Que ves en el log de iptables?
Emilio Alvarado
El 10 de marzo de 2015 17:35:31 César Martinez
cmarti...@servicomecuador.com escribio:
Saludos amigos listeros, tengo un servidor centos 6.6 de 64 bits que
hace proxy firewall en este servidor bloqueo sitios https con un post
que Epe tiene
Hello
Sorry but I cannot provide logs today
The matter seems to be that httpd version is 2.4.6 whereas httpd-itk is 2.2.x
It tried to upgrade httpd-itk but the available release (2.4.7) requires httpd
2.4.7.
Does anyone knows a reliable repository providing httpd 2.4.7 or higher for
Centos 7?
Otra alternativa simple, aunque vulnerable, es configurar un resolver DNS
local como dnsmasq, con el que se interviene el nombre youtube.com con otro ip,
probablemente un sitio local con una advertencia.
Se debe tener la precaución en este caso que solo el ip del resolver tenga
permiso de
On Thu, Mar 12, 2015 at 8:57 AM Tim Dunphy bluethu...@gmail.com wrote:
Hey everybody,
I'm trying to get mysql master/slave replication to work under SSL. I've
created the certs for both the slave and the master. I've configured the
master and slave my.cnf. And it does appear that
Why is there a release candidate in Updates?
bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.2
updates
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte Lyne Limited http://www.harte-lyne.ca
9
Hey everybody,
I'm trying to get mysql master/slave replication to work under SSL. I've
created the certs for both the slave and the master. I've configured the
master and slave my.cnf. And it does appear that replication is actually
working.
Master is actually MariaDB (version
On Wed, March 11, 2015 13:46, Grant McChesney wrote:
On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne
byrn...@harte-lyne.ca
wrote:
Can anyone inform me as to whether or not Java on CentOS-6.6 still
has SSLv3 enabled? And if it does then how is it disabled?
James:
Check the
Gracias por responder
Luis tu alternativa es válida respecto al host el problema es que solo
se necesita bloquear a X equipos no a todos, algo adicional mi proxy es
transparente y como sabes squid no bloquea conexiones seguras por el
puerto https
David sabes que uso esta regla para bloquear
On Wed, Mar 11, 2015 at 12:03:01PM -0400, James B. Byrne wrote:
Can anyone inform me as to whether or not Java on CentOS-6.6 still has
SSLv3 enabled? And if it does then how is it disabled?
According to these updates for openjdk java:
java-1.6.0-openjdk
On Thu, Mar 12, 2015 at 09:55:46AM -0400, James B. Byrne wrote:
Why is there a release candidate in Updates?
bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.2
updates
Because that's the release that was used in the upstream (RHEL)
package to address CVE-2014-8500.
On Fri, Feb 13, 2015 at 12:15:39PM +, Karanbir Singh wrote:
hi guys,
docker 1.5 is now in virt7-testing repos, please test and feedback so we
can move to release..
thanks lokesh!
- KB
KB,
Just curious what's the latest re: docker testing and release?
Also, where do people
I'm looking at a CentOS 5 Xen server that I'd really like to put some
more recent VM's. There are reasons not to touch it at the moment, so
I can't upgrade it in place today.
Has anyone successfully installed a CentOS 6 VM, paravirtualized, on a
CentOS 5 Xen server , without significant Xen
On Thu, 12 Mar 2015, Digimer wrote:
On 12/03/15 08:42 PM, Marcelo Ricardo Leitner wrote:
I've used iperf a lot successfully. I have an RPM for EL6 on my
repo here:
https://alteeve.ca/an-repo/el6/RPMS/x86_64/iperf-2.0.5-11.el6.anvil.x86_64.rpm
The source is there, and I would be surprised
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private
Ok, yeah I can understand that. I'll correct it. Still need a way to get
SSL enabled however. Any suggestions there?
Thanks
Tim
On Thu, Mar 12, 2015 at 11:40 AM, m.r...@5-cent.us wrote:
Tim Dunphy
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user needs
to have at least read permission to the locations where the ssl files are
located. By default on Centos the /etc/pki/CA/private directory has its
Tim Dunphy wrote:
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user
needs to have at least read permission to the locations where the ssl
files
are located. By default on Centos the /etc/pki/CA/private
On Thu, March 12, 2015 10:40 am, m.r...@5-cent.us wrote:
Tim Dunphy wrote:
The mysqld process runs as the mysql user. It's parent which is the
mysqld_safe runs as the root user. That being said the mysql user
needs to have at least read permission to the locations where the ssl
files
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you have to
make it persistant. I found:
On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com
wrote:
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you have to
make it persistant. I
On 12 March 2015 at 13:43, Robert Moskowitz r...@htt-consult.com wrote:
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you have to
make it persistant. I found:
On Thu, Mar 12, 2015 at 10:49 AM Tim Dunphy bluethu...@gmail.com wrote:
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private
Ok, yeah I can understand that. I'll correct it. Still need a way to get
SSL enabled however. Any suggestions there?
I
Hey Alberto,
Perfect! Thanks for your response. Moving the certs and keys to an
alternate location worked exactly right.
Master:
MariaDB [(none)] show variables like '%ssl%';
+---+--+
| Variable_name | Value|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/15 04:29 PM, Gilbert Sebenste wrote:
Hello everyone,
A network engineer buddy of mine brought up for discussion with me
that he'd like to do some throughput testing, but he's new to
Linux/RedHat. Is there any software I can recommend
Colocas antes en iptables una (o varias) regla que acepte las ips autorizadas.
Cuidado que te pueden suplantar el ip de origen. Tal vez podrias fijar las mac
con su ip en el servidor centos.
Luis de la Barra
www.wyzer.cl
Consejos CentOS, Redes y Desarrollo Web
div Mensaje original
CentOS Errata and Security Advisory 2015:0674 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0674.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
Hello everyone,
A network engineer buddy of mine brought up for discussion with me
that he'd like to do some throughput testing, but he's new to
Linux/RedHat. Is there any software I can recommend to him that
any of you find above par for CentOS 6/7?
Thanks!
Gilbert
CentOS Errata and Bugfix Advisory 2015:0676
Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0676.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
On Thu, Mar 12, 2015 at 2:25 PM, Warren Young w...@etr-usa.com wrote:
On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote:
On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com
wrote:
I found:
On Thu, Mar 12, 2015 at 3:01 PM, Robert Moskowitz r...@htt-consult.com wrote:
where it says to add to ifcfg-eth0:
192.168.128.0/17 via 40.53.24.3
That’s only for RHEL 7: http://goo.gl/AtjIyI
Aside from being irritating, that's just wrong. I'm using that
syntax on Centos5,
AH, I
On 03/12/2015 04:12 PM, Les Mikesell wrote:
On Thu, Mar 12, 2015 at 3:01 PM, Robert Moskowitz r...@htt-consult.com wrote:
where it says to add to ifcfg-eth0:
192.168.128.0/17 via 40.53.24.3
That’s only for RHEL 7: http://goo.gl/AtjIyI
Aside from being irritating, that's just wrong. I'm
On Thu, Mar 12, 2015 at 3:16 PM, Robert Moskowitz r...@htt-consult.com wrote:
What I really need to do is get RIP working on that router and get my
servers to listen to RIP...
One leap at a time!
The usual quick-fix in a small network is to make your default router
know about everything
Prueba:
$IPTABLES -A FORWARD -p tcp --dport 443 -j DROP
Saludos,
David
El día 12 de marzo de 2015, 10:31, César Martinez
cmarti...@servicomecuador.com escribió:
Gracias por responder
Luis tu alternativa es válida respecto al host el problema es que solo se
necesita bloquear a X equipos no a
Pero con esa regla cierro a todos el puerto 443 la idea es solo cerrar a un
deperminado número de ips el acceso al YouTube
--
Saludos
César Martínez
Ingeniero de Sistemas
Enviado desde mi móvil Samsung Galaxy
El 12 de marzo de 2015 15:20:41 GMT-05:00, David González Romero
dgrved...@gmail.com
On Thu, 12 Mar 2015 14:25:52 -0500, Warren Young w...@etr-usa.com wrote:
ADDRESS0=192.168.128.0
NETMASK0=255.255.128.0
GATEWAY0=40.53.24.3
This is the scheme used in prior versions of RHEL.
Are you saying this should not work in RHEL/Cent 7? It works fine for me
in 5/6/7.
On 03/12/2015 03:51 PM, Les Mikesell wrote:
On Thu, Mar 12, 2015 at 2:25 PM, Warren Young w...@etr-usa.com wrote:
On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote:
On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com
wrote:
I found:
Hi All,
I'm seeing tapdisk processes not being terminated after a HVM vm is shutdown or
migrated away. I don't see this problem with linux paravirt domu's, just
windows hvm ones.
xl.cfg:
name = 'nathanwin'
memory = 4096
vcpus = 2
disk = [
On 03/12/2015 01:50 PM, Earl A Ramirez wrote:
On 12 March 2015 at 13:43, Robert Moskowitz r...@htt-consult.com wrote:
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you
On Thu, Mar 12, 2015 at 6:11 PM, Nathan March nat...@gt.net wrote:
Hi All,
I'm seeing tapdisk processes not being terminated after a HVM vm is shutdown
or migrated away. I don't see this problem with linux paravirt domu's, just
windows hvm ones.
Interesting -- actually you get the same
On Mar 12, 2015, at 11:52 AM, Jason Warr ja...@warr.net wrote:
On Thu, 12 Mar 2015 12:43:27 -0500, Robert Moskowitz r...@htt-consult.com
wrote:
I found:
http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html
where it says to add to ifcfg-eth0:
On Thu, Mar 12, 2015 at 10:49 AM Tim Dunphy bluethu...@gmail.com wrote:
No: /etc/pki/CA should NOT be group writeable. Ditto for
/etc/pki/tls/cernts and private
I agree - Sorry I did not mean to imply that the directory permissions on
/etc/pki/CA should be modified. However it was
On 11/03/2015 15:17, Niki Kovacs wrote:
Hi,
I just configured SquidAnalyzer, a nifty little network statistics tool
that I'm using mainly in school networks to monitor network usage.
I want to run the '/usr/bin/squid-analyzer' script once a day. I took a
peek in /etc/cron.daily, and the
As I discussed earlier with you, I am very much excited about this
idea, bringing a new user friendly standard of writing as well as
accessing the documentation.
A couple of queries,
The author writes up in markup language - possibly host the content
on github - discussion over the content on
On 12-03-2015 17:39, Digimer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/15 04:29 PM, Gilbert Sebenste wrote:
Hello everyone,
A network engineer buddy of mine brought up for discussion with me
that he'd like to do some throughput testing, but he's new to
Linux/RedHat. Is
On Thu, Mar 12, 2015 at 01:43:27PM -0400, Robert Moskowitz wrote:
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you have
to make it persistant. I found:
On 03/12/2015 08:46 PM, Scott Robbins wrote:
On Thu, Mar 12, 2015 at 01:43:27PM -0400, Robert Moskowitz wrote:
I know how to use 'ip' to set up a static route, e.g.:
ip route add 192.168.128.0/17 via 40.53.24.3 dev eth0
But if you reboot or restart network, you loose this. Thus you have
to
Cesar el objetivo de mi regla es precisamente PROBAR si al cerrar el
443 ese ie no te abre más el 443, si lo abre entonces cuelgo mis
guantes y reconozco que hay brujeria en ie; sino tus reglas están mal.
Saludos,
David
El día 12 de marzo de 2015, 18:45, César Martinez
Hola Luis si de echo tengo una función con un for para validar eso el
problema es que con la regla con string en internet explorer carga el
youtube
--
Saludos Cordiales
|César Martínez | Ingeniero de Sistemas | SERVICOM
|Tel: (593-2)554-271 2221-386 | Ext 4501
|Celular: 0999374317 |Skype
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've been thinking for a little while, and talking with people, about
what would be a good documentation strategy for the CentOS Project.
== tl;dnr aka Summary
This is a proposal around creating new, short-format
documentation about doing cool new
Sigo pensando que si cierras el puerto 443 no te debería abrir...
Saludos,
David
El día 11 de marzo de 2015, 19:03, Luis Huacho Lazo
l.hua...@gmail.com escribió:
Aunque el tema es Linux centos, en mi red gestionada con fortigate pasa lo
mismo, todo bloqueado pero el ie8 pasa y visualiza
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
Cesar,
Siempre es más costoso hacer búsqueda de un string sobre un bloque de datos, lo
que puede perjudicar el desempeño.
Se recomienda ordenar los criterios comenzando con el más simple, como
protocolo tcp, continuar con el puerto 80 o 443, probablemente incluir los
segmentos de red destino
Y porque no pruebas cerrando todo el puerto 443... es lo que quiero
que pruebes, porque si usas una regla del tipo
iptables ... -dport 443 youtube.com
El DNS bloqueará el IP que en el instante de levantarse el IPtables
haya agarrado como youtube.com; y según creo youtube.com tiene varios
IP que
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/03/15 08:42 PM, Marcelo Ricardo Leitner wrote:
On 12-03-2015 17:39, Digimer wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 12/03/15 04:29 PM, Gilbert Sebenste wrote:
Hello everyone,
A network engineer buddy of mine brought up
Intenta eliminando los temporales de loa navegadores a ver si en realidad
ingresa
El 11/03/2015 09:04, César Martinez cmarti...@servicomecuador.com
escribió:
Gracias amigo pero igual se demora pero al final carga el sitio son en ie
--
Saludos Cordiales
|César Martínez | Ingeniero de
Si de echo estoy vaciando con ccleaner y luego por si las moscas le hago
control + f5
--
Saludos Cordiales
|César Martínez | Ingeniero de Sistemas | SERVICOM
|Tel: (593-2)554-271 2221-386 | Ext 4501
|Celular: 0999374317 |Skype servicomecuador
|Web www.servicomecuador.com Síguenos en:
|Twitter:
55 matches
Mail list logo