Re: [CentOS] Firewall in CentOS 5.1

2008-07-26 Thread News 

Ray Leventhal ha scritto:

Robert Spangler wrote:

On Thursday 24 July 2008 03:34, Gopinath Achari wrote:

 
   Please suggest me a good firewall package for Cent OS 5.1 Server. 
This

 server is going to face to internet and will be accessed by the branch
 offices.

adding a late voice to this thread, I've used and enjoyed the cli of apf 
which acts as a front end for iptables


http://rfxnetworks.com/apf.php

no rpm of which I'm aware, but the install is non-intrusive and very simple

-Ray
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



I use shorewall in some server from 5-6 yesars without problems.
http://www.shorewall.net/

Amedeo Fragai

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos Firewall - router with virtual IP

2011-11-03 Thread News 
Il 03/11/2011 3.34, Fajar Priyanto ha scritto:
> Hi all,
> I haven't found anything in Google about this.
>
> I'm creating a firewall router with Centos with few virtual IP using iptables.
>
> May I ask for your experience?
> Is there any pitfall or bad side of using virtual IP for this purpose?
> I'm using few virtual IP to accommodate few subnets that go through
> this firewall/router.
>
> Thank you.
> Fajar.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

I use shorewall for this
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html

Amedeo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: headless fanless silent 2 HDs micro server/pc...

2011-08-09 Thread News 
Il 09/08/2011 16.57, John Doe ha scritto:
> Hey,
>
> A bit out of topic but I am looking for a micro server/pc if anyone knows a 
> descent one...
> I found many nice NAS but I would like to have full access to the OS (install 
> CentOS, etc).
>
> Dream one would be
>
> - Very quiet (fanless) since it will sit in my bedroom.
> - Headless
> - Small.
> - 2/3 HDs (2.5" are ok) for RAID1 (hardware RAID would be nice, and with BBC 
> even more).- 1 or 2 GB NICs
> - USB3 or ESATA would be nice...
> - Price would not be much of a problem (maybe no more than $1000 though).
>
>
> Random thoughts:
> - a shuttle PC with 2 HDs and a real RAID card (if it fits inside), but maybe 
> too noisy, no headless.
> - a mac mini server looks very nice (but max budget, need another Mac to 
> install, not sure if easy/possible to install CentOS).
> - some NAS were I could easily replace the OS (not on a flash chip).
>
>
> So if you know a nice one...
>
>
> Thx,
> JD
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

HP Microserver is very good for me, i have one and it's ok.

Amedeo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Limiting bandwidth

2010-02-20 Thread News 
Il 20/02/2010 13.25, Bob McConnell ha scritto:
> Rajagopal Swaminathan wrote:
>> Greetings,
>>
>> Scenario:
>> Centos box with eth1 (10.0.0.0/24) and eth0 (192.168.0.0/24)
>> segment on eth0 has access to full bandwidth of uplink
>> Both are on 100mbps switches
>>
>> Requirements:
>> bandwith on segment on eth1 needs to be throttled to different speeds - say
>> 32, 64, 128kbps and the such. Required for application performance testing
>> purposes.
>
> The best tool I have found for this is DummyNet, which is built into
> FreeBSD. It was created to test protocol designs then adapted for
> traffic management. However, I am not aware of any ports into Linux.
>
>
>
>
> Bob McConnell
> N2SPP
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

I try to use shorewall for this.
Amedeo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RESOLVED: Re: [Shorewall-users] RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system

2013-02-26 Thread News 
Il 25/02/2013 12.28, Simon Matter ha scritto:
>> Hello to the list,
>> I update a RedHat server from 6.3 to 6.4 and install the last shorewall
>> rpm  4.5.13.0-1.el6, after this shorewall not start at boot and show the
>> error ERROR: Your kernel/iptables do not include state match support. No
>> version of Shorewall will run on this system, after the boot I can start
>> shorewall by hand.
>
> Could it be a problem with SELinux?
>
> Simon
>
>> What can I do?
>> Thanks to everybody
>>
>> Amedeo

Here from the shorewall newsletter...

Simon you're magician!
the update change the selinux's labels of iptables after reset this it's all 
ok
I think that when the people updates frome centos 6.3 to centos 6.4 the world 
stopping
Here is the commands:

restorecon -Rv /sbin
restorecon reset /sbin/iptables-multi-1.4.7 context 
system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0
restorecon reset /sbin/ip6tables-multi-1.4.7 context 
system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0

Thanks sooo much
Amedeo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RedHat 6.5 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system - NEW CRAZY BUG

2014-08-27 Thread News 
Il 26/02/2013 19.24, News ha scritto:
> Il 25/02/2013 12.28, Simon Matter ha scritto:
>>> Hello to the list,
>>> I update a RedHat server from 6.3 to 6.4 and install the last shorewall
>>> rpm  4.5.13.0-1.el6, after this shorewall not start at boot and show the
>>> error ERROR: Your kernel/iptables do not include state match support. No
>>> version of Shorewall will run on this system, after the boot I can start
>>> shorewall by hand.
>>
>> Could it be a problem with SELinux?
>>
>> Simon
>>
>>> What can I do?
>>> Thanks to everybody
>>>
>>> Amedeo
>
> Here from the shorewall newsletter...
>
> Simon you're magician!
> the update change the selinux's labels of iptables after reset this it's all 
> ok
> I think that when the people updates frome centos 6.3 to centos 6.4 the world 
> stopping
> Here is the commands:
>
> restorecon -Rv /sbin
> restorecon reset /sbin/iptables-multi-1.4.7 context 
> system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0
> restorecon reset /sbin/ip6tables-multi-1.4.7 context 
> system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0
>
> Thanks sooo much
> Amedeo
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Hello to the list,

I start from here because there are some news, this is the story:

I upgrade one server from Centos 6.3 to 6.5 and come back out again the problem 
described above, so I use
restorecon -Rv /sbin
but there is not output, this was strange, I reboot the server and shorewall 
won't start again, i try some hacks but nothing.
So i tried to change selinux in permissive mode and shorewall START!!
I look at files:

ls -Z /sbin/ip*

and the surprise

-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /sbin/ip6tables-multi-1.4.7
-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /sbin/iptables-multi-1.4.7

the selinux label was wrong so I look in the 
/etc/selinux/targeted/contexts/files/file_contexts file for the label

cat /etc/selinux/targeted/contexts/files/file_contexts | grep ip

and i don't find nothing, this was very very strange so I open manually the 
file and SURPRISE!!  what i find:

/sbin/ebtables  --  system_u:object_r:iptables_exec_t:s0
/sbin/ebtables-restore  --  system_u:object_r:iptables_exec_t:s0

look!! ebtables and not iptables. if i use 
restorecon -Rv /sbin did not work because the label was wrong.
I find the same problem in a server running RedHat 6.5 but had not come out 
because I had upgraded from 6.4 to 6.5

[FIX]
I relabel manually the two files with this commands:
chcon -t iptables_exec_t /sbin/iptables-multi-1.4.7
chcon -t iptables_exec_t /sbin/ip6tables-multi-1.4.7
but i hope that the /etc/selinux/targeted/contexts/files/file_contexts will 
updated soon.

I hope that this can help someone
Thanks
Amedeo

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RSync Issues

2009-10-11 Thread News Listener 
man rsync

-i, --itemize-changes   output a change-summary for all updates
 --list-only list the files instead of copying them
 --ignore-existing   skip updating files that exist on receiver
-v, --verbose   increase verbosity

--existing, --ignore-non-existing
 This tells rsync to skip creating files (including directories) that do 
not exist yet on the destination. If this option is combined 
with the --ignore-existing option, no files will be updated (which can be 
useful if all you want to do is delete extraneous files).

 This option is a transfer rule, not an exclude, so it doesn't affect the 
data that goes into the file-lists, and thus it doesn't affect 
deletions. It just limits the files that the receiver requests to be 
transferred.

--ignore-existing
 This tells rsync to skip updating files that already exist on the 
destination (this does not ignore existing directories, or nothing 
would get done). See also --existing.

 This option is a transfer rule, not an exclude, so it doesn't affect the 
data that goes into the file-lists, and thus it doesn't affect 
deletions. It just limits the files that the receiver requests to be 
transferred.

 This option can be useful for those doing backups using the --link-dest 
option when they need to continue a backup run that got 
interrupted. Since a --link-dest run is copied into a new directory hierarchy 
(when it is used properly), using --ignore existing will 
ensure that the already-handled files don't get tweaked (which avoids a change 
in permissions on the hard-linked files). This does mean that 
this option is only looking at the existing files in the destination hierarchy 
itself.




ML schrieb:
> Hi All,
> 
> Rsyncing to a USB drive. I am in single user mode.
> 
> I am doing:
> 
> rsync -avx --stats --progress --ignore-existing --exclude 'home/backup/ 
> data' / /mnt/sdb2/
> 
> But I dont see if ignoring existing. A previous rsync stalled and now  
> it seems to be copying them again rather than ignoring them.
> 
> Does anyone have thoughts?
> 
> -ML

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/ldap.conf pam_filter

2010-02-10 Thread News Listener 
Hi Chris,
Thanks,
you mind, replace ldap auth with winbind auth ?

my  scene:
on one side 1 smb server pdc with ldap,
on the another side, 1 Xorg-Server with auth over ldap , the same from the 
first one (smb).
i need to permit only users "membership_of" "Domain Users" to login on the 
Xorg-Server
Thanks


Am 05.02.2010 12:45, schrieb Christoph Maser:
> Am Freitag, den 05.02.2010, 11:38 +0100 schrieb Nobody ist perfect:
>> Hi,
>>
>> we use an openldap server / samba as domain controller for our
>> windows/linux workstations. on a specific server, login should only
>> be allowed, if the certain user is member of a group (let's call this
>> group "login"). All the users in the domain are members of the group
>> "Domain Users". Therefore their primary gid is not the login-group's gid.
>> How can I make the login depending on that login-group-membership?
>>
>> Thanks!
>>
>> Toby
>>
>
>
> If you use winbind you can use require_membership_of=
> in/etc/security/pam_winbind.conf.
>
> Chris
>
>
> financial.com AG
>
> Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | 
> Germany
> Frankfurt branch office/Niederlassung Frankfurt: Messeturm | 
> Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
> Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. 
> Yann Samson | Matthias Wiederwach
> Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden 
> (chairman/Vorsitzender)
> Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID 
> number/St.Nr.: DE205 370 553
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos