Spring 2007.1 Boxed Version Available - Mandriva

This is a discussion on Spring 2007.1 Boxed Version Available - Mandriva ; The boxed version of Spring is available. Powerpack totaled $94.90. That will provide Mandriva with a few USD (I trust they will not be offended I have no Francs!), and I will have manuals and a couple of nice DVDs. ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 37

Thread: Spring 2007.1 Boxed Version Available

  1. Spring 2007.1 Boxed Version Available

    The boxed version of Spring is available. Powerpack totaled $94.90.
    That will provide Mandriva with a few USD (I trust they will not be
    offended I have no Francs!), and I will have manuals and a couple of nice
    DVDs.

    The new machine is a Microtel,

    CPU: 2 x AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
    Chipset: Nvidia GeForce 6100 nForce 410
    Videocard: G71 [GeForce 7300 GS]
    Hard drives: 2 x ATA WDC WD2500JS-00N
    DVD/CD burner: SONY DVD RW AW-Q170A
    Flash 256MB, USB CF Reader, SM Reader, MS Reader
    Soundcard: nVidia MCP51 AC97 Audio Controller
    Logitech Internet 350 USB Keyboard, PS/2 Wheel Mouse
    533MHz DDR RAM, 450W power supply
    Display: Soyo 19" TFT LCD
    The machine came with Winblows XP installed, which I had to accept or
    settle for a machine that would be slower, with a 350W power supply.

    Install had a couple of glitches, due to my assumption
    that an installed and working OS meant the BIOS had been properly
    set up. First problem: Boot sequence was hard drive, then CD/DVD,
    then removable. Straight to Winblows, without trying to boot from
    a DVD first. Second, the Keyboard was USB, but the BIOS was
    not set for it. Not until an OS was loaded and identified the
    keyboard, and provided the proper driver, would the keyboard
    or mouse work.

    The combination of these two settings kept me sweating blood
    in troubleshooting mode for longer than I wish to admit. I
    finally went into the BIOS and went through the settings, and
    after a few simple changes suddenly all worked.

    I am inclined to play with the new 64-bit OS for a while (thanks
    to disks provided by Patrick), and eventually scrub the sdb disk
    on which Mandriva resides and do a complete reinstall.

    At some point, I have to learn how to get two Mandriva machines
    talking to each other over Ethernet from one machine to a Linksys
    DI-624 router to the other. I have never needed or wanted to
    do such a thing, so now I must learn.

    Any suggestions on where to start? A reasonably concise comprehensive
    Howto would be nice. I think I'll look for that shortly, but advise on
    the best set of instructions would be useful.

    Cheers!

    jim b.

    --
    Sig not yet set up on this machine.....



  2. Re: Spring 2007.1 Boxed Version Available

    Jim Beard wrote:
    >
    > At some point, I have to learn how to get two Mandriva machines
    > talking to each other over Ethernet from one machine to a Linksys
    > DI-624 router to the other. I have never needed or wanted to
    > do such a thing, so now I must learn.
    >
    > Any suggestions on where to start? A reasonably concise comprehensive
    > Howto would be nice. I think I'll look for that shortly, but advise on
    > the best set of instructions would be useful.
    >


    If your DI-624 uses an ip address of 192.168.0.1, then
    setup your 2 systems on that subnet.

    eg. system 1 ip 192.168.0.10
    system 2 ip 192.168.0.11

    Give them proper hostnames (not localhost), both
    will have a netmask of 255.255.255.0 and default
    route (or gateway) of 192.168.0.1.

    Add the hostnames/ip's into /etc/hosts on each system
    (self explanatory when you look at the file).

    I assume all that can be done with the Mandriva GUI tools.

    When each system can ping the other using it's hostname
    you can move onto setting up NFS/CUPS/etc etc etc.

