CentOS 5 Networking :: Preventing 5.3 From Using A NIC?

Aug 25, 2009

I have a virtualbox installation on top of CentOS, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).

Host OS: CentOS 5.3 64bit
VBox: 3.0.4
Guest OS: Fedora 11 64bit
Hardware: dual NIC, Intel server
Bridged networking, with separate NICs for host and guest

I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G).

So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.

But I can't figure how to tell the host (i.e. CentOS) to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H?

View 5 Replies


ADVERTISEMENT

Software :: Preventing Dependency Conflicts - CentOS 6

Aug 3, 2011

I've recently installed cacti on one of my servers and grimaced a bit when I had to install additional third-party yum repositories for CentOS 6. My question is, how does one go about preventing potential conflicts with certain dependencies overwriting key/critical dependencies relied upon from packages that might share them, i.e. apache? I understand yum priorities and have read the discussions regarding pros/cons from the threads involving one of the YUM maintainers. Since I need my servers to act as production-class equipment and, hence, be as reliable as they can, I'm always hesitant to allow yum to automate package upgrades when third-party repos are involved. How best to handle this?

View 3 Replies View Related

CentOS 5 :: Postfix - SELinux Is Preventing Postdrop

Feb 3, 2010

I am running Postfix on my CentOS (latest) powered box with SELinux at Enforcing mode.

This is what I get each time Postfix tries to send e-mail:

Quote:SELinux is preventing postdrop (postfix_postdrop_t) "write" to pipe (initrc_t).

View 4 Replies View Related

Networking :: Preventing Access Through Iptables?

Jul 9, 2010

I am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.

View 4 Replies View Related

Fedora Networking :: Preventing Host OS From Using A Specific NIC?

Aug 26, 2009

I have a virtualbox installation, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).

VBox: 3.0.4
Guest OS: Fedora 11 64bit
Hardware: dual NIC, Intel server
Bridged networking, with separate NICs for host and guest

I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G). So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.

But I can't figure how to tell the host to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H? I've been reading route and arp manuals all day, but I can't seem to figure anything on this - mainly because arp and route don't know about host/guest processes, and I guess weren't designed with this in mind...

View 4 Replies View Related

Networking :: Preventing Internal Network Traffic With Firewall

Jul 3, 2010

Does anyone know if it is possible to filter/block network traffic between internal hosts on a lan?

Eg. : Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered.

How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3)

All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet.

I would like to know if I can filter traffic between internal hosts.

View 3 Replies View Related

Ubuntu :: Preventing OO From Installing?

Sep 2, 2010

I have finally gotten around to installing Ubuntu 10.4, and I really like it, but it does irk me that OpenOffice is installed by default. Is it possible to prevent OpenOffice from being installed?

View 7 Replies View Related

Fedora :: Preventing Automount Of A Specific HD?

Oct 31, 2009

just a quick question: I have an external HD with 2 partitions, one ext3 and one FAT32.When I plug in the HD both partitions get automatically mounted, but as I only use I use the FAT32 partition to transfer data from/to Windows machines (which does not happen so often) I would like only the ext3 partition to be mounted automatically.

View 2 Replies View Related

Red Hat / Fedora :: Preventing Kernel Updates?

Feb 5, 2010

I'm using the Fedora Eee kernel for Fedora 12 (it's an unofficial kernel for the Eee PC), and want to update my system (I just set it up today). How can I update via command line and prevent an update to the default kernel?

View 1 Replies View Related

General :: Preventing Deleting Of Directory?

Jun 14, 2011

i need to restrict access of deleting to directory and partitions os disk? how do i do it?

View 5 Replies View Related

Security :: Preventing IP Spoofing Using Ip Tables?

May 15, 2010

I have a problem as following: "using iptables to prevent IP spoofing".

View 4 Replies View Related

Server :: Preventing Backscatter With Postfix?

Aug 5, 2010

I have Googled and searched dozens of forums and mailing list archives for a couple days now, and I haven't found a straightforward answer to what is REALLY required in a Postfix main.cf file to stop backscatter.

A couple of our servers are stil being flagged as sending backscatter. Is it possible to send a bounce message these days without it being considered backscatter?

I keep adding suggested "fixes" to my main.cf file, but Backscatterer.org still says we're doing it.

Here's my postconf -n output:

Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix

[Code].....

View 6 Replies View Related

Server :: Preventing SSH Timeouts - Some Clarification?

Jun 8, 2010

We are seeing some dropped SSH connections because of which some of the process are failing . The main likely reason for the connection drops is that both the client and server remains 100% busy during a certain time interval and during that time interval we see those occassional connection closed by the server.

[Code]...

View 1 Replies View Related

CentOS 5 Networking :: Getting Start W/ Centos Networking \ Ssh Commands But Not Setting Up A System And Stuff?

Feb 19, 2010

I just started setting up a linux box in the office...I have some experience with ssh commands but not setting up a linux system and stuff.The box is connected to our network but I have no clue how to make windows & osx talk with it. How can I go by doing that and also setting up an apache server to be able to connect through network. Right now I have apache/linux/mysql running it works when i go to localhost, but I would also like to let all the computers in office to access it. I would guess that will deal with virtual host which I know how to setup. I just need to setup an IP.

View 19 Replies View Related

Debian :: Preventing Email Loss During ISP Change

Sep 11, 2011

I will move my VPS account between hosting services. When I do this I am concerned about losing emails sent between the last user's download and when the IP number changes as the change propagates through the DNS.

View 3 Replies View Related

Fedora :: Preventing KDE App From Restarting After Reboot / Login

Jul 5, 2010

I'm running F13 with KDE 4.4.4 on my desktop PC. A few months ago I had occasion to run Kalarm (invoked via "Kickoff" app launcher). Ever since that time, the Kalarm icon appears in my KDE "system tray" after I login. I power down my PC when I'm finished using it for the day.In an effort to get rid of the Kalarm icon, I changed my KDE "session manager" (System settings -> Advanced -> Session Manager) settings to: "on login: start with an empty session". But the Kalarm icon still appears in my "system tray" after the next reboot/login.I've also tried right-clicking on the Kalarm icon and selecting "quit". The icon still re-appears after the next reboot/login.Why didn't the session manager setting: "on login: start with an empty session" get rid of the Kalarm icon?

View 2 Replies View Related

Fedora :: F12 NetworkManager Daemon Preventing Boot?

Jul 19, 2010

I'm having trouble booting after a recent bunch of updates (haven't been able to boot F12 from hard disk for a couple of days). The boot process gets as far as "NetworkManager daemon [OK]", then just stops. I get this for all 3 kernels that I can choose from the grub menu (2.6.32.16-141, 2.6.32.14-127, 2.6.32.12-115)Mounting the hard drive with a liveUSB, a quick inspection of /var/log/messages reveals that things go smoothly until: etc. until I hit the power button.I ought to mention that I wireless card that requires the Realtek RTL8192SE driver, which requires

Code:
sudo su
make

[code]....

View 1 Replies View Related

Fedora :: Preventing Apps From Opening On A 2nd Monitor?

Mar 15, 2011

I have a 2 monitor configuration, with the second monitor uses exclusively for mythtv. When I'm not actually watching tv or a muvie or watching visualizations with music playing, I actually use the machine for more productive uses. As the result the second monitor is typically not turned on, might have something to do the the fact it's a crt design, consumes a fair bit of power and does a good job keeping the media room overly warm.

The question is, does Fedora 11 or newer have a means to prevent applications from opening on the second monitor? I've checked the obvious places and nothing jumps out .

btw: According to the nvidia x server settings control panel the second monitor is set up as in twinview mode. This mode was chosen to allow the gpu to do most of the video decoding tasks using vdupau or something as I recall.

View 5 Replies View Related

Fedora Security :: Preventing Application From Using Network?

Jun 4, 2011

is it possible to block an application from using the network? If yes, how? I read it's possible with iptables and with selinux... Also, what about creating a user who can't connect and run the application with that user?

View 7 Replies View Related

General :: Memory - Preventing A Process Being Swapped Out?

Aug 30, 2011

Does anyone know of a linux utility which will prevent all memory in a forked process from being swapped out to disk? I've seen the 'mlockall' call, but hacking the app sounds like overkill.My reason for needing this is that I'm running Windows XP under VirtualBox on my linux netbook, and I'm concerned there are basically two levels of swapping going on, which on a single dinky netbook hard disk isn't

View 3 Replies View Related

Ubuntu :: Keyring Preventing VNC Connection After Reboot

May 13, 2010

I have a headless Jaunty server that I need to access from both mac and PC clients. If the server has been rebooted, I can SSH into it, but I can not VNC into it unless I unlock the keychain. The problem is that I can't figure out how to unlock the keychain from SSH connections, so the only available method is to attach a keyboard to the physical box and enter the keychain password at the server itself.Is there a Terminal command that I can use to unlock the keychain? I have seen references to the 'security' command but that appears to be unavailable to Jaunty?

Is there an even better method than a Terminal command? I don't want to be putting passwords into the Terminal log if I can help it. Ideally, I would connect via SSH, confirm the keychain somehow, and tunnel in through VNC.

View 6 Replies View Related

Ubuntu :: Preventing Bootable Media Running?

Jul 22, 2010

This is a bit of an odd one, it's not so much about using Ubuntu but about *not* using Ubuntu. I am just setting up a new computer for my daughter. I have spent days configuring parental controls and lockdowns and such to stop her from being able to view unsuitable content, download programs I don't want, anything that can mess up the computer, etc. etc. At this age I am going to be over her shoulder 100% of the time while she works anyway, but something that occurs to me is that having set up all this control software in Windows, she could actually override the entire thing really easily by booting from a live CD, USB key or similar, she can keep a whole OS in her pocket and I'd never know. You can only watch so much of the time as they grow up.Can I prevent a computer from being capable of booting from external media without some kind of password? How would you begin to go about that?

View 3 Replies View Related

Ubuntu :: Preventing Software Updates From Certain Repositories?

Jul 24, 2010

I just want to prevent updates from certain repos, which are intended only for installation purposes. Those repos, however, also include updates for officially bundled packages, and i dont want to update them - just want to keep those as official versions.

View 9 Replies View Related

Ubuntu Installation :: Preventing Windows From Going Into The Next Desktop

Nov 3, 2010

I do not want my windows to be dragged and placed partially in two desktops. However, I have enabled Edge flipping to move window to next desktop. My problem is with partial overlap. Something which makes the windows stay completely in the desktop, but at the same time allow edge flipping.

View 1 Replies View Related

General :: Preventing Package Installation In Ubuntu 11.04?

May 1, 2011

I'm in the process of installing the usual Python/Numpy/Scipy/Matplotlib combination. I'm using the installed version of Python (2.7) on Ubuntu 11.04 but I've compiled Numpy and Scipy (and ATLAS/LAPACK etc.) from source. I now want to install matplotlib from the repositories but every time I do python-numpy is installed as a dependency of python-matplotlib. I've tried "apt-get hold python-numpy" etc. and also locking the version of each package in synaptic but both synaptic and apt-get will happily install the packages when requested, I assume because hold/lock version don't work on packages that aren't yet installed.

How can I prevent these packages being installed? Or is there a way to tell Ubuntu that I already have versions?

View 6 Replies View Related

General :: Update Error Preventing From The Internet?

Feb 26, 2010

I decided to hit the update icon.It did not finish updating before the power was interrupted. How I get an Error occurred. stating, " E:dpkg was interrupted, you must manually run'dpkg--configure -a'to correct the problem. E:_cache->open()failed,please report. I am lost how to correct this script error.I am sure it is easy. I can open google earth that was downloaded, but not the web.

View 4 Replies View Related

Security :: SELinux Is Preventing Connectto Access?

Jan 13, 2011

I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:

/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-

[code]....

View 1 Replies View Related

Ubuntu :: Preventing Ssh Service From Starting At Boot?

Sep 22, 2010

Since my desktop (Ubuntu 10.4.1 for now) has no need for anyone trying to ssh into it, I want to prevent ssh from starting as a service when I boot up.

If I type: sudo update-rc.d -f ssh-agent remove

in terminal, will that stop the service for all boots (until I run: sudo update-rc.d ssh-agent defaults -- in terminal)?

I've already removed (unchecked) ssh agent key from my startup applications

View 1 Replies View Related

Debian :: Preventing System From Changing Cpufreq Settings

Apr 10, 2011

I am not sure where to post that so I'll just try here.My main question is: How can I prevent the system from changing my cpufreq settings? I'd like to keep the CPU load as low as possible so these settings are probably the best.However when I run some applications that require a higher CPU load the system changes the governor to performance and the rang to 0.8 - 2.4 GHz.And that's my problem. I neither know what application exactly is responsible for changing my cpufreq settings nor do I know how to turn that off.Or is it supposed to be that way?

View 11 Replies View Related

Debian Configuration :: Nautilus Segfault Preventing Login By Gdm

Mar 5, 2010

I removed my .gnome and .nautilus folders and .notifier file. it is working now. I do not know exactly which of these 3 fixed it but I hope this might help someone else!I have some major issue with nautilus which is preventing me from loogging in into my system which is kind of criticle this weekend.I'm running Squeeze with latest updates.

The problem:Today gnome gave some problems caus my taskbar was suddently gone. I couldn't get it back to i reinstall gnome-desktop and updated my whole system. At the update some yes/no questions on a blue screen asking me to restart cups etc had corrupted yes/no buttons. Weird character sets were shown. Well that can happen sometimes i thought.After reinstalling gnome i can't login anymore. My screen keeps flashing while it shows the loading icon of the mouse.Anyone got suggestions? I can't find similar problems on the internet, only problems that happen while already logged in. In my case the segfault prevents gdm starting!
Maurice

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved