.  I don't 
> really like how NM affects the system; I think I'll disable it and edit the 
> ifcfg file by hand (well, with a script).

The ifcfg-eth0 is for when NM is disabled and ONBOOT should then be set to yes 
for this and no for the ifcfg-Wired_Connection_1 an this should be set by NM 
when you tell it not to manage this interface.

There is another option I believe, something like NM_CONTROLLED=no, which if 
present in ifcfg causes NM to not attempt to control the device. For servers 
this should be present.

I agree though that NM not automatically enabling all interfaces under it's 
control should be filed as a bug.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Rudi Ahlers]

On Fri, Aug 19, 2011 at 12:57 AM, Always Learning  wrote:
>
> On Thu, 2011-08-18 at 21:56 +0200, Rudi Ahlers wrote:
>>
>> BUT, if Steve changes his IP to circumvent the block, then his new IP
>> should be blocked as well.
>
> How will you know Steve has successfully circumvented your block until
> until the same Steve, with IP2, eventually exceeds the 'quota' ?
>
> And if Steve gets away with that, he can probably try again with IP3 and
> IP4 etc. - making a mockery of your bandwidth restriction.
>
>
> --
>


The point it, it doesn't matter who the user is. As soon as an IP, any
IP exceeds the limit, it should get blocked.

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cr repository when running your own mirror

[Ross Walker]

On Aug 17, 2011, at 12:21 PM, Karanbir Singh  wrote:

> On 08/17/2011 09:31 AM, Kai Schaetzl wrote:
>>> You wont need to remove anything. As
>>> long as you do not edit that file it will be managed by
>>> centos-release-5-7 and centos-release-cr-5-7 etc.
>> 
>> Well, surely those people using their own mirrors will have to do
>> something ...
> 
> Sure, but then if someone is going to hardwire urls to point at specific 
> content, its reasonable to expect them to manage that content locally.
> 
> the /cr/ repo isnt going to go away, the content from inside it will, so 
> depending on how you rehash the baseurl, leave the $releasever tag in, 
> and things should be fine. As long as you mirror the entire repo 
> structure from centos.org

I wonder if this wouldn't cause a lot more unnecessary download traffic from 
the mirrors as most people who replicate the tree will automatically pull in 
/cr even if they don't need/want it?

For real rolling releases I might have just created a /cr repo at the top level 
for each branch like someone else suggested, but instead of wiping it out 
between point releases just keep throwing the updated packages in there and 
createrepo it.

You would have dozens of versions of the same package in there after a while, 
but on the bright side on can 'yum downgrade' a package all the way back to 
5.0. Of course you would probably purge packages older then X-Y revisions old 
to keep things sane.

Just my $.02

-Ross


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cr repository when running your own mirror

[Always Learning]

I successfully upgraded desktops using the CR repo and 'yum update'.

However after installing the CR repo on 2 VPS's running C 5.6 and doing
a reboot I got a load of Kernel messages, for the first time ever.

--

 - Kernel Begin  

 
 WARNING:  Kernel Errors Present
rtc_cmos: probe of rtc_cmos failed with error -16 ...:  1 Time(s)
 
 1 Time(s): RCU-based detection of stalled CPUs is disabled.
 1 Time(s): Verbose stalled-CPUs detection is disabled.
 1 Time(s): 0: 0x0001 -> 0x00a0
 1 Time(s): 0: 0x0100 -> 0x0001
 1 Time(s):   #1 [0001a7b000 - 0001a8c000]  XEN PAGETABLES
 1 Time(s):   #10 [00019ed000 - 00019ee000] BOOTMEM
 1 Time(s):   #11 [00019ee000 - 00019ef000] BOOTMEM
 1 Time(s):   #12 [00019ef000 - 00019f] BOOTMEM
 1 Time(s):   #13 [00019f - 00019f1000] BOOTMEM
 1 Time(s):   #14 [000240 - 000278]MEMMAP 0
 1 Time(s):   #15 [0001a8c000 - 0001aa4000] BOOTMEM
 1 Time(s):   #16 [0001aa4000 - 0001abc000] BOOTMEM
 1 Time(s):   #17 [00019f1000 - 00019f2000] BOOTMEM
 1 Time(s):   #18 [00019f2000 - 00019f3000] BOOTMEM
 1 Time(s):   #19 [00019f3000 - 00019f4000] BOOTMEM
 1 Time(s):   #2 [000100 - 00019d70c0]   TEXT DATA BSS
 1 Time(s):   #20 [00019ec0c0 - 00019ec1a0] BOOTMEM
 1 Time(s):   #21 [00019ec1c0 - 00019ec228] BOOTMEM
 1 Time(s):   #22 [00019ec240 - 00019ec2a8] BOOTMEM
 1 Time(s):   #23 [00019ec2c0 - 00019ec328] BOOTMEM
 1 Time(s):   #24 [00019ec340 - 00019ec360] BOOTMEM
 1 Time(s):   #25 [00019ec380 - 00019ec3a0] BOOTMEM
 1 Time(s):   #26 [00019ec3c0 - 00019ec3e0] BOOTMEM
 1 Time(s):   #27 [0001abc000 - 0001ad9000] BOOTMEM
 1 Time(s):   #28 [00019ec400 - 00019ec408] BOOTMEM
 1 Time(s):   #29 [00019ec440 - 00019ec448] BOOTMEM
 1 Time(s):   #3 [00019f8000 - 0001a7b000]  XEN START INFO
 1 Time(s):   #30 [00019ec480 - 00019ec484] BOOTMEM
 1 Time(s):   #31 [00019ec4c0 - 00019ec4c8] BOOTMEM
 1 Time(s):   #32 [00019ec500 - 00019ec600] BOOTMEM
 1 Time(s):   #33 [00019ec600 - 00019ec648] BOOTMEM
 1 Time(s):   #34 [00019ec680 - 00019ec6c8] BOOTMEM
 1 Time(s):   #35 [00019f4000 - 00019f6000] BOOTMEM
 1 Time(s):   #4 [001000 - 003000]  TRAMPOLINE
 1 Time(s):   #5 [003000 - 007000] ACPI WAKEUP
 1 Time(s):   #6 [008000 - 076000] PGTABLE
 1 Time(s):   #7 [00019d70c0 - 00019eb0c0]   NODE_DATA
 1 Time(s):   #8 [00019eb0c0 - 00019ec0c0] BOOTMEM
 1 Time(s):   #9 [007000 - 007030] BOOTMEM
 1 Time(s):   DMA  0x0001 -> 0x1000
 1 Time(s):   DMA320x1000 -> 0x0010
 1 Time(s):   Magic number: 1:252:3141
 1 Time(s):   NODE_DATA [019d70c0 - 019eb0bf]
 1 Time(s):   Normal   empty
 1 Time(s):  Xen:  - 000a (usable)
 1 Time(s):  Xen: 000a - 0010 (reserved)
 1 Time(s):  Xen: 0010 - 1000 (usable)
 1 Time(s): ACPI in unprivileged domain disabled
 1 Time(s): ACPI: Interpreter disabled.
 1 Time(s): APIC: disable apic facility
 1 Time(s): APIC: switched to apic NOOP
 1 Time(s): Adding 524284k swap on /dev/xvda2.  Priority:-1 extents:1
across:524284k SS
 1 Time(s): Allocating PCI resources starting at 1000 (gap:
1000:f000)
 1 Time(s): BIOS-provided physical RAM map:
 1 Time(s): Block layer SCSI generic (bsg) driver version 0.4 loaded
(major 253)
 1 Time(s): Booting paravirtualized kernel on Xen
 1 Time(s): Brought up 1 CPUs
 1 Time(s): Built 1 zonelists in Node order, mobility grouping on.
Total pages: 64543
 1 Time(s): CONFIG_NF_CT_ACCT is deprecated and will be removed soon.
Please use
 1 Time(s): CPU: Unsupported number of siblings 4
 1 Time(s): Calibrating delay loop (skipped), value calculated using
timer frequency.. 4999.99 BogoMIPS (lpj=246)
 1 Time(s): Checking aperture...
 1 Time(s): Command line: root=/dev/xvda1 ro selinux=0 ro
 1 Time(s): Console: colour dummy device 80x25
 1 Time(s): DMI not present or invalid.
 1 Time(s): Dentry cache hash table entries: 32768 (order: 6, 262144
bytes)
 1 Time(s): Detected 2499.996 MHz processor.
 1 Time(s): Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
 1 Time(s): EXT3-fs (xvda1): mounted filesystem with ordered data mode
 1 Time(s): EXT3-fs (xvda1): using internal journal
 1 Time(s): EXT3-fs: barriers not enabled
 1 Time(s): Faking a node at -1000
 1 Time(s): Fixed MDIO Bus: probed
 1 Time(s): Freeing SMP alternatives: 20k freed
 1 Time(s): Freeing unused kernel memory: 892k freed
 1 Time(s): Grant table initialized
 1 Time(s): Hierarchical RCU implementation.
 1 Time(s): HugeTLB registered 2 MB page size, pre-allocated 0 pages
 1 Time(s): IMA: No TPM chip found, activating TPM-bypass!
 1 Time(s): IP route cache hash table entries: 

Re: [CentOS] stupid question about kickstart file

[Ross Walker]

On Aug 18, 2011, at 12:25 PM, Eero Volotinen  wrote:

> Hi,
> 
> Is is possible to use kickstart file to install rhel from dvd drive?
> Mainly idea is to clone one anaconda.ks file to about twenty
> machines.?
> examples? ftp/http/dhcp is not possible due to network limitations.

Create a USB install thumb drive with the ISO on it, from an installed system 
loop mount the iso file read/write, overwrite the anaconda.ks with the custom 
one, umount, then the next install should use the custom anaconda.ks.

Use the wiki to find out how to create a USB install, author ISO files and 
custom kickstarts.

If it really must be by DVD then you'll need to burn the modified ISO.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[John R Pierce]

On 08/18/11 4:05 PM, Rudi Ahlers wrote:
> The point it, it doesn't matter who the user is. As soon as an IP, any
> IP exceeds the limit, it should get blocked.

you might take a look at the various fail2ban scripts that are commonly 
used to block an IP for some period of time after a threshold number of 
SSH or appache login attempts are made, and you can probably figure out 
how to implement that same sort of concept to run off whatever 
per-source-IP traffic statistics you're keeping...   of course, if your 
web and mail and whatever servers are accessed by 100s or 1000s of 
unique hosts a day, those traffic statistics are going to be quite a lot 
of overhead to track.



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[Ross Walker]

On Aug 17, 2011, at 3:50 PM, Rudi Ahlers  wrote:

> Hi,
> 
> I'm looking for a firewall (preferably on Linux / UNIX) that could
> automatically block bandwidth abusers as soon as a connection goes
> over a certain speed, or limit - i.e. either more than say 3Mb/s or
> 10GB in a giving period (like weekly / monthly).
> 
> But, I need it to block the IP to, or where the traffic comes from, or
> goes to. i.e. a user logs into a web server and upload a LOT of data,
> then the firewall should block him, but not other people.
> 
> Or, someone uploads a small bit of data but downloads a lot of data
> and then get's blocked.
> But I need to set thresholds
> And I should be able to exclude certain IP's / domains from the limits.
> 
> Does this make sense?
> 
> Can this be done with iptables? If so, how?
> 
> If not, what else could I use for this?
> 
> 
> A normal DDOS prevention firewall doesn't really work since it only
> blocks traffic coming in. But I need to limit traffic going out as
> well.
> 
> The servers behind the firewall will serve mail, http, ftp, sql and SSH


Best approach, throttle, you can cause the throttle to increase as the overage 
increases until it reaches dial-up speed. With some cleverness you can back the 
throttle out after a period of idle-ness.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] which firewall to automatically block bandwidth abusers?

[John R Pierce]

On 08/17/11 12:50 PM, Rudi Ahlers wrote:
> A normal DDOS prevention firewall doesn't really work since it only
> blocks traffic coming in. But I need to limit traffic going out as
> well.
>
> The servers behind the firewall will serve mail, http, ftp, sql and SSH

without requests coming in, no web etc traffic can go out.

you want to block your own mail server from sending too much mail to a 
single host?and block an internet mail server from sending "too 
much" mail to you?   thats not going to end well.

SQL?  what are you doing letting a SQL server be publically 
accessible?   SQL servers should only be accessed by application servers 
over secure connections.

I think as it stands, this is a very poorly thought out idea with much 
room for gotchas and problems.



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem getting eth0 up

[William Warren]

Is there a technical reason...like the system won't network at all.. as 
to not removing network manager?


On 8/17/2011 9:58 AM, Lisandro Grullon wrote:

Alfred,
I would not delete network manager, it would be better if you stop it 
"service NetworkManager stop" and disable from booting "chkconfig 
NetworkManager off"it can turn a useful tool for troubleshooting 
in the future. In a second note about the multi-NIC, i would focus in 
the actual card that have the connectionshere at work we have 
system with 8 NIC for redundant links, but my main focus is in the 
actual ports that have connectivity. Take a look at 
/etc/sysconfig/network-scripts.focus in the ifcfg-ethx that is 
actually working in your box. Don't forget that you can always use 
system-config-network-tui as an alternative to using the GUI, as long 
as you have it install "yum install system-config-network-tui 
-y".I think you are in the right path, let us know how it turn 
out. In reference to the host name, take a look at the file 
/etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg_ethx 
to assign host name informationI hope I didn't confuse you 
morethe Redhat documentation is rocksolid, take a glance at it. 
Best of luck to you.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem getting eth0 up

[Ross Walker]

On Aug 18, 2011, at 9:16 PM, William Warren 
 wrote:

> 
> On 8/17/2011 9:58 AM, Lisandro Grullon wrote:
>> 
>> Alfred,
>> I would not delete network manager, it would be better if you stop it 
>> "service NetworkManager stop" and disable from booting "chkconfig 
>> NetworkManager off"it can turn a useful tool for troubleshooting in the 
>> future. In a second note about the multi-NIC, i would focus in the actual 
>> card that have the connectionshere at work we have system with 8 NIC for 
>> redundant links, but my main focus is in the actual ports that have 
>> connectivity. Take a look at /etc/sysconfig/network-scripts.focus in the 
>> ifcfg-ethx that is actually working in your box. Don't forget that 
>> you can always use system-config-network-tui as an alternative to using the 
>> GUI, as long as you have it install "yum install system-config-network-tui 
>> -y".I think you are in the right path, let us know how it turn out. In 
>> reference to the host name, take a look at the file /etc/sysconfig/network 
>> and /etc/sysconfig/network-scripts/ifcfg_ethx to assign host name 
>> informationI hope I didn't confus
 e you morethe Redhat documentation is rocksolid, take a glance at it. Best 
of luck to you.
>> 
> Is there a technical reason...like the system won't network at all.. as to 
> not removing network manager?

I believe in C6 there are so many dependencies on NM removing it removes half 
the OS.

You can disable it though.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Lucian]

On Thu, Aug 18, 2011 at 11:45 AM, Marc Deop i Argemí
 wrote:
> The best colourscheme for the eyes is a dark background with an even darker
> text color.
>
> And the worst would be dark background with light color for the text
> (although many "geeks" use that combination...)
>

This is an interesting little article on the subject:
http://www.searo.who.int/en/Section7/Section22/Section1105/Section1106_4272.htm
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Change bash colours like in VIM

[Always Learning]

On Fri, 2011-08-19 at 03:17 +0100, Lucian wrote:

> This is an interesting little article on the subject:
> http://www.searo.who.int/en/Section7/Section22/Section1105/Section1106_4272.htm

" Choose a contrasted display, with dark characters on a light
background."

Always my personal preferred choice :-)



-- 
With best regards,

Paul.
England,
EU.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Two Samba Servers and Rsync

[Kenneth Porter]

--On Wednesday, August 10, 2011 4:43 PM +0200 Railic Njegos 
 wrote:

> Backuppc is better solutions? Anyone similar software for this problem ?

That's what I'm using to back up Windows shares, using rsync mode to do the 
actual transfer. I'm using a Windows port of rsyncd to serve the files.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] PHP 5.3: IUS vs CentOS repos

[Kenneth Porter]

I need to upgrade PHP because the latest WordPress requires one at least at 
5.2.4. What are the tradeoffs of using the php53 packages provided by 
CentOS versus IUS? I've seen that installing the RHEL-derived php53 
requires removing php first and it creates package conflicts because it 
doesn't provide a virtual php-common package. That suggests I should 
install the IUS package. Is there any reason to avoid IUS and stay with the 
CentOS package?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP 5.3: IUS vs CentOS repos

[John R. Dennison]

On Thu, Aug 18, 2011 at 09:54:56PM -0700, Kenneth Porter wrote:
> install the IUS package. Is there any reason to avoid IUS and stay with the 
> CentOS package?

No, not really.

TUV broke php53 and it won't be fixed in any useful timeframe; IUS'
packages are sane, well maintained and used by Rackspace for their own
customers.

I wouldn't use the TUV php53 for any reason the way things stand.





John

-- 
If you always do what interests you, at least one person is pleased.

-- Katharine Hepburn (1907-2003), American actress, writer


pgpBhpyz08PMG.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos