[CentOS] Printer-Problems

[Timothy Kesten]

Hi Folks,

fresh CentOS 5.5 x86_64.
One USB-printer connected (HP Business Inkjet 1200)
Printing from localhost:631  (Testpage) works.
But no from any application.
>From OO only the message: printer-problem - no more.
Second printer is from far (Cupsd) in the network.
Works well.

But what's about the local printer?

Any hints?

Thx
Timothy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems

[Keith Roberts]

On Wed, 9 Feb 2011, Timothy Kesten wrote:

> To: centos@centos.org
> From: Timothy Kesten 
> Subject: [CentOS] Printer-Problems
> 
> Hi Folks,
>
> fresh CentOS 5.5 x86_64.
> One USB-printer connected (HP Business Inkjet 1200)
> Printing from localhost:631  (Testpage) works.
> But no from any application.
>> From OO only the message: printer-problem - no more.
> Second printer is from far (Cupsd) in the network.
> Works well.
>
> But what's about the local printer?
>
> Any hints?

Hi Timothy.

Which printer is set as default?

What types of apps are you tring to print from - JAVA?

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems

[Timothy Kesten]

Am Mittwoch, 9. Februar 2011, 10:45:05 schrieb Keith Roberts:

> Which printer is set as default?
The local USB-printer

> What types of apps are you tring to print from - JAVA?
Yes - java 

but also kmail - get error message:

client-error-not-authorized

Timothy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems - addendum

[Timothy Kesten]

The whole error message from kmail was:

A print error occured. error message received from system:

cupsdoprint -P 'HP_Business_Inkjet_1200' -j 'file:///' -H 'server:631' -U 
'admin' -o 'copies=1 multiple-document-handling=seperate_documents-collated-
copies orientation-request=3' '/tmp/kde-admin/kdeprint_QEMVFUIL': execution 
failed with message:

client-error-not-authorized

Timohty
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems

[Keith Roberts]

On Wed, 9 Feb 2011, Timothy Kesten wrote:

> To: CentOS mailing list 
> From: Timothy Kesten 
> Subject: Re: [CentOS] Printer-Problems
> 
> Am Mittwoch, 9. Februar 2011, 10:45:05 schrieb Keith Roberts:
>
>> Which printer is set as default?
> The local USB-printer
>
>> What types of apps are you tring to print from - JAVA?
> Yes - java
>
> but also kmail - get error message:
>
>   client-error-not-authorized

Take a look at system-config-printer. On xfce4 it's under 
Other->Printing .

What vendor and version of JAVA are you using?

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems - addendum

[Keith Roberts]

On Wed, 9 Feb 2011, Timothy Kesten wrote:

> To: CentOS mailing list 
> From: Timothy Kesten 
> Subject: Re: [CentOS] Printer-Problems - addendum
> 
> The whole error message from kmail was:
>
> A print error occured. error message received from system:
>
> cupsdoprint -P 'HP_Business_Inkjet_1200' -j 'file:///' -H 'server:631' -U
> 'admin' -o 'copies=1 multiple-document-handling=seperate_documents-collated-
> copies orientation-request=3' '/tmp/kde-admin/kdeprint_QEMVFUIL': execution
> failed with message:
>
> client-error-not-authorized

What desktop are you running - KDE?

Keith

-
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems - addendum

[Timothy Kesten]

Am Mittwoch, 9. Februar 2011, 11:27:04 schrieb Keith Roberts:
> What desktop are you running - KDE?

jepp - KDE

Timothy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems - steps forward

[Timothy Kesten]

My computer is "server-new"
I have a second computer in my network called "server".
There is cupsd running.

On "server-new" I have in /etc/cups/client.conf

a line

ServerName  server

So I can use the printer on "server".

Next  I have added the local printer.

But cupsdoprint use -H "server:631"  (see errormessage in my addendum).
If I delete ServerName server in /etc/cups/client.conf  the local printer 
works fine.
But I'd like to use both. Local printer on "server.-new" and the printer on 
"server".
How to configure cups/printers on "server-new" ?

Timothy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Printer-Problems - steps forward

[Timothy Kesten]

My computer is "server-new"
Here is the local printer
I have a second computer in my network called "server".
There is running cupsd and I can use this printer from "server-new"  
(/etc/cups/client.conf   -> ServerName server).

Added the local printer - doesn't work.

cupsdoprint use "server" as host  (see error-message in my addendum 

   H "server:631"). ...

Delete "ServerName server" in /etc/cups/client.conf and the local printer 
works.
But no access to the network-printer on "server".

I'd like to use both printer. On "server" and local on "server-new".
How to config cups?

Timothy
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ipsec with ipv4 and ipv6 not working

[Steve Clark]

On 02/08/2011 05:54 PM, Drew wrote:

I have posted to the ipsec-devel list and haven't gotten any responses. Also I
have spent 2 days googling with
no results about the above setup. Is it even possible to tunnel ipv4 packet thru
an ipv6 ipsec tunnel?
 

AFAIK, No.

IPv4&  IPv6 are different protocols so if you want to move IPv6
traffic over a IPv4 IPSEC tunnel you need to encapsulate the IPv6
payload within IPv4 packets. The reverse is also true of IPv4 over
IPv6.

This is why tunnel brokers like Freenet6&  Teredo exist, you can't
push IPv6 traffic out across an IPv4 only network without tunneling.


   

Hi Drew,

Thanks for taking the time to respond. I understand they are different. 
I want to
tunnel ipv4 in a ipv6 ipsec tunnel. Ipsec-tools lets me configure the 
tunnels and
establishes the SAs but packets get dropped on the receiving side. I am 
able to
create a 4in6 tunnel that ride inside a strict ipv6 ipsec tunnel so I 
have a work around.


I am mainly trying to see if anyone has gotten what I described in my 
initial post to work.


--
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] rsync permission denied , without changing apache user and group setting

[Agnello George]

Hi

i got two server webserver1 and webserver2  i want to rsync some data form
webserver1 to webserver2  using a user called syncuser

( syncuser is added to the group apache : adduser -G apache syncuser )

here is my command :

[root@web1 projects]# rsync -avzh /var/www/projects/beta-website1
syncuser@web2server:/var/www/projects
syncuser@web2server password:
building file list ... done
beta-website1
rsync: failed to set times on "/var/www/projects/beta-website1": Operation
not permitted (1)
beta-website1/index.html
rsync: mkstemp "/var/www/projects/beta-website1/.index.html.ZW9de8" failed:
Permission denied (13)
rsync: failed to set times on "/var/www/projects/beta-website1": Operation
not permitted (1)

sent 219 bytes  received 54 bytes  60.67 bytes/sec
total size is 57  speedup is 0.21
rsync error: some files could not be transferred (code 23) at main.c(892)
[sender=2.6.8]


on webserver2 my permission are as follows ( i dont not want to change the
permissions, i want user and group to be apache   )

[root@web6 projects]# ll
total 20
drwxr-xr-x  2 apache apache  4096 Feb  7 15:54 beta-website1


Can some one help me understand how to sync thses  files .



-- 
Regards
Agnello D'souza
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync permission denied , without changing apache user and group setting

[Johnny Hughes]

On 02/09/2011 05:53 AM, Agnello George wrote:
> 
> Hi
> 
> i got two server webserver1 and webserver2  i want to rsync some data
> form webserver1 to webserver2  using a user called syncuser
> 
> ( syncuser is added to the group apache : adduser -G apache syncuser )
> 
> here is my command :
> 
> [root@web1 projects]# rsync -avzh /var/www/projects/beta-website1
> syncuser@web2server:/var/www/projects
> syncuser@web2server password:
> building file list ... done
> beta-website1
> rsync: failed to set times on "/var/www/projects/beta-website1":
> Operation not permitted (1)
> beta-website1/index.html
> rsync: mkstemp "/var/www/projects/beta-website1/.index.html.ZW9de8"
> failed: Permission denied (13)
> rsync: failed to set times on "/var/www/projects/beta-website1":
> Operation not permitted (1)
> 
> sent 219 bytes  received 54 bytes  60.67 bytes/sec
> total size is 57  speedup is 0.21
> rsync error: some files could not be transferred (code 23) at
> main.c(892) [sender=2.6.8]
> 
> 
> on webserver2 my permission are as follows ( i dont not want to change
> the permissions, i want user and group to be apache   )
> 
> [root@web6 projects]# ll
> total 20
> drwxr-xr-x  2 apache apache  4096 Feb  7 15:54 beta-website1
>

The first issue is that the Group has only r-x permissions ... which
means the group has no write permissions.  If you give the group write
permissions (775 not 755) that might solve the problem.

> 
> Can some one help me understand how to sync thses  files .




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iSCSI disk preperation

[Ross Walker]

On Feb 8, 2011, at 4:28 PM, Jason Brown  
wrote:

> In our configuration, we are going to have our iSCSI targets and
> initiators all connected to the same layer 3 switch and isolate the
> iSCSI traffic on separate networks.  Would it be beneficial to also set
> up multipath for this as well?

Most definitely.

At the very least mpio would provide redundancy even if you don't plan on doing 
round-robin for scalability.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] VPN inside VPN?

[Fajar Priyanto]

Hi all,
Just wondering if VPN inside VPN is possible?
I've created PPTP VPN in the office.
Then from home, first I need to use company's official AT&T VPN.
Then after connected, I fire up the PPTP VPN client.
Got connected, but cannot ping the PPTP gateway, and half minute later
the PPTP got disconnected.
No obvious error message in the PPTP log.

Thank you.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables nat table rules

[Robert Spangler]

On Tuesday 08 February 2011 16:43, Carlos S wrote:

>  Thanks for the help.

You are welcome.

>  Robert, you pointed out the mistakes correctly. Not sure why I used
>  iptables-save command at first place...

Most likely because in ever other distro and web page that is the way to do 
it.  It's just RH that it is different.


-- 

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[nux]

Fajar Priyanto writes:

> Hi all,
> Just wondering if VPN inside VPN is possible?
> I've created PPTP VPN in the office.
> Then from home, first I need to use company's official AT&T VPN.
> Then after connected, I fire up the PPTP VPN client.
> Got connected, but cannot ping the PPTP gateway, and half minute later
> the PPTP got disconnected.
> No obvious error message in the PPTP log.

How is this related to centos?

--
Nux!
www.nux.ro

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] High Availability and Storage Cluster

[Denis Zaharov]

Dear mailing list members,

There was a branch about clusters, but I have a certain task.

There are two servers with CentOS 5.5 installed.
The servers are working with Zabbix (monitoring system for traffic, 
using a MySQL), wiki and RT (all are using Apache).
If one server will have became not available then necessary start these 
services on another server with replication of data.

Can I use the Red Hat Cluster Suite for it at CentOS?
Also I heard about Heartbeat and DRBD. Maybe it is what I need?

--
Kind regards,
Denis Zaharov
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Giles Coochey]

On 09/02/2011 15:46, n...@nux.ro wrote:

Fajar Priyanto writes:


Hi all,
Just wondering if VPN inside VPN is possible?
I've created PPTP VPN in the office.
Then from home, first I need to use company's official AT&T VPN.
Then after connected, I fire up the PPTP VPN client.
Got connected, but cannot ping the PPTP gateway, and half minute later
the PPTP got disconnected.
No obvious error message in the PPTP log.

How is this related to centos?

quite but at first glance this looks like a MTU problem.

--
Best Regards,

Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey





smime.p7s
Description: S/MIME Cryptographic Signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] High Availability and Storage Cluster

[Johnny Hughes]

On 02/09/2011 07:50 AM, Denis Zaharov wrote:
> Dear mailing list members,
> 
> There was a branch about clusters, but I have a certain task.
> 
> There are two servers with CentOS 5.5 installed.
> The servers are working with Zabbix (monitoring system for traffic, 
> using a MySQL), wiki and RT (all are using Apache).
> If one server will have became not available then necessary start these 
> services on another server with replication of data.
> 
> Can I use the Red Hat Cluster Suite for it at CentOS?
> Also I heard about Heartbeat and DRBD. Maybe it is what I need?

If I was going to do this, I would use DRBD and Heartbeat



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] High Availability and Storage Cluster

[m . roth]

Denis Zaharov wrote:
> Dear mailing list members,
>
> There was a branch about clusters, but I have a certain task.
>
> There are two servers with CentOS 5.5 installed.
> The servers are working with Zabbix (monitoring system for traffic,
> using a MySQL), wiki and RT (all are using Apache).
> If one server will have became not available then necessary start these
> services on another server with replication of data.
>
> Can I use the Red Hat Cluster Suite for it at CentOS?
> Also I heard about Heartbeat and DRBD. Maybe it is what I need?

I've not worked with the RH Cluster Suite, but I think it, or heartbeat,
is what you want. By the way, what you're describing is called h/a (high
availability) failover (knowing the right terms will help your googling),
and that's exactly what it's for.

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mount the wrong device after system recovery

[Xinhuan Zheng]

The mkinitrd command worked out. Thanks a lot for your help. :)

- xinhuan

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of Robert Heller
Sent: Tuesday, February 08, 2011 4:47 PM
To: CentOS mailing list
Cc: CentOS mailing list
Subject: Re: [CentOS] mount the wrong device after system recovery

At Tue, 8 Feb 2011 16:31:32 -0500 CentOS mailing list
 wrote:

> 
> My grub.conf is pointing to sdb1 for /. I've corrected to use
> /dev/vg0/lv1. But after rebooting, I am getting the same error. I
guess
> I need to rebuild initrd.img file. How do I rebuild that file?

The best way to do it *right* is to boot with a rescue system (such as
the installer CD/DVD).  You need to make sure it properly mounts the
necessary file systems, specificly /dev/vg0/lv1 as /sysroot, whatever
you are using for /boot to /sysroot/boot (/boot can't be in the LVM
volume group -- grub cannot deal with that!), then make sute /proc,
/sys, and /dev are mount --bind'd to /sysroot/proc, /sysroot/sys, and
/sysroot/dev.  Then you will chroot to /sysroot and issue a command
like:

mkinitrd -f /boot/initrd-2.6.18-194.32.1.el5.img 2.6.18-194.32.1.el5

(replace '2.6.18-194.32.1.el5' with the proper kernel version you will
be booting from -- 2.6.18-194.32.1.el5 is the latest CentOS 5.5 kernel).

exit and reboot.

> 
> Thanks,
> 
> - xinhuan
> 
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of Robert Heller
> Sent: Tuesday, February 08, 2011 2:59 PM
> To: CentOS mailing list
> Cc: CentOS mailing list
> Subject: Re: [CentOS] mount the wrong device after system recovery
> 
> At Tue, 8 Feb 2011 13:51:32 -0500 CentOS mailing list
>  wrote:
> 
> > 
> > Content-Class: urn:content-classes:message
> > 
> > 
> > Hi,
> > 
> >  
> > 
> > I am recovering a CentOS 5.4 system. I've copied all partitions into
> the
> > recovery system. I've installed grub boot loader. However, the
> original
> > system is using /dev/sdb1 for root (/), while the recovery system is
> > using LVM (/dev/vg0/lv1) for root (/). When recovery system boots, I
> got
> > the panic error:
> > 
> >  
> > 
> > * Mounting /dev/sdb1 on /sysroot
> > 
> > * Mount: mounting /dev/sdb1 on /sysroot failed: No such file
> or
> > directory
> > 
> > * Mount: mounting /dev on /sysroot/dev failed: No such file
or
> > directory
> > 
> > * * switching / to /sysroot
> > 
> > * Switch_root: bad newroot /sysroot
> > 
> > * Kernel panic - not syncing: Attempted to kill init!
> > 
> >  
> > 
> > I've changed the recovery system fstab to use the correct devices. I
> > deleted recovery system etc/lvm/cache/.cache file. But it still
> doesn't
> > work. What am I missing?
> 
> You need to rebuild the initrd and make sure the grub.conf file is
> up-to-date (has the right thing for the root parameter).
> 
> > 
> >  
> > 
> > Thanks,
> > 
> >  
> > 
> > -  xinhuan
> > 
> > MIME-Version: 1.0
> > 
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> > 
> >
> 

-- 
Robert Heller -- 978-544-6933 / hel...@deepsoft.com
Deepwoods Software-- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] a possible heads up wrt CERN experiment breaking SL 5.6

[Larry Vaden]

This may or may not be of interest to CentOS developers;  if it is not
or if it is redundant of your efforts to keep atop of what's
happening, you have my apologies.

Whether it is joint or disjoint wrt to the upstream code is not known
at this point, but I have submitted a request for elucidation if CERN
security allows.

kind regards/ldv

-- Forwarded message --
From: Ewan Mac Mahon 
Date: Wed, Feb 9, 2011 at 10:11 AM
Subject: SL 5.6 released?
To: scientific-linux-us...@fnal.gov


Hi,

As far as I'm aware SL 5.6 isn't out yet - I don't think I've seen a
release announcement, it's not on ftp.scientificlinux.org, and the web
site front page lists 5.5 as the latest, and SL 6 was being considered a
higher priority.

However, someone from CERN IT (discussing some experiment software which
seems to break on 5.6) has just told a grid deployment meeting that:
 "FNAL released SL 5.6 last week"
Clearly either my understanding is flawed or his is; which is it please?

Ewan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Cameron Kerr]

On 10/02/11 02:52, Giles Coochey wrote:
> On 09/02/2011 15:46, n...@nux.ro wrote:
>> Fajar Priyanto writes:
>>
>>> Hi all,
>>> Just wondering if VPN inside VPN is possible?
>>> I've created PPTP VPN in the office.
>>> Then from home, first I need to use company's official AT&T VPN.
>>> Then after connected, I fire up the PPTP VPN client.
>>> Got connected, but cannot ping the PPTP gateway, and half minute later
>>> the PPTP got disconnected.
>>> No obvious error message in the PPTP log.
>> How is this related to centos?
> quite but at first glance this looks like a MTU problem.
Except that not even a tiny ping packet can get through.

VPN inside a VPN should certainly work, although its very inefficient.

Sounds more like a routing issue, perhaps a return route is missing?

Perhaps the OP should sniff his tunnel end-point to see what, if
anything, is making its way back.

The OP should also care to include the output of the ping command,
rather than saying "cannot ping the PPTP gateway".
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ken Olsen od DEC, 1927-2011

[Lamar Owen]

On Tuesday, February 08, 2011 08:21:38 pm Jay Leafey wrote:
> Much as I love Linux, I'd still prefer to be running VMS on an x86 
> desktop box!

1.) Get an OpenVMS hobbyist media kit and license for OpenVMS/VAX.
2.) Install simh from a third-party CentOS repository, or from source. 
   ( simh.trailing-edge.com )
3.) Install OpenVMS/VAX on the simulated MicroVAX simh provides.
4.) Activate your hobbyist license PAK.
5.) Enjoy VMS-ness. (see 
http://www.wherry.com/gadgets/retrocomputing/vax-simh.html for a little more)

Doing that here to re-learn VMS after all these years, since we have a large 
high-resolution scanner system that is currently using a VAXstation 4000 to 
drive, via CAMAC-over-SCSI and IEEE-488-over-RS-232, a 7,000 pound 
microdensitometer aka 'the Guide star Automatic Measuring MAchine' (GAMMA).  
We're wanting to convert the VAX Fortran and IDL code to run on a CentOS box, 
possibly a recently donated 20-processor SGI Altix 3700, and possibly a smaller 
x86/x64_86 box, or even one of the many SPARC boxen I have around here...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Nataraj]

On 02/09/2011 09:35 AM, Cameron Kerr wrote:
> On 10/02/11 02:52, Giles Coochey wrote:
>> On 09/02/2011 15:46, n...@nux.ro wrote:
>>> Fajar Priyanto writes:
>>>
 Hi all,
 Just wondering if VPN inside VPN is possible?
 I've created PPTP VPN in the office.
 Then from home, first I need to use company's official AT&T VPN.
 Then after connected, I fire up the PPTP VPN client.
 Got connected, but cannot ping the PPTP gateway, and half minute later
 the PPTP got disconnected.
 No obvious error message in the PPTP log.
>>> How is this related to centos?
>> quite but at first glance this looks like a MTU problem.
> Except that not even a tiny ping packet can get through.
>
> VPN inside a VPN should certainly work, although its very inefficient.
>
> Sounds more like a routing issue, perhaps a return route is missing?
>
> Perhaps the OP should sniff his tunnel end-point to see what, if
> anything, is making its way back.
>
> The OP should also care to include the output of the ping command,
> rather than saying "cannot ping the PPTP gateway".
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
I would also look at routing.   When the second vpn comes up, it may be
configured to alter the routing table which would then try to route the
first vpn through the second and the second through the first. This is
often done intentionally since you don't want users connecting into a
secure network while simultaneously accessing a less secure resource. 
In fact when the client is connected, Internet traffic is often routed
through the VPN as well, so you know that everything they do is behind a
secure firewall.  You'd be amazed at the software I've seen users try to
install on their PC's and then connect to a secure network with.

Another problem is that pptp is udp only and cannot be tunneled through
a firewall easily like openvpn or ipsec, so if there is any kind of nat
going on when you connect through the first vpn, it won't work because
you won't get your packets back.  If you were able to use openvpn tcp or
IPSEC in a tcp tunneling configuration, it should work.

Nataraj

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Gordon Messmer]

On 02/09/2011 12:01 PM, Nataraj wrote:
> I would also look at routing.   When the second vpn comes up, it may be
> configured to alter the routing table which would then try to route the
> first vpn through the second and the second through the first.

That sounds mostly right.  Many VPNs will take the default route in one 
manner or another, so the OP's PC probably ends up trying to route 
packets to the first VPN server through the second VPN tunnel.  Routes 
with one VPN usually look like:

Destination Gateway:
local   broadcast
vpn1-server original default gateway
default vpn1-default-gateway

And then when the second one comes up, it looks like:

Destination Gateway:
local   broadcast
vpn2-server vpn1-default-gateway
default vpn2-default-gateway

...At that point, you no longer have a route to the first VPN server 
that works, so you can't reach anything.

> Another problem is that pptp is udp only and cannot be tunneled through
> a firewall easily like openvpn or ipsec, so if there is any kind of nat
> going on when you connect through the first vpn, it won't work because
> you won't get your packets back.  If you were able to use openvpn tcp or
> IPSEC in a tcp tunneling configuration, it should work.

Actually, PPTP tunnels use GRE packets.  I can't think of any reason 
that you wouldn't be able to tunnel those, but many NAT devices 
definitely can't handle them (or can't handle more than one simultaneous 
GRE session).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Les Mikesell]

On 2/9/2011 2:40 PM, Gordon Messmer wrote:
>
>> Another problem is that pptp is udp only and cannot be tunneled through
>> a firewall easily like openvpn or ipsec, so if there is any kind of nat
>> going on when you connect through the first vpn, it won't work because
>> you won't get your packets back.  If you were able to use openvpn tcp or
>> IPSEC in a tcp tunneling configuration, it should work.
>
> Actually, PPTP tunnels use GRE packets.  I can't think of any reason
> that you wouldn't be able to tunnel those, but many NAT devices
> definitely can't handle them (or can't handle more than one simultaneous
> GRE session).

This may not be the problem here and might not even apply anymore, but 
long, long ago I noticed that if you were doing nat with iptables and 
sent a GRE packet out the wrong interface (e.g. before the interface 
with the correct route came up), the mapping would be stuck in the 
conntrack table and the route would never switch to the right interface 
after the correct interface/route was available.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] High Availability and Storage Cluster

[Rajagopal Swaminathan]

Greetings,

On 2/9/11, Denis Zaharov  wrote:
> Dear mailing list members,
>
> There are two servers with CentOS 5.5 installed.
> The servers are working with Zabbix (monitoring system for traffic,
> using a MySQL), wiki and RT (all are using Apache).
> If one server will have became not available then necessary start these
> services on another server with replication of data.
>
> Can I use the Red Hat Cluster Suite for it at CentOS?

Assuming all the application uses Single instance mysql or apache
service, Yes. For multiple instances though, you need to check
further.

You may lose a sessions during the transition, I am not too sure.
Again depends how application handles it. Don't know.

> Also I heard about Heartbeat and DRBD. Maybe it is what I need?
>

Well, if you want HA filesystem too, then GFS on top CLVM on top of
DRBD makes sense.

But DRBD HA should be simpler for two node.

Adding couple of NIC and bonding them will help further the high availability

However, ir you plan to add more nodes to this cluster, then consider
RHCS as that would supprt 16 nodes IIRC.

And oh, RHCS requires good working fencing -- power or management port
and/or storage. Don't leave home without it!

Regards,

Rajagopal
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ipsec with ipv4 and ipv6 not working

[Michael H. Warfield]

On Tue, 2011-02-08 at 14:54 -0800, Drew wrote: 
> > I have posted to the ipsec-devel list and haven't gotten any responses. 
> > Also I
> > have spent 2 days googling with
> > no results about the above setup. Is it even possible to tunnel ipv4 packet 
> > thru
> > an ipv6 ipsec tunnel?

> AFAIK, No.

It's probably a major "it depends".

> IPv4 & IPv6 are different protocols so if you want to move IPv6
> traffic over a IPv4 IPSEC tunnel you need to encapsulate the IPv6
> payload within IPv4 packets. The reverse is also true of IPv4 over
> IPv6.

1) That's not true of IPSec tunnels (transport mode is a totally
different question).  The ESP encapsulation itself contains the IP
headers can can support it.

2) IKE, the key exchange and setup daemons, is a different matter.
AFAIK, it is not possible with IKEv1.  Paul and I discussed that over on
the Openswan list some time ago.  Basically, you can't negotiate the key
exchange.  IKEv2 is a different story.  StrongSWAN supports IPv6 over
IPv4 in an IPSec tunnel.  I'm not currently sure about Openswan or
Racoon (IPsec Tools).

3) In the case of IPv4 over IPv4, IPsec itself should handle it.
Whether the keying daemons currently support the syntax is a question
and it will most certainly have to be IKEv2.

> This is why tunnel brokers like Freenet6 & Teredo exist, you can't
> push IPv6 traffic out across an IPv4 only network without tunneling.

But, IPsec is a tunnel.  At least is has a "tunnel mode" (and I advise
against transport mode in any case).

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  m...@wittsend.com
   /\/\|=mhw=|\/\/  | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9  | An optimist believes we live in the best of all
 PGP Key: 0x674627FF| possible worlds.  A pessimist is sure of it!


signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] how will CentOS handle the perftools 1.7 vs. 1.6 issue?

[Larry Vaden]

In order to avoid a cross post, the following background quote is from
scientific-linux-us...@fnal.gov:


On Wed, Feb 9, 2011 at 11:27 AM, Ewan Mac Mahon  wrote:
>
> I'm a little bit hazy on the details, but there are some slides from the
> meeting here[1]:
>  
> http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=1&resId=1&materialId=slides&confId=106641

On Wed, Feb 9, 2011 at 12:41 PM, Chris Jones
 wrote:
>
> I would say a bug in tcmalloc, not SL or RHEL. See for instance
>
> 
>
> The fix is to move to google perftools 1.7



Because of a problem with not running the current BIND release a
couple of weeks ago, I would like to ask:

a) is RedHat likely to choose to backport the fix to 1.6 or will it
adopt 1.7 or leave as is until 5.7 or later as it has done with BIND?

b) will Centos and/or SL follow RH exactly or will their approaches differ?

IOW, how far does the "binary compatiblity" policy extend?

kind regards/ldv
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VPN inside VPN?

[Fajar Priyanto]

On Thu, Feb 10, 2011 at 5:20 AM, Les Mikesell  wrote:
> On 2/9/2011 2:40 PM, Gordon Messmer wrote:
>>
>>> Another problem is that pptp is udp only and cannot be tunneled through
>>> a firewall easily like openvpn or ipsec, so if there is any kind of nat
>>> going on when you connect through the first vpn, it won't work because
>>> you won't get your packets back.  If you were able to use openvpn tcp or
>>> IPSEC in a tcp tunneling configuration, it should work.
>>
>> Actually, PPTP tunnels use GRE packets.  I can't think of any reason
>> that you wouldn't be able to tunnel those, but many NAT devices
>> definitely can't handle them (or can't handle more than one simultaneous
>> GRE session).
>
> This may not be the problem here and might not even apply anymore, but
> long, long ago I noticed that if you were doing nat with iptables and
> sent a GRE packet out the wrong interface (e.g. before the interface
> with the correct route came up), the mapping would be stuck in the
> conntrack table and the route would never switch to the right interface
> after the correct interface/route was available.

That's most interesting thoughts guys. Thank you.
It's using Centos 5.5.
One more info, the PPTP doesn't work in my office wireless network.
Google says it may be related to fact that the wireless routers may
not be set to allow GRE. At home I'm using wireless too, but doesn't
have access to the wifi admin (it's my roommates'). I'll try using
cable and take a look at all your suggestions.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] PAE kernel source code

[sri]

Hi

I want to use 2.6.18-194.el5-PAE kernel source code.
Unable to find it over web.

Appreciate any pointers for that.

Thanks,
Sri
-- 
--
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PAE kernel source code

[Kenneth Wolcott]

On Wed, Feb 9, 2011 at 20:52, sri  wrote:
> Hi
>
> I want to use 2.6.18-194.el5-PAE kernel source code.
> Unable to find it over web.
>
> Appreciate any pointers for that.
>
> Thanks,
> Sri

Hmmm...I place the following into firefox searchbox (google is my
search engine): "2.6.18-194.el5-PAE SRPM"

I seem to have lots of hits (maybe they're no good):

This one looks pretty good and it is the first one on the list:
http://rpm.pbone.net/index.php3/stat/4/idpl/13941750/dir/centos_5/com/kernel-PAE-devel-2.6.18-194.el5.i686.rpm.html

HTH,
Ken Wolcott
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PAE kernel source code

[JohnS]

On Wed, 2011-02-09 at 21:06 -0800, Kenneth Wolcott wrote:

> Hmmm...I place the following into firefox searchbox (google is my
> search engine): "2.6.18-194.el5-PAE SRPM"
> 
> I seem to have lots of hits (maybe they're no good):
> 
> This one looks pretty good and it is the first one on the list:

He wants the source rpm :-) Which is:

http://vault.centos.org/5.5/os/SRPMS/kernel-2.6.18-194.el5.src.rpm

PAE is Built from that Source.

John

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how will CentOS handle the perftools 1.7 vs. 1.6 issue?

[Ned Slider]

On 10/02/11 02:05, Larry Vaden wrote:
> In order to avoid a cross post, the following background quote is from
> scientific-linux-us...@fnal.gov:
>
> 
> On Wed, Feb 9, 2011 at 11:27 AM, Ewan Mac Mahon  wrote:
>>
>> I'm a little bit hazy on the details, but there are some slides from the
>> meeting here[1]:
>>   
>> http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=1&resId=1&materialId=slides&confId=106641
>
> On Wed, Feb 9, 2011 at 12:41 PM, Chris Jones
>   wrote:
>>
>> I would say a bug in tcmalloc, not SL or RHEL. See for instance
>>
>> 
>>
>> The fix is to move to google perftools 1.7
>
> 
>
> Because of a problem with not running the current BIND release a
> couple of weeks ago, I would like to ask:
>
> a) is RedHat likely to choose to backport the fix to 1.6 or will it
> adopt 1.7 or leave as is until 5.7 or later as it has done with BIND?
>
> b) will Centos and/or SL follow RH exactly or will their approaches differ?
>
> IOW, how far does the "binary compatiblity" policy extend?
>

Bug for bug - if the bug is in RHEL-5.6 then it will be in CentOS too.

If it's important to you, file a bug upstream with Red Hat and get it 
fixed. The fix will naturally flow back downstream to CentOS.

Of course CentOS does have the freedom to do things differently to Red 
Hat if they want to, but if they do generally it will be outside of the 
main base/updates) repositories.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos