You can use pretty standard tools:- iptables etc. You just need a minimum
sever install with maybe some web based GUI to manage the box from other
machines. You can have a look at webmin (www.webmin.com) which offers nice
web interface and is popular in hosting industry as free admin web ui.
- SZQ
On 7/16/11, SZ Quadri wrote:
> You can use pretty standard tools:- iptables etc. You just need a minimum
> sever install with maybe some web based GUI to manage the box from other
> machines. You can have a look at webmin (www.webmin.com) which offers nice
> web interface and is popular in hosting
Do this:
1. Make sure your Centos has two network card. One connected to
internet, one to local lan. Make sure the Centos can already browsing
internet.
Example internet: eth0 192.168.1.1
local: eth1 192.168.2.1
2. Activate ip forwarding in /etc/sysconfig/sysctl.conf
net.ipv4.ip_forward = 1
Run s
On Sat, Jul 16, 2011 at 02:56:59PM +0430, hadi motamedi wrote:
> Thank you for your help. I tried to get it as 'yum install webadmin*'
> but unsuccessful. Can you please confirm if the spelling is correct?
Are we really going to go down this beaten path yet again? Have you
learned nothing during
On Sat, Jul 16, 2011 at 7:11 PM, Fajar Priyanto wrote:
> 2. Activate ip forwarding in /etc/sysconfig/sysctl.conf
> net.ipv4.ip_forward = 1
>
> Run sysctl -r to reload the new setting
>
typo: should be sysctl -p
___
CentOS mailing list
CentOS@centos.org
On Sat, Jul 16, 2011 at 7:12 PM, John R. Dennison wrote:
> Can you at least _try_ to be self-reliant? Can you at least _try_ and
> use google and other resources that you've been pointed to in the past?
>
> Can you please _try_ to not ask this list to do your job for you? If
> you have specific
hadi motamedi wrote:
> Dear All
> I need to put my centos 5.6 server as firewall server in fron of a
> windows-running node before connecting it to the net. Can you please
> let me know what stuff do I need to put on my centos server?
> Thank you
> ___
>
On Sat, Jul 16, 2011 at 07:14:09PM +0800, Fajar Priyanto wrote:
>
> Yeah, some like to find the easiest the shortest the least effort way :)
There is a history of Hadi misusing this list; this is by no means the
first time.
John
--
Muc
On Sat, Jul 16, 2011 at 6:47 PM, Ljubomir Ljubojevic wrote:
> You might be interested in shorewall[1]. It has config file and
> extensive documentation. You tell it what you want and all iptables are
> automatically set. It also has webmin module. There are rpm's for CentOS
> 5 but I think they w
On Sat, 2011-07-16 at 14:56 +0430, hadi motamedi wrote:
> >
> Thank you for your help. I tried to get it as 'yum install webadmin*'
> but unsuccessful. Can you please confirm if the spelling is correct?
Google is your friend. A simple search would have revealed:
http://www.webmin.com/download
Fajar Priyanto wrote:
> On Sat, Jul 16, 2011 at 6:47 PM, Ljubomir Ljubojevic wrote:
>> You might be interested in shorewall[1]. It has config file and
>> extensive documentation. You tell it what you want and all iptables are
>> automatically set. It also has webmin module. There are rpm's for Cen
On Sat, Jul 16, 2011 at 1:18 PM, Fajar Priyanto wrote:
> On Sat, Jul 16, 2011 at 6:47 PM, Ljubomir Ljubojevic wrote:
>> You might be interested in shorewall[1]. It has config file and
>> extensive documentation. You tell it what you want and all iptables are
>> automatically set. It also has webm
hadi motamedi wrote:
> On 7/16/11, SZ Quadri wrote:
>> You can use pretty standard tools:- iptables etc. You just need a minimum
>> sever install with maybe some web based GUI to manage the box from other
>> machines. You can have a look at webmin (www.webmin.com) which offers nice
>> web interfac
Rudi Ahlers wrote:
> On Sat, Jul 16, 2011 at 1:18 PM, Fajar Priyanto wrote:
>> On Sat, Jul 16, 2011 at 6:47 PM, Ljubomir Ljubojevic wrote:
>>> You might be interested in shorewall[1]. It has config file and
>>> extensive documentation. You tell it what you want and all iptables are
>>> automatica
On 7/16/2011 12:33 AM, hadi motamedi wrote:
> Dear All
> I need to put my centos 5.6 server as firewall server in fron of a
> windows-running node before connecting it to the net. Can you please
> let me know what stuff do I need to put on my centos server?
> Thank you
> ___
Fajar Priyanto wrote:
> Do this:
> 1. Make sure your Centos has two network card. One connected to
> internet, one to local lan. Make sure the Centos can already browsing
> internet.
> Example internet: eth0 192.168.1.1
> local: eth1 192.168.2.1
Just as a FYI, shorewall does support single NIC sys
On Sat, Jul 16, 2011 at 1:46 PM, Ljubomir Ljubojevic wrote:
> Fajar Priyanto wrote:
>> Do this:
>> 1. Make sure your Centos has two network card. One connected to
>> internet, one to local lan. Make sure the Centos can already browsing
>> internet.
>> Example internet: eth0 192.168.1.1
>> local: e
On Sat, Jul 16, 2011 at 01:46:36PM +0200, Ljubomir Ljubojevic wrote:
>
> That being said, one should *never* create firewall with only one NIC!
> It is highly unsafe.
So I shouldn't run a firewall on any of my hundreds of single nic
instances?
>> That being said, one should *never* create firewall with only one NIC!
>> It is highly unsafe.
>
> So I shouldn't run a firewall on any of my hundreds of single nic
> instances?
I think he's referring to the standard router/firewall scenario where
the server is an internet gateway for a network
On Sat, 16 Jul 2011, John R. Dennison wrote:
> To: centos@centos.org
> From: John R. Dennison
> Subject: Re: [CentOS] firewall?
>
> On Sat, Jul 16, 2011 at 01:46:36PM +0200, Ljubomir Ljubojevic wrote:
>>
>> That being said, one should *never* create firewall with only one NIC!
>> It is highly un
On Sat, Jul 16, 2011 at 2:01 PM, Drew wrote:
>>> That being said, one should *never* create firewall with only one NIC!
>>> It is highly unsafe.
>>
>> So I shouldn't run a firewall on any of my hundreds of single nic
>> instances?
>
> I think he's referring to the standard router/firewall scenario
Keith Roberts wrote:
> So I guess I could configure my single NIC Centos 5.6
> machine connected to a 4 port ADSL router to act as the
> external Gateway for other machine on the LAN side of the
> router, possibly using NAPT on the Centos box?
Yes, you can do that. You can also use it as a prox
On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic wrote:
> Keith Roberts wrote:
>> So I guess I could configure my single NIC Centos 5.6
>> machine connected to a 4 port ADSL router to act as the
>> external Gateway for other machine on the LAN side of the
>> router, possibly using NAPT on the
Rudi Ahlers wrote:
> On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic wrote:
>> Keith Roberts wrote:
>>> So I guess I could configure my single NIC Centos 5.6
>>> machine connected to a 4 port ADSL router to act as the
>>> external Gateway for other machine on the LAN side of the
>>> router, p
On Sat, Jul 16, 2011 at 2:44 PM, Ljubomir Ljubojevic wrote:
>
> But if you have public network passing through local area switch, then
> there is possibility o hackers using lower network layers to access
> unprotected PC's on that local network. Not long-distance hackers, but
> in case of physica
> not to mention danger of PC's bypassing your one-NIC firewall and
> unsafely connecting to the outside.
That I think is the biggest danger with a one NIC setup.
Linux boxen may be safe(r) (then windows) from being infected or
hacked but just one malicious machine can bypass the security in plac
On Sat, Jul 16, 2011 at 2:56 PM, Drew wrote:
>> not to mention danger of PC's bypassing your one-NIC firewall and
>> unsafely connecting to the outside.
>
> That I think is the biggest danger with a one NIC setup.
>
> Linux boxen may be safe(r) (then windows) from being infected or
> hacked but ju
Rudi Ahlers wrote:
> The fact is, you can use a Linux firwall with a single NIC, as long as
> you use different IP subnets and strong iptables rules to filter
> traffic properly between the 2 subnets.
>
> another scenarion where this is used more and more these days is with
> virtualization, where
Rudi Ahlers wrote:
> On Sat, Jul 16, 2011 at 2:56 PM, Drew wrote:
>>> not to mention danger of PC's bypassing your one-NIC firewall and
>>> unsafely connecting to the outside.
>> That I think is the biggest danger with a one NIC setup.
>>
>> Linux boxen may be safe(r) (then windows) from being inf
On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
> To: CentOS mailing list
> From: Ljubomir Ljubojevic
> Subject: Re: [CentOS] firewall?
