[CentOS] looking for some advice to monitor network usage in office

[Rudi Ahlers]

Hi all,

I've been asked by a college to setup a monitor to monitor a Windows
network, but on internet usage. They want to have detailed usage, i.e.
on a per IP / PC basis, and if possible to get stats for every
protocol, and see over a period of time what goes on.

My first though wat ntop, which does all of this, but it doesn't save
the data in a DB, so if the server reboots the stats are reset to 0. I
also can't get Cacti to give me stats per IP & per protocol (unless
someone knows how todo this).

I don't yet know the full network layout, but I have a feeling they're
using ADSL, and have a Windows Small Business server with ISA, and
possible Exchange as well. So, I'm either going to put a CentOS box
between the Windows box & ADSL router, or maybe even setup a CentOS
Vmware Virtual PC, force all the network to route via the VPS.

Does anyone have some suggestions / experience in setting up something
like this?

P.S. Please don't look at the fact that there's Windows on the
network. I use Linux for business purposes, not as a hobby, and we
also use Mac & Windows where the situation calls for it.

-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to access encrypted EXT3 partition from Windows

[Rudi Ahlers]

2009/3/24 John R. Dennison :
> On Tue, Mar 24, 2009 at 11:16:11AM +0200, Rudi Ahlers wrote:
>>
>> So, does anyone know how to access (read & write) to EXT3 from Windows?
>
>Why bother?  TrueCrypt is cross-platform and will work for your
>needs.
>
>
>
>
>John
>
> --
> "I'm sorry but our engineers do not have phones."
> As stated by a Network Solutions Customer Service representative when asked to
> be put through to an engineer.
>
> "My other computer is your windows box."
> Ralf Hildebrandt
>  trying to play sturgeon while it's under attack is apparently not fun.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>

Thanx John, I'll check it out

-- 

Kind Regards
Rudi Ahlers
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Frank Cox]

On Wed, 25 Mar 2009 10:01:50 +0200
Rudi Ahlers wrote:

> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.

What about privoxy and sawmill?

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Spook ZA]

Hi Rudy

2009/3/25 Rudi Ahlers :
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for it.
>
> --
>
> Kind Regards
> Rudi Ahlers

If your firewall / border gateway is running linux, have a look at:

 http://www.networkuptime.com/tools/netflow/

You need an exporter that will export linux netflow records and
software that will collect and present the resultant data.

Regards,
  Andrew.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting ready for CentOS 5.4

[Ralph Angenendt]

Ross Walker wrote:
> How about forming a formal non-profit organization around CentOS with  
> contributors.

The question is "where". What counts as a non-profit in the US doesn't
automatically count as one in Europe, for example - that's why there is
a Fedora EMEA, too. Which really binds ressources - and the Fedora
community is large. Yes, one could to talk to them to see how they did
it, I know the people on their board.

> If a movement like CentOS is going to survive it's going to have to  
> grow and the only way it can grow is by solicitating donations then  
> depending on the offered ones it recieves now.

Do I smell a special interest group
 here?

Ralph


pgppiE0cu2hD0.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] help on kerberos5

[fabian dacunha]

Dear All,

this i feel is a little out of topic but really apprecite if someone can help

i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server ..
but am not able to do so .
i get the following error when i run kinit

kinit(v5): Improper format of Kerberos configuration file while
initializing Kerberos 5 library

i have the following packages installed on my linux box

[r...@testproxy init.d]# rpm -qa | grep krb
krb5-devel-1.6.1-25.el5_2.2
krb5-workstation-1.6.1-25.el5_2.2
krb5-auth-dialog-0.7-1
krb5-libs-1.6.1-25.el5_2.2
pam_krb5-2.2.14-1.el5_2.1

rpm -qa|grep ntp
ntp-4.2.2p1-8.el5.centos.1
chkfontpath-1.10.1-1.1

r...@testproxy init.d]# rpm -qa|grep samba
system-config-samba-1.2.39-1.el5
samba-client-3.0.28-1.el5_2.1
samba-common-3.0.28-1.el5_2.1
samba-3.0.28-1.el5_2.1

my domain name is===> baladia.local
Windows 2003 AD server computer name is> kmun

my /etc/krb5.conf file is


[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime=24000
 default_realm=BALADIA.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 BALADIA.LOCAL={
  kdc=172.16.2.227:88
#  admin_server=kmun.baladia.local:749
  default_domain=BALADIA.LOCAL
  kdc=BALADIA.LOCAL
 }

[domain_realm]
.baladia.local=BALADIA.LOCAL
baladia.local=BALADIA.LOCAL

kerberos  88/udp   kdc  # Kerberos key server
kerberos  88/tcp   kdc  # Kerberos key server

[kdc]
  profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

as i said before when i run kinit
kinit(v5): Improper format of Kerberos configuration file while
initializing Kerberos 5 library


i tried googlin n tried varios options in the conf file but no luck
i would really apprecite n be thankful if someone could point out the
syntax error in my krb5.conf file
or if any missing software i need to check n install or anyway i could
track this error

also is there anything to check on my windows 2003 AD Server


Thanks and appreciate

Fabain




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Rob Townley]

On Wed, Mar 25, 2009 at 3:52 AM, Spook ZA  wrote:
> Hi Rudy
>
> 2009/3/25 Rudi Ahlers :
>> Hi all,
>>
>> I've been asked by a college to setup a monitor to monitor a Windows
>> network, but on internet usage. They want to have detailed usage, i.e.
>> on a per IP / PC basis, and if possible to get stats for every
>> protocol, and see over a period of time what goes on.
>>
>> My first though wat ntop, which does all of this, but it doesn't save
>> the data in a DB, so if the server reboots the stats are reset to 0. I
>> also can't get Cacti to give me stats per IP & per protocol (unless
>> someone knows how todo this).
>>
>> I don't yet know the full network layout, but I have a feeling they're
>> using ADSL, and have a Windows Small Business server with ISA, and
>> possible Exchange as well. So, I'm either going to put a CentOS box
>> between the Windows box & ADSL router, or maybe even setup a CentOS
>> Vmware Virtual PC, force all the network to route via the VPS.
>>
>> Does anyone have some suggestions / experience in setting up something
>> like this?
>>
>> P.S. Please don't look at the fact that there's Windows on the
>> network. I use Linux for business purposes, not as a hobby, and we
>> also use Mac & Windows where the situation calls for it.
>>
>> --
>>
>> Kind Regards
>> Rudi Ahlers
>
> If your firewall / border gateway is running linux, have a look at:
>
>  http://www.networkuptime.com/tools/netflow/
>
> You need an exporter that will export linux netflow records and
> software that will collect and present the resultant data.
>
> Regards,
>  Andrew.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

When you mention college internet usage, i thought of Caida.org and
CoralReef.  But that is more for scientific investigations of internet
usage in general.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Ross Walker]

On Mar 25, 2009, at 4:01 AM, Rudi Ahlers  wrote:

> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for I

Best way to do what your asking is to setup a proxy/firewall that all  
hosts have to pass through. That way the proxy/firewall can log all  
the activity and then you use a reporting program to report on the log  
data.

Squid can log all kinds of data, so can iptables. Couple that with  
NTLM/basic authentication on the squid host and you can put names with  
ip addresses.

The authentication can be transparent so if the user is logged on the  
network they auto-authenticate with the proxy.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[David . Mackintosh]

On Wed, Mar 25, 2009 at 10:52:23AM +0200, Spook ZA wrote:
> Hi Rudy
> 
> 2009/3/25 Rudi Ahlers :

> > I've been asked by a college to setup a monitor to monitor a Windows
> > network, but on internet usage. They want to have detailed usage, i.e.
> > on a per IP / PC basis, and if possible to get stats for every
> > protocol, and see over a period of time what goes on.
> > Rudi Ahlers
> 
> If your firewall / border gateway is running linux, have a look at:
> 
>  http://www.networkuptime.com/tools/netflow/
> 
> You need an exporter that will export linux netflow records and
> software that will collect and present the resultant data.

This is almost, but not quite, what I do.  Specifically, I use fprobe
to generate flows, and then nfsen/nfdump to generate the pretty
pictures that management seems to enjoy so much.  nfsen can be
configured to generate some of the information that you want, but you
can write your own perl scripts to parse the raw nfdump files and
extract whatever information you want.

Links:

  fprobe: http://sourceforge.net/project/showfiles.php?group_id=63535
  nfdump: http://nfdump.sourceforge.net/
  nfsen:  http://nfsen.sourceforge.net/

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
 d...@xdroop.com  | http://www.xdroop.com


pgpJUWl3T98VS.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

[Rob Townley]

On Tue, Mar 24, 2009 at 6:12 PM, Les Mikesell  wrote:
> Luke S Crawford wrote:
>>
>>> i would like to see real performance data via something like netperf
>>> with client machines booted from a standardized LiveCD, then
>>> peformance under their Linux Distribution and performance under
>>> Windows.
>>
>>
>> Performance data is not the most important metric, at least for me.
>>
>> For me, the big problem is reliability and security.   My problem with

i am with you, security is my biggest concern.  When our network were
to started to crawl, i have to wonder if there isn't a worm sucking up
all the bandwidth.  Stressing a switch may test the reliability of the
infrastructure in a safe way - an automated PXE boot at night.
Ideally, switch perf reports would include the firmware version.

>> used cisco is that getting access to the firmware usually costs more than
>> the used parts I'm buying... If I'm going to use the thing as a router at the
>> head of my network, I want to be sure that the thing can be secured, and
>> sometimes that requires a firmware update.
>>
>> If someone sold support contracts (by support contracts, I mean firmware.
>> I don't need help, I just need the firmware.) for old switches for
>> less than the value of the switch, I'd buy.    If someone sold
>> switches with open source firmware, I'd buy.  (I've bought myself an
>> OpenGear console server instead of a cheaper used cyclades for similar
>> reasons.)
>
> If you get a service contract on any piece of Cisco equipment, you
> typically get download access to all of the firmware updates.  However,
> in a lot of scenarios there are several choices, each with a different
> set of bugs that you won't know about unless you open a TAC case and
> tell an engineer exactly what features have to work for you.
>
> --
>   Les Mikesell
>    lesmikes...@gmail.com
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

[Robert Moskowitz]

Scott McClanahan wrote:
> I'm looking to acquire a few new core switches for our network which
> would be a major upgrade from the cheap unmanaged things we currently
> have.  Basically, just users, servers, and other simple network devices
> will be plugged into them but I'd like to start doing some testing with
> iSCSI for various non-production reasons.  I have no allegiance to a
> particular vendor although I do have a Cisco background.  I'd like them
> to be at least 10/100/1000 (no need for power over ethernet) and include
> many of the features that are most important to me in a managed switch,
> including:
>   

look at HP Procurves. That is what I use.

You can get 2524's quite cheap on ebay.
>
> * vlans
> * mstp or some well established form of per vlan spanning tree
> * acl's
> * port mirroring or what cisco calls span sessions
> * snmp
> * ssh enabled remote management
> * support w/ updates and bugfixes
>
>
> I need at least 48 ports per device and obviously would like them to be
> "fast".  Most importantly, I'd like to know what you guys prefer as
> operations dudes and what pitfalls to avoid.  Also, are there other
> features you folks would demand to have in your switches that I haven't
> mentioned?  I can provide more information if you'd like.  Thanks.
>
> Oh, cost is sort of an issue (small/medium sized business) but right now
> insight from you guys is what's important and I can work out the cost
> issue later.  Thanks again.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>   

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting ready for CentOS 5.4

[Lanny Marcus]

2009/3/25 Ralph Angenendt :
> Ross Walker wrote:
>> How about forming a formal non-profit organization around CentOS with
>> contributors.
>
> The question is "where". What counts as a non-profit in the US doesn't
> automatically count as one in Europe, for example - that's why there is
> a Fedora EMEA, too. Which really binds ressources - and the Fedora
> community is large. Yes, one could to talk to them to see how they did
> it, I know the people on their board.
>
>> If a movement like CentOS is going to survive it's going to have to
>> grow and the only way it can grow is by solicitating donations then
>> depending on the offered ones it recieves now.
>
> Do I smell a special interest group
>  here?

Or another mailing list or IRC channel? If Ross is correct, and I hope
he is correct,  that Google, Amazon, large ISPs, etc.,  would donate
$, wow. If they are using CentOS and they only contributed USD$1 for
each server, imagine how much $ that would be for the CentOS project.
 :-)   Obviously, more than one dollar per server is the goal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Samba packages update

[Veiko Kukk]

I'm unable to find this http://rhn.redhat.com/errata/RHBA-2009-0180.html 
package update in Centos 5.2 updates. Why?

---
Veiko
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba packages update

[Ralph Angenendt]

Veiko Kukk wrote:
> I'm unable to find this http://rhn.redhat.com/errata/RHBA-2009-0180.html 
> package update in Centos 5.2 updates. Why?

They will come with 5.3.

Ralph


pgpUpl1x5Hi61.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Les Mikesell]

Rudi Ahlers wrote:
> Hi all,
> 
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
> 
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0.

Are you sure you went through all the ntop options?  I thought it had 
ways to store and export data.  And it can both source and parse netflow 
data.

> I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).

SNMP normally reports traffic per interface.  If you can get by with a 
historical total/max bandwidth report, point cacti or other SNMP tool at 
the switch ports facing the users.  Then use ntop for snapshots of 
protocol usage.  If, for example, you are trying to track down the 
source of a virus, you really only want to see current traffic patterns, 
not totals that include last week's bittorrent activity.

> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
> 
> Does anyone have some suggestions / experience in setting up something
> like this?

As long as you have a manged switch behind the internet router you 
should be able to set up a mirror (monitor) port to feed a copy to an 
interface running ntop without actually routing through the Linux box. 
Or, if the router supports it, it can send netflow records to something 
that understands them.


-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Broken link in the documentation.

[Marcelo M. Garcia]

Hi

There is a broken link in the documentation of CentOS 5.2. I was reading 
about e-mail and when you follow the link from POP (24.1.2.1 in 
Deployment guide) to IMAP, you got the following message:
"Not Found

The requested URL 
/docs/5/html/5.2/Deployment_Guide/s3-email-protocols-imap.html was not 
found on this server."

Cheers

Marcelo



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] freeradius version

[Kanwar Ranbir Sandhu]

Hi All,

The freeradius version in CentOS 5 is ancient, so I've been considering
rebuilding the Fedora 10 rpm for freeradius-2.1.3 on CentOS.  That means
I'll have to maintain the package, and I'm not an uber packager.
Normally I wouldn't care, but in this case I do because the freeradius
server is going to be critical.

So, should I rebuild the F10 rpm, or should I just stick with the
version in CentOS 5?  Based on what I'm reading, moving to a newer
release would be wise.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
11:37:20 up 19 days, 11:03, 4 users, load average: 0.17, 0.22, 0.18 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba packages update

[JohnS]

On Wed, 2009-03-25 at 16:40 +0200, Veiko Kukk wrote:
> I'm unable to find this http://rhn.redhat.com/errata/RHBA-2009-0180.html 
> package update in Centos 5.2 updates. Why?
> 
I wondered also but was going to give it a day or so then ask.

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Ray Van Dolson]

On Wed, Mar 25, 2009 at 11:41:56AM -0400, Kanwar Ranbir Sandhu wrote:
> Hi All,
> 
> The freeradius version in CentOS 5 is ancient, so I've been considering
> rebuilding the Fedora 10 rpm for freeradius-2.1.3 on CentOS.  That means
> I'll have to maintain the package, and I'm not an uber packager.
> Normally I wouldn't care, but in this case I do because the freeradius
> server is going to be critical.
> 
> So, should I rebuild the F10 rpm, or should I just stick with the
> version in CentOS 5?  Based on what I'm reading, moving to a newer
> release would be wise.
> 
> Regards,
> 
> Ranbir

What about branching Fedora freeradius for EPEL?

Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba packages update

[JohnS]

On Wed, 2009-03-25 at 15:50 +0100, Ralph Angenendt wrote:
> Veiko Kukk wrote:
> > I'm unable to find this http://rhn.redhat.com/errata/RHBA-2009-0180.html 
> > package update in Centos 5.2 updates. Why?
> 
> They will come with 5.3.
> 
> Ralph
Opps,,, thanks for that Ralph.

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Karanbir Singh]

Kanwar Ranbir Sandhu wrote:
> So, should I rebuild the F10 rpm, or should I just stick with the
> version in CentOS 5?  Based on what I'm reading, moving to a newer
> release would be wise.

What are these things you are reading ?  Might be worth verifying some 
of them.

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Kanwar Ranbir Sandhu]

On Wed, 2009-03-25 at 08:44 -0700, Ray Van Dolson wrote:
> What about branching Fedora freeradius for EPEL?

I guess I can I make a package request there (I already checked - they
don't have it).

Are people really deploying freeradius-1.1.3??

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
11:54:33 up 19 days, 11:20, 4 users, load average: 0.28, 0.24, 0.19 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Craig White]

On Wed, 2009-03-25 at 11:41 -0400, Kanwar Ranbir Sandhu wrote:
> Hi All,
> 
> The freeradius version in CentOS 5 is ancient, so I've been considering
> rebuilding the Fedora 10 rpm for freeradius-2.1.3 on CentOS.  That means
> I'll have to maintain the package, and I'm not an uber packager.
> Normally I wouldn't care, but in this case I do because the freeradius
> server is going to be critical.
> 
> So, should I rebuild the F10 rpm, or should I just stick with the
> version in CentOS 5?  Based on what I'm reading, moving to a newer
> release would be wise.

that's what I did...downloaded the F10 SRPM and rebuilt it on a CentOS 5
system and installed via rpm -Uvh

I believe that someone put the steps on the freeradius.org wiki but it
was right after I did it myself so I didn't check through the various
steps listed in the wiki.

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Ray Van Dolson]

On Wed, Mar 25, 2009 at 11:56:30AM -0400, Kanwar Ranbir Sandhu wrote:
> On Wed, 2009-03-25 at 08:44 -0700, Ray Van Dolson wrote:
> > What about branching Fedora freeradius for EPEL?
> 
> I guess I can I make a package request there (I already checked - they
> don't have it).
> 
> Are people really deploying freeradius-1.1.3??

Seriously doubt it.  If I still worked at an ISP and did want to pay
for Radiator, I would not use such an old version.  It's one thing if
someone is backporting security fixes and such into it... :-)

I'd be going the manual route.  I'd vote for branching this into EPEL
which would hopefully keep it in sync with the F10 version, and, that
failing update the CentOS-Extras one.

Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Kanwar Ranbir Sandhu]

On Wed, 2009-03-25 at 15:51 +, Karanbir Singh wrote:
> What are these things you are reading ?  Might be worth verifying some 
> of them.

Attribute changes, additional features, etc.  freeradius devs aren't
fixing bugs in the 1.1 releases anymore, though I know CentOS' upstream
will backport, if need be.

I suppose my real concern is if our soon-to-arrive network gear requires
features included only in the 2.0 and up releases.

Regards,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
12:00:42 up 19 days, 11:26, 4 users, load average: 0.72, 0.32, 0.22 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Karanbir Singh]

Craig White wrote:
> that's what I did...downloaded the F10 SRPM and rebuilt it on a CentOS 5
> system and installed via rpm -Uvh

If there are a few people doing this already - why does one of you not 
step up and offer to maintain / manage this package in centosplus ? 
Thats what the plus repo is there for, isnt it :)

Maybe a few people can collaborate on this?

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for some advice to monitor network usage in office

[Ray Leventhal]

Rudi Ahlers wrote:
> Hi all,
>
> I've been asked by a college to setup a monitor to monitor a Windows
> network, but on internet usage. They want to have detailed usage, i.e.
> on a per IP / PC basis, and if possible to get stats for every
> protocol, and see over a period of time what goes on.
>
> My first though wat ntop, which does all of this, but it doesn't save
> the data in a DB, so if the server reboots the stats are reset to 0. I
> also can't get Cacti to give me stats per IP & per protocol (unless
> someone knows how todo this).
>
> I don't yet know the full network layout, but I have a feeling they're
> using ADSL, and have a Windows Small Business server with ISA, and
> possible Exchange as well. So, I'm either going to put a CentOS box
> between the Windows box & ADSL router, or maybe even setup a CentOS
> Vmware Virtual PC, force all the network to route via the VPS.
>
> Does anyone have some suggestions / experience in setting up something
> like this?
>
> P.S. Please don't look at the fact that there's Windows on the
> network. I use Linux for business purposes, not as a hobby, and we
> also use Mac & Windows where the situation calls for it.
>   
Just to add my .02, depending on the traffic level, you may do better 
with a pre-packaged distro like Endian which provides transparent proxy 
and reporting.  The community edition (what I'm using) sets up very 
easily and pretty much works out of the box.

For our mixed OS network of about 40 workstations, this serves very 
nicely and does pretty much what you're asking.  The only thing I did to 
the stock install was to have the logs ftp'd to me for archiving so they 
don't get rotated out of existence during the normal system rotation 
schedule. (client wants 1yr of history).

HTH,
-Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[dave veasey]

Karanbir Singh wrote:
> If there are a few people doing this already - why does one of you not
> step up and offer to maintain / manage this package in centosplus ? 
> Thats what the plus repo is there for, isnt it :)
>
> Maybe a few people can collaborate on this?
>
> - KB
>   
That would be a good idea. We've been upgrading from the base version 
included with CentOS 5 on all our boxes for quite some time now. What is 
involved in maintaining  / managing a package in the plus repoistory?

-Dave
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Kanwar Ranbir Sandhu]

On Wed, 2009-03-25 at 16:13 +, Karanbir Singh wrote:
> If there are a few people doing this already - why does one of you not 
> step up and offer to maintain / manage this package in centosplus ? 
> Thats what the plus repo is there for, isnt it :)
> 
> Maybe a few people can collaborate on this?

I suck at packaging.  Well, I think I suck, anyway.  Beyond taking the
F10 SRPM and rebuilding on CentOS 5 with a few customizations (e.g.
update the changelog, sign it with our key, change the packager, etc.),
I wouldn't be doing anything else.  It's probably not the ideal way to
do it.

I assume there's a particular way packages need to be built for
inclusion into centosplus.  Where be the info? :)

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
12:13:53 up 19 days, 11:40, 4 users, load average: 0.14, 0.23, 0.18 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] help on kerberos5

[MHR]

2009/3/25 fabian dacunha :
>
> Dear All,
>
> this i feel is a little out of topic but really apprecite if someone can help
>
> i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server ..
> but am not able to do so .

This is probably a dumb question, but have you tried asking the
kerberos people?  See
http://www-cdf.fnal.gov/upgrades/computing/icrb/kerberos-help.html.

HTH

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Craig White]

On Wed, 2009-03-25 at 12:17 -0400, Kanwar Ranbir Sandhu wrote:
> On Wed, 2009-03-25 at 16:13 +, Karanbir Singh wrote:
> > If there are a few people doing this already - why does one of you not 
> > step up and offer to maintain / manage this package in centosplus ? 
> > Thats what the plus repo is there for, isnt it :)
> > 
> > Maybe a few people can collaborate on this?
> 
> I suck at packaging.  Well, I think I suck, anyway.  Beyond taking the
> F10 SRPM and rebuilding on CentOS 5 with a few customizations (e.g.
> update the changelog, sign it with our key, change the packager, etc.),
> I wouldn't be doing anything else.  It's probably not the ideal way to
> do it.
> 
> I assume there's a particular way packages need to be built for
> inclusion into centosplus.  Where be the info? :)

http://wiki.freeradius.org/Red_Hat_FAQ

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] help on kerberos5

[Kanwar Ranbir Sandhu]

On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
> my domain name is===> baladia.local
> Windows 2003 AD server computer name is> kmun
> 
> my /etc/krb5.conf file is
> 
> 
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  ticket_lifetime=24000
>  default_realm=BALADIA.LOCAL
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
> 
> [realms]
>  BALADIA.LOCAL={
>   kdc=172.16.2.227:88
> #  admin_server=kmun.baladia.local:749
>   default_domain=BALADIA.LOCAL
>   kdc=BALADIA.LOCAL
>  }

You only need one kdc here.  Choose one, comment/delete the other.

> [domain_realm]
> .baladia.local=BALADIA.LOCAL
> baladia.local=BALADIA.LOCAL
> 
> kerberos  88/udp   kdc  # Kerberos key server
> kerberos  88/tcp   kdc  # Kerberos key server

What are these "kerberos" lines for? Why have you put them here? They
don't belong - comment/delete them.


> [kdc]
>   profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults]
>  pam = {
>debug = false
>ticket_lifetime = 36000
>renew_lifetime = 36000
>forwardable = true
>krb4_convert = false
>  }

kinit should work after making the changes above.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Craig White]

On Wed, 2009-03-25 at 16:13 +, Karanbir Singh wrote:
> Craig White wrote:
> > that's what I did...downloaded the F10 SRPM and rebuilt it on a CentOS 5
> > system and installed via rpm -Uvh
> 
> If there are a few people doing this already - why does one of you not 
> step up and offer to maintain / manage this package in centosplus ? 
> Thats what the plus repo is there for, isnt it :)
> 
> Maybe a few people can collaborate on this?

first of all, there's very good instructions which I previously linked.

secondly, I can only build i386 at the present time.

lastly, I'm up and running and don't see much need to continually
monitor updates and releases unless there's a security issue.

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Kanwar Ranbir Sandhu]

On Wed, 2009-03-25 at 11:17 -0700, Craig White wrote:
> first of all, there's very good instructions which I previously linked.
> 
> secondly, I can only build i386 at the present time.

I can build x86_64 and i386.

> lastly, I'm up and running and don't see much need to continually
> monitor updates and releases unless there's a security issue.

I'd be doing it for the community, not just myself.  It would help
everyone out.  Besides, what comes around, goes around.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
14:24:09 up 19 days, 13:50, 4 users, load average: 0.19, 0.13, 0.13 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] freeradius version

[Phil Schaffner]

Kanwar Ranbir Sandhu wrote:
> On Wed, 2009-03-25 at 16:13 +, Karanbir Singh wrote:
>> If there are a few people doing this already - why does one of you not 
>> step up and offer to maintain / manage this package in centosplus ? 
>> Thats what the plus repo is there for, isnt it :)
>>
>> Maybe a few people can collaborate on this?
> 
> I suck at packaging.  Well, I think I suck, anyway.  Beyond taking the
> F10 SRPM and rebuilding on CentOS 5 with a few customizations (e.g.
> update the changelog, sign it with our key, change the packager, etc.),
> I wouldn't be doing anything else.  It's probably not the ideal way to
> do it.
> 
> I assume there's a particular way packages need to be built for
> inclusion into centosplus.  Where be the info? :)

Sounds like you are pretty good at packaging.

See http://wiki.centos.org/HowTos/Packages/ContributeYourRPMs

See you on centos-devel.

Phil
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot get CentOS to install

[Michael Peterson]

JohnS wrote:
> On Mon, 2009-03-23 at 15:21 -0500, Michael Peterson wrote:
>
>   
>> I would really like to get CentOS 5.2 or 5.3 installed on the system if 
>> there is a work around.
>> 
> ---
> What are you using to burn the CDs? How old is the CD Drive that your
> are using to install? How old is the cable? Last thing strip it down to
> the bare minimum harwdare and install?
>
> JohnStanley
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
I burned the CD images on Windows using Roxio and an AOpen DVD Read/ 
CDRW drive.

The burned CD's test fine in more than one system.
I do have to test them with ide=nodma to get them to pass.

The CD Drive and IDE Cable on the system I am trying to install is 5 
years old.

I searched the CentOS site and mailing list for similar issues and found 
one dating back to last year.
The anaconda errors were similar.

I finally got 5.2 to install and the fix was to tell the kernel to 
ignore the ide tape device.
The tape drive is on hdd and the following allowed me to do a GUI 
install with 512 MB.

linux ide=nodma hdd=none

I thought I would post my result so that this request for help could be 
closed.

Thanks for having this list to provide the avenue to a solution.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot get CentOS to install [SOLVED]

[Phil Schaffner]

Michael Peterson wrote:
...
> I burned the CD images on Windows using Roxio and an AOpen DVD Read/ 
> CDRW drive.
> 
> The burned CD's test fine in more than one system.
> I do have to test them with ide=nodma to get them to pass.
> 
> The CD Drive and IDE Cable on the system I am trying to install is 5 
> years old.
> 
> I searched the CentOS site and mailing list for similar issues and found 
> one dating back to last year.
> The anaconda errors were similar.
> 
> I finally got 5.2 to install and the fix was to tell the kernel to 
> ignore the ide tape device.
> The tape drive is on hdd and the following allowed me to do a GUI 
> install with 512 MB.
> 
> linux ide=nodma hdd=none
> 
> I thought I would post my result so that this request for help could be 
> closed.
> 
> Thanks for having this list to provide the avenue to a solution.

Thanks for posting the solution for posterity to close it out.  BTW - I 
think it is a convention to  add "SOLVED" in the subject to indicate 
closure.

Phil
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cannot get CentOS to install

[JohnS]

On Wed, 2009-03-25 at 14:15 -0500, Michael Peterson wrote:
> JohnS wrote:
> > On Mon, 2009-03-23 at 15:21 -0500, Michael Peterson wrote:
> >
> >   
> >> I would really like to get CentOS 5.2 or 5.3 installed on the system if 
> >> there is a work around.
> >> 
> > ---
> > What are you using to burn the CDs? How old is the CD Drive that your
> > are using to install? How old is the cable? Last thing strip it down to
> > the bare minimum harwdare and install?
> >
> > JohnStanley

> >   
> I burned the CD images on Windows using Roxio and an AOpen DVD Read/ 
> CDRW drive.
> 
> The burned CD's test fine in more than one system.
> I do have to test them with ide=nodma to get them to pass.
> 
> The CD Drive and IDE Cable on the system I am trying to install is 5 
> years old.
> 
> I searched the CentOS site and mailing list for similar issues and found 
> one dating back to last year.
> The anaconda errors were similar.
> 
> I finally got 5.2 to install and the fix was to tell the kernel to 
> ignore the ide tape device.
> The tape drive is on hdd and the following allowed me to do a GUI 
> install with 512 MB.
> 
> linux ide=nodma hdd=none

Just currious does the tape drive work since install? Would like like to
know the brand of it also for reference.

> I thought I would post my result so that this request for help could be 
> closed.
> 
> Thanks for having this list to provide the avenue to a solution.

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Looking for a list of default services to disable in centos 5

[Martin Suehowicz]

I am looking for a list of services that you disable by default on your
server. 

Here is what I am disabling so far.

avahi-daemon 
bluetooth 
cups 
firstboot 
haldaemon 
hidd 
hplip 
ip6tables 
isdn 
messagebus 
pcscd 
rpcgssd 
rpcidmapd 
sendmail 
xfs 
xinetd 
yum-updatesd 

Thanks for any input you provide!
Martin



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Looking for a list of default services to disable in centos 5

[Spiro Harvey]

> I am looking for a list of services that you disable by default on
> your server. 

what kind of server? smtp server? pop/imap server? proxy server? web
server? ftp server? logging server? voip gateway? firewall? rpm build
box? swipe card reader server? development/source repo server? LDAP,
NFS? 

or are you looking for a set of things that we disable by default on
all servers? At which point I question your choice of removing sendmail
(unless you're replacing it with something like exim or postfix)
because most servers need to send mail, even if it's just to alert you
when a cron job has barfed.

personally I disable, or don't install SE Linux, Network Manager (with
extreme prejudice), and anything to do with wireless/bluetooth, and X
on every single server. 

From there it depends on what the server is doing.

We've got a Kickstart server and boot off USB sticks and CDs that
allow us to pick generic build types off a menu (eg; web server, smtp
server, mail storage server, etc). The kickstart config just pulls down
the packages we want, a few scripts get run doing various things like
updating all packages, setting up our distributed config system,
installing custom packages, and so on. 

However, I don't see the usefulness in seeing what other people
disable. Everybody has different networks, different requirements, and
does different things on their boxes. What you should be doing is
looking at *your* servers and itemising what they do. Then remove all
packages that are not needed to provide those services.

-- 
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] help on kerberos5

[Rob Townley]

On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu
 wrote:
> On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
>> my domain name is===> baladia.local
>> Windows 2003 AD server computer name is> kmun
>>
>> my /etc/krb5.conf file is
>>
>> 
>> [logging]
>>  default = FILE:/var/log/krb5libs.log
>>  kdc = FILE:/var/log/krb5kdc.log
>>  admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>>  ticket_lifetime=24000
>>  default_realm=BALADIA.LOCAL
>>  dns_lookup_realm = false
>>  dns_lookup_kdc = false
>>
>> [realms]
>>  BALADIA.LOCAL={
>>   kdc=172.16.2.227:88
>> #  admin_server=kmun.baladia.local:749
>>   default_domain=BALADIA.LOCAL
>>   kdc=BALADIA.LOCAL
>>  }
>
> You only need one kdc here.  Choose one, comment/delete the other.
>
>> [domain_realm]
>> .baladia.local=BALADIA.LOCAL
>> baladia.local=BALADIA.LOCAL
>>
>> kerberos  88/udp   kdc  # Kerberos key server
>> kerberos  88/tcp   kdc  # Kerberos key server
>
> What are these "kerberos" lines for? Why have you put them here? They
> don't belong - comment/delete them.
>
>
>> [kdc]
>>   profile = /var/kerberos/krb5kdc/kdc.conf
>>
>> [appdefaults]
>>  pam = {
>>    debug = false
>>    ticket_lifetime = 36000
>>    renew_lifetime = 36000
>>    forwardable = true
>>    krb4_convert = false
>>  }
>
> kinit should work after making the changes above.
>
> Regards,
>
> Ranbir
>
> --
> Kanwar Ranbir Sandhu
> Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux
> 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

it would be so much easier if all configuration files were written in
XML and by default would have an enforcing document type definition.
Self commenting, would make sure syntax is correct, and further could
ensure "grammar" is correct for the desired configuration.  Namespaces
can make XML less verbose;.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Looking for a list of default services to disable in centos 5

[Martin Suehowicz]

My question was targeted at minimal install that I could start with bare
bones. Just what you need to run the os. I would use it to build the
rest of my kickstarts with adding the needed services for webservers,
databases, etc. I see the usefulness it for example You can pretty much
say that everyone with a server build does not need Bluetooth and that
most people are going to want syslog running. Thanks for the input! I do
see your point about looking at my servers. 
Martin

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Spiro Harvey
Sent: Wednesday, March 25, 2009 1:40 PM
To: centos@centos.org
Subject: Re: [CentOS] Looking for a list of default services to disable
in centos 5

> I am looking for a list of services that you disable by default on 
> your server.

what kind of server? smtp server? pop/imap server? proxy server? web
server? ftp server? logging server? voip gateway? firewall? rpm build
box? swipe card reader server? development/source repo server? LDAP,
NFS? 

or are you looking for a set of things that we disable by default on all
servers? At which point I question your choice of removing sendmail
(unless you're replacing it with something like exim or postfix) because
most servers need to send mail, even if it's just to alert you when a
cron job has barfed.

personally I disable, or don't install SE Linux, Network Manager (with
extreme prejudice), and anything to do with wireless/bluetooth, and X on
every single server. 

>From there it depends on what the server is doing.

We've got a Kickstart server and boot off USB sticks and CDs that allow
us to pick generic build types off a menu (eg; web server, smtp server,
mail storage server, etc). The kickstart config just pulls down the
packages we want, a few scripts get run doing various things like
updating all packages, setting up our distributed config system,
installing custom packages, and so on. 

However, I don't see the usefulness in seeing what other people disable.
Everybody has different networks, different requirements, and does
different things on their boxes. What you should be doing is looking at
*your* servers and itemising what they do. Then remove all packages that
are not needed to provide those services.

-- 
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Looking for a list of default services to disable in centos 5

[Robert Heller]

At Thu, 26 Mar 2009 09:39:55 +1300 CentOS mailing list  
wrote:

> 
> 
> 
> > I am looking for a list of services that you disable by default on
> > your server. 
> 
> what kind of server? smtp server? pop/imap server? proxy server? web
> server? ftp server? logging server? voip gateway? firewall? rpm build
> box? swipe card reader server? development/source repo server? LDAP,
> NFS? 
> 
> or are you looking for a set of things that we disable by default on
> all servers? At which point I question your choice of removing sendmail
> (unless you're replacing it with something like exim or postfix)
> because most servers need to send mail, even if it's just to alert you
> when a cron job has barfed.

There are two options here: whether the service(s) are listening only
on 127.0.0.1 (internal IP loopback) or on both 127.0.0.1 AND eth? IP
address (external IP access).  I *suspect* the OP is talking about this
rather than not installing and/or starting various deamons.  Of cource,
some services make no sense listening only on 127.0.0.1 (eg FTP or
SSH), but many do (SMTP, DB backend, CUPS, etc.) and in some cases you
really need them running, even if they are only listening on 127.0.0.1
(some sort of SMTP server for example if not sendmail, then something
else).

> 
> personally I disable, or don't install SE Linux, Network Manager (with
> extreme prejudice), and anything to do with wireless/bluetooth, and X
> on every single server. 
> 
> >From there it depends on what the server is doing.
> 
> We've got a Kickstart server and boot off USB sticks and CDs that
> allow us to pick generic build types off a menu (eg; web server, smtp
> server, mail storage server, etc). The kickstart config just pulls down
> the packages we want, a few scripts get run doing various things like
> updating all packages, setting up our distributed config system,
> installing custom packages, and so on. 
> 
> However, I don't see the usefulness in seeing what other people
> disable. Everybody has different networks, different requirements, and
> does different things on their boxes. What you should be doing is
> looking at *your* servers and itemising what they do. Then remove all
> packages that are not needed to provide those services.

Or in some cases making sure they are only listening on the local
loopback device and NOT the external network device(s).  Or if they are
listening on some external network device(s), only on the ones they
should be listening on (i.e. if your server is a router for a NAT or
something like that).

> 

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Monitoring IP masquerading on LVS load-balancing

[David Dyer-Bennet]

I've got small numbers of connections moving through a load balancer
configured in NAT mode.  So I've got an iptables table called "nat", which
has in it a line "-A POSTROUTING -o eth0 -j MASQUERADE" (lan connect is
eth0, private lan inside the cluster is eth1).

The load balancer is working; connections made to the virtual ip on that
host do get routed to one of the real servers behind this load load
balancer.

But I want to observe the connections on the load balancer.

My first attempt was to use netstat with the --masquerade switch.  This
produced the result "netstat: no support for `ip_masquerade' on this
system."  Consistent with this, there is no /proc/net/ip_masquerade.

On the other hand, the load balancer *IS* working; those connections *are*
getting NATted and routed.

Also, lsmod shows varous relevant modules loaded:
iptable_nat40773  1
ip_nat 53101  2 ipt_MASQUERADE,iptable_nat
ip_conntrack   91237  5
xt_state,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat
nfnetlink  40457  2 ip_nat,ip_conntrack
ip_tables  55329  2 iptable_filter,iptable_nat
x_tables   50377  7
xt_state,ipt_REJECT,xt_tcpudp,ipt_MASQUERADE,xt_multiport,iptable_nat,ip_tables

So, netstat just isn't somehow the right monitoring tool, right?  So what
is the right monitoring tool?  I need to know the source IP and
real-server IP of connections being handled by the load balancer.  I don't
need a lot showing exactly how each one was handled, but I'd like to be
able to determine the state of any connection currently active.  How can I
do this?





-- 
David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ISPConfig & local administration

[Sam Drinkard]

Hi list,

I recently installed a package for Centos5.2 called ISPConfig.  This 
was recommended by a buddy of mine who hosts a number of websites for 
various clients.  Although I don't host any websites except my own, 
there were some features in the package that I did like the looks of.  
Well, today, I needed to add a new user and group, so while the machine 
was sitting here, I attempted to use the gui to adduser.  For some 
reason, the process hung and never did come up.  I called my buddy about 
that and he told me we ran through that same scenario with his machine 
some time back, but I had forgotten about it.  The processes were shown 
in a ps ax as being ready to run, but again, nothing appeared on the 
monitor.  I suspect the ispconfig somehow disables some of, if not all 
the built in adminstrative functions of the Centos gui, but hoped 
someone could prove / disprove this fact.  It's rather irritating to go 
thru a manual user creation for me, as cli is not my strong point under 
Centos.   I wound up using webmin to create the user and set the group 
for the gempak user, and then manually edited the list of allowed users 
in the gempak group.

One thing of note, and not sure it even matters, but I got some 
messages like this... "Resolved address 
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only 
configuration source at position 0.  Then, it wrote out the same thing 
for position 1 and position 2, with then a warning that python-dbus not 
installed.  I do know there apparently is a difference in python-dbus 
and dbus-python. 

Thanks for any input..

Sam

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

[Luke S Crawford]

Les Mikesell  writes:
> If you get a service contract on any piece of Cisco equipment, you 
> typically get download access to all of the firmware updates.  

Yeah, but the problem for me is that for my frontend network, 100M is just
fine.  A used cisco 3548 is going to set me back around $200.  For my frontend,
it looks like a fine switch (my only question is... will it handle IPv6?   
it does vlan tunneling so worst case I use a linux box to route my IPv6.)  
Getting access to firmware updates is 5x that, every year.

I've had an ancient cat 2924 at a backup location online for several years
now.  No problems, it pushes packets at 100M just fine, it's span capabilities
even work.  I've gotten lucky as far as security goes.  But it doesn't really
make sense to replace it with a better switch.  the upstream switch 
above it is a SMC of similar age.  

> in a lot of scenarios there are several choices, each with a different 
> set of bugs that you won't know about unless you open a TAC case and 
> tell an engineer exactly what features have to work for you.

Yeah, but at the used prices for 100M kit, I can buy two or three, and test
it out to my heart's content.   I mean, my experience with support
(working for clients who can afford such things)  is that you have to 
understand the problem to get someone else to fix it anyhow, and usually 
understanding the problem is the hard part.  Once you understand the problem,
fixing it is trivial.  So I don't usually think it makes sense to pay for
support, especially when the equipment cost is such that I have a few spares
laying about in the lab.  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

[nate]

Luke S Crawford wrote:
> Les Mikesell  writes:
>> If you get a service contract on any piece of Cisco equipment, you
>> typically get download access to all of the firmware updates.
>
> Yeah, but the problem for me is that for my frontend network, 100M is just
> fine.  A used cisco 3548 is going to set me back around $200.  For my
> frontend,
> it looks like a fine switch (my only question is... will it handle IPv6?
> it does vlan tunneling so worst case I use a linux box to route my IPv6.)
> Getting access to firmware updates is 5x that, every year.

I suspect if you keep the switch in layer 2 mode IPv6 will work
just fine, but I wouldn't expect IPv6 layer 3 support from the
switch(so don't expect it to be able to act as a router for your
IPv6 network, and you may need a separate IPv4 network to manage
the switch over IP)

It might work but I wouldn't expect it to.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Monitoring IP masquerading on LVS load-balancing

[nate]

David Dyer-Bennet wrote:
>
> So, netstat just isn't somehow the right monitoring tool, right?  So what
> is the right monitoring tool?  I need to know the source IP and

Shot in the dark since I've never used LVS but perhaps /proc/net/ip_conntrack

If that is right then there is a program called netstat-nat that
is out there, not sure if there is a ready-made package for CentOS
or if it's included by default but here is the debian version(source
code on the right)

http://packages.debian.org/lenny/netstat-nat

I statically compiled it for a ipcop firewall recently and it worked
pretty well.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Looking for a list of default services to disable in centos 5

[nate]

Martin Suehowicz wrote:
> I am looking for a list of services that you disable by default on your
> server.

For the packages I install on my systems this is what I disable
by default on CentOS 5.2 in kickstart -

cat 

[CentOS] live audio feed via telephone link

[Frank Cox]

I'm looking into costs and feasibility of moving a live feed from a FM radio
station from the station to a point that's past the usable range of their radio
signal. It's a rural location and Internet service is not available at the
station.  If the destination was closer or their transmitter was more powerful,
I could avoid this step and just plug in a radio, but

My best idea so far is to rent a dedicated phone line from the station to the
point where we need the feed, then get some kind of on-the-fly audio compressor
to hook up to the main board in the station, push it out over the phone line,
then decompress it at the destination.

I'm pretty sure there is dedicated hardware to do the compression/decompression
(whatever they use to do those "radio remotes" from Sally's Sofa Sales without
sounding like they are broadcasting from the bottom of a rain barrel) and I'm
currently looking into that angle too, but I'm wondering if it would be
cheaper/easier/better to have something running on Linux at both ends of the
connection to handle the audio compression/decompression.  Especially since I'm
planning to run a Centos server at the destination end for other aspects of
this project if we proceed with it.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Monitoring IP masquerading on LVS load-balancing

[Barry Brimer]

Quoting David Dyer-Bennet :

> I've got small numbers of connections moving through a load balancer
> configured in NAT mode.  So I've got an iptables table called "nat", which
> has in it a line "-A POSTROUTING -o eth0 -j MASQUERADE" (lan connect is
> eth0, private lan inside the cluster is eth1).
>
> The load balancer is working; connections made to the virtual ip on that
> host do get routed to one of the real servers behind this load load
> balancer.
>
> But I want to observe the connections on the load balancer.
>
> My first attempt was to use netstat with the --masquerade switch.  This
> produced the result "netstat: no support for `ip_masquerade' on this
> system."  Consistent with this, there is no /proc/net/ip_masquerade.
>
> On the other hand, the load balancer *IS* working; those connections *are*
> getting NATted and routed.
>
> Also, lsmod shows varous relevant modules loaded:
> iptable_nat40773  1
> ip_nat 53101  2 ipt_MASQUERADE,iptable_nat
> ip_conntrack   91237  5
> xt_state,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat
> nfnetlink  40457  2 ip_nat,ip_conntrack
> ip_tables  55329  2 iptable_filter,iptable_nat
> x_tables   50377  7
>
xt_state,ipt_REJECT,xt_tcpudp,ipt_MASQUERADE,xt_multiport,iptable_nat,ip_tables
>
> So, netstat just isn't somehow the right monitoring tool, right?  So what
> is the right monitoring tool?  I need to know the source IP and
> real-server IP of connections being handled by the load balancer.  I don't
> need a lot showing exactly how each one was handled, but I'd like to be
> able to determine the state of any connection currently active.  How can I
> do this?

ipvsadm -L -c -n should do the trick.  Also, you shouldn't need that MASQ rule
unless you need to MASQ traffic originating from inside your private network. 
LVS handles all LVS related NATing.

Be careful .. you must use the lower case 'c' in this command as the uppercase
'C' will CLEAR your ipvs table and break things.

Hope this helps.

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Network switches

[Les Mikesell]

Luke S Crawford wrote:
> 
>> in a lot of scenarios there are several choices, each with a different 
>> set of bugs that you won't know about unless you open a TAC case and 
>> tell an engineer exactly what features have to work for you.
> 
> Yeah, but at the used prices for 100M kit, I can buy two or three, and test
> it out to my heart's content.   I mean, my experience with support
> (working for clients who can afford such things)  is that you have to 
> understand the problem to get someone else to fix it anyhow, and usually 
> understanding the problem is the hard part.  Once you understand the problem,
> fixing it is trivial. 

"Fixing it" isn't trivial when the problem is knowing which of several 
IOS images have exactly the features you need and no bugs that will 
affect what you are trying to do.

 > So I don't usually think it makes sense to pay for
> support, especially when the equipment cost is such that I have a few spares
> laying about in the lab.  

I'm inclined to agree with switches as long as yours are new enough to 
be past the auto-negotiation bugs.  But it's more complicated with 
routers if you do anything unusual with multicast, vlans, tunnels, 
multiple routing protocols, etc.  And service on anything normally gets 
you access to download any update image.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting ready for CentOS 5.4

[Ross Walker]

On Mar 25, 2009, at 10:18 AM, Lanny Marcus   
wrote:

> 2009/3/25 Ralph Angenendt :
>> Ross Walker wrote:
>>> How about forming a formal non-profit organization around CentOS  
>>> with
>>> contributors.
>>
>> The question is "where". What counts as a non-profit in the US  
>> doesn't
>> automatically count as one in Europe, for example - that's why  
>> there is
>> a Fedora EMEA, too. Which really binds ressources - and the Fedora
>> community is large. Yes, one could to talk to them to see how they  
>> did
>> it, I know the people on their board.
>>
>>> If a movement like CentOS is going to survive it's going to have to
>>> grow and the only way it can grow is by solicitating donations then
>>> depending on the offered ones it recieves now.
>>
>> Do I smell a special interest group
>>  here?
>
> Or another mailing list or IRC channel? If Ross is correct, and I hope
> he is correct,  that Google, Amazon, large ISPs, etc.,  would donate
> $, wow. If they are using CentOS and they only contributed USD$1 for
> each server, imagine how much $ that would be for the CentOS project.
> :-)   Obviously, more than one dollar per server is the goal.

You would be surprised at how many vendors are using CentOS right now  
for large commercial endeavors and even commercial software packages  
(Citrix Xen).

There is a phenominal need for an enterprise OS with long term  
support, but void of messy licensing and royalty fees striped of all  
intellectual property, and if these companies are using CentOS to  
fulfill that need then they have a vested interest to make sure it  
succeeds now and for the foreseeable future.

To this end it would cetainly not be rude to ask these companies for  
appropriately sized donations to make sure CentOS keeps going strong,  
completely voluntary of course, anonymously if preferred, otherwise  
they can be prominantly listed as a valued supporter.

Just before any of that happens some ground work, as Ralph pointed  
out, needs to be established.

I think CentOS should be registered as a non-profit both in America/ 
Canada and in the European Union.

Call it CentOS.org NA and CentOS.org EU.

Maybe there is an attorney on the list that would like to donate some  
pro-bono work in putting together applications for each in return for  
a tax write-off (applicable when filing for 2009 of course!).

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS won't shutdown ... or do anything else

[hadrian]

I started to have problems similar to ones described in the past on 
this list but could not find any kind of resolution. I did an 
lsmod, a mount command, and for fun, did an strace on shutdown to 
see where it is hanging, and an ltrace as well.

Any thoughts?

Module  Size  Used by
parport_pc 28033  0
lp 15661  0
parport38153  2 parport_pc,lp
autofs426053  0
i2c_dev14529  0
i2c_core   26305  1 i2c_dev
sg 38369  0
sunrpc144805  1
crc32c  5953  8
libcrc32c   6721  1 crc32c
iscsi_sfnet85073  38
scsi_transport_iscsi12737  1 iscsi_sfnet
dm_multipath   23625  0
emcpdm 39652  0
emcpgpx20260  1 emcpdm
emcpmpx   158136  48
emcp 1046804  3 emcpdm,emcpgpx,emcpmpx
emcplib 6656  1 emcp
button 10705  0
battery12997  0
ac  8901  0
md5 8129  1
ipv6  243809  32
joydev 14465  0
uhci_hcd   33241  0
ehci_hcd   33353  0
i5000_edac 13121  0
edac_mc29705  1 i5000_edac
bnx2  141661  0
qla2300   130113  0
mptscsih5569  0
ata_piix   19781  0
libata106013  1 ata_piix
dm_snapshot21221  0
dm_zero 6337  0
dm_mirror  32453  0
ext3  119753  6
jbd59865  1 ext3
dm_mod 66921  11 
dm_multipath,dm_snapshot,dm_zero,dm_mirror
qla2322   141377  0
qla2400   234945  0
qla2xxx   175333  15 qla2300,qla2322,qla2400
scsi_transport_fc  12353  1 qla2xxx
megaraid_sas   38001  4
mptsas 26069  1 mptscsih
mptfc  12997  0
mptspi 14417  1 mptscsih
mptscsi44241  3 mptsas,mptfc,mptspi
mptbase67873  4 mptsas,mptfc,mptspi,mptscsi
sd_mod 20545  53
scsi_mod  120653  12 
sg,iscsi_sfnet,emcp,libata,qla2xxx,scsi_transport_fc,megaraid_sas,mp
tsas,mptfc,mptspi,mptscsi,sd_mod

/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
none on /proc type proc (rw)
none on /sys type sysfs (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sda2 on /boot type ext3 (rw)
none on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/emcpowerd on /EMC/SATA/AX4-5i/LUN0 type ext3 
(rw,_netdev,noatime)
/EMC/SATA/AX4-5i/LUN0/path/var/spool/postfix on /var/spool/postfix 
type ext3 (rw,bind,_netdev,noatime)
/dev/emcpowerk on /EMC/SATA/AX4-5i/LUN4 type ext3 
(rw,_netdev,noatime)
/EMC/SATA/AX4-5i/LUN4 on  type ext3 (rw,bind,_netdev,noatime)
/dev/emcpowerg on /EMC/SATA/AX4-5i/LUN5 type ext3 
(rw,_netdev,noatime)
/dev/emcpowerj on /EMC/SATA/AX4-5i/LUN6 type ext3 
(rw,_netdev,noatime)


execve("/sbin/shutdown", ["shutdown", "-r", "now"], [/* 29 vars 
*/]) = 0
uname({sys="Linux", node="host.dom", ...}) = 0
brk(0)  = 0x903
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file 
or directory)
open("/etc/ld.so.cache", O_RDONLY)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=102323, ...}) = 0
old_mmap(NULL, 102323, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4a000
close(3)= 0
open("/lib/tls/libc.so.6", O_RDONLY)= 3
read(3, 
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\336"..., 512) 
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1525004, ...}) = 0
old_mmap(0x3d9000, 1223900, PROT_READ|PROT_EXEC, 
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3d9000
old_mmap(0x4fe000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0x4fe000
old_mmap(0x502000, 7388, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x502000
close(3)= 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f49000
mprotect(0x4fe000, 8192, PROT_READ) = 0
mprotect(0x3d, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f49aa0, 
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, 
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f4a000, 102323)  = 0
getuid32()  = 0
geteuid32() = 0
setuid32(0) = 0
getuid32()  = 0
brk(0)  = 0x903
brk(0x9051000)  = 0x9051000
open("/var/run/shutdown.pid", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=6, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -
1, 0) = 0xb7f62000
read(3, "

Re: [CentOS] Getting ready for CentOS 5.4

[griz_quattro]

Ross Walker wrote:
> 
>  
> 
> To this end it would cetainly not be rude to ask these companies for  
> appropriately sized donations to make sure CentOS keeps going strong,  
> completely voluntary of course, anonymously if preferred, otherwise  
> they can be prominantly listed as a valued supporter.
> 
> 
> -Ross

The companies that should donate are those that _want_ to.
Funny how donations work.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Les Mikesell]

Frank Cox wrote:
> I'm looking into costs and feasibility of moving a live feed from a FM radio
> station from the station to a point that's past the usable range of their 
> radio
> signal. It's a rural location and Internet service is not available at the
> station.  If the destination was closer or their transmitter was more 
> powerful,
> I could avoid this step and just plug in a radio, but
> 
> My best idea so far is to rent a dedicated phone line from the station to the
> point where we need the feed, then get some kind of on-the-fly audio 
> compressor
> to hook up to the main board in the station, push it out over the phone line,
> then decompress it at the destination.
> 
> I'm pretty sure there is dedicated hardware to do the 
> compression/decompression
> (whatever they use to do those "radio remotes" from Sally's Sofa Sales without
> sounding like they are broadcasting from the bottom of a rain barrel) and I'm
> currently looking into that angle too, but I'm wondering if it would be
> cheaper/easier/better to have something running on Linux at both ends of the
> connection to handle the audio compression/decompression.  Especially since 
> I'm
> planning to run a Centos server at the destination end for other aspects of
> this project if we proceed with it.

Can't you find a place that has both radio reception and internet 
service to park something like shoutcast?  Or if you want canned 
hardware, I think slingbox has an audio-only mode - but maybe that's 
only in the windows/mac software players.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Frank Cox]

On Wed, 25 Mar 2009 18:15:22 -0500
Les Mikesell wrote:

> Can't you find a place that has both radio reception and internet 
> service to park something like shoutcast?

The immediate objective is to get the signal to somewhere that has (reliable)
Internet access.  The ultimate objective is to stream it online, but we have to
get the signal out to where we can do that first.  And the closest place that
has good service is out-of-range of the signal during the day.  (It sounds fine
after dark and when the weather is "just so" but that's not much help with a
24-hour stream.)

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Scott Silva]

on 3-25-2009 4:21 PM Frank Cox spake the following:
> On Wed, 25 Mar 2009 18:15:22 -0500
> Les Mikesell wrote:
> 
>> Can't you find a place that has both radio reception and internet 
>> service to park something like shoutcast?
> 
> The immediate objective is to get the signal to somewhere that has (reliable)
> Internet access.  The ultimate objective is to stream it online, but we have 
> to
> get the signal out to where we can do that first.  And the closest place that
> has good service is out-of-range of the signal during the day.  (It sounds 
> fine
> after dark and when the weather is "just so" but that's not much help with a
> 24-hour stream.)
> 
If the radi station has phone lines, they should be able to get something like
a T1 or fractional part. Much more reliable and more bandwidth. Or look into a
microwave or satellite link. I don't think you will be able to compress a
radio signal enough to fit over a dial line without a lot of loss. You would
need several lines multiplexed together for a decent sounding broadcast.

There are many point to point links that will cover 40 miles (65 km).
I don't know how far you have to go.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting ready for CentOS 5.4

[Ross Walker]

On Mar 25, 2009, at 8:13 PM, griz_quattro   
wrote:

> Ross Walker wrote:
>>
>> 
>>
>> To this end it would cetainly not be rude to ask these companies for
>> appropriately sized donations to make sure CentOS keeps going strong,
>> completely voluntary of course, anonymously if preferred, otherwise
>> they can be prominantly listed as a valued supporter.
>>
>>
>> -Ross
>
> The companies that should donate are those that _want_ to.
> Funny how donations work.

People want to donate to organizations that help kids with MD, but  
that doesn't stop Jerry Lewis from holding telefons.

People need to be reminded that these services are only available  
through their kind contributions.

Also some organizations need an actual governing body to donate to, an  
organization that is recognized as a non-profit institution by the  
local government so they can get a tax deduction.

I am not talking about knocking on each user's door with a hand out,  
but a few large contributors can really help shape the long-term  
prospectus of a non-profit organization.

Look how organizations such as Fedora or Wikipedia get their funding.

-Ross

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Frank Cox]

On Wed, 25 Mar 2009 16:32:07 -0700
Scott Silva wrote:

> If the radi station has phone lines, they should be able to get something like
> a T1 or fractional part. Much more reliable and more bandwidth.

I don't think it's available there.  Even the next-nearest town has only
dial-up Internet.  The nearest location that has real dedicated Internet
service available at all is the location that I'm looking to move the signal out
to.

 > Or look into a  microwave or satellite link. 

As always, cost is THE factor.  I have no idea how much a 24-hour satellite
link would cost but I suspect it might be more than a phone line.  Based on my
(very limited) experience with tv satellite dishes around here, they don't seem
to perform very well when it's -50 degrees outside and blowing snow.  Some
years back I had to go out and try to beat ice off of a dish a few times in
those conditions and didn't really enjoy it all that much.

> I don't think you will be able to compress a
> radio signal enough to fit over a dial line without a lot of loss. You would
> need several lines multiplexed together for a decent sounding broadcast.

Well, that's what I'm looking into.  I remember listening to streaming audio
over a 14.4 modem way-back-when which wasn't great quality but modems have
gotten a lot faster than that since, too.  I don't know enough about it (yet)
to be aware of exactly what can be accomplished.

> There are many point to point links that will cover 40 miles (65 km).
> I don't know how far you have to go.

That's another thought.  The station's antenna is on top of a hill but for
protection from the elements and whatnot, the studio is down in a
valley (i.e. a hole). They currently use a microwave link to send the signal up
the hill from the studio, so I'm not sure how feasible that would be to get a
point-to-point solution going, but it's worth looking into. Do you have any
recommendations for hardware that might work?  I just checked, and Google Maps
tells me that the distance is 52.3km.

I've been talking to the station manager for quite a while about doing
something to get their signal online, but the stumbling block has always been
how to get the signal out where you can get an Internet connection.  I just had
this dedicated phone line idea last week; if it (or something else) will work,
then I'll be able to provide him with a set of costs that he can take to
his board of directors, and we'll see what happens after that.  The phone
company is working on a proposal for me so I'm now trying to get the rest of it
figured out.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[John R Pierce]

Frank Cox wrote:
> I'm looking into costs and feasibility of moving a live feed from a FM radio
> station from the station to a point that's past the usable range of their 
> radio
> signal. It's a rural location and Internet service is not available at the
> station.  If the destination was closer or their transmitter was more 
> powerful,
> I could avoid this step and just plug in a radio, but
>   

FM quality radio remotes are usually done with ISDN lines and hardware 
encoder boxes like aTelos Zephyr..  otherwise, its juts a voice dialup 
line, analog lowfi voice.

http://www.zephyr.com/




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Frank Cox]

On Wed, 25 Mar 2009 17:14:13 -0700
John R Pierce wrote:

> FM quality radio remotes are usually done with ISDN lines and hardware 
> encoder boxes like aTelos Zephyr..  otherwise, its juts a voice dialup 
> line, analog lowfi voice.
> 
> http://www.zephyr.com/

Interesting.  I see that this one:

http://www.telos-systems.com/xport/default.htm

works with POTS.  I shall follow this up further.

Thanks!

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] live audio feed via telephone link

[Lanny Marcus]

2009/3/25 Scott Silva :
> on 3-25-2009 4:21 PM Frank Cox spake the following:
>> On Wed, 25 Mar 2009 18:15:22 -0500
>> Les Mikesell wrote:
>>> Can't you find a place that has both radio reception and internet
>>> service to park something like shoutcast?
>>
>> The immediate objective is to get the signal to somewhere that has (reliable)
>> Internet access.  The ultimate objective is to stream it online, but we have 
>> to
>> get the signal out to where we can do that first.  And the closest place that
>> has good service is out-of-range of the signal during the day.  (It sounds 
>> fine
>> after dark and when the weather is "just so" but that's not much help with a
>> 24-hour stream.)
>>
> If the radi station has phone lines, they should be able to get something like
> a T1 or fractional part. Much more reliable and more bandwidth. Or look into a
> microwave or satellite link. I don't think you will be able to compress a
> radio signal enough to fit over a dial line without a lot of loss. You would
> need several lines multiplexed together for a decent sounding broadcast.
>
> There are many point to point links that will cover 40 miles (65 km).
> I don't know how far you have to go.

The key problem is the lack of Internet access at the radio station.
If you can get that, then you can use
 (we listen to stations
in San Antonio, TX and Wasilla, AK) or another streaming service.
Excellent audio quality on our end!  Here's what they show for the
connectivity requirement:

"A Dedicated Internet Connection: Whether you use Cable, DSL, ADSL,
ISDN, T-1 or frame relay, you should also have a dedicated internet
connection and public routable IP to achieve the basic requirements
for streaming your radio station on the World Wide Web. We will be
pulling a primary and secondary stream so you will need a minimum of
double the dedicated available bandwidth for the quality of stream you
have selected. (Example: for a 32k stream, you will need at least 64k
of bandwidth)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Monitoring IP masquerading on LVS load-balancing

[David Dyer-Bennet]

Barry Brimer wrote:
> Quoting David Dyer-Bennet :
>
>   
>> But I want to observe the connections on the load balancer.
>> 
>
>
> ipvsadm -L -c -n should do the trick.  Also, you shouldn't need that MASQ rule
> unless you need to MASQ traffic originating from inside your private network. 
> LVS handles all LVS related NATing.
>   

Ah, yes, ipvsadm, had forgotten that, or I'm sure the man page would 
have given me the rest (downside of using web-based config, I don't 
learn the local tools as well).   I do need to MASQ traffic originating 
in the private network, the services running there have to connect out 
to get to the database, and since the default route on those boxes 
points to the load-balancer to make LVS work.
> Be careful .. you must use the lower case 'c' in this command as the uppercase
> 'C' will CLEAR your ipvs table and break things.
>   

That'd be exciting :-).

-- 
David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Help with GSM or CDMA hardware on CentOS and SMSTools question please

[Carel Lubbe]

Hi everyone,

I would realy appreciate your help and guidense with a problem I have.
Im trying to set up a SMS Gateway as a alert system for my network.
Although the Aircard is picked up as a usb device and has a driver in
the kernel, it does not have a /dev/XXX device name. So my question is
how do I create this /dev/XXX device and make it persistent.


I have installed CentOS as my base with smstools-3.0.10-4.el5.i386.rpm
as my application.

[r...@odie ~]# cat /etc/redhat-release
CentOS release 5.2 (Final)

[r...@odie ~]# uname -rvpi
2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 12:03:43 EST 2008 i686 i386

[r...@odie ~]# rpm -qa | grep smstools
smstools-3.0.10-4.el5

The config file for this software looks like this

[r...@odie ~]# cat /etc/smsd.conf
# Example smsd.conf. Read the manual for a description
#
#devices = (eg. GSM1)
#logfile = /var/log/smsd.log
#loglevel = 7
#
#[GSM1]
#device = /dev/ttyS0
#incoming = yes
#pin = 
#
devices = (eg. CDMA1 or GSM1)

   logfile = /var/log/smsd.log

   loglevel = 5

   [CDMA1]

   device = /dev/ttyUSB0 < How do I check this and what about
after a reboot ... can I force it to stay the same?

   incoming = yes

   baudrate = 115200

The hardware is a Compaq nc 8000 laptop (The laptop will be located in
my server room ...)
I have installed a Mobile broadband data PCMCIA card ==> Sierra
Wireless AirCard 580 from our local telecom provider

[r...@odie ~]# lspcmcia
Socket 0 Bridge:    [yenta_cardbus] (bus ID: :02:06.0)
Socket 1 Bridge:    [yenta_cardbus] (bus ID: :02:06.1)
  CardBus card -- see "lspci" for more information
Socket 2 Bridge:    [yenta_cardbus] (bus ID: :02:06.3)

[r...@odie ~]# lspci
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O
Controller (rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP
Controller (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 03)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 03)
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM
(ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 (rev 03)
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M)
USB2 EHCI Controller (rev 03)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 83)
00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface
Bridge (rev 03)
00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE
Controller (rev 03)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM
(ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 03)
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M)
AC'97 Modem Controller (rev 03)
01:00.0 VGA compatible controller: ATI Technologies Inc RV350
[Mobility Radeon 9600 M10]
02:06.0 CardBus bridge: O2 Micro, Inc. OZ711M3/MC3 4-in-1
MemoryCardBus Controller
02:06.1 CardBus bridge: O2 Micro, Inc. OZ711M3/MC3 4-in-1
MemoryCardBus Controller
02:06.2 System peripheral: O2 Micro, Inc. OZ711Mx 4-in-1 MemoryCardBus
Accelerator
02:06.3 CardBus bridge: O2 Micro, Inc. OZ711M3/MC3 4-in-1
MemoryCardBus Controller
02:0d.0 FireWire (IEEE 1394): Texas Instruments TSB43AB22/A
IEEE-1394a-2000 Controller (PHY/Link)
02:0e.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5705M_2
Gigabit Ethernet (rev 03)
05:00.0 USB Controller: Agere Systems USS-312 USB Controller (rev 10)

[r...@odie ~]# lsmod
Module  Size  Used by
airprime   12229  0
usbserial  33065  1 airprime

[r...@odie ~]# lsusb
Bus 002 Device 006: ID 1199:0112 Sierra Wireless, Inc. CDMA 1xEVDO PC
Card, AirCard 580
Bus 002 Device 001: ID :
Bus 001 Device 001: ID :
Bus 003 Device 001: ID :
Bus 004 Device 001: ID :
Bus 005 Device 001: ID :

Here is a list of all my /dev/ devices The aircard does not exist here

[r...@odie ~]# ls /dev/
adsp  disk   fd0u1040  fd0u830 initctl  MAKEDEV
parport2  ram14    root    tty1   tty21  tty33  tty45  tty57
ttyS2   usbdev2.6_ep00  vcs1   X0R
agpgart   dsp    fd0u1120  floppy  input    mapper
parport3  ram15    rtc tty10  tty22  tty34  tty46  tty58
ttyS3   usbdev2.6_ep05  vcs2   zero
audio dsp1   fd0u1440  floppy-fd0  kmsg md0
port  ram2 sequencer   tty11  tty23  tty35  tty47  tty59
ttyUSB0 usbdev2.6_ep0b  vcs3
audio1    dvd    fd0u1680  full    log  mem
ppp   ram3 sequencer2  tty12  tty24  tty36  tty48  tty6
ttyUSB1 usbdev2.6_ep81  vcs4
bus   dvd-hdb    fd0u1722  gpmctl  loop0    mixer
ptmx  ram4 shm tty13  tty25  tty37  tty49  tty60
ttyUSB2 usbdev2.6_ep82  vcs5
cdrom dvdrw  fd0u1743  hda loop1    mixer1
pts   ram5 snapshot    tty14  tty26  tty38  tty5   tty61
ttyUSB3 usbdev2.6_ep8a  vcs6
cdrom-hdb  

Re: [CentOS] live audio feed via telephone link

[JohnS]

On Wed, 2009-03-25 at 18:31 -0600, Frank Cox wrote:
> On Wed, 25 Mar 2009 17:14:13 -0700
> John R Pierce wrote:
> 
> > FM quality radio remotes are usually done with ISDN lines and hardware 
> > encoder boxes like aTelos Zephyr..  otherwise, its juts a voice dialup 
> > line, analog lowfi voice.
> > 
> > http://www.zephyr.com/
> 
> Interesting.  I see that this one:
> 
> http://www.telos-systems.com/xport/default.htm
> 
> works with POTS.  I shall follow this up further.


John is correct in what he said. Back in the day the FAA and the
Military Demodulated the RF Signal and sent it over a plain POTS line.
This is still to this day how FAA radar is run and transmited from
airport to the next tower. You may want to check out Times Microwave
Inc. for hardware.
The demodulator for the RF could be anything from a DSP IF Frontend to
Software based. But now now be warned and don't get all to happy,,,There
will be a delay in RF Tranmission

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos