LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-28-2016, 07:11 PM   #16
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1

Quote:
Originally Posted by /dev/random View Post
What can only be described as Microsoft Windows
64-bit implementation of a
32-bit extension to a
16-bit graphical shell for a
8-bit operating system originally coded for a
4-bit microprocessor by a
2-bit company that can't stand
1 bit of competition.
LFS User ID: 11135 | LFS Version: 5.0
Hope this isn't considered off-topic and that this thread remains in this section. I'm actually annoyed by both Apple and Microsoft. I used to program formulae for pi and prime numbers in BASIC during childhood, and slowly both of those companies took me away from creativity and forced me to use their applications. Several decades later I'm doing my best to catch up with real computing.
 
Old 05-28-2016, 11:55 PM   #17
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,399
Blog Entries: 3

Rep: Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779
ICMP is also needed on a server (or any other networked device):

Code:
   iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
   iptables -A OUTPUT -i eth0 -p icmp -j ACCEPT
Additionally, one very useful utility for testing iptables rules is "iptables-apply" It allows you to test rules and if you can't get back in to confirm that they work, cancels the test.

All that's for IPv4. Does the VPS have IPv6, too?
 
Old 05-29-2016, 06:43 AM   #18
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by Turbocapitalist View Post
ICMP is also needed on a server (or any other networked device):

Code:
   iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
   iptables -A OUTPUT -i eth0 -p icmp -j ACCEPT
with firewalld zones can be configured with icmp-blocks defines as various icmp types
firewall-cmd [--zone=<zone>] --add-icmp-block=<icmptype>
firewall-cmd --zone=public --add-icmp-block=echo-reply

Quote:
Originally Posted by Turbocapitalist View Post
All that's for IPv4. Does the VPS have IPv6, too?
Great idea. I just contacted Lacnic to explore the possibility of allocation of ipV6. Would you please elaborate on your experiences on IPv6 ?
 
Old 05-29-2016, 01:16 PM   #19
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,399
Blog Entries: 3

Rep: Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779
Quote:
Originally Posted by rroopstr View Post
Great idea. I just contacted Lacnic to explore the possibility of allocation of ipV6. Would you please elaborate on your experiences on IPv6 ?
For iptables, the rules need to be repeated using "ip6tables". Does firewalld handle that automatically or must it be specified?

But as for my experiences, they are trivial and hopefully someone with experience will chime in. Not all areas have IPv6 and some that do fail to offer it anywhere near a price that would make it cost effective. However, the situation is improving a bit at a time.

But for what it's worth, Lacnic was at RIPE72 in Copenhagen, DK, just the other day:
https://ripe72.ripe.net/archives/video/226/
https://ripe72.ripe.net/presentation...NIC_RIPE72.pdf

Last edited by Turbocapitalist; 05-29-2016 at 01:17 PM.
 
Old 05-29-2016, 02:00 PM   #20
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by Turbocapitalist View Post
For iptables, the rules need to be repeated using "ip6tables". Does firewalld handle that automatically or must it be specified?

But as for my experiences, they are trivial and hopefully someone with experience will chime in. Not all areas have IPv6 and some that do fail to offer it anywhere near a price that would make it cost effective. However, the situation is improving a bit at a time.

But for what it's worth, Lacnic was at RIPE72 in Copenhagen, DK, just the other day:
https://ripe72.ripe.net/archives/video/226/
https://ripe72.ripe.net/presentation...NIC_RIPE72.pdf
I am not sure if that can be done automatically. I've never dealt with ipv6 before. But if you say that IPv6 will incur in extra cost, chances are I won't contract it. By the time being I concentrate on having my own websites and mailservers in full operating condition so that I will be able to host same for my friends.
 
Old 05-29-2016, 02:15 PM   #21
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,399
Blog Entries: 3

Rep: Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779
Quote:
Originally Posted by rroopstr View Post
I am not sure if that can be done automatically. I've never dealt with ipv6 before. But if you say that IPv6 will incur in extra cost, chances are I won't contract it. By the time being I concentrate on having my own websites and mailservers in full operating condition so that I will be able to host same for my friends.
I just made some changes with firewalld and verified them with "ip6tables-save". It does set up the IPv6 rules automatically along with the IPv4.

On non-production LANs you can do quite a bit with an IPv6 capable router and then a tunnel. But as to the cost for IPv6, that varies from ISP to ISP. Some don't have it, some have it and include it (because it saves them), some have it but charge extra (because they can). You'll have to check with the ISP(s) in your area. If you can get it as part of your regular package, it would be worth starting with.
 
Old 05-29-2016, 06:24 PM   #22
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by Turbocapitalist View Post
I just made some changes with firewalld and verified them with "ip6tables-save". It does set up the IPv6 rules automatically along with the IPv4.

On non-production LANs you can do quite a bit with an IPv6 capable router and then a tunnel. But as to the cost for IPv6, that varies from ISP to ISP. Some don't have it, some have it and include it (because it saves them), some have it but charge extra (because they can). You'll have to check with the ISP(s) in your area. If you can get it as part of your regular package, it would be worth starting with.
Hi Turbocapitalist. My ISP replied that unfortunately they have no IPv6 addresses available. I opened a ticket with Lacnic (based in Uruguay, the are the official top level IP registrar for Latin America) because this ipv6 alternative sparks my interest. Let's wait to find out what their business strategy is.
 
Old 05-30-2016, 01:06 AM   #23
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,399
Blog Entries: 3

Rep: Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779
Do the other ISPs in the area have IPv6? Maybe they also have something else to make it worth switching.
 
Old 05-30-2016, 10:22 PM   #24
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1
We just have low international physical connections, one to USA and another one to Cuba. We are stuck with a government monopoly phone-internet provider with dynamic IPs and horrible DNS. That is why I've been so eager to learn about BIND recently. Once we oust this regime you'll find huge investment opportunities as we are technologically savvy populations, we were among the first countries to have widespread use of cell phones in the 90s

BTW firewalld v0.4.2 was released today, it's supposed to fix the bugs that made me miserable last wekk. They have three download sources but I'm unclear on which methos is most appropriate. Filezila 3.18 was also released today. Software companies seem quite busy today.

The new firewalld version 0.4.1.2 is available here:
https://fedorahosted.org/released/fi...-0.4.2.tar.bz2

Also on github:
https://github.com/t-woerner/firewal...ses/tag/v0.4.2

And in the github repository:
https://github.com/t-woerner/firewalld/
<https://github.com/t-woerner/firewalld/tree/v0.4.0>
 
Old 05-30-2016, 11:30 PM   #25
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,399
Blog Entries: 3

Rep: Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779Reputation: 3779
Quote:
Originally Posted by rroopstr View Post
We just have low international physical connections, one to USA and another one to Cuba. We are stuck with a government monopoly phone-internet provider with dynamic IPs and horrible DNS. That is why I've been so eager to learn about BIND recently.
That'll do it. I suppose there is missing a level of service agreement and/or substituting M$ for a real DNS.
BIND is the most well-known utility. What did you think of the other options? Some are quite easy to rule out, based on lack of DNSSEC or IPv6. Others like at PowerDNS or OpenBSD's Unbound look interesting The latter has a lot of refinement in both the DNS and the OS itself. I don't need to run Unbound myself, but as far as the OS goes, I find it easy, organized, and low-maintenance.

Quote:
Originally Posted by rroopstr View Post
Once we oust this regime you'll find huge investment opportunities as we are technologically savvy populations, we were among the first countries to have widespread use of cell phones in the 90s

Quote:
Originally Posted by rroopstr View Post
BTW firewalld v0.4.2 was released today, it's supposed to fix the bugs that made me miserable last wekk. They have three download sources but I'm unclear on which methos is most appropriate. Filezila 3.18 was also released today. Software companies seem quite busy today.

The new firewalld version 0.4.1.2 is available here:
[snip]
Any of the three download methods should be fine. However, I would be sure to roll an RPM with the new source rather than trying to install it uncontrolled, if it's not backported. If you haven't done it before, a dangerous over-simplification is to get the SRPM, drop in your new source code, bump the version number and rebuild the RPM. However, be sure to read through the process and try on a spare machine first, if even just a VM. Staying within the package management system is essential for avoiding a mess. You can give your new package a version number with "rroopstr" or something else in it to identify it as non-standard, so if it does get an official upgrade you can back out your own changes.
 
1 members found this post helpful.
Old 06-01-2016, 06:40 AM   #26
rroopstr
Member
 
Registered: Apr 2016
Location: Caracas, Venezuela
Distribution: CentOS 7.2
Posts: 75

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by Turbocapitalist View Post
That'll do it. I suppose there is missing a level of service agreement and/or substituting M$ for a real DNS.
BIND is the most well-known utility. What did you think of the other options? Some are quite easy to rule out, based on lack of DNSSEC or IPv6. Others like at PowerDNS or OpenBSD's Unbound look interesting The latter has a lot of refinement in both the DNS and the OS itself. I don't need to run Unbound myself, but as far as the OS goes, I find it easy, organized, and low-maintenance
Hi Turbocapitalist! I have not tried PowerDNS or OpenBSD. No issues with BIND whatsoever since successful install.

Quote:
Originally Posted by Turbocapitalist View Post
Any of the three download methods should be fine. However, I would be sure to roll an RPM with the new source rather than trying to install it uncontrolled, if it's not backported. If you haven't done it before, a dangerous over-simplification is to get the SRPM, drop in your new source code, bump the version number and rebuild the RPM. However, be sure to read through the process and try on a spare machine first, if even just a VM. Staying within the package management system is essential for avoiding a mess. You can give your new package a version number with "rroopstr" or something else in it to identify it as non-standard, so if it does get an official upgrade you can back out your own changes.
I got a new email from Thomas Woerner of Firewalld. You once asked me what was the advantage of firewalld software. Well, definitely having direct support from the person who codes it probably beats everything else!

Quote:
Thomas Woerner <notifications@github.com>
4:12 (hace 3 horas)
para t-woerner/fire., mí, Author
Do you want to use python2 or python3?
In the firewalld repo there is a firewalld.spec file. With this it is simply to generate packages for Fedora and also RHEL >= 7. For RHEL-7 it is still using python2, for Fedora >= 23 python3. TO build a package with it you can simple do the following in the root directory of the firewalld source tree:

./autogen.sh
make test-rpm
Or you can use

rpmbuild -ta firewalld-0.4.2.tar.gz
with a release from https://fedorahosted.org/released/firewalld/ or https://github.com/t-woerner/firewalld/releases
During the last few days I've been configuring awstats for apache. It's installed but hasn't generated any statistics since day one. This is the thread on awstats in case you would be interested in looking at it. Statistics after all are an important resource to check if one's work is of interest to potential customers
http://www.linuxquestions.org/questi...nt-4175580931/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Closed Port/Port in use when attempting to port forward for server. Tetrad Linux - Networking 2 07-06-2015 11:54 AM
IP Tables shows port open, nmap shows port closed tkinsella Linux - Security 4 09-12-2014 02:43 AM
2.4.20-8 port 25 closed, cant open mwmethe Linux - Networking 4 10-27-2004 02:54 PM
2.4.20-8 port 25 closed, cant open mwmethe Linux - Networking 1 10-27-2004 01:37 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration