Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
57 Pages V   1 2 3 > » 

Robert83
Posted on: Aug 29 2014, 01:16 PM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

a bit more detail is necessary .

CPU : 733Mhz Pentium
MEM : ???
HDD : ???
VGA : ???

Greetings
Robert
  Forum: Technical Support · Post Preview: #33759 · Replies: 2 · Views: 3,121

Robert83
Posted on: Aug 25 2014, 05:14 PM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi ,

something probably went seriously wrong with the Nvidia driver...

can you post your /etc/X11/xorg.conf file ?

Greetings
Robert

  Forum: Technical Support · Post Preview: #33756 · Replies: 1 · Views: 2,564

Robert83
Posted on: Aug 23 2014, 07:32 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

You can't have multiple hostnames for the same machine . In the way you mentioned.

Set ONE hostname for the machine.



You can use a DNS Server to have multiple hostnames for the machine example :

192.168.210.1 : internal.home.lan
91.xxx.xxx.1 : external.awesome.net


Greetings
Robert
  Forum: Technical Support · Post Preview: #33754 · Replies: 1 · Views: 3,233

Robert83
Posted on: Aug 23 2014, 07:26 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi

the mistake is this :

ldapsearch -h PL0 -x -D "cn=****************,dc=ok,dc=com" -w "***************" -s one -b "dc=imsi,ou=identities,dc=ok,dc=com" IMSI=%s -f iphfives.txt IMSI | grep 'IMSI: '

grep 'IMSI: ' <----

use

grep IMSI , you don't Need ' '

Greetings
Robert
  Forum: Technical Support · Post Preview: #33753 · Replies: 1 · Views: 3,632

Robert83
Posted on: Aug 23 2014, 07:23 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

with the command :

sude [your command here]

Greetings
Robert
  Forum: Technical Support · Post Preview: #33752 · Replies: 1 · Views: 3,937

Robert83
Posted on: Aug 23 2014, 07:20 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

Wild guess , you are using Ubuntu , if so ...

go to the Webpage and download the Ubuntu deb files to your /home Directory

then fire up the terminal and type in the following command

sudo dpkg -i 4kvideodownloader_3.4-1_i386.deb (in case you downloaded the 32 bit Version)

After the Installation finished , you have 4k Video downloader installed on your Desktop probably.

Greetings
Robert
  Forum: Technical Support · Post Preview: #33751 · Replies: 1 · Views: 2,658

Robert83
Posted on: Aug 23 2014, 07:16 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


NOTE : *=h

Hello ,

The Information provided is not enough for a trully specific answer. But if the cameras are also IP cameras,
I would check out this solution :

*ttp://www.zoneminder.com/

The Problem with your aproach is , that you are using WINE smile.gif , in your case it complicates your life, you are trying
to run a Windows program inside WINE on a Linux box, then also install Drivers for your cameras that probably Need
low Level Access to the Hardware... in the end you will probably be sorry you ever started .

On the other Hand with zoneminder you can achive excelent results... almost like with GeoVision products...

Greetings
Robert

  Forum: Technical Support · Post Preview: #33750 · Replies: 1 · Views: 2,266

Robert83
Posted on: Aug 23 2014, 07:12 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

Just double checking :

CentOS Server located somewhere, connects via Internet to OpenVPN Server :

[CentOS Server]------VPN------[VPN SERVER]----Client wants SSH to CentOS Server

Is this what you are trying to achive here?

I guess the Problem is... that the Client does not know how to reach the CentOS Server... you Need to route or to nat VPN Network,


Greetings
Robert
  Forum: Technical Support · Post Preview: #33749 · Replies: 1 · Views: 3,210

Robert83
Posted on: Aug 23 2014, 07:06 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi all,

I think it would be really nice if someone would fix the Forum :

1. The Images in the tool box for modifing stuff when you add a new post are missing...

2. Whenever I answer a question, or I post a guide I usually Need to use a link... so it would be really nice to allow links for Admins and Support Specialist's at least.


Greetings
Robert
  Forum: General Discussion · Post Preview: #33748 · Replies: 2 · Views: 6,793

Robert83
Posted on: Aug 23 2014, 07:03 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


NOTE * = h

Hello Harry,

Please follow These steps to install R in CentOS 6

Step 1 :

cd /home

Depending on your Distribution 32 or 64 bit do one of the following to as root
## RHEL/CentOS 6 32-Bit ##
wget *ttp://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

## RHEL/CentOS 6 64-Bit ##
wget *ttp://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

Step 2 :

cd /etc/yum.repos.d/epel.repo
make sure that [epel] is enabled , enabled=1
the rest can be left disabled.

Step 3 :
yum install R

And there you have it, you have R installed on CentOS 6 . I've just checked it out it installes correctly.
Unfortunatelly I've never used R , so from here on you are alone.

Greetings
Robert
  Forum: Technical Support · Post Preview: #33747 · Replies: 1 · Views: 3,718

Robert83
Posted on: Aug 21 2014, 03:22 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

it could be possible that DNS queries are redirected ...

the Ubuntu machine is probably connected to a Router , I would check this Router and see what entries it has for DNS
Resolution and if it has iptables port forwarding for port 53 TCP and UDP .

Greetings
Robert
  Forum: Technical Support · Post Preview: #33746 · Replies: 1 · Views: 2,889

Robert83
Posted on: Apr 27 2014, 10:02 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Thank you very much :

Right now I have the following guide online :

Samba 4 Active Directory Domain Controller
SQUID Transparent proxy server (http+https) , https is really intercepted, keys re-generated...even www.grc.com smile.gif is unable to tell the difference, regardless what they say online about not being able to spoof...
FTP Server with User Quotas
OpenVPN Server
Static Routing example with 4 routers
RipV2 dynamic routing example with 4 routers , md5 authentication
OSPF v2 dynamic routing example with 5 routers, dual internet , if primary router dies , secondary router is automatically used , md5 authentication .

... to be continued

Greetings
  Forum: General Discussion · Post Preview: #33684 · Replies: 3 · Views: 6,263

Robert83
Posted on: Apr 22 2014, 04:07 PM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi everyone,

I'm slowly moving all my guides to my own webpage...
it will take a while ... but I hope in the end it will be worth it...

I will be re-doing all of them using CentOS 6.x , plus adding a few things... etc etc


the website is

Roberts.bplaced.net

Greetings
  Forum: General Discussion · Post Preview: #33674 · Replies: 3 · Views: 6,263

Robert83
Posted on: Mar 30 2014, 07:42 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Step 9 - Client configuration

VERY IMPORTANT : all clients in network must use 192.168.186.200 (ip address of samba ad) as primary dns server

Okay so lets join our first client, for whatever reason I tested it first with a Windows XP client , make sure it's in the samba subnet as the
AD , and make sure it is using AD ip as primary DNS, try to ping samba4.home.lan from WinXP client it should answer with
192.168.186.200

Next step is Right Click on My Computer , then Properties , Computer Name , click on Change
And select Domain , type in home.lan , click OK .
You will be asked for username , password , type in Administrator and the password , click OK , after a while you should
receive a message that you have successfully joined the domain home.lan

Reboot the WinXP computer, and login to domain home.lan (or home) with Administrator and password.

Now let's assume will will use this computer as a dedicated computer for managing all our domain related stuff .
(since I'm not able to link here pff sad.gif , I will tell you the names of the software you need to download in order to be able to do that )

Windows 2003 Service Pack2 Administration tools pack for x86 editions
Windows Server 2003 Service Pack 1 32 bit Support Tools - ( .NET framework required, update WinXP first... )
Group Policy Management Console with Service Pack 1

Once you have all this installed you should have quiet a lot of tools available to you in
START - PROGRAMS - ADMINISTRATIVE TOOLS

What you will use most of the time is probably these two
Active Directory Users and Computers
and
Group Policy Management

Step 10 - Enable roaming profiles

On the Samba AD machine run :

CODE
mkdir -p /home/Profiles/Domain Users
smbcontroll all reload-config


From WindowsXP computer with Domain Administrative rights

Alter Security for Profiles folder
Domain Admin full access
Domain Users Read access

For Profiles/Domain Users
Domain Admin and Domain Users Full access

From AD Manager for User Robert Set profile path to
\\samba4.home.lan\Profiles\Domain Users\Robert

Login with robert... alter something on desktop, create a folder or something, logout.
Login again , check /home/Profiles/Domain Users/robert folder , data should be in there...
Now you can add another WinXP computer to the domain, login there with robert, you should be greeted with same desktop .

IMPORTANT THINGS TO KNOW ABOUT AD
FORGET ABOUT NETWORK NEIGHBORHOOD , YOU CANNOT BROWSE THE NETWORK, AND IT IS OKAY , WITH AD YOU SEARCH THE NETWORK
JUST LIKE THE INTERNET YOU DON'T BROWSE IT YOU SEARCH IT.
WITH AD YOU CENTRALLY MANAGE SHARED DRIVES, PRINTERS, YOU CAN SHARE ON COMPUTER A SHARE BUT YOU NEED TO PUBLISH IT WITH
AD FOR OTHER COMPUTERS TO BE VISIBLE.

THE FOLLOWING VIDEOS (pfff links again) SHOULD BE WATCHED

use www.google.com (note : all of them are youtube videos, and quiet helpfull to get you started )

Server 2008 Lesson 15 - Listing Shared Folders and Printers in
PC TechStream How To Map Network Drives With Group Policy Preferences In
Installing Software Using GPO


As you will see AD is quiet a complex beast, and I highly recommend watching these videos, PC TechStream ones are quiet good , you will learn a few
things, and you will also realize what at first seems complex gets quiet straghtforward after a while, and you will realize that it is much better then
SAMBA 3 NT Style domains.


Thank you for reading this GUIDE , hope it works for you.

Sincerely
Robert Becskei
  Forum: Guides Forum · Post Preview: #33653 · Replies: 2 · Views: 18,892

Robert83
Posted on: Mar 30 2014, 07:24 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Step 7 - Test Kerberos

In this step we will test if Kerberos is running properly .

First samba must be started, but it cannot be started with the init script , you can try but it will complain , so trust me and
do this instead.

- start samba
CODE
  samba


if you did everything as told and I made no type here, samba should be up and running without any errors...

- test kerberos
CODE
  kinit administrator


it will display the following :
type administrator password : - type in previously give admin password Tksh48k ( don't use this everywhere )

and you should receive something like this on CentOS 6

Warrning : Your password will expire in 41 days...

This means Samba4 is up and running , Kerberos is doing it's stuff , we are almost good to go.

Last thing is to add samba to /etc/rc.d/rc.local so that it is started every time the system boots up . (cannot be started with init scripts!)

So go ahead and edit your /etc/rc.d/rc.local file to look like this
( just add this line to the end of the file )

CODE
  /usr/sbin/samba




Step 8 - Reboot system , test again if everything is up and running
CODE
reboot


Login to system once rebooted
CODE
ping samba4.home.lan
ping www.google.com
kinit administrator


Every one of these commands should succeed , then proceed to next Step

TO BE CONTINUED ...
  Forum: Guides Forum · Post Preview: #33650 · Replies: 2 · Views: 18,892

Robert83
Posted on: Mar 30 2014, 06:45 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello Everyone,

This one is going to be a SAMBA Active Directory on CentOS 6.x

STEP 1. - Install base system

Download CentOS 6.x iso from CentOS website ( sorry admin does not allow links )
Install system any way you like , with your partitioning layout does not matter .

In this example hostname is : samba4.home.lan and ip address is : 192.168.186.200

STEP 2 - Disable SeLINUX , Iptables

Now we disable SeLINUX like this :
CODE
chkconfig iptables off
chkconfig ip6tables off
vi /etc/selinux/config

Press i
Look for SELINUX= line and change it to SELINUX=disabled
Once you are done editing press ESC , then type :wq then press ENTER
Now we must reboot the server in order for SeLINUX to be disabled.
CODE
reboot


STEP 3. - Update System

CODE
yum update



STEP 4. - Enable SAMBA 4 repo

Why use different repo ? answer : CentOS 6 Samba misses a lot of tools, this is way better, and much much easier to setup , and works just as well.

CODE
touch /etc/yum.repos.d/SOGo.repo
vi /etc/yum.repos.d/SOGo.repo

Press i , then type in the following :
CODE
[sogo-rhel6]
name=Inverse SOGo Repository
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck=0

Once done editing press ESC , then type :wq and press ENTER

STEP 5 - Samba installation , configuration

CODE
yum install samba4


Once it is done you run the following command :

CODE
samba-tool domain provision --user-rfc2307 --interactive


Here a bunch of questions will be asked , but you only need to alter one for our setup :

Domain name : home.lan ( !!! in this example!!! )

After this all settings can be left at default, which means you should still read what it is asking, not just hit ENTER,ENTER,ENTER smile.gif

Somewhere at the end it will ask for domain password, this is the Administrator password, so this at least should be complex
the system requires you to enter at least one uppercase character, some regular characters , and at least one number.
For example : Tksh48k .

Now samba will generate all the necessary db files , setup the necessary groups , users etc for this domain.

Next step we create the directory for our Roaming Profiles

CODE
mkdir /home/Profiles


And make sure our /etc/samba4/smb.conf looks like this :

CODE
[global]
     workgroup = HOME
     realm = HOME.LAN
     netbios name = SAMBA4
     server role = active directory domain controller
     dns forwarder = 8.8.8.8
     idmap_ldb:use rfc2307 = yes

[netlogon]
     path = /var/lib/samba4/sysvol/home.lan/scripts
     read only = No

[sysvol]
    path = /var/lib/samba4/sysvol
    read only = No

[Profiles]
    path = /home/Profiles/
    read only = No


If memory servers right you only need to add [Profiles] to your config file, everything else should already be there, I'm just posting my config
just in case.

STEP 6 - Configure Kerberos , Hosts, Resolv

Samba already generated the necessary Kerberos conf file for us , we only need to move it to the right place, but just in case something bad
could happen, we backup original Kerberos conf file.

CODE
mv /etc/krb5.conf /etc/krb5.conf.original
cp /var/lib/samba4/private/krb5.conf /etc/krb5.conf


Next step is to alter our hosts file it should look like this for the current test system :

/etc/hosts
CODE
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.186.200 samba4.home.lan samba4
::1  localhost localhost.localdomain localhost6 localhost6.localdomain6


Then the resolv conf should look like this for the current test system :

/etc/resolv.conf
CODE
domain homa.lan
search home.lan
nameserver 192.168.186.200 8.8.8.8


8.8.8.8 - this is Google, for TESTING ONLY , please play nice and later use your own DNS server, or the ISP's .


TO BE CONTINUED ...
  Forum: Guides Forum · Post Preview: #33648 · Replies: 2 · Views: 18,892

Robert83
Posted on: Mar 20 2009, 06:27 PM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

This is going to show you how to install Fail2Ban which is a nice little piece of software (or let's admit it, it's really awesome) that can create iptables rules and remove them automaticaly based on your
log files, it can be used with postfix (as in this guide) or with vsftpd , ssh etc... it's config file /etc/fail2ban/jail.conf is quiet detailed about this.

So back to the main thing, you've setup your mail server and it's working fine, only authenticated users are able to send mail, your are not open relay, but still your maillog is full with NOQUEUE junk from
spam bots, the ip's are random, and you come to realize that your maillog is becoming more and more useless, it's hard to find usefull stuff amongs all the junk. Well you need to install Fail2Ban.

Let's being :

You'll need to have DAG's repo on your centos 4.x or 5.x install (I havent tried other distros , but except the installation part , the config is the same) , if you are using any other distro you can find the
package here for quiet a lot of supported distros http://www.fail2ban.org/wiki/index.php/Downloads

Add the following two repost into your yum repos list , /etc/yum.repos.d/CentOS-Base.repo.

CODE
[dag]
name=Dag RPM Repostory for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

[kbs-CentOS-Misc]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
gpgcheck=1
enabled=1
baseurl=http://centos.karan.org/el$releasever/misc/stable/$basearch/RPMS/


Then run the following command to intall Fail2Ban

CODE
yum install fail2ban


And now edit the config file /etc/fail2ban/jail.conf, add these lines to enable postfix filtering :

CODE
bantime  = 86400


[postfix]

  enabled = true
  filter  = postfix
  action  = iptables[name=SMTP, port=smtp, protocol=tcp]
            sendmail[name=Postfix, dest=myname@mydomain.com]
  logpath = /var/log/maillog
  maxretry= 3


now you start the daemon using the following comands

CODE
chkconfig fail2ban on
/etc/init.d/fail2ban start


bantime - is the time the ip is banned for, I have 6 domains here, and my avarage NOQUEUE messages / min were 400 , now it's 30 / min . I've set this to a large value because these ip's are all spam bots
you need to find the time suited for you, I'd say go for 3600 that is 1 hour , that is not to much.

To see it in action check
/var/log/fail2ban.log

there you will see info about blocked ip addresses, also by runing
CODE
iptables -L

you will see fail2ban adding new rules to iptables.

By all mean this is a highly recommended addon to your defenses even if you are not using postfix.

Sincerely
Robert Becskei
  Forum: Guides Forum · Post Preview: #31048 · Replies: 0 · Views: 19,475

Robert83
Posted on: Mar 17 2009, 06:55 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

On a CentOS 4.x system one would issue the command
CODE
yum install vnc-server


then to find the necesary config file and manuals one would issue
CODE
rpm -ql vnc-server


Also usefull command are
CODE
yum provides vnc
yum search vnc
yum search vnc-server


package that provides vnc
search for vnc
search for vnc-server

Sincerely
Robert Becskei
  Forum: Technical Support · Post Preview: #31045 · Replies: 1 · Views: 3,949

Robert83
Posted on: Feb 26 2009, 05:04 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


[I've used US Robotics 56K External Faxmodem , model : 5631 ]

This is a guide on howto setup a Hylafax server ( hylafax-4.4.4-1rhel3 ) on CentOS 3.9 .

Step 1 :

Download and burn a CentOS 3.9 ISO from www.centos.org , and install using minimal install .

Step 2 :

We upgrade the system and install hylafax

CODE
yum upgrade
cd /home
wget ftp://ftp.hylafax.org/binary/linux/redhat/RPMS/i386/hylafax-4.4.4-1rhel3.i386.rpm
yum install ghostscript mgetty-voice
rpm -Uvh hylafax-4.4.4-1rhel3.i386.rpm
ln -s /usr/share/fonts/default/ghostscript /usr/share/ghostscript/fonts
faxsetup


The first set of questions should be left at default .
Init script starts faxq [yes]
Init script starts hfaxd [yes]
Start old protocol [no]
Start paging protocol [no]

The question after this must be answered by you, country code, etc... regular stuff and is not hard .

Then after all questions are answered it will ask on which port the faxmodem is , my modem is on com1 that is ttyS0 on linux ( com 2 = ttyS1 and so on ) . You just enter ttyS0 for COM1 or
ttyS1 for Com2 .

After that it will ask the same questions (country code etc... ) for the modem just enter the details, then it will try and talk to the modem, it will allow you to either chose CLASS 1 or CLASS 2 for modem
you should leave it at default and use CLASS1 , after that it will complain about faxgetty not running and tells you that you should run faxmodem for all added modems select no here .

Now we need to make sure that faxgetty is running (so that we can recieve faxes)

modify your /etc/inittab like this

CODE
# Run faxgetty
s0:234:respawn:/usr/sbin/faxgetty ttyS0


Now we will possibly want all recieve faxes to be sent to our secretary , we need to edit /var/spool/hylafax/etc/FaxDiscpatch

CODE
SENDTO=secretary@mydomain.com;
FILETYPE=pdf;


this will send all incoming faxes via e-mail to our secretary with attached pdf .

Now we make sure hylafax will start each time the system is rebooted and run the following command :

CODE
chkconfig hylafax on


Now let us restart the server , and we are done setting up hylafax on the server , next comes the Windows client.

I reccomend using this client http://winprinthylafax.sourceforge.net/ here , I will not repeat the steps necesary to make it running, as you will see on that
webpage the instrutcions are very-very detailed with pictures present .

What I will tell you however is per client do set the Default notify. That way each user who sends a fax will recieve a mail about SUCCESS or FAILURE to his/her e-mail address .

In order to make this e-mail sending work, I've used postfix and just modified the following few lines in it .

/etc/postfix/main.cf

CODE
relayhost=192.168.10.5 # or any smtp server you are allowed to use , I have my own mail server .
myhostname = hylafax.mydomain.com
mydomain = hylafax.mydomain.com


This is all I've changed in postfix .

Using this setup clients can send faxes from their local pc just by printing, and they recieve a e-mail back about SUCCESS or FAILURE.
Recieved faxes are processed and forwarded via e-mail to secretary.

Sincerely
Robert B
  Forum: Guides Forum · Post Preview: #31010 · Replies: 0 · Views: 8,713

Robert83
Posted on: Apr 18 2007, 03:37 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

I usualy never touch the yum.conf file for proxy settings, I do the following to allow yum and any other program to access internet via proxy server.

Edit the following file

/etc/.profile

using your favorite editor (mine is now)

nano /etc/profile

and add to the end of the file

export http_proxy=http://password:password@192.168.1.250:3228/
export ftp_proxy=$http_proxy

if you used nano and your done editing press CTRL-O to write the file , then press ENTER to confirm.
then press CTRL-X to exit.
then you logout from the system and log back in.

And I think it should work without any problems.

Sincerely
Robert B
  Forum: Technical Support · Post Preview: #28611 · Replies: 1 · Views: 6,559

Robert83
Posted on: Apr 18 2007, 03:30 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

If I remember it right with Permissive setting SElinux will only report things back to you but will NOT block any applications. So I guess if you want to learn about SElinux that would be the best way to start.

Also consider reading this http://www.crypt.gen.nz/selinux/faq.html before starting at all.

Sincerely
Robert B
  Forum: Technical Support · Post Preview: #28610 · Replies: 1 · Views: 4,276

Robert83
Posted on: Apr 18 2007, 03:26 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

you can use this distro http://www.pendrivelinux.com/

Sincerely
Robert B
  Forum: Technical Support · Post Preview: #28609 · Replies: 1 · Views: 3,920

Robert83
Posted on: Apr 18 2007, 03:23 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

I'm not sure if this answer is correct...well it's more of a tip really, I myself played with tv cards a while back, and I used MythTV to record tv programs and do all sorta nice things, I don't know but since it has so many features maybe it has a plugin that will allow you to do the same thing ?

Sincerely
Robert B
  Forum: Technical Support · Post Preview: #28608 · Replies: 3 · Views: 5,613

Robert83
Posted on: Feb 23 2007, 03:15 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hi,

if lspci lists your ethernet card, and there is a entry in /etc/modules.conf about the ethernet card.

then perhaps try and see if

/etc/sysconfig/networking/ifcfg-eth0 read something like this

DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=xx:xx:xx:xx:xx:xx
ONBOOT=Yes
TYPE=Ethernet
DHCP_HOSTNAME=mycomputer


Sincerely
Robert B
  Forum: Technical Support · Post Preview: #28525 · Replies: 3 · Views: 5,765

Robert83
Posted on: Feb 16 2007, 10:09 AM


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


Hello,

Please be so kind dear reader check if my firewall script is correct, and make suggestions in case something is wrong.

eth0 and eth1 is internal network both should be able to communicate with each other without restrictions.
eth0 and eth1 should be able to communicate with ISP lan via eth3 unrestricted via the OUTPUT rules.

eth3 should only be able to access FTP server on this firewall, the ftp server itself is running on THIS firewall.

All users of my network should be able to access computers of this ISP network 10.0.0.0/255.255.255.0 accessible
via $EXTIF or $EXTIP .

If everything is okay than this is what the following script does. The routing information is exchanged between my Linux routers
via Quagga / RIP v2 . ip_forwarding is set to 1 .

Sincerely
Robert B

#!/bin/sh
################################################################################
##
# GLOBAL VARIABLES
################################################################################
##

IFCONFIG=/sbin/ifconfig
AWK=/bin/awk

INTIF="eth0"
INTIF2="eth1"
EXTIF="eth2"
echo " External Interface: $EXTIF"
echo " Internal Interface 1: $INTIF"
echo " Internal Interface 2: $INTIF2"
echo " ---"

EXTIP="`$IFCONFIG $EXTIF | $AWK \
/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
echo " External IP: $EXTIP"
echo " ---"


iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

################################################################################
##
# FORWARD RULES
################################################################################
##

iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # eth0 -> eth2
iptables -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT # eth1 -> eth2
iptables -A FORWARD -i $INTIF -o $INTIF -j ACCEPT # eth0 -> eth0
iptables -A FORWARD -i $INTIF2 -o $INTIF2 -j ACCEPT # eth1 -> eth1
iptables -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT # eth0 -> eth1
iptables -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT # eth1 -> eth0
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT # eth3 -> eth0
iptables -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT # eth3 -> eth1

################################################################################
##
# INPUT RULES
################################################################################
##

iptables -A INPUT -s 127.0.0.1 -j ACCEPT # lo
iptables -A INPUT -i $INTIF -j ACCEPT # eth0
iptables -A INPUT -i $INTIF2 -j ACCEPT # eth1
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # eth3 + any other interface not specified just in case

# ECHO ICMP PING ALLOW
iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

################################################################################
##
# vsFTP Server on the Firewall
################################################################################
##

iptables -A INPUT -i $EXTIF -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT

# ACTIVE
iptables -A INPUT -i $EXTIF -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT

# PASSIVE
iptables -A INPUT -i $EXTIF -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


################################################################################
##
# OUTPUT RULES
################################################################################
##

iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT # lo
iptables -A OUTPUT -s 192.168.1.253 -j ACCEPT # eth0
iptables -A OUTPUT -s 192.168.6.250 -j ACCEPT # eth1
iptables -A OUTPUT -s $EXTIP -j ACCEPT # eth2

################################################################################
##
# POSTROUTING
################################################################################
##

iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.3.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.4.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.5.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.6.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.10.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.11.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.56.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
iptables -t nat -A POSTROUTING -s 192.168.57.0/255.255.255.0 -o $EXTIF -j SNAT --to-source $EXTIP
  Forum: Technical Support · Post Preview: #28523 · Replies: 0 · Views: 2,664

57 Pages V   1 2 3 > » 

New Posts  New Replies
No New Posts  No New Replies
Hot topic  Hot Topic (New)
No new  Hot Topic (No New)
Poll  Poll (New)
No new votes  Poll (No New)
Closed  Locked Topic
Moved  Moved Topic
 

RSS Lo-Fi Version Time is now: 22nd October 2017 - 07:06 AM