    Now that you have 2 systems, if you really wanted to
    get into it, you could set yourself a goal of using LDAP for
    user authentication/authorization over TLS that still
    worked from either system when the other was shutdown.
    This would involve setting up an LDAP server, adding
    users and groups, setting up PAM, becoming a certificate
    authority, and lots of other good stuff.
    Then you would understand that howto's are of very little value
    and that the bash shell, man pages, official documentation
    and the vi editor are all you need.

  3. Re: Spring 2007.1 Boxed Version Available

    On Fri, 11 May 2007, Jim Beard wrote:

    > The boxed version of Spring is available. Powerpack totaled $94.90.
    > That will provide Mandriva with a few USD (I trust they will not be
    > offended I have no Francs!), and I will have manuals and a couple of
    > nice DVDs.


    Francs??? ;-)

    Robert
    --
    La grenouille songe..dans son ch√Ęteau d'eau
    Links and things http://rmstar.blogspot.com/

  4. Re: Spring 2007.1 Boxed Version Available

    Robert Marshall wrote:
    > On Fri, 11 May 2007, Jim Beard wrote:
    >
    >> The boxed version of Spring is available. Powerpack totaled $94.90.
    >> That will provide Mandriva with a few USD (I trust they will not be
    >> offended I have no Francs!), and I will have manuals and a couple of
    >> nice DVDs.

    >
    > Francs??? ;-)

    ========================
    That was in 1997 .

    France with so many other EU countries now enjoys the glorious EURO.
    A few others still to follow.

    Frank

  5. Re: Spring 2007.1 Boxed Version Available

    foo wrote:
    > Jim Beard wrote:
    >> At some point, I have to learn how to get two Mandriva machines
    >> talking to each other over Ethernet from one machine to a Linksys
    >> DI-624 router to the other.


    foo wrote:
    > If your DI-624 uses an ip address of 192.168.0.1, then
    > setup your 2 systems on that subnet.
    > eg. system 1 ip 192.168.0.10
    > system 2 ip 192.168.0.11


    Done. 192.168.0.106 and 12.168.0.107

    >
    > Give them proper hostnames (not localhost), both
    > will have a netmask of 255.255.255.0 and default
    > route (or gateway) of 192.168.0.1.


    Done. In hosts:
    192.168.0.106 gw.home.invalid gw
    192.168.0.107 jb.home.invalid jb

    NETMASK=255.255.255.0 in /etc/sysconfig/network

    GATEWAY=192.168.0.1 in /etc/sysconfig/networkj

    I also went into the router. The original settings were
    the two Default lines below, and neither machine could
    ping the other, though either could ping the router.

    Action Name Source
    Allow local LAN,192.168.0.106-192.168.0.107
    Destination Protocol, Port range
    LAN,192.168.0.106-192.168.0.107 TCP,1-10240
    Deny Default *,* LAN,* *,*
    Allow Default LAN,* *,* *,*

    Each machine can still ping the router at 192.168.0.1 but
    neither machine can ping the other. I have dropped the firewall
    on the machines with shorewall stop and results were
    interesting. On gw, an attempt to ping the router then
    gets error message

    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted

    while on jb it remains possible to ping
    the router.

    shorewall start returns gw comms to normal.

    Any ideas on what to try next?

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  6. Re: Spring 2007.1 Boxed Version Available

    On Sun, 13 May 2007 16:19:06 GMT, James D. Beard wrote:
    > foo wrote:
    >
    > foo wrote:
    >> If your DI-624 uses an ip address of 192.168.0.1, then
    >> setup your 2 systems on that subnet.
    >> eg. system 1 ip 192.168.0.10
    >> system 2 ip 192.168.0.11

    >
    > Done. 192.168.0.106 and 12.168.0.107

    ^
    |
    Guessing typo there--------'

    >
    >>
    >> Give them proper hostnames (not localhost), both
    >> will have a netmask of 255.255.255.0 and default
    >> route (or gateway) of 192.168.0.1.

    >
    > Done. In hosts:
    > 192.168.0.106 gw.home.invalid gw
    > 192.168.0.107 jb.home.invalid jb


    I assume in both gw and jb


    > NETMASK=255.255.255.0 in /etc/sysconfig/network
    >
    > GATEWAY=192.168.0.1 in /etc/sysconfig/networkj

    ^
    |
    Hmmm, another typo-----------------------------'


    > Action Name Source
    > Allow local LAN,192.168.0.106-192.168.0.107
    > Destination Protocol, Port range
    > LAN,192.168.0.106-192.168.0.107 TCP,1-10240
    > Deny Default *,* LAN,* *,*
    > Allow Default LAN,* *,* *,*


    I cannot comment on router settings since I do not have one but
    I would either add to Protocol or remove LAN from Deny.

    > Each machine can still ping the router at 192.168.0.1 but
    > neither machine can ping the other. I have dropped the firewall
    > on the machines with shorewall stop and results were
    > interesting.


    You might want to use shorewall clear
    on both. not stop.

    Verify gw/jb's /ifconfig -a/ ip address are correct for gw/jb nodes and their
    route -n looks kinda close to this


    $ route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0


    I would dislable ipv6 on both nodes

    $ cat /etc/sysconfig/network
    NETWORKING_IPV6=no <========= disables ipv6
    GATEWAYDEV=eth0
    GATEWAY=192.168.0.1
    HOSTNAME=wb.home.invalid
    NEEDHOSTNAME=no
    NETWORKING=yes


  7. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:
    > On Sun, 13 May 2007 16:19:06 GMT, James D. Beard wrote:
    >> foo wrote:
    >>
    >> foo wrote:
    >>> If your DI-624 uses an ip address of 192.168.0.1, then
    >>> setup your 2 systems on that subnet.
    >>> eg. system 1 ip 192.168.0.10
    >>> system 2 ip 192.168.0.11

    >> Done. 192.168.0.106 and 12.168.0.107

    > ^
    > |
    > Guessing typo there--------'


    Yes.
    >
    >>> Give them proper hostnames (not localhost), both
    >>> will have a netmask of 255.255.255.0 and default
    >>> route (or gateway) of 192.168.0.1.

    >> Done. In hosts:
    >> 192.168.0.106 gw.home.invalid gw
    >> 192.168.0.107 jb.home.invalid jb

    >
    > I assume in both gw and jb


    Yes.
    >
    >
    >> NETMASK=255.255.255.0 in /etc/sysconfig/network
    >>
    >> GATEWAY=192.168.0.1 in /etc/sysconfig/networkj

    > ^
    > |
    > Hmmm, another typo-----------------------------'


    Yep. If working as a typist (in the eyes, out the
    fingertips), I type quite well. But when I try to
    simultaneously think and type, the typing definitely
    suffers. Maybe the thinking, too, but that is not
    so obvious.
    >
    >
    >> Action Name Source
    >> Allow local LAN,192.168.0.106-192.168.0.107
    >> Destination Protocol, Port range
    >> LAN,192.168.0.106-192.168.0.107 TCP,1-10240
    >> Deny Default *,* LAN,* *,*
    >> Allow Default LAN,* *,* *,*

    >
    > I cannot comment on router settings since I do not have one but
    > I would either add to Protocol or remove LAN from Deny.


    My first problem is that the bottom two lines are "Default"
    settings, and cannot be modified. I could delete one or both (I
    think), but restoring would probably require resetting the
    router to its original defaults. This would likely require
    calling up Verizon to have them work on the thing from their
    end, and entail much loss of time. E.g the last time I put in a
    trouble call, I worked my way through the automated response
    system, and at the end was told Verizon intended to resolve the
    problem within 2 days. This is a problem when dealing with a
    router that was built specifically for an ISP that wishes to do
    things "It's way."

    Further, unless I am misreading the meaning, the first Deny line
    says to deny everything headed for the LAN interface (this stops
    initiation of contact from the WAN/Web) and then Allow Default
    allows anything initiated from the LAN. If I remove LAN from
    the Deny Default, it looks to me like the router should deny
    everything from everywhere to everywhere. Not a bad starting
    point, but why was the preceding line included if this is the
    approach to take?

    >
    >> Each machine can still ping the router at 192.168.0.1 but
    >> neither machine can ping the other. I have dropped the firewall
    >> on the machines with shorewall stop and results were
    >> interesting.

    >
    > You might want to use shorewall clear
    > on both. not stop.
    >
    > Verify gw/jb's /ifconfig -a/ ip address are correct for gw/jb nodes and their
    > route -n looks kinda close to this
    > $ route -n
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
    > 169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 eth0
    > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    > 0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0


    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0

    >
    > I would dislable ipv6 on both nodes
    >
    > $ cat /etc/sysconfig/network
    > NETWORKING_IPV6=no <========= disables ipv6
    > GATEWAYDEV=eth0
    > GATEWAY=192.168.0.1
    > HOSTNAME=wb.home.invalid
    > NEEDHOSTNAME=no
    > NETWORKING=yes
    >

    HOSTNAME=gw.home.invalid
    NETWORKING=yes
    NETWORKING_IPV6=no
    GATEWAYDEV=eth0
    GATEWAY=192.168.0.1


    Is the route -n output above useful?

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  8. Re: Spring 2007.1 Boxed Version Available

    On Sun, 13 May 2007 21:27:16 GMT, James D. Beard wrote:
    >
    > Yep. If working as a typist (in the eyes, out the
    > fingertips), I type quite well. But when I try to
    > simultaneously think and type, the typing definitely
    > suffers. Maybe the thinking, too, but that is not
    > so obvious.


    I can comizerate with that. I am constantly amazed at what I have typed
    when I read it on the next slrn pass.

    > My first problem is that the bottom two lines are "Default"
    > settings, and cannot be modified. I could delete one or both (I
    > think), but restoring would probably require resetting the
    > router to its original defaults.


    You might hunt around on the vendor's site/documentation.
    Knowing how to get it reset to factory defaults might not be a bad idea.

    > Further, unless I am misreading the meaning, the first Deny line
    > says to deny everything headed for the LAN interface (this stops


    Like I said, I have no knowledge of the router, but display order does
    not have to be execution order. I have to assume Allow superceeds Deny
    but to keep thing honest, I would have attempted to remove any contention.



    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
    > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    > 0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0
    >
    > Is the route -n output above useful?


    I just wanted to verify the UG Flags field routed to the Gateway.

    If me, I would hook a crossover cable between nodes and verify ping
    worked both ways. Now if you have one of those fancy nics, you may get
    away with just hooking them together with a plain ethernet cable.

    --
    The warranty and liability expired as you read this message.
    If the above breaks your system, it's yours and you keep both pieces.

  9. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:

    > If me, I would hook a crossover cable between nodes and verify ping
    > worked both ways. Now if you have one of those fancy nics, you may get
    > away with just hooking them together with a plain ethernet cable.


    I'll give that a try tomorrow. One end is almost certain to
    work. The Gateway Pentium 4 was built around 2001 I think it
    was, and what that will do is another question.

    For the moment, I will shutdown everything and bring it up
    again. Sometimes that does things I do not expect; usually
    not to the good but better to learn sooner rather than later...

    You suggestions are appreciated. I just do not know enough
    about this area to recognize what I need to learn.

    And the manufacturer's documentation in this instance is
    about as useful as teats on a boar.

    Cheers!

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  10. Re: Spring 2007.1 Boxed Version Available

    On Mon, 14 May 2007 02:10:50 GMT, James D. Beard wrote:
    >
    > For the moment, I will shutdown everything and bring it up
    > again.


    I usually do that.

    > And the manufacturer's documentation in this instance is
    > about as useful as teats on a boar.


    A quick look around
    http://support.dlink.com/products/re...uctid=DI%2D624
    shows one model with a paper clip in the reset hole will reset to
    factory defaults.

    Faq at bottom of page.

  11. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:
    > On Mon, 14 May 2007 02:10:50 GMT, James D. Beard wrote:
    >> For the moment, I will shutdown everything and bring it up
    >> again.

    >
    > I usually do that.
    >
    >> And the manufacturer's documentation in this instance is
    >> about as useful as teats on a boar.

    >
    > A quick look around
    > http://support.dlink.com/products/re...uctid=DI%2D624
    > shows one model with a paper clip in the reset hole will reset to
    > factory defaults.
    >
    > Faq at bottom of page.


    I have the manual downloaded from the D-Link website, and it
    shows the reset. You have to hold it for 5 seconds; a simple
    push will not do it.

    But after doing that, it may be necessary for someone at the
    Verizon server to adjust settings from their side. My 624 is a
    version special-built for Verizon, with a special firmware
    version. After resetting it (at Verizon technician request)
    when I had everything bolloxed up Saturday evening, the
    technician was mumbling to himself as he checked things, with
    the stream of chatter going roughtly, that's ok, good, a change
    there, ok, ... what he did I do not know. I was just happy to
    have someone on the line who seemed to know what he was doing
    and working on the problem.

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  12. Re: Spring 2007.1 Boxed Version Available

    The router is now allowing my machines to ping each other, but I
    am not real happy about some of the behavior. Details below,
    and a request for advice on how to make use of this new capability.

    Bit Twister wrote:
    > Like I said, I have no knowledge of the router, but display order does
    > not have to be execution order. I have to assume Allow superceeds Deny
    > but to keep thing honest, I would have attempted to remove any contention.


    That's two of us with no knowledge of the router, and I have it
    and the manual. Currently, my firewall rules are:

    Allow local LAN,192.168.0.106-192.168.0.107 \
    LAN,192.168.0.106-192.168.0.107 TCP,1-10240
    Deny Default *,* LAN,* *,*
    Allow Default LAN,* *,* *,*

    The bottom two lines are the way the thing came set by default.
    The top line is my addition. I can ping from either of the IP
    addresses listed to each other, and to a VOIP adapter at
    192.168.0.100. I can also ping both these machines and the
    adapter from my wife's iMac at 192.168.0.101. I cannot ping my
    wife's machine, but that may be due to her firewall setting.

    This make me wonder if I need the top line at all, if I can ping
    to LAN addresses not specifically listed and from LAN addresses
    not specifically listed. Yet, if the bottom line allows ICMP to
    and from all on the local net, why did I have problems before?
    Maybe shorewall clear was the critical difference.

    For the moment, I shall simply leave it.

    > If me, I would hook a crossover cable between nodes and verify ping
    > worked both ways. Now if you have one of those fancy nics, you may get
    > away with just hooking them together with a plain ethernet cable.


    Tried the plain ethernet cable. No joy. The light beside the
    socket on one of my machines lights up when the cable is
    working, and it did not light up when I ran an ethernet cable
    from one machine to the other. Spring 2007 gave the error
    message Network Unreachable, and 2006 gave the error message
    Host Unreachable (not exact quotes).

    Another thing cleared up. I no longer get the sendmsg error
    message operation not permitted or some such when shorewall was
    stopped. That I attribute to shorewall clear.

    Anyway, my next problem is how to use this new connectivity to
    copy over files from my old machine to the new one. If needed,
    I could leave the firewalls down and rely on the router
    firewall. Otherwise, I will need to learn what changes (if any)
    to make to shorewall to accommodate transfers on the LAN.

    Suggestions?

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  13. Re: Spring 2007.1 Boxed Version Available

    On Tue, 15 May 2007 00:28:24 GMT, James D. Beard wrote:
    >
    > Tried the plain ethernet cable. No joy. The light beside the
    > socket on one of my machines lights up when the cable is
    > working, and it did not light up when I ran an ethernet cable
    > from one machine to the other.


    Ok, then it would take a crossover cable for a nic to nic hookup.

    > Another thing cleared up. I no longer get the sendmsg error
    > message operation not permitted or some such when shorewall was
    > stopped. That I attribute to shorewall clear.


    When shorewall is setup strict, /stop/ locks it down. /clear/ is wide open.


    > Anyway, my next problem is how to use this new connectivity to
    > copy over files from my old machine to the new one. If needed,
    > I could leave the firewalls down and rely on the router
    > firewall. Otherwise, I will need to learn what changes (if any)
    > to make to shorewall to accommodate transfers on the LAN.


    You can set shorewall to allow all LAN or just by ip.

    If you look in /etc/shorewall/rules
    you add a line at the bottom, -1 line, like

    ACCEPT loc:182.168.1.106 all all

    then host 106 inbound connections are not blocked at all.

    Any rule change will require a shorewall restart
    If not proficent at shorewall rules, you might want to install webmin.
    It will do some checking during rule creation.

    Remember, first rule that fits, rules. :-)


    As an oh, by the way:

    If you have a /etc/hosts.deny, you might want to add
    ALL: ALL:\
    spawn ( \
    /bin/echo -e "\n\
    TCP Wrappers\: Connection Refused\n\
    By\: $(uname -n)\n\
    Process\: %d (pid %p)\n\
    \n\
    User\: %u\n\
    Host\: %c\n\
    Date\: $(date)\n\
    " | /bin/mail -s \"$(uname -n)\" root ) & : DENY

    #*********************** end host.deny ********************************

    That will email root a message that host.deny caught something.

    you could add

    ALL: 192.168.1.106
    to /etc/hosts.allow if you have a hosts.allow

  14. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:

    > You can set shorewall to allow all LAN or just by ip.
    >
    > If you look in /etc/shorewall/rules
    > you add a line at the bottom, -1 line, like
    >
    > ACCEPT loc:182.168.1.106 all all
    >
    > then host 106 inbound connections are not blocked at all.


    Tried that. No joy, despite changing the address to the correct
    one. Shorewall did compile, but results nil. Each machine
    can ping the mta at 192.168.0.100, so pings are going out. But
    neither machine answers the other.

    One factor, my old machine is running 2006/Shorewall 2.0,
    because the 128MB memory is not enough for 2007.1. The new
    machine has 2007.1/Shorewall 3.2.

    For the new machine, I added your line above, corrected. For
    the old machine, I had to define loc in the hosts file:
    loc eth0:192.168.0.107

    The zones file in 2.0 simply lists them, and without the hosts
    entry shorewall would not compile.
    >
    > Any rule change will require a shorewall restart
    > If not proficent at shorewall rules, you might want to install webmin.
    > It will do some checking during rule creation.
    >
    > Remember, first rule that fits, rules. :-)
    >
    >
    > As an oh, by the way:
    >
    > If you have a /etc/hosts.deny, you might want to add
    > ALL: ALL:\
    > spawn ( \
    > /bin/echo -e "\n\
    > TCP Wrappers\: Connection Refused\n\
    > By\: $(uname -n)\n\
    > Process\: %d (pid %p)\n\
    > \n\
    > User\: %u\n\
    > Host\: %c\n\
    > Date\: $(date)\n\
    > " | /bin/mail -s \"$(uname -n)\" root ) & : DENY
    >
    > #*********************** end host.deny ********************************
    >
    > That will email root a message that host.deny caught something.


    Printed out for later use, to make sure I can find it.
    >
    > you could add
    >
    > ALL: 192.168.1.106
    > to /etc/hosts.allow if you have a hosts.allow


    I have neither hosts.allow or hosts.deny. Would an entry in
    hosts.allow permit me to skip the loc entry in rules and/or
    zones/hosts ?

    Cheers!

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  15. Re: Spring 2007.1 Boxed Version Available

    Further addenda. On old machine, top lines of shorewall files in
    /etc/shorewall in some cases listed shorewall 2.0, in other
    cases listed 2.4. Reinstalled shorewall. Now all 2.4.

    Installed webmin. Went through the exercise with that on the
    old machine. No joy. From both machines, I can ping the router
    and the at&t mta. Pinging my wife's iMac yields the error msg
    Destination Host Unreachable
    but pinging either gw or jb from the other simply hangs.

    route -n output looks ok to me:
    192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0

    Off to bed. Will try again tomorrow evening.

    Cheers!

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  16. Re: Spring 2007.1 Boxed Version Available

    On Tue, 15 May 2007 02:04:22 GMT, James D. Beard wrote:
    > Bit Twister wrote:
    >
    >> You can set shorewall to allow all LAN or just by ip.
    >>
    >> If you look in /etc/shorewall/rules
    >> you add a line at the bottom, -1 line, like

    >
    > For the new machine, I added your line above, corrected. For
    > the old machine, I had to define loc in the hosts file:
    > loc eth0:192.168.0.107



    Ok, shorewall usually blocks on inbound connections, so all you would
    need to do is open only one firewall.

    even with 2006, you would not have needed to play in the hosts file.
    Instead of loc, you could use net on 2006
    ACCEPT net:192.168.0.107 ALL ALL

    You use the zone you have defined in the rules file. I had assumed loc
    for the 2007 release. You open 2007 to accept the other machine.
    It could then have entry into 2007.

    > I have neither hosts.allow or hosts.deny. Would an entry in
    > hosts.allow permit me to skip the loc entry in rules and/or
    > zones/hosts ?



    Those files are part of tcpwrapper and not part of shorewall.


    Question about Verizon setup. Is there a connection to the building to
    your router, or is it wireless from the curb to the router, or what?


  17. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:
    > On Tue, 15 May 2007 02:04:22 GMT, James D. Beard wrote:
    >> Bit Twister wrote:
    >>
    >>> You can set shorewall to allow all LAN or just by ip.
    >>> If you look in /etc/shorewall/rules
    >>> you add a line at the bottom, -1 line, like

    >> For the new machine, I added your line above, corrected. For
    >> the old machine, I had to define loc in the hosts file:
    >> loc eth0:192.168.0.107

    >
    >
    > Ok, shorewall usually blocks on inbound connections, so all you would
    > need to do is open only one firewall.


    Well, following the reinstall of shorewall to get all to 2.4 on
    gw, I need to retry your line below first with loc and then with
    net. The zones file now has loc as well as net, which it did
    not have before.

    Currently, if I clear shorewall on both machines and can
    ping each from the other so the connectivity is there. Just
    need to get the settings in the shorewall files right.

    > even with 2006, you would not have needed to play in the hosts file.
    > Instead of loc, you could use net on 2006
    > ACCEPT net:192.168.0.107 ALL ALL
    >
    > You use the zone you have defined in the rules file. I had assumed loc
    > for the 2007 release. You open 2007 to accept the other machine.
    > It could then have entry into 2007.
    >
    >> I have neither hosts.allow or hosts.deny. Would an entry in
    >> hosts.allow permit me to skip the loc entry in rules and/or
    >> zones/hosts ?

    >
    >
    > Those files are part of tcpwrapper and not part of shorewall.


    Ok. I don't think I need tcpwrapper (or do I?) so I'll try to
    do without it.
    >
    > Question about Verizon setup. Is there a connection to the building to
    > your router, or is it wireless from the curb to the router, or what?


    Fiber comes down the street and then down a drop to a box on the
    outside of my house. From there on, it is Ethernet Cat5 or 5e
    to the D-Link DI-624 router, then Cat5e to all machines except
    my wife's laptop. That is wireless, but I don't think that
    should affect anything I am trying to do now.

    Now to go through the shorewall files again, and see what happens.

    Cheers!

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  18. Re: Spring 2007.1 Boxed Version Available

    On Tue, 15 May 2007 21:55:21 GMT, James D. Beard wrote:
    >
    > Well, following the reinstall of shorewall to get all to 2.4 on
    > gw, I need to retry your line below first with loc and then with
    > net. The zones file now has loc as well as net, which it did
    > not have before.


    Hmmm, I would suggest getting into the Mandriva Control Center on each
    system you reinstalled shorwall. That will get 99% of shorwall setup
    for you. Then you go back to playing with making an entry in rules


    >
    > Currently, if I clear shorewall on both machines and can
    > ping each from the other so the connectivity is there. Just
    > need to get the settings in the shorewall files right.


    Oh yeah, I for got to mention during the cable swapping that you
    always reset the devices you have just cabled up.
    Example, if I move nic cable from cable modem to pc2 from pc1, then I
    need to reset cable modem. It want's to talk only to the nic's mac
    address it saw during the last boot/power up.

    I have also found if I bounce the network on my linux firewall
    (service network restart) I also need to do a service shorewall restart
    to allow the LAN pcs internet access.
    >
    > Ok. I don't think I need tcpwrapper (or do I?) so I'll try to
    > do without it.


    You do not need it with shorewall running.

    >
    > Fiber comes down the street and then down a drop to a box on the
    > outside of my house. From there on, it is Ethernet Cat5 or 5e
    > to the D-Link DI-624 router, then Cat5e to all machines


    Thanks, for the feedback, I hope to have the same setup end of July.
    They are putting in the orange conduit as I type.

  19. Re: Spring 2007.1 Boxed Version Available

    Bit Twister wrote:
    > even with 2006, you would not have needed to play in the hosts file.
    > Instead of loc, you could use net on 2006
    > ACCEPT net:192.168.0.107 ALL ALL


    That on 2006 worked. I think I have redundant rules for loc
    included, but I doubt they will do any harm. I have closed down
    the wireless access point, and in this state the router should
    keep all intruders at bay.

    Now, to transfer files, should I just put an ftp server on the
    old machine, and use that to retrieve to the new machine? Or
    is there a simpler way?

    Cheers!

    jim b.

    --
    Unix is not user-unfriendly; it merely
    expects users to be computer-friendly.

  20. Re: Spring 2007.1 Boxed Version Available

    On Tue, 15 May 2007 22:24:43 GMT, James D. Beard wrote:
    >
    > That on 2006 worked. I think I have redundant rules for loc
    > included, but I doubt they will do any harm.


    Famous last words. 8-)

    >
    > Now, to transfer files, should I just put an ftp server on the
    > old machine, and use that to retrieve to the new machine? Or
    > is there a simpler way?


    Ftp works, scp will work, nfs could be used.
    nfs example:
    urpmi nfs-utils

    One machine is the server and one is the client.

    On the server machine you export the directories to be mounted/read by
    the client. When I backup files from the firewall (fw) on the Web
    browser pc (wb) the FW has

    [root,fw] # cat exports
    / wb(rw,no_root_squash,sync)
    /site wb(rw,no_root_squash,sync)
    /accounts wb(rw,no_root_squash,sync)
    /local wb(rw,no_root_squash,sync)

    and on wb, I have done
    [root,wb]# mkdir /xr /xsite /xaccounts /xlocal

    I have a script to mount fw:/* directories on wb:/x* mount points.


    _options="rsize=8192,wsize=8192,timeo=14,intr"
    _dir=(/ /site /accounts /local)
    _mpoint=(/xr /xsite /xaccounts /xlocal)

    # services which should be running on both systems

    service nfslock start
    service nfs start
    service netfs start
    service portmap start

    i=0
    while [ $i -lt ${#_mpoint[@]} ] ; do
    mount -t nfs -o $_options $_node:${_dir[$i]} ${_mpoint[$i]}
    i=$(( $i + 1 ))
    done


    Now to copy a subdirectory from fw to my wb /bkup directory,
    I can do something like

    cp -a /xsite /bkup

    and wb's /bkup/xsite would contain fw:/site contents.

+ Reply to Thread
Page 1 of 2 1 2 LastLast