Programming :: Allowing Https/samba/nfs4 In Firewall With Kickstart?
May 10, 2011
I'm trying to setup a kickstart installation and having some trouble with firewall settings. When you do a manual install it gives you the option on first boot to allow https, samba, and nfs4 in the firewall. I have as yet been unable to find the options for doing this in kickstart. Here is my current firewall line:
firewall --enabled --http --ftp --ssh --smtp --trust=eth0
I have tried just adding --https but it errors on me. Am I just missing the keywords to set these up? I have looked but i can't find keywords for any services except telnet that are not already included in my firewall line. Should i be trying to do this with iptables in post rather than in the kickstart itself?
View 1 Replies
ADVERTISEMENT
Jul 26, 2010
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
View 1 Replies
View Related
Dec 5, 2010
i'm trying to setup a nfs4 server and client. i followed the instructions in
[URL]
The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
[code]....
because we want UID/GUID to be mapped from names. This way, server and client do not need the users to share same UID/GUID. In that case,
1. Should i set those 2 fields to "no" and "yes" respectively instead?
2. Or else, how do i make sure that the uid on the server is mapped to something useful on the client instead of nobody and nogroup?
View 1 Replies
View Related
Feb 23, 2010
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
View 4 Replies
View Related
Feb 6, 2009
What is the best method to upgrade Fedora from 8/9 to 10? I have the DVD, and whenever I try to boot from the DVD it locks up the PC after selecting the default language stuff. I've run the media check on the DVD, and it passes with no problems. I am behind a firewall and for some reason the configuration is not allowing YUM to get through the firewall, but Firefox can get through (I have another post for this issue).
View 4 Replies
View Related
Jul 29, 2010
Samba 3.5 Centos 5.5
I am trying to attempt to set up a samba ldap PDC server.
When I try and connect a computer to the network I get error 'Username could not be found'
I have included smbldap.conf ##smbldap.conf
slapd.conf ##slapd.conf
the smb.conf ##smb.conf
the results of slapcat ##slapcat
the eriror log for log.roor ##log.root
The error I marked as interesting ##interesting , shows that it can't create the user or maybe something else. But up until that time there didn't seem to be a problem.
##smbldap.conf
SID="S-1-5-21-2244683438-1300233924-2635510394"
sambaDomain="internaltest"
slaveLDAP="127.0.0.1"
slavePort="389"
[Code]......
View 2 Replies
View Related
Jan 26, 2011
I have installed CentOS 5.5 along with the Samba package. I have it configured (i believe), but when I try to access a share, it is not accepting my UN/PW. I have copied the smb.conf file from a working computer over to this one, but it is still not accepting my login. Anyone know of any other files I should check?
I have moved a working smb.conf file to this new box, and both computers have the same UN/PW's
View 4 Replies
View Related
Jan 26, 2011
I'm playing around with some shell scripting and I've got a directory call CS005 and I'm trying to write a script to I can locate to the directory really quick and easy.
export CS005DIR=/home/stud/0/043234/CS005
Now I get this error
CS005DIR=/home/stud/0/043234/CS005 No such file or directory.
This is because I've got numerical values within my variable.
Is there a way to allow numbers for variable names?
View 3 Replies
View Related
May 22, 2011
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
View 7 Replies
View Related
Jul 9, 2011
I want to have file sharing with Windows computers, but I guess I am not allowed to while my gufw firewall tool is on. Is there a way I can set up an easy work-around using my firewall?
View 9 Replies
View Related
Apr 4, 2011
Is it safe to put Samba Server outside your Firewall?
View 4 Replies
View Related
May 29, 2010
I'm working on an application that makes http requests using HttpRequest and it's been doing what I need so far without a problem. Now I need to make https requests as well and when I try to make the request, i get this error message:
Code:
Fatal error: Uncaught exception 'HttpInvalidParamException' with message 'Empty or too short HTTP message: ''' in /home/antoranz/waneesia/html/index.php:0 inner exception 'HttpRequestException' with message 'SSL connect error; gnutls_handshake() failed: A TLS packet with unexpected length was received. (https://www.paypal.com/)' in /home/antoranz/waneesia/html/index.php:104 Stack trace: #0 /home/antoranz/waneesia/html/index.php(0): HttpRequest->send() #1 {main} thrown in /home/antoranz/waneesia/html/index.php on line 0
What's going on?
The project: url
View 1 Replies
View Related
Feb 22, 2010
I would like to download and show a source of an webpage in stdout, but this is a https page with authentication form, which requires logging in. I tried like this:
Code:
wget -q --no-check-certificate --http-user=USERNAME --http-password=PASSWORD https://webpage.domain.com -O - However, it still downloaded only this login page, not the real webpage. Using the Firefox I can authenticate just fine. Any ideas?
View 5 Replies
View Related
May 6, 2011
I need to build an https client in 'C' language on linux platfrom and my app is a multithreaded one...in each thread it need to send a seperate https request to the same server..and receive response.... I used openssl library for this, i am able to send request to server. but when i am trying to read the socket (using SSL_Read) it's closing connection(returning 0 with error code 29).
View 3 Replies
View Related
May 12, 2011
I just set up my firewall, and now I can't see any Samba workgroups. It says it can't find any workgroups on my local network, and it may be caused by a firewall. It is a firewall issue because if I disable my firewall, I can see the workgroup. What do I need to open on my firewall to see the workgroup? I am using Slackware64 13.37.
Here is how I set up my firewall.
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
I got the commands from here url.
View 5 Replies
View Related
Jun 8, 2009
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies
View Related
Nov 23, 2010
I have a Perl script behind a firewall. I want to access this script from Python on Google App Engine. I have access to the server running the Perl script via the following methods: SSH VPN What are the ways I can do this with Python on GAE? Can I use something like wget, login through ssh and run the script using perl interpreter?
Currently it is a CGI script that I can access through a web browser if I'm inside the firewall. My only other option is to turn the process around, i.e. have perl send data outside the firewall to google app engine. But I want to know if this is possible as it is now without changing the perl script.
View 8 Replies
View Related
Oct 10, 2013
Consolidate several lines of a CSV file with firewall rules, in order to parse them easier?
I have a .csv file, which I created using an HTML export from a Check Point firewall. The objective is to have all the firewall configuration lines where a given host is present. I have to do this for a few hundred, manually is not a reasonable option. I'm going to write a simple Python script for this.
The problem is that the output from the Check Point firewall is complicated to work with. If a firewall rule works with several source or destination hosts, services or other configurations, instead of having them separated with a symbol other than a comma, I get a new line.
This prevents me from exporting the line where the host is present, since I would be missing info.
Let me show you an example, hostnames are modified, of course:
NO.;NAME;SOURCE;DESTINATION;VPN**;SERVICE;ACTION;TRACK;INSTALL ON;TIME;COMMENT
1;;fwxcluster;mcast_vrrp;;vrrp;accept;Log;fwxcluster;Any;"VRRP;;*Comment suppressed*
;;;;;igmp;;;;;
2;;fwxcluster;fwxcluster;;FireWall;accept;Log;fwxcluster;Any;"Management FWg;*Comment suppressed*
;;fwmgmpe;fwmgmpe;;ssh;;;;;
;;fwmgm;fwmgm;;;;;;;
3;NTP;G_NTP_Clients;cmm_ntpserver_pe01;;ntp;accept;None;fwxcluster;Any;*Comment suppressed*
;;;cmm_ntpserver_pe02;;;;;;;
View 0 Replies
View Related
Jun 15, 2010
I'm using Linux in a large multi-user network. Let A be some group which I'm am member of, but which is not my primary group. According to chmod(2) I should be able to chgrp a file to group A. Trying to do so succeeds on a local as well as on a NFSv3 mount, but not on a NFSv4/Kerberos mount (EPERM). Are there any special considerations regarding chgrp when using NFSv4 mounts?
View 1 Replies
View Related
Jun 27, 2010
I am trying to find the proper way to setup a NFS4 Server with two clients. I have:
FileServer: CentOS 5.5
-IP:10.1.1.200
-User: Max
-Export: /FS-Data
[code]....
User/Group Max owns FS-Data on the FileServer, How do I go about mounting it on the clients, since root can only mount?
View 2 Replies
View Related
Jun 23, 2010
Attempts to do a mount -t nfs4 servername:/share /mnt hang. Performing an strace of the mount shows that the mount command is attempting to find /sbin/mount.nfs4 The nfs server, client, and util packages are installled. Did ps -ef | grep idmapd; ps -ef | grep gssd to check client side daemons and things look good. Not using gssd right now tho. Just want to get the thing to mount. Firewalls are not running. Doing a showmount -e servername reports the shares as being offered. I can mount it using nfs v3 protocol.
View 8 Replies
View Related
May 10, 2011
I have centos 5.6 I'm having trouble mounting my client on nfs4...
everytime I mount my client with proto=tcp I can't mount nfs4 exports directory
but if i change to proto=udp no problem mounting nfs4 export to client
This one no problem mounting
mount -t nfs4 -o hard,intr,proto=udp,port=2049,acregmin=24,acregmax=240,acdirmin=240,acdirmax=240,rsize=32768,wsize=32768 192.168.0.10:/ /uploads
[Code].....
View 6 Replies
View Related
Mar 25, 2011
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
View 9 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Oct 11, 2013
I have a CSV file, which I created using an HTML export from a Check Point firewall policy. Each rule is represented as several lines, in some cases. That occurs when a rule has several address sources, destinations or services.
I need the output to have each rule described in only one line. It's easy to distinguish when each rule begins. In the first column, there's the rule ID, which is a number.
Here's an example. In green are marked the strings that should be moved:
See example. The strings that should be moved are in bold:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp;accept;
;;;;igmp;;
2;Testing;fwgcluster;fwgcluster;FireWall;accept;
;;fwmgmpe;fwmgmpe;ssh;;
;;fwmgm;fwmgm;;;
What I need ,explained in pseudo code, is this:
Read the first column of the next line. If there's a number:
Evaluate the first column of the next line. If there's no number there, concatenate (separating with a comma) the strings in the columns of this line with the last one and eliminate the text in the current one
The output should be something like this. The strings in bold are the ones that were moved:
NO.;NAME;SOURCE;DESTINATION;SERVICE;ACTION;
1;;fwgcluster;mcast_vrrp;vrrp-igmp;accept;
;;;;;;
2;Testing;fwgcluster-fwmgmpe-fwmgm;fwgcluster-fwmgmpe-fwmgm;FireWall-ssh;accept;
;;;;;;
The empty lines are there only to be more clear, I don't actually need them.
View 1 Replies
View Related
Sep 22, 2010
Before I go prodding about on this server does anyone have any experience of sharing a single folder over NFS3 (for compatibility) and NFS4 (for newer clients)??
View 4 Replies
View Related
Oct 14, 2010
I wanted to use NFS4 with id mapping. I followed the write up at [URL] and basically have everything working.
The problem is that I cannot write a file unless I have group write permissions. On the server the user has uid = 1000, gid = 1000. On the client the user has uid =1699, gid = 1000. Both have the same user name.
On the client the directory listing properly shows the user name and the group name. If the file on the server is 644, the client cannot write to the file. If it is 664 on the server, then the client can write to the file.
/etc/export on server contains:
Code:
/export 172.24.84.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/myuser 172.24.84.0/24(rw,nohide,insecure,no_subtree_check,async)
/etc/fstab on client contains:
Code:
nfsserver:/myuser /home/myuser/mntpoint nfs4 rw,noauto,user 0 0
View 5 Replies
View Related
Dec 14, 2010
I tried this command in a Ubuntu 10.10 server
$ sudo mount -t nfs4 -o port=99 xxx.xxx.xxx.xxx:/home /mnt/tmp
The server returns an error message "mount.nfs4: Protocol family not supported" and I have installed nfs-common.
View 5 Replies
View Related
Jun 25, 2011
how to make autofa5 work [with NFS4] using [in]direct mapping but no joy so far. Firsty, this the "/etc/exports" on my NFS4 server (CentOS 5.6):
Code:
/media/exPort htpc(ro,sync,no_subtree_check,no_root_squash,fsid=0)
/media/exPort/mMusic htpc(ro,sync,no_subtree_check,no_root_squash)
and this what I have in there:
Code:
[root@serv03 /]# ls -l /media/exPort/mMusic
total 16
drwxrwxr-x 11 databank lhome 4096 Jun 23 21:25 iTunes
drwxrwxr-x 3 databank lhome 4096 Aug 19 2010 Network Trash Folder
drwxrwxr-x 3 databank lhome 4096 Aug 13 2010 Streaming Radio
[code]....
But it doesn't work - neither it throws any errors in, nor does it mount the share. All I need is to mount "/mMusic" (i.e. /media/exPort/mMusic) as "serv03:/media/nMedia/mMusic" so that tree looks like this:
Code:
.
|-- media
| |-- nMedia
| | |-- mMusic
[code]....
View 2 Replies
View Related
Aug 26, 2010
So I have a few Ubuntu (Hardy till I can find a replacement for Xen) boxes that I am trying move from nfs3 to nfs4.I set it up according to this guide: URL...However I ran into trouble when the client see's all users/groups as nobody/nogroup.The current set up is that all the boxes have synced uids/gids and all users with root access can be trusted. I read some reports that said the only way this could be fixed was by using Kerberos. However I would really prefer not having to move to Kerberos as I have heard that it is very intensive to set up. So what I am looking for here is a solution other than sticking with nfs3 or putting everything on Kerberos. However if you think that Kerberos is easier to set up than I am giving it credit for then that could be useful to hear as well.
View 1 Replies
View Related
