LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 09-12-2004, 08:30 AM   #1
machiner
Member
 
Registered: Jun 2004
Location: New England
Distribution: Debian, straight. No chaser.
Posts: 112

Rep: Reputation: 15
Round of questions - fc2


Hello all --

I have been running fc2 for about 5 weeks, with pretty good success -- I am the type to jump right in -- break, fix, etc...

There are some questions that I have which I hope can be addressed here -- they run the gammit of subjects, so I hope general is the appropriate forum. Here goes...

If I decide to change my distro - must I format my boot partition?
currently - hda5--boot (101MB)
hda6 - / (34GB)
Swap - 1gb (big -- yeah --) ----- I would think I only would need to format hda6 (/).
Is there a standard list of files (/etc/fstab for example) that I might backup that can be restores to keep my settings?

Is there an easy way for a WIndows kerio 2.15 user to establish a firewall. Please no RTFM, bt, dt. - I'm not 15, and I am exceedingly busy. Does it make sense to use a GUI to help "build" iptables? I installed Shorewall -- but I don't start it, no traffic if I do -- It's still "stock". I also see an error in IPTABLES when I boot -- line 15 in IPTABLES-RESTORE...I look at the script and it's encrypted -- NS! You say -- yeah -- what do I do?

I use webmin -- and of course the port is open - listening - 10000. Port 22 is open as well.

Can I really set up my apache to serve websites to my colleagues and friends? It's in, I have 12 sites that I am working on up and running -- aven my cgi-bin runs .cgi and .pl scripts. That was easy -- Why can't I let users brows my box? WHy do I need to read 34,000 pages of APACHE howto? Why do folks really expect Linux to make inroads on Windows when it's such a PI the A.

Don't get me wrong -- I LOVE my install of FC2 -- I LOVE no freakin' anti-virus slowing me down...and my wife is getting sick of my geekiness when I show her how cool linux apps are.

I have the nvidia driver -- works fine (I know about the screensaver [openGL] issue -- who cares?)...but every once in a while the xorg.conf file reverts back to the "nv" driver. It's quick and easy to change -- but why is this happening? I don't install software every day.

I prefer not to install and/or run wine. If there is no native app I will do without. I do NOT miss winxp, but I do miss my ability to completely tweak my OS. I am aware that it's doable with linux -- like I said, I am not 15 -- (not ragging -- just the facts).

I set Mandrake 10 up for my kids (one is 3, the other 6) they love it. NO internet connection, just a box to run some educational games.

Why can't I encrypt specific files or directories?

Did anybody use Kremlin? I did for years -- LOVED it. Similar app for linux? ( I have been to the win/lin app site)

How safe am I really by NOT running a firewall -- like I said -- IPtables has an error in line 15 of iptables-restore, and I do not have shorewall running. I show stealth at pcflank (or UNKNOWN) and grc -- but these sites are not for me. I don't believe them for a second and would prefer to CLOSE my ports rather than have connections drop. been there, done that -- now how about some actual GUIDANCE from someone that knows --

IN WIndows I am the neighborhood guru -- not much I cannot do. I help people almost daily. So, sure, I have some "computer" knowledge -- but the shift to Linux is dramatic. I like the terminal -- I like to interact with my box -- don't care if it's a GUI app or cmd line -- so I'm not chicken.

Why is it so hard to find help for linux? I know your experienced folks get tired of the same questions...yeah, I might, too...but you ARE here at the forum...


OK -- why do I get errors when I # gedit /home/mine/file.txt
The file will open but I get Authentication errors... I also get lots of GLX errors, but the appy still runs and works.


When I tried MONDO I had no success. So, I use the gentoo system util disk to boot, then I mount my back-up partition and run PARTIMAGE. I love it -- runs fast (15 mins to backup 6GB and compress it to 2GB...4 mins to restore the whole thing. Can't get that in Windows!!!) So, is there something out there that is quick and wonderful like partimage that will allow me to restore only the files/directories that I want? Yeah -- I want something that doesn't require a 34 page cryptic manual.

Soon enough my kids will know linux like I know windows. That will be cool--they already explore and tinker with their mandrake install -- no -- reading skills are limited and they don't do much, but they have the right attitude and NO FEAR. Woohoo!!!


Thanks for reading this post. If all aspects are addressed I am sure I will not be the only one helped by your efforts. I'll give you all the info you need to help me (and others) and will patiently read and try what you say.

For the record:

dualboot:

-----hda------------------------------------------------------------------------------------------------------
hda1 -winxp-ntfs-2.4gb | hda5 -boot -ext3 | hda6 - / - ext3 - 34gb | hda7 - swap | hda8 - ext3 -mnt



----hdb-------------------------------------------------------------------------------------------------------
hdb1 - ntfs | mnt- 24GB | hdb2 - ext3 - backup - 42GB | hdb3 - ntfs - tmp for dvd archive, no /mnt


fc2 all updated. custom built box -- nforce2 abit nf7 -s board. 512 MB ram - 266, 4 ide drives, memx 8x dvd burner, mitsumi 32x cd-burn, eth DSL (verizon) geforce 2 400, etc, etc..HP 7100 multi



This is round of questions part 1 -- Thank you for some assistance in answering these questions


machiner
 
Old 09-12-2004, 08:43 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 269Reputation: 269Reputation: 269
Moved: More suitable in our Fedora forum.
 
Old 09-14-2004, 10:38 AM   #3
mhearn
LQ Guru
 
Registered: Nov 2002
Location: Durham, England
Distribution: Fedora Core 4
Posts: 1,565

Rep: Reputation: 57
"OK -- why do I get errors when I # gedit /home/mine/file.txt
The file will open but I get Authentication errors... I also get lots of GLX errors, but the appy still runs and works."

You can ignore both of these. The auth errors are because you're running as root and gedit can't connect to the session manager. It's just a bug in Linux but it's not a serious one so it'd not been fixed yet. The GLX errors are because you don't have 3D support in your X server set up. Again, it's just a simple bug, I wouldn't worry about it.
 
Old 09-14-2004, 04:20 PM   #4
jspaar
Member
 
Registered: Feb 2004
Location: California
Posts: 99

Rep: Reputation: 15
Quote:
There are some questions that I have which I hope can be addressed here -- they run the gammit of subjects, so I hope general is the appropriate forum. Here goes...
Hi machiner, you're going through the angst that most windows power-users go through when migrating to linux. And I think your story says a lot about the state of linux-on-the-desktop these days.

As far as getting help with the problems, IMHO you'll get a better return rate if you post each problem in a seperate thread. Just the nature of forums.

For the firewall, if you have a simple home network you can get by using Fedora's confusingly named built-in gui: system-config-securitylevel (Hat menu->System Settings->Security Level). Basically it just allows you to pick which ports you want to open. The next step up from that would be firestarter, which is an easy to use gui with more flexibility.

Not sure why you get an error with iptables-restore, but if the error message you see is something like "Error occurred at line: 15", that's an error in the input to iptables-restore. [iptables-restore isn't a script, it's a compiled binary, that's why it looks encrypted.] After booting, iptables is intialized by the script in /etc/rc.d/init.d/iptables, which runs iptables-restore with the saved data in /etc/sysconfig/iptables. You might take a look at line 15 of /etc/sysconfig/iptables and see if there's something funky there. That's probably where the trouble is.

[Personally I've never had reason to doubt the grc.com probe, but of course if you're behind a home router doing NAT and/or firewalling then it's really testing the router and not the fedora box.]
----------
Quote:
Why can't I let users brows my box?
I'm not running apache these days, but in the past it wasn't too hard to configure. You need port 80 open in iptables. (And obviously, if you have a home router you need to open/forward that port.) You need to have apache enabled in system-config-services so that the server gets started automatically (I forget if it is shown as "apache" or just "www"). In apache's config file you have to bind the server to the network address (not the loopback 127.... address). This is sometimes known as the "listen" address. Sorry I don't remember the lingo apache uses. And finally in the apache config you have to configure the allowable hosts and make sure that everybody is allowed.
----------
Quote:
...every once in a while the xorg.conf file reverts back to the "nv" driver.
Are you using the nvidia rpms from linva.org (as opposed to the nvidia driver script from nvidia's website)? The livina rpm tries to make life convenient by noticing whether the nvidia driver loads properly, and if not it falls back on the "nv" driver so that you still get a graphical login. Normally, this fall-back will only happen if you're booting a newly upgraded kernel (or custom compiled kernel) and haven't yet installed a corresponding nvidia-driver module for that kernel. [Linux is different from windows in this way. The linux kernel will not load a driver which was compiled for an earlier version of the kernel. So after a kernel upgrade, you have to upgrade the third-party drivers as well.]
----------
Quote:
Why can't I encrypt specific files or directories?
You can, but it's not (yet) as easy as it should be. Maybe somebody else can provide a step-by-step. If you have time to experiment, check out this: loopback encryption tutorial
----------
Quote:
Why is it so hard to find help for linux?
Generally the linux community isn't much into hand-holding. If you prove you've made an effort to read the FAQs and google around, you'll get better help from the experts.
 
Old 09-17-2004, 03:51 PM   #5
machiner
Member
 
Registered: Jun 2004
Location: New England
Distribution: Debian, straight. No chaser.
Posts: 112

Original Poster
Rep: Reputation: 15
Thanks for the responses...

I'll work on iptables.


regards,
Machiner

Last edited by machiner; 09-17-2004 at 04:59 PM.
 
Old 09-17-2004, 05:20 PM   #6
machiner
Member
 
Registered: Jun 2004
Location: New England
Distribution: Debian, straight. No chaser.
Posts: 112

Original Poster
Rep: Reputation: 15
here is the error when I attempt to start iptables through <system settings<servers<services
==============error============
iptables failed. The error was: Flushing firewall rules: [ OK ]

Setting chains to policy ACCEPT: filter [ OK ]

Unloading iptables modules: [ OK ]

Applying iptables firewall rules: iptables-restore v1.2.9: Unknown arg `--reject-with'
Error occurred at line: 15
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
=============enderror==========

IN the file /etc/sysconfig/iptables-config at line 15 or elsewhere this condition does not exist.
wtf? Searching the web doesn't help. RTFM doesn't help.
I am without a firewall presently. Not spooked, annoyed. My iptables-config file has no modules listed in the "load modules" section. Here's the file:
===========iptables-config============
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modules.conf.
#IPTABLES_MODULES=""

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
# Value: yes|no, default: no
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="no"
===================end============


running (I have to run /sbin/iptables-restore -h) does nothing.

mhearn -- I DO have 3d accelleration setup -- but the errors still occur. It must be set up wrong, ey? Everything works minty -- except of course some opengl screensavers, and a problem related to Xorg switching back to using the nv drivers periodicallyu...jspaar solved that one...see below, or his post. No worries. Thanks for your response.


jspaar -- thanks for the answers, responses. I'll get to them:

[iptables-restore isn't a script, it's a compiled binary, that's why it looks encrypted.] Right after I typed that, I went --D'oh. It's a binary file -- not encrypted. See what frustration does? haha.

In windows I could easily prevent grc from knowing my machine name. Out of sight out of mind -- I can't do that in linux.

Can I block specific ports for specific addys? Can I allow specific appys to use specific ports at specific times? Or, do I need to shell out dough for Gauntlet or something?

I am using the livna nvidia drivers. I installed this through synaptic?? I wanna say that's true -- I remember downloading from nvidia's site and using their script, but I don't think I did that with this install of fc2. THat helps -- thank you.

My son becons -- Dad -- come PLAY -- thanks for your responses to this point. I would like to post more questions soon...yeah, I am RTFM...but most of these FM don't play nice. bah hahahah

I hate computers.

machiner

Last edited by machiner; 09-17-2004 at 07:17 PM.
 
Old 09-17-2004, 07:29 PM   #7
machiner
Member
 
Registered: Jun 2004
Location: New England
Distribution: Debian, straight. No chaser.
Posts: 112

Original Poster
Rep: Reputation: 15
nevermind. IN the iptable file in sysconfig, I found the --reject with line @ line 15. I deleted it and now I have iptables started.

machiner
 
Old 09-18-2004, 02:40 PM   #8
jspaar
Member
 
Registered: Feb 2004
Location: California
Posts: 99

Rep: Reputation: 15
Sounds like progress.

Quote:
Can I block specific ports for specific addys?
Sure. You just have to create the right iptables rules or find a gui that will do that for you. (And all that the fancy gui's really do is build the iptables rules for you.)

I use a really basic script to punch holes in my firewall:
Code:
#!/bin/bash
 
CHAIN=RH-Firewall-1-INPUT
PORT=162
PROTOCOL=udp
SOURCE=192.168.1.1
TARGET=ACCEPT
WHAT="incoming snmptrapd"
 
echo "opening firewall for $WHAT"
sudo /sbin/iptables -I $CHAIN -p $PROTOCOL --destination-port $PORT --source $SOURCE -j $TARGET
I just tweak the PORT/PROTOCOL/SOURCE/TARGET variables for different applications. The example above will allow (ACCEPT) incoming packets to a particular destination port from a particular host (SOURCE). Change ACCEPT to REJECT and you block incoming packets with that particular host/port combination. Change the CHAIN to OUTPUT to filter outgoing packets (not usually needed).

I haven't seen anything that will filter by application, like the way ZoneAlarm on Windows lets you permit or deny net access for each application. But I checked the iptables manpage and it does allow you to filter outgoing packets by which process created them (using the "owner" module options).

Quote:
Can I allow specific appys to use specific ports at specific times?
You could make scripts that install different iptables rule sets, and then use cron to automatically run them at particular times, no problem. If there is a gui out there that will set this up for you, I don't happen to know of one. LInux still has a bit of catching up to do in gui administration tools, IMHO. But it's getting there...
 
Old 09-19-2004, 08:32 PM   #9
machiner
Member
 
Registered: Jun 2004
Location: New England
Distribution: Debian, straight. No chaser.
Posts: 112

Original Poster
Rep: Reputation: 15
Hey man -- thanks for the responses.

I installed guarddog and I'm pretty happy with it. I didn't do much yet, just enable some internet protocols that I need -- nothing local, no network here -- yet. My kids are starting to bug me to go online...

I took a peek at gentoo ( I can't help it) today and may put that on my spare drive --

I noticed when I use GFTP that I cannot edit pages on my site. Example...when I used ws_ftp pro in winxp, I liked the fact that I could go onto my site, right-click - edit a file (live) and make my changes, close the file and be done with it. Edited live in a snap and I was good.

This doesn't happen in GFTP. I chose kwrite (and/or kedit, gedit, etc.) as my VIEW and EDIT editors and it just doesn't make any changes.

I get around this by using the ftp feature in krusader. I really like that file manager.

Thanks again on the quick and dirty with apache -- I knew most of what you said -- just brain-farts and no time really. I'll do it next week -- some of my colleagues really want me to post the CRM I use, etc. THat will be cool to let them on my box to collaborate.

Did you have any problems with security when you ran a site(s)? Any one else reading have any real security problems?

Thanks -- I'll probably start a new thread soon.

Regards,
machiner
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
just installed FC2...couple questions tho apu95 Fedora 7 02-22-2005 09:14 AM
Questions about logging by FC2 Schmurff Fedora 1 10-05-2004 02:03 AM
yum questions for FC2 mitchdulx Fedora 4 08-16-2004 09:22 PM
PS2 mouse goes crazy [it goes round n round n round...] goci Linux - Hardware 2 10-09-2003 08:15 AM
round robin for servers deepagodkhindi Programming 5 05-11-2003 05:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 12:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration