Re: [Server-devel] server ecurity
2009/9/21 Jerry Vonau jvo...@shaw.ca: Your proxy is slow to re-load the iptables rule-set? How many lines? No no. You got a mixup there :-). Adding/removing rules from iptables is fast -- we can create a new chain and add rules, flush it, etc. So we can manipulate rules there hot. For the proxy, we are using Squid. If the solution we build depends on adding/removing rules from Squid, and that happens to need a squid restart, we will be in a world of pain. So we either avoid this, or switch http proxy. I was thinking of something like NoCat: http://nocat.net/ but without the splash-screen, we can just use the backend from NoCat I thought nocat was playing tricks with dhcp? DWill have to re-review it. I am currently on holidys - so my replies will lag a bit... cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] server ecurity
2009/9/22 Henry Vélez Molina henry.lap...@gmail.com: ¿wheres is the moodle file with the XO´s registration? Some info in /home/idmgr/identity.db , and you will want to hook into /var/www/moodle/web/auth/olpcxs/auth.php which is the code that handles the automagic login. When the login succeeds, moodle will have to trigger a privileged process (probably using incrond) that figures out the username-ip-mac address mappings, and loads up a new iptables rule. So we'll need a new chain, and a bit of a re-design of our iptables scheme. m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] server ecurity
Martin Langhoff martin.langh...@gmail.com writes: For the proxy, we are using Squid. If the solution we build depends on adding/removing rules from Squid, and that happens to need a squid restart, we will be in a world of pain. So we either avoid this, or switch http proxy. You can use external_acl_type ACLs and use an external program that checks the rules from any backend you want (files, databases, etc). This way you won't need to restart/reload Squid at all. That's the way SquidGuard et al work. Saludos, Iñaki. -- Iñaki Arenaza MONDRAGON UNIBERTSITATEA Faculty of Engineering Electronics and Computing Department Loramendi 4, 20500 Arrasate-Mondragon (Spain) Tel: +34 943739735 / Fax: +34 943791536 http://www.mondragon.edu/telematika ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Falla configuracion con Open DNS
Espanol: Corriste la configuracion de red antes de configurar el Bind? root@ localhost # /etc/sysconfig/olpc-scripts/domain_config mi_dominio mi_dominio reemplazar por tu dominio y sin las comillas English: Did you execute the domain configuration script before you modified Bind? root@ localhost # /etc/sysconfig/olpc-scripts/domain_config my_domain my_domain replace for tour domain name without the quotes cheers.. saludos.. R 2009/9/21 Luis Diaz luisdiazmedp...@gmail.com Se esta configurando el XS para usar el OPEN DNS, los pasos que he seguido son: 1) He creado una cuenta de Open DNS y egrege mi red. 2) En el XS en: /etc/named-xs.conf.in agrege: forward only; forwarders { 208.67.222.222; 208.67.220.220; }; 3) Luego se hizo: cd /etc make -f xs-config.make named-xs.conf /etc/init.d/named restart En este punto sale este error: School.external.zone.db:4: no TTL specified; zone rejected School.external.zone.db:5: no TTL specified; zone rejected School.external.zone.db:6: no TTL specified; zone rejected . . zone \...@\@basednsdna...@\@/IN: loading from master file school.external.zone.db filed: bad name (check-names) external/@@BASEDNSNAME@@/IN: bad name (check-names) [FAILED] Entonces las laptops ya no entran a internet. Que se puede hacer? ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Rodolfo ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] server ecurity
On Tue, 2009-09-22 at 12:05 +0200, Martin Langhoff wrote: 2009/9/21 Jerry Vonau jvo...@shaw.ca: Your proxy is slow to re-load the iptables rule-set? How many lines? No no. You got a mixup there :-). Adding/removing rules from iptables is fast -- we can create a new chain and add rules, flush it, etc. So we can manipulate rules there hot. For the proxy, we are using Squid. If the solution we build depends on adding/removing rules from Squid, and that happens to need a squid restart, we will be in a world of pain. So we either avoid this, or switch http proxy. OK, that clearer :-) I was thinking of something like NoCat: http://nocat.net/ but without the splash-screen, we can just use the backend from NoCat I thought nocat was playing tricks with dhcp? DWill have to re-review it. No dhcp tricks, using iptables's packet marking, you tag the traffic from the mac address/ip combo, directing the packet flow in to some new tables where the rules are predefined. I am currently on holidys - so my replies will lag a bit... Have fun, we all need a break, Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] RACHEL, another developing world server project, would like to have a discussion with XS
Greetings, I work with a volunteer project launched about a year ago that is working on developing a server package for education in the developing world. The initiative is called RACHEL. RACHEL is a web and content server image, based on Linux/Apache and installed on commodity hardware, that we designed to serve content in developing-world school environments with unusable connections or no connections to the internet. We designed RACHEL to target schools with fully functioning Ethernet-connected-PC computer labs, but with no internet connections. However, as a relatively new volunteer in this particular effort, I felt that our goals were closely aligned with OLPC, in particular the XS school server project. I would like to engage someone working with XS in order to bring this project up to speed as far as developments in the field, as well as to shape some sort of collaboration based on how our respective initiatives' visions align. Our focus is primarily on putting together quality targeted content instead of facilitating technical infrastructure like XS does. We plan on having this content available mainly to recycled and donated thin clients in developing world computer labs. We would like to have the content be accessible on a platform like XO, but as standard web content accessible to all capable devices. Also, because our project is piggybacking on another program that sends volunteers to schools around the developing world, many of our engineers are also the teachers on the ground carefully collecting feedback. We have successful RACHEL deployments in Delhi, Sierra Leone, Papua New Guinea, and Ecuador, and are collecting initial feedback. More information about the program can be found here: http://worldpossible.org/index.php?option=com_contentview=articleid=70Itemid=89 Could I meet with someone from the XS project, preferably in the San Francisco Bay Area? I would appreciate the chance to have a discussion at some point about ways we can work together. For starters, a gentleman at laptop.org named Adam Holt said that there is a Professor Sameer Verma I might want to meet at some point. Professor Verma, would you or anybody else on this list like to talk at some point? Thanks! Dennis Nguyen Worldpossible.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DNS/dhcp question