>
> Keith Roberts wrote:
>> So I guess I could configure my single NIC Centos 5.6
>> machine connected to a 4 port ADSL router to act as the
>> external Gatewa
On Sat, Jul 16, 2011 at 3:56 PM, hadi motamedi wrote:
> On 7/16/11, SZ Quadri wrote:
> > You can use pretty standard tools:- iptables etc. You just need a minimum
> > sever install with maybe some web based GUI to manage the box from other
> > machines. You can have a look at webmin (www.webmin.
On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
> To: CentOS mailing list
> From: Ljubomir Ljubojevic
> Subject: Re: [CentOS] firewall?
>
> Rudi Ahlers wrote:
>> On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic wrote:
>>> Keith Roberts wrote:
So I guess I could configure my single NIC
On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
*snip*
> I wrote about "physical presence *outside* of your network", like if you
> are on a large WISP that uses bridged network (bad design) and your
> Wireless client is bridged, and you have single NIC firewall in place,
> entire WISP's network
Keith Roberts wrote:
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
>> To: CentOS mailing list
>> From: Ljubomir Ljubojevic
>> Subject: Re: [CentOS] firewall?
>>
>> Rudi Ahlers wrote:
>>> On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic
>>> wrote:
Keith Roberts wrote:
> So I
Keith Roberts wrote:
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
> *snip*
>
>> I wrote about "physical presence *outside* of your network", like if you
>> are on a large WISP that uses bridged network (bad design) and your
>> Wireless client is bridged, and you have single NIC firewall in
On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
*snip*
>> So what with the router firewall and then the Linux Kernel
>> IPtables packet filtering firewall, I actually have two
>> firewalls running?
>>
>
> Yes, if ADSL router does firewalling (LAN side has private IP) without
> any port redirectio
On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
> All firewalls (on Linux at least) are by default closed, and you need
> knowledge to punch through the wholes for your public services.
This is complete nonsense! You are free to configure a default policy of
accept and forbid only selected servic
On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
> To: CentOS mailing list
> From: Ljubomir Ljubojevic
> Subject: Re: [CentOS] firewall?
>
> Keith Roberts wrote:
>> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>>
>> *snip*
>>
>>> I wrote about "physical presence *outside* of your network", li
Markus Falb wrote:
> On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
>
>> All firewalls (on Linux at least) are by default closed, and you need
>> knowledge to punch through the wholes for your public services.
>
> This is complete nonsense! You are free to configure a default policy of
> accept
Keith Roberts wrote:
> I read some time ago something about tunneling different
> protocols through firewalls? which sounded quite scary.
Depends on the tunneling protocol you use, and on what platform you are
using.
For example, I use vtund package (server-client shema) with simple
config to
Hello,
Thanks again for your reply.
I've done some more reading/googling and from what i'm seeing high
security isn't doable with svnserve even with sasl, passwords from the
client need to be stored on disk plain, this isn't desirable in my
case.
Do you host a repository via apache? The problem I
Timothy Murphy writes:
>
>
> I've installed CentOS-6 on my server
> (in parallel to CentOS-5.6)
> and now I'm trying to set up dhcpd.
>
> I'm not sure if there has been a change in dhcpd
> under CentOS-6, but I'm getting the dreaded message
> "Not configured to listen on any interfaces!"
> whe
On 16.7.2011 19:37, Ljubomir Ljubojevic wrote:
> Markus Falb wrote:
>> On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
>>
>>> All firewalls (on Linux at least) are by default closed, and you need
>>> knowledge to punch through the wholes for your public services.
>>
>> This is complete nonsense! Yo
Markus Falb wrote:
> On 16.7.2011 19:37, Ljubomir Ljubojevic wrote:
>> Markus Falb wrote:
>>> On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
>>>
All firewalls (on Linux at least) are by default closed, and you need
knowledge to punch through the wholes for your public services.
>>> This
On Sat, 2011-07-16 at 13:25 +0200, Rudi Ahlers wrote:
> But, sadly google can't teach someone to start making their own
> choices or to think for themselves
Learning Linux/Centos on one's own, and without good text books, is a
very daunting task even for those with over 40 years computer
program
On Sat, 16 Jul 2011, Keith Roberts wrote:
> To: CentOS mailing list
> From: Keith Roberts
> Subject: Re: [CentOS] firewall?
>
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
> *snip*
>
>> I wrote about "physical presence *outside* of your network", like if
>> you
>> are on a large WISP t
If there was an automatic ban on List mail containing HTML parts, it is
likely the latest crap would not be distributed to everyone.
A possible test of the Content-Type: header for
multipart/mixed;
or
text/html;
might stop the spam.
--
With best regards,
On Sat, 2011-07-16 at 23:43 +0100, Keith Roberts wrote:
> Data Driven Attacks Using HTTP Tunneling
>
> "... HTTP Tunneling Example
>
> http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling
>
> Sounds a bit scary to me, as any website needs to have port
> 80 open to
On Sun, Jul 17, 2011 at 12:03:52AM +0100, Always Learning wrote:
>
> If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard
> ports. Allocate a different IP address (if you have several) and use a
> non-web IP address for SSH and a different non-web IP address for
> phpmyadmin etc. W
On 7/16/2011 6:50 PM, Always Learning wrote:
>
>
> If there was an automatic ban on List mail containing HTML parts, it is
> likely the latest crap would not be distributed to everyone.
>
> A possible test of the Content-Type: header for
>
> multipart/mixed;
>
> or
>
> text/html;
On 07/16/2011 05:06 PM, Mark Weaver wrote:
> you mean like the default settings of Mailman list software that the
> CentOS list "doesn't" run on? I have five lists running on one of my
> CentOS servers and crap like that doesn't ever make it to the list.
>
Mark take a careful look at the foo
On 7/16/2011 8:33 PM, KevinO wrote:
> On 07/16/2011 05:06 PM, Mark Weaver wrote:
>> you mean like the default settings of Mailman list software that the
>> CentOS list "doesn't" run on? I have five lists running on one of my
>> CentOS servers and crap like that doesn't ever make it to the list.
>>
On Sat, Jul 16, 2011 at 08:40:37PM -0400, Mark Weaver wrote:
>
> Oops... my bad. here I set with egg on my face. However they did used to
> use a different mailing list package.
They did?
John
--
The things that will destroy America a
On Sat, 2011-07-16 at 20:06 -0400, Mark Weaver wrote:
> On 7/16/2011 6:50 PM, Always Learning wrote:
> >
> >
> > If there was an automatic ban on List mail containing HTML parts, it is
> > likely the latest crap would not be distributed to everyone.
> >
> > A possible test of the Content-Type: he
Hello,
I am trying to do an NFS install of CentOS 6 on a fairly old / generic machine
AMD Athlon XP 1700. I use the CentOS-6.0-i386-netinstall.iso burned to a CD to
boot the installation. Only / partition and swap (2 partition) is set on the
primary IDE harddrive. I have a PCI SATA card with a 2
On Sat, 2011-07-16 at 19:03 -0500, John R. Dennison wrote:
> The reality of the situation is that attacks are in almost all cases
> non-targeted and are the results of automated scanning; playing security
> through obscurity tricks with IP addresses is as futile as attempting to
> herd kittens.
Just a thought
If the I386 (or i686, never could figure out why the name change)
disk doesn't quite fit on the DVD+, and needs a DVD-, this might put
some folks at an inconvenience.
I wonder if the difference between fitting and not fitting is small
enough, so that some amount of pruning might
On Sat, 2011-07-16 at 19:50 -0700, david wrote:
> If the I386 (or i686, never could figure out why the name change)
> disk doesn't quite fit on the DVD+, and needs a DVD-, this might put
> some folks at an inconvenience.
>
> I wonder if the difference between fitting and not fitting is small
On 07/16/11 7:50 PM, david wrote:
> Just a thought
>
> If the I386 (or i686, never could figure out why the name change)
> disk doesn't quite fit on the DVD+, and needs a DVD-, this might put
> some folks at an inconvenience.
>
> I wonder if the difference between fitting and not fitting is small
>
> If the I386 (or i686, never could figure out why the name change)
I think on CentOS/RHEL it's because they dropped support for the 586 &
earlier processors. Linux wide there's been a general drop in support
for 386 class machines. Something to do with recent versions of glibc
and a instruction o
On 07/16/11 7:50 PM, david wrote:
> If the I386 (or i686, never could figure out why the name change)
I386 was the original 386 CPU, which ran at speeds from 16 to 33Mhz
i486 includes a few additional instructions on the 486 processor, and
IIRC, ran at speeds from 25 to 100Mhz
i586 is the origina
> really, we should have compiler targets for optimizing on the P4
> 'netburst' CPUs and another for the core processors as they are all
> pipelined differently. as it turns out, however, the core 2 and core
> I3/5/7 do pretty well with pentium-II and -III style optimization
> strategies, as well
62 matches
Mail list logo
