LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Several Delightfully Challenging Problems (Switching from Fedora to CentOS) (http://www.linuxquestions.org/questions/linux-software-2/several-delightfully-challenging-problems-switching-from-fedora-to-centos-4175420688/)

billquinn 08-06-2012 01:50 PM

Several Delightfully Challenging Problems (Switching from Fedora to CentOS)
 
Running as of three days now:
OS: CentOS 6.3
Kernel: 2.6.32-279.2.1.el6.i686
Video Card: GeForce 6200 PCI 256MB DDR2

I've used Fedora since Core 1. But it is, as often described, the "bleeding edge" for Red Hat. I decided I needed an OS more suitable for production work rather than spending more and more time tweaking and solving Fedora problems that came with new releases and packages with alarming regularity. CentOS seemed to offer the stability I wanted.

After installing CentOS 6.3, I was most delighted to find that the latest version of CentOS came with a version of Gnome 2.x rather than the totally ruined 3.x that ships with Fedora. However, there are several items missing from the beloved menus of Gnome 2.x, and I believe I need them.

(1) System ---> Administration: "Network" missing

This items opens a window called "Network Configuration," which had five tabs: Devices, Hardware, IPsec, DNS, and Hosts. I used to use "Devices" to configure eth0, but I also filled in the data needed in "DNS" and "Hosts." Just now I was able to configure eth0 using System ---> Preferences ---> Network Connections (an item that always was there but not needed). However, I was unable to configure DNS and Hosts.

(2) System ---> Administration: "Server Settings" missing

On mouse over, it used to show two tabs: "HTTP" and NFS". This is where I configured NFS for access between my two networked comupters--localhost1 (the new CentOS) and localhost2 (Fedora 12). That's where I specified the local IP address and which directories could be mounted and with either read or read/write permission.

(3) System ---> Administration: "SELinux Management" missing

I presume SELinux is running by default. Without this menu item, I don't even know how to disable it.

Questions:

(1) How can I restore those three menu a items and get their functionality?

(2) nfs currently is working one way, but not the other. localhost1 (CentOS) can mount a directory of localhost2 (Fedora), but not vice verse ("no route to host"). I suspect it's because I couldn't make the configurations on the CentOS machine using the two missing menu items, "1" and "2" above. For my "production" work, I desparately need to have nfs working both ways.

(3) For almost a year under Fedora 15 I was using dual monitors. That is so great for the number of windows I have to have open for my work! Then with a new update, it wouldn't work any more. I don't know whether it is a kernel problem. an X problem, and a nouveau problem. I was hoping with my move to CentOS it would be working again. But, alas, it is not. How can we trace down the problem?

Any help any of you might be able to give me would be greatly appreciated. Thanks so much.

Bill

Kustom42 08-06-2012 02:54 PM

These are all additional gnome utilities that are not apart of the base gnome package. First, I HIGHLY ENCOURAGE YOU TO LEARN HOW TO DO THIS VIA THE COMMAND LINE! Never become dependent on a GUI to manage an Linux system. But for ease of use, I agree that these are much quicker to use.

Do a yum list all | grep -i "gnome"

You will get ALOT of packages listed, but they are mostly self explanatory, so when you do this you see you have a "NetworkManager-gnome" package, you can do a yum info "NetworkManager-gnome" to get its description but this is the package that provides access to the network manager. Take a look over your list and install what you need.

If you have any questions about a specific package we should be able to help.

Additionally, if you have any questions about how to do this via the CLI let us know.

billquinn 08-06-2012 03:34 PM

Thanks so much for the reply, Kustom42.

I'll definitely try the search using "gnome." However, I already have done

yum search " "

on every relevant word I could think of (network, configuration servers, etc.). Maybe "gnome" will find what I need. I'll get back to you on that.

In the meantime, any ideas on question (3)--how to get dual monitors working?

Bill

billquinn 08-06-2012 03:50 PM

Just searched with "gnome." "NetworkManager-gnome" is already installed, and nothing else in the list seemed to be what we were looking for. So that is not what provides the two missing GUIs. Yes, two: since my first post in this thread, I did find the package that restores "SELinux Management" to the menus. But "Network" and "Server Settings" as described in (1) and (2) are still missing.

Bill

chrism01 08-06-2012 07:53 PM

1. it looks like NetworkManager replaces Network http://www.linuxtopia.org/online_boo...iguration.html, in fact the next page talks about GUIs http://www.linuxtopia.org/online_boo...rkManager.html

2. You might be unlucky with NFS GUI; a bit of googling found a few sites that say the RHEL5 tool was discontinued, and the definitive guide here http://www.linuxtopia.org/online_boo...er-export.html basically says use the cli ..

Mind you, as Kustom42 says, its worth knowing how to do it from the cli in case the GUI breaks (or isn't available haha).
Also, most commercial use servers don't have a GUI/desktop installed at all, its pure cli only... that's probably why they dropped it.

billquinn 08-07-2012 10:57 AM

Thanks, chrism01, those links to the Red Hat manual were most helpful. Now concerning your two points:

1. Yes, the two pages cited from the Red Hat manual seem to answer my question about getting "Network" back. Using the descriptions on the two pages, I think I have everything configured correctly with the new interface to NetworkManager. Maybe I do, that is. There might still be something I'm missing, because nfs is still not working both ways.

2. Yes, this page was also very helpful. Before you posted this, my /etc/exports file was empty. Using the material on this page, I used gedit (as root) to create the following contents for /etc/exports:

# This file created by KJM 8-7-2012 for CentOS 6.3

/ 192.168.1.200(rw,sync,no_root_squash)

Here are the contents of several other (probably) related files:

/etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.100 localhost1.localdomain
192.168.1.200 localhost2.localdomain

/etc/config/network

NETWORKING=yes
HOSTNAME=localhost1.localdomain

YET...

(a) From localhost1 (new CentOS) I can mount a directory of localhost2 (Fedora)
(b) From localhost2 (Fedora) I CANNOT mount a directory of localhost1 (new CentOS)

The error messsage is "no route to host."

What could the problem be?

DavidMcCann 08-07-2012 11:06 AM

A quick check of my system shows I have
system-config-network
system-config-selinux

It's worth running the menu editor when you can't see something: sometimes it's there, but the box isn't ticked.

billquinn 08-07-2012 11:52 AM

Thanks, David.

system-config-network: Yes, I believe this was the name of the package for "Network" in the Administration menu. Trying a yum install shows that it is no longer available. What version are you running? According to the links in the post by chrism01, Red Hat stopped providing it with CentOS 6.

system-config-selinux: The new name is "policycoreutils-gui.i686 : SELinux configuration GUI." Someone should be given a prize for this "brilliant" change of name: it's SO much more descriptive. Yes, I found this and installed it. Now "SELinux Management" is back in the Adminstration menu.

Checking the menu editor was a good idea. Never thought of it. However, there were no GUIs unchecked for Administration. :(

Bill

chrism01 08-07-2012 07:49 PM

You'll want to bookmark that RHEL/Centos 6 Deployment/Admin guide and reference it.

Anyway,
Quote:

The error messsage is "no route to host."
I'd run
Code:

# on both hosts
route -n

iptables -nvL

# also ping a 3 count to/from each

ping -c 3 <ip-addr>

Can you check the nfs server processes on the Centos
Code:

ps -ef|grep nfs

billquinn 08-07-2012 08:24 PM

Chris, here's the output to your four requests from both computers:



---------------------------------------------------------------

On localhost1 (192.168.1.100; CentOS)

Quote:

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0


iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2637K 3861M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
20 720 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
9 684 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1440 310K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 1424K packets, 94M bytes)
pkts bytes target prot opt in out source destination
ping to localhost2 (192.168.1.200) WORKS

Quote:

ps -ef|grep nfs

root 2308 2 0 10:51 ? 00:00:00 [nfsd4]
root 2309 2 0 10:51 ? 00:00:00 [nfsd4_callbacks]
root 2310 2 0 10:51 ? 00:00:00 [nfsd]
root 2311 2 0 10:51 ? 00:00:00 [nfsd]
root 2312 2 0 10:51 ? 00:00:00 [nfsd]
root 2313 2 0 10:51 ? 00:00:00 [nfsd]
root 2314 2 0 10:51 ? 00:00:00 [nfsd]
root 2315 2 0 10:51 ? 00:00:00 [nfsd]
root 2316 2 0 10:51 ? 00:00:00 [nfsd]
root 2317 2 0 10:51 ? 00:00:00 [nfsd]
root 4613 2 0 11:51 ? 00:00:00 [nfsiod]
root 4614 2 0 11:51 ? 00:00:00 [nfsv4.0-svc]
root 9137 9109 0 21:08 pts/0 00:00:00 grep nfs
---------------------------------------------------------------

On localhost2 (192.168.1.200, Fedora)

Quote:

route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0


iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1446K 186M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11 492 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
34 4352 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1255 273K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:631
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2049
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 2649K packets, 3814M bytes)
pkts bytes target prot opt in out source destination
ping to localhost2 (192.168.1.200) WORKS!!! (Unexpected)

Quote:

ps -ef|grep nfs

root 1332 2 0 11:41 ? 00:00:00 [nfsd4]
root 1333 2 0 11:41 ? 00:00:03 [nfsd]
root 1334 2 0 11:41 ? 00:00:05 [nfsd]
root 1335 2 0 11:41 ? 00:00:03 [nfsd]
root 1336 2 0 11:41 ? 00:00:03 [nfsd]
root 1337 2 0 11:41 ? 00:00:03 [nfsd]
root 1338 2 0 11:41 ? 00:00:04 [nfsd]
root 1339 2 0 11:41 ? 00:00:03 [nfsd]
root 1340 2 0 11:41 ? 00:00:04 [nfsd]
root 4145 4120 0 21:17 pts/0 00:00:00 grep nfs
---------------------------------------------------------------

chrism01 08-08-2012 12:59 AM

1. please amend the above to use code tags for cmds & output to maintain layout eg indentation/spacing https://www.linuxquestions.org/quest...do=bbcode#code

2. try
Code:

# on Centos
netstat -tanp

Looks like your firewall on Centos is blocking nfs port 2049.
You need to backup & amend the file /etc/sysconfig/iptables-config to match that of the Fedora box, specifically to get these lines on iptables cmd
Code:

# from Fedora box output
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2049


billquinn 08-08-2012 09:53 AM

I adjusted the firewall settings on the CentOS computer to match those on the Fedora computer. Then the mount worked!! This is embarrassing because I had already tried that. However, it must have been before adding the line to /etc/exports (post #6).

Hpwever, once the mount worked, I then experimented with a number of combinations of firewall settings on the CentOS computer. I would very much appreciate some help in understanding the result of the following steps. Using the "Firewall Configuration" GUI:

(1) Under "Trusted Services," checking NFS4 put the line,

Quote:

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
in the output to iptables -nvL.

(2) Under "Other ports" I could alternatively add two entries for 2049 tcp and 2049 udp which then put both lines,

Quote:

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2049
in the output to iptables -nvL.

(3) HOWEVER, neither setting, nor even BOTH settings enable the Fedora computer to mount a directory on the CentOS computer!

(4) The only setting that allowed the mount to work was to check, under "Trusted Interfaces," eth0. Then the mount would work even if neither (1) nor (2) were done--that is, even if neither of these two lines were in the output to the iptables command.

With the "ACCEPT" lines present in the output to iptables, why won't the mount work? Does it seem correct that the mount will work only if eth0 is a trusted interface?

Thanks so much for the continued help.

Ken

chrism01 08-08-2012 07:53 PM

Well, I never use a GUI for that ...

However, there is a difference between a 'Service' eg NFS, MySQL, etc and an 'Interface' ie NIC/Ethernet Card. ;)

In the iptables file, you can (optionally) specify port numbers (which relate to services see /etc/services for 'IANA Well Known Services' ) and optionally(!) specify which interface to use.
The latter is mostly used on servers with multiple NICs, but you can specify it for each line even on a single NIC system.

Definitely get used to using the cmd line to edit stuff.
I know a GUI 'seems' simpler, but in fact it hides a lot of stuff, thus making the decisions/results seem arbitrary and unrelated. :)

Also, most GUIs do not implement the entire range of available settings for the underlying SW, otherwise it would have loads of tabs/boxes.
Sometimes you have to use the cli to get the job done.
(Systems tend to be much more similar/std at the cli; the GUIs can be radically different, thus confusing)

Feel free to post your iptables file contents if you want to ask related qns.

Hope all that helps :)

billquinn 08-09-2012 09:43 AM

Thanks, Chris. Some of your comments were, so far at least, above me. Before retirement, I had worked as a programmer and then taught programming. So I do feel at home with computers. However, one of my reasons for switching from Fedora (the "bleeding edge") to CentOS (one of the most stable OSs) was that, now that I'm retired, I want to spend the great bulk of my time in production work on the computer. In my retirement, this consists of research and writing (on Bible/theology) and maintaining six Web sites. Although it might be interesting to learn more of the skills of a sysadmin, that is really not my retirement goal.

So that's why I much prefer GUIs. I can do work on a terminal, but learning what files do what, where they are, and what commands and syntax they require is something I would like to keep to a minimum.

My for one or two questions (hopefully, you're still reading!). First, here's my iptables file you requested.

Quote:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Now the questions.

(1) By checking eth0 as a "Trusted Interface" in the Firewall Configuration GUI on both computers, NFS works in both directions. This could be taken as "problem solved." However, since eth0 is the door to the computer from the outside, is there a security risk? I have only a two-computer home network, but eth0 is also the door for all things from the Internet.

(2) Why doesn't NFS work when eth0 is not checked but the two 2049 lines appear in the table? (In yesterdays's post, I described the two ways to get them there using the firewall GUI.)

Thanks so much for your continued help.

Bill

chrism01 08-10-2012 12:32 AM

Quote:

However, since eth0 is the door to the computer from the outside, is there a security risk? I have only a two-computer home network, but eth0 is also the door for all things from the Internet.
This implies

router/modem ---- eth0 Centos eth1 ----- eth0 Fedora

in which case you do NOT want to accept new incoming cxns at all on eth0, just related ones to those having gone out (kernel keeps track for you).
You might want to have a read of this http://www.thegeekstuff.com/2011/03/...utbound-rules/

The main thing is to draw a basic network diagram and name the interfaces and then think about what I said.


All times are GMT -5. The time now is 03:38 AM.