Round of questions - fc2
Hello all --
I have been running fc2 for about 5 weeks, with pretty good success -- I am the type to jump right in -- break, fix, etc... There are some questions that I have which I hope can be addressed here -- they run the gammit of subjects, so I hope general is the appropriate forum. Here goes... If I decide to change my distro - must I format my boot partition? currently - hda5--boot (101MB) hda6 - / (34GB) Swap - 1gb (big -- yeah --) ----- I would think I only would need to format hda6 (/). Is there a standard list of files (/etc/fstab for example) that I might backup that can be restores to keep my settings? Is there an easy way for a WIndows kerio 2.15 user to establish a firewall. Please no RTFM, bt, dt. - I'm not 15, and I am exceedingly busy. Does it make sense to use a GUI to help "build" iptables? I installed Shorewall -- but I don't start it, no traffic if I do -- It's still "stock". I also see an error in IPTABLES when I boot -- line 15 in IPTABLES-RESTORE...I look at the script and it's encrypted -- NS! You say -- yeah -- what do I do? I use webmin -- and of course the port is open - listening - 10000. Port 22 is open as well. Can I really set up my apache to serve websites to my colleagues and friends? It's in, I have 12 sites that I am working on up and running -- aven my cgi-bin runs .cgi and .pl scripts. That was easy -- Why can't I let users brows my box? WHy do I need to read 34,000 pages of APACHE howto? Why do folks really expect Linux to make inroads on Windows when it's such a PI the A. Don't get me wrong -- I LOVE my install of FC2 -- I LOVE no freakin' anti-virus slowing me down...and my wife is getting sick of my geekiness when I show her how cool linux apps are. I have the nvidia driver -- works fine (I know about the screensaver [openGL] issue -- who cares?)...but every once in a while the xorg.conf file reverts back to the "nv" driver. It's quick and easy to change -- but why is this happening? I don't install software every day. I prefer not to install and/or run wine. If there is no native app I will do without. I do NOT miss winxp, but I do miss my ability to completely tweak my OS. I am aware that it's doable with linux -- like I said, I am not 15 -- (not ragging -- just the facts). I set Mandrake 10 up for my kids (one is 3, the other 6) they love it. NO internet connection, just a box to run some educational games. Why can't I encrypt specific files or directories? Did anybody use Kremlin? I did for years -- LOVED it. Similar app for linux? ( I have been to the win/lin app site) How safe am I really by NOT running a firewall -- like I said -- IPtables has an error in line 15 of iptables-restore, and I do not have shorewall running. I show stealth at pcflank (or UNKNOWN) and grc -- but these sites are not for me. I don't believe them for a second and would prefer to CLOSE my ports rather than have connections drop. been there, done that -- now how about some actual GUIDANCE from someone that knows -- IN WIndows I am the neighborhood guru -- not much I cannot do. I help people almost daily. So, sure, I have some "computer" knowledge -- but the shift to Linux is dramatic. I like the terminal -- I like to interact with my box -- don't care if it's a GUI app or cmd line -- so I'm not chicken. Why is it so hard to find help for linux? I know your experienced folks get tired of the same questions...yeah, I might, too...but you ARE here at the forum... OK -- why do I get errors when I # gedit /home/mine/file.txt The file will open but I get Authentication errors... I also get lots of GLX errors, but the appy still runs and works. When I tried MONDO I had no success. So, I use the gentoo system util disk to boot, then I mount my back-up partition and run PARTIMAGE. I love it -- runs fast (15 mins to backup 6GB and compress it to 2GB...4 mins to restore the whole thing. Can't get that in Windows!!!) So, is there something out there that is quick and wonderful like partimage that will allow me to restore only the files/directories that I want? Yeah -- I want something that doesn't require a 34 page cryptic manual. Soon enough my kids will know linux like I know windows. That will be cool--they already explore and tinker with their mandrake install -- no -- reading skills are limited and they don't do much, but they have the right attitude and NO FEAR. Woohoo!!! Thanks for reading this post. If all aspects are addressed I am sure I will not be the only one helped by your efforts. I'll give you all the info you need to help me (and others) and will patiently read and try what you say. For the record: dualboot: -----hda------------------------------------------------------------------------------------------------------ hda1 -winxp-ntfs-2.4gb | hda5 -boot -ext3 | hda6 - / - ext3 - 34gb | hda7 - swap | hda8 - ext3 -mnt ----hdb------------------------------------------------------------------------------------------------------- hdb1 - ntfs | mnt- 24GB | hdb2 - ext3 - backup - 42GB | hdb3 - ntfs - tmp for dvd archive, no /mnt fc2 all updated. custom built box -- nforce2 abit nf7 -s board. 512 MB ram - 266, 4 ide drives, memx 8x dvd burner, mitsumi 32x cd-burn, eth DSL (verizon) geforce 2 400, etc, etc..HP 7100 multi This is round of questions part 1 -- Thank you for some assistance in answering these questions machiner |
Moved: More suitable in our Fedora forum.
|
"OK -- why do I get errors when I # gedit /home/mine/file.txt
The file will open but I get Authentication errors... I also get lots of GLX errors, but the appy still runs and works." You can ignore both of these. The auth errors are because you're running as root and gedit can't connect to the session manager. It's just a bug in Linux but it's not a serious one so it'd not been fixed yet. The GLX errors are because you don't have 3D support in your X server set up. Again, it's just a simple bug, I wouldn't worry about it. |
Quote:
As far as getting help with the problems, IMHO you'll get a better return rate if you post each problem in a seperate thread. Just the nature of forums. For the firewall, if you have a simple home network you can get by using Fedora's confusingly named built-in gui: system-config-securitylevel (Hat menu->System Settings->Security Level). Basically it just allows you to pick which ports you want to open. The next step up from that would be firestarter, which is an easy to use gui with more flexibility. Not sure why you get an error with iptables-restore, but if the error message you see is something like "Error occurred at line: 15", that's an error in the input to iptables-restore. [iptables-restore isn't a script, it's a compiled binary, that's why it looks encrypted.] After booting, iptables is intialized by the script in /etc/rc.d/init.d/iptables, which runs iptables-restore with the saved data in /etc/sysconfig/iptables. You might take a look at line 15 of /etc/sysconfig/iptables and see if there's something funky there. That's probably where the trouble is. [Personally I've never had reason to doubt the grc.com probe, but of course if you're behind a home router doing NAT and/or firewalling then it's really testing the router and not the fedora box.] ---------- Quote:
---------- Quote:
---------- Quote:
---------- Quote:
|
Thanks for the responses...
I'll work on iptables. regards, Machiner |
here is the error when I attempt to start iptables through <system settings<servers<services
==============error============ iptables failed. The error was: Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore v1.2.9: Unknown arg `--reject-with' Error occurred at line: 15 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED] =============enderror========== IN the file /etc/sysconfig/iptables-config at line 15 or elsewhere this condition does not exist. wtf? Searching the web doesn't help. RTFM doesn't help. I am without a firewall presently. Not spooked, annoyed. My iptables-config file has no modules listed in the "load modules" section. Here's the file: ===========iptables-config============ # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modules.conf. #IPTABLES_MODULES="" # Unload modules on restart and stop # Value: yes|no, default: yes # This option has to be 'yes' to get to a sane state for a firewall # restart or stop. Only set to 'no' if there are problems unloading netfilter # modules. IPTABLES_MODULES_UNLOAD="yes" # Save current firewall rules on stop. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped # (e.g. on system shutdown). IPTABLES_SAVE_ON_STOP="yes" # Save current firewall rules on restart. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets # restarted. IPTABLES_SAVE_ON_RESTART="no" # Save (and restore) rule and chain counter. # Value: yes|no, default: no # Save counters for rules and chains to /etc/sysconfig/iptables if # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or # SAVE_ON_RESTART is enabled. IPTABLES_SAVE_COUNTER="no" # Numeric status output # Value: yes|no, default: no # Print IP addresses and port numbers in numeric format in the status output. IPTABLES_STATUS_NUMERIC="no" ===================end============ running (I have to run /sbin/iptables-restore -h) does nothing. mhearn -- I DO have 3d accelleration setup -- but the errors still occur. It must be set up wrong, ey? Everything works minty -- except of course some opengl screensavers, and a problem related to Xorg switching back to using the nv drivers periodicallyu...jspaar solved that one...see below, or his post. No worries. Thanks for your response. jspaar -- thanks for the answers, responses. I'll get to them: [iptables-restore isn't a script, it's a compiled binary, that's why it looks encrypted.] Right after I typed that, I went --D'oh. It's a binary file -- not encrypted. See what frustration does? haha. In windows I could easily prevent grc from knowing my machine name. Out of sight out of mind -- I can't do that in linux. Can I block specific ports for specific addys? Can I allow specific appys to use specific ports at specific times? Or, do I need to shell out dough for Gauntlet or something? I am using the livna nvidia drivers. I installed this through synaptic?? I wanna say that's true -- I remember downloading from nvidia's site and using their script, but I don't think I did that with this install of fc2. THat helps -- thank you. My son becons -- Dad -- come PLAY -- thanks for your responses to this point. I would like to post more questions soon...yeah, I am RTFM...but most of these FM don't play nice. bah hahahah I hate computers. machiner |
nevermind. IN the iptable file in sysconfig, I found the --reject with line @ line 15. I deleted it and now I have iptables started.
machiner |
Sounds like progress. :cool:
Quote:
I use a really basic script to punch holes in my firewall: Code:
#!/bin/bash I haven't seen anything that will filter by application, like the way ZoneAlarm on Windows lets you permit or deny net access for each application. But I checked the iptables manpage and it does allow you to filter outgoing packets by which process created them (using the "owner" module options). Quote:
|
Hey man -- thanks for the responses.
I installed guarddog and I'm pretty happy with it. I didn't do much yet, just enable some internet protocols that I need -- nothing local, no network here -- yet. My kids are starting to bug me to go online... I took a peek at gentoo ( I can't help it) today and may put that on my spare drive -- I noticed when I use GFTP that I cannot edit pages on my site. Example...when I used ws_ftp pro in winxp, I liked the fact that I could go onto my site, right-click - edit a file (live) and make my changes, close the file and be done with it. Edited live in a snap and I was good. This doesn't happen in GFTP. I chose kwrite (and/or kedit, gedit, etc.) as my VIEW and EDIT editors and it just doesn't make any changes. I get around this by using the ftp feature in krusader. I really like that file manager. Thanks again on the quick and dirty with apache -- I knew most of what you said -- just brain-farts and no time really. I'll do it next week -- some of my colleagues really want me to post the CRM I use, etc. THat will be cool to let them on my box to collaborate. Did you have any problems with security when you ran a site(s)? Any one else reading have any real security problems? Thanks -- I'll probably start a new thread soon. Regards, machiner |
All times are GMT -5. The time now is 02:39 PM. |