Martin, I am hoping to hear back from you about this soon. This is on the path to our deployment in the next couple of weeks. Thanks. Gerald On Fri, Sep 18, 2009 at 6:44 PM, Gerald Ardito gerald.ard...@gmail.comwrote: Martin, Thanks. I am using version 0.6d5. And I followed the standard installation procedures. Our tech guy set up a VLAN which includes the APs, which point to the XS (my box) as the DHCP server. I didn't get to try the ping command you suggested. I will do so on Monday. Is there anything else I can do? Thanks. Gerald On Fri, Sep 18, 2009 at 4:23 AM, Martin Langhoff martin.langh...@gmail.com wrote: On Fri, Sep 18, 2009 at 2:55 AM, Gerald Ardito gerald.ard...@gmail.com wrote: I have the XS server up and running on a Dell. Good! - What version of the XS? - Did you follow the standard installation procedures? - What happens if you do ...? ping -c1 `hostname -f` Eth0 is connected to the internet. good Eth1 is connected to the AP for the XOs. Or, more accurate, the AP for the XOs points to eth1. (I hope this is correct). The AP has to be running as an AP, _not_ as a router (so it does not need to point anywhere). Just connect the AP to eth1 I have two problems: 1) When I connected to the AP from the XOs, no IP address is generated. Probably the AP is trying to act as a router instead of as an AP. Make sure you disable all routing features. 2) We are going to use a hosted XS off site, and I want to configure my box (which is the dhcp server) to point to it. What is my box? The XS _must_ be the local dhcp server. The XS must be local, not remote. There must be no box between the XS and the XOs. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] XS Timeout issue (maybe)
Hello, I have been testing an XS. We are in NY and the server is in Boston. I have set the Mesh Server on the XOs (in the Control Panel) for the server's URL, and edited /etc/hosts on the XOs to point toward the server's IP address. The devices connect just fine, and I can collaborate on activities between some machines. I am noticing the following things: 1. In the Neighborhood view on the XOs, different devices seem to drop off at irregular intervals. I don't understand why this is happening. 2. Even after a device has been shut down, it still appears in the Neighborhood view on the other devices until they are restarted. 3. I don't' see all the devices in the Neighborhood view at any one time. All of this seems different that how I understand how XS is supposed to work. So, some questions: 1. Is there some timeout function on the server? If so, can it be customized? 2. Is there any limit to the number of connections made to an XS from one IP address? I am thinking that since these devices are all coming from my school, they are all leaving the building with one IP address. 3. If there is such a limit, can anything be done about this? Thanks. My plan is to deploy 150 machines in the next two weeks, so any help will be greatly appreciated. Gerald ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] RACHEL, another developing world server project, would like to have a discussion with XS
On Tue, Sep 22, 2009 at 4:16 PM, Dennis Nguyen denniskdngu...@alumni.duke.edu wrote: Greetings, I work with a volunteer project launched about a year ago that is working on developing a server package for education in the developing world. The initiative is called RACHEL. RACHEL is a web and content server image, based on Linux/Apache and installed on commodity hardware, that we designed to serve content in developing-world school environments with unusable connections or no connections to the internet. We designed RACHEL to target schools with fully functioning Ethernet-connected-PC computer labs, but with no internet connections. However, as a relatively new volunteer in this particular effort, I felt that our goals were closely aligned with OLPC, in particular the XS school server project. I would like to engage someone working with XS in order to bring this project up to speed as far as developments in the field, as well as to shape some sort of collaboration based on how our respective initiatives' visions align. Our focus is primarily on putting together quality targeted content instead of facilitating technical infrastructure like XS does. We plan on having this content available mainly to recycled and donated thin clients in developing world computer labs. We would like to have the content be accessible on a platform like XO, but as standard web content accessible to all capable devices. Also, because our project is piggybacking on another program that sends volunteers to schools around the developing world, many of our engineers are also the teachers on the ground carefully collecting feedback. We have successful RACHEL deployments in Delhi, Sierra Leone, Papua New Guinea, and Ecuador, and are collecting initial feedback. More information about the program can be found here: http://worldpossible.org/index.php?option=com_contentview=articleid=70Itemid=89 Could I meet with someone from the XS project, preferably in the San Francisco Bay Area? I would appreciate the chance to have a discussion at some point about ways we can work together. For starters, a gentleman at laptop.org named Adam Holt said that there is a Professor Sameer Verma I might want to meet at some point. Professor Verma, would you or anybody else on this list like to talk at some point? Thanks! Dennis Nguyen Worldpossible.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel Dennis, I'd be happy to meet and talk to you guys. sve...@sfsu.edu Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor, Information Systems Director, Center for Business Solutions San Francisco State University http://verma.sfsu.edu/ http://cbs.sfsu.edu/ http://is.sfsu.edu/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel