Hi All,
I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2
I can ssh in.
I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password)
But I cannot connect.
How do I add 5900 to the centos firewall? How do I edit the conf file?
I only have SSH ability at this point...
-jason
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jason Todd Slack-Moehrle wrote:
Hi All,
I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2
I can ssh in.
I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password)
But I cannot connect.
How do I add 5900 to the centos firewall? How do I edit the conf file?
I only have SSH ability at this point...
-jason _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Learn how to add ports to your iptables file, then it should work.
Hi,
How do I add 5900 to the centos firewall? How do I edit the conf file?
Learn how to add ports to your iptables file, then it should work.
OK, maybe I should have been more clear and stated that I am following:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-fw.html
and looking for /etc/sysconfig/iptables or /etc/sysconfig/system- config-selinux
and not finding it....
-Jason
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 16:04:23 -0700:
and looking for /etc/sysconfig/iptables
you have to install iptables. Then you get iptables-config. The file you mention is created when you save the state of iptables with service iptables save. And the rules are loaded from it on next startup. For that there have to be rules added to iptables (via command-line, not added to the file), of course!
Kai
On 24-Apr-09, at 3:51 PM, Jason Todd Slack-Moehrle wrote:
Hi All,
I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2
I can ssh in.
I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password)
But I cannot connect.
How do I add 5900 to the centos firewall? How do I edit the conf file?
I only have SSH ability at this point...
-jason _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
It should be pretty self explanatory once in there.
d
On Fri, 2009-04-24 at 16:05 -0700, Jason Todd Slack-Moehrle wrote:
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
---- yum install system-config-network-tui system-config-network-tui
Craig
Hi,
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
yum install system-config-network-tui system-config-network-tui
This just lets you change UP/DNS info if I recall.
Wont do anything to the firewall.
-Jason
On 24-Apr-09, at 4:14 PM, Jason Todd Slack-Moehrle <mailinglists@MailNewsRSS.com
wrote:
Hi,
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
yum install system-config-network-tui system-config-network-tui
This just lets you change UP/DNS info if I recall.
Wont do anything to the firewall.
-Jason
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Install the setup program as I pointed out in another email.
As for editing the firewall, (without the setup program) you would use the "iptables" command and it's switches to get the work done.
You could also use something like fwbuilder which is a GUI that writes your iptables script for you.
D
Hi,
As for editing the firewall, (without the setup program) you would use the "iptables" command and it's switches to get the work done.
[root@Server1 bin]# man iptables No manual entry for iptables [root@Server1 bin]# man ipchains No manual entry for ipchains [root@Server1 bin]#
So is there something wrong with what they set me up with?
-Jason
On Fri, 2009-04-24 at 16:22 -0700, Jason Todd Slack-Moehrle wrote:
Hi,
As for editing the firewall, (without the setup program) you would use the "iptables" command and it's switches to get the work done.
[root@Server1 bin]# man iptables No manual entry for iptables [root@Server1 bin]# man ipchains No manual entry for ipchains [root@Server1 bin]#
So is there something wrong with what they set me up with?
---- ipchains for 2.4 version kernels, iptables for 2.6 kernels
# rpm -q iptables iptables-1.3.5-4.el5
# rpm -ql iptables|grep man /usr/share/man/man8/iptables-restore.8.gz /usr/share/man/man8/iptables-save.8.gz /usr/share/man/man8/iptables.8.gz
seems as though you need to install iptables package
Craig
[root@Server1 bin]# man iptables No manual entry for iptables [root@Server1 bin]# man ipchains No manual entry for ipchains [root@Server1 bin]#
So is there something wrong with what they set me up with?
seems as though you need to install iptables package
[root@Server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
But if iptables is not installed, how is port 5900 being blocked?
-Jason
On Fri, 2009-04-24 at 16:33 -0700, Jason Todd Slack-Moehrle wrote:
[root@Server1 bin]# man iptables No manual entry for iptables [root@Server1 bin]# man ipchains No manual entry for ipchains [root@Server1 bin]#
So is there something wrong with what they set me up with?
seems as though you need to install iptables package
[root@Server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
But if iptables is not installed, how is port 5900 being blocked?
---- maybe the xen host is blocking them. Maybe upstream router is blocking.
why not just use freenx and run everything through ssh port which clearly isn't blocked? It's faster and better anyway.
Craig
On Fri, Apr 24, 2009 at 04:33:20PM -0700, Jason Todd Slack-Moehrle wrote:
[root@Server1 /]# uname -a Linux Server1 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux
Ask your hoster, this is definitely NOT a CentOS provided kernel. Who knows what else has been changed on your distribution, but this is no longer CentOS.
see http://wiki.centos.org/irc_centos_request
Tru
On Fri, 2009-04-24 at 16:14 -0700, Jason Todd Slack-Moehrle wrote:
Hi,
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
yum install system-config-network-tui system-config-network-tui
This just lets you change UP/DNS info if I recall.
Wont do anything to the firewall.
---- sorry, my mistake... system-config-securitylevel-tui
Craig
On Fri, 24 Apr 2009 16:10:19 -0700, Craig White wrote
On Fri, 2009-04-24 at 16:05 -0700, Jason Todd Slack-Moehrle wrote:
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
yum install system-config-network-tui system-config-network-tui
Craig
I got it using
/usr/bin/system-config-securitylevel-tui
-- Brian http://wx.Tatorz.com Open WebMail Project (http://openwebmail.org)
On 24-Apr-09, at 4:05 PM, Jason Todd Slack-Moehrle <mailinglists@MailNewsRSS.com
wrote:
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
-Jason _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Yum install setup
D
How do I add 5900 to the centos firewall? How do I edit the conf file?
You can get into a FW cfg screen (sort of gui - ncurses I beleive) by running:
# setup
Hmm, after ssh'ing in, I run setup and nothing. a 'locate' turns up nothing either..
Yum install setup
So I thought too:
Updated: setup.noarch 0:2.5.58-4.el5 Complete! [root@Server1 /]# setup -bash: setup: command not found
There is something fundamental that I am missing and having never used CentOS is probably not helping.
-Jason
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 16:20:24 -0700:
There is something fundamental that I am missing and having never used CentOS is probably not helping.
I think the point is that you are *not* on CentOS. Your system is *derived* from CentOS. You should contact your hoster.
Kai
Hello, all.
I'm looking at building about a dozen CentOS VM's for a project. I have a desire to use kickstart for this coupled with PXE. I'm looking for a minimal ks.cfg file specifically, I want the bare minimum of software that is needed for a system to function. I will need sshd and yum as the only 'services or applications' on top of the OS. Does anyone have an example I can work with, or suggestions on getting to this minimal configuration? I'm just looking to save some time, rather than re-inventing what may and probably is already out there.
Thanks
Daniel
On Fri, 24 Apr 2009 20:48:43 -0500, Daniel_Curry wrote
I'm looking at building about a dozen CentOS VM's for a project. I have a desire to use kickstart for this coupled with PXE. I'm looking for a minimal ks.cfg file specifically, I want the bare minimum of software that is needed for a system to function. I will need sshd and yum as the only 'services or applications' on top of the OS. Does anyone have an example I can work with, or suggestions on getting to this minimal configuration? I'm just looking to save some time, rather than re-inventing what may and probably is already out there.
If you find such a thing, please post to the list. You're not the only one who could use something like that, as the installer and its defaults make it almost impossible to do consistent installations.
Thanks, --Bill
On Fri, 24 Apr 2009, Daniel_Curry@Dell.com wrote:
Hello, all.
I'm looking at building about a dozen CentOS VM's for a project. I have a desire to use kickstart for this coupled with PXE. I'm looking for a minimal ks.cfg file specifically, I want the bare minimum of software that is needed for a system to function. I will need sshd and yum as the only 'services or applications' on top of the OS. Does anyone have an example I can work with, or suggestions on getting to this minimal configuration? I'm just looking to save some time, rather than re-inventing what may and probably is already out there.
I assume that you are looking for all of the packages that can be removed from an install that just has @core and @virtualization specified for the package groups that you want installed?
One way to do this would be to use "%packages --nobase". This is an extremely stripped down install, that is still functional (well it boots). You will need to add packages to it, especially since yum and ssh aren't included. Many other utilities will be missing as well, hopefully this link will get you closer to what you want.
http://openrent.blogspot.com/2005/11/ultra-minimal-kickstart.html
-- Eric
On Fri, Apr 24, 2009 at 9:48 PM, Daniel_Curry@dell.com wrote:
Hello, all.
I'm looking at building about a dozen CentOS VM's for a project. I have a desire to use kickstart for this coupled with PXE. I'm looking for a minimal ks.cfg file specifically, I want the bare minimum of software that is needed for a system to function. I will need sshd and yum as the only 'services or applications' on top of the OS. Does anyone have an example I can work with, or suggestions on getting to this minimal configuration? I'm just looking to save some time, rather than re-inventing what may and probably is already out there.
Thanks
Daniel _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Apr 24, 2009 at 9:48 PM, Daniel_Curry@dell.com wrote:
Hello, all.
I'm looking at building about a dozen CentOS VM's for a project. I have a desire to use kickstart for this coupled with PXE. I'm looking for a minimal ks.cfg file specifically, I want the bare minimum of software that is needed for a system to function. I will need sshd and yum as the only 'services or applications' on top of the OS. Does anyone have an example I can work with, or suggestions on getting to this minimal configuration? I'm just looking to save some time, rather than re-inventing what may and probably is already out there.
Thanks
Daniel
Since this topic comes up frequently on various e-mail lists, I was surprised that there wasn't a (mild) flame about searching the archives and/or googling ...
Here are a few, representative posts that have occurred in the past (and I've saved) and I hope it helps ...
-rak-
=====================================================================
---------- Forwarded message ---------- From: David Goldsmith dgoldsmith@sans.org Date: Sat, Mar 28, 2009 at 6:19 PM Subject: Re: [CentOS] Minimal Install? To: CentOS mailing list centos@centos.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Norberto Bensa wrote:
On Sat, Mar 28, 2009 at 12:05 PM, Jim Wildman jim@rossberry.com wrote:
rpm -qf `which <command>`
Nice. Thanks Frank and Jim
What about the minimal install? Is it possible? I don't need kerberos, ldap, and a lot of other things.
Best regards, Norberto _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I was just playing with this myself this week. For CentOS 5.2, the very minimal install is 88 RPMs. This is missing things you will need (like openssh, passwd, yum, etc) but its basically the bare-bones install. If you statically assign IP addresses and don't care about DHCP, you can reduce the list one more and get rid of 'dhclient'.
All other RPMs are required because of the dependencies that are laid out. Various other things will be required as you add some of the useful utilities back in.
The list of RPMS are:
audit-libs basesystem bash beecrypt bzip2-libs centos-release centos-release-notes chkconfig coreutils cpio cracklib cracklib-dicts db4 device-mapper device-mapper-event device-mapper-multipath dhclient diffutils dmraid e2fsprogs e2fsprogs-libs elfutils-libelf ethtool expat filesystem findutils gawk gdbm glib2 glibc glibc-common grep grub gzip info initscripts iproute iputils kernel keyutils-libs kpartx krb5-libs less libacl libattr libcap libgcc libselinux libsepol libstdc++ libsysfs libtermcap lvm2 m2crypto MAKEDEV mcstrans mingett mkinitrd mktemp module-init-tools nash ncurses net-tools openssl pam pcre popt procps psmisc python readline redhat-logos rootfiles rpm rpm-libs sed setup shadow-utils sqlite sysklogd SysVinit tar termcap tzdata udev util-linux vim-minimal zlib
If you are building a Kickstart file, here are useful %packages and %post sections:
%packages --nobase kernel-PAE - -audit-libs-python - -checkpolicy - -dhcpv6-client - -ecryptfs-utils - -ed - -file - -gnu-efi - -gpm - -hdparm - -kbd - -libhugetlbfs - -libselinux-python - -libsemanage - -nspr - -nss - -openssh - -openssh-clients - -openssh-server - -perl - -policycoreutils - -prelink - -selinux-policy - -selinux-policy-targeted - -setools - -setserial - -sysfsutils - -tcl - -udftools - -vim-enhanced
%post rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 yum -y remove kernel iptables slang usermode wireless-tools yum -y remove cryptsetup-luks dbus dmidecode hwdata libgpg-error libusb yum -y remove libvolume_id libxml2-python pciutils yum -y remove cyrus-sasl-lib logrotate
Packages that are in the Core group tagged as 'mandatory' will get installed even if you specify them with '-' in the %packages section thus the need to explicitly remove them in the %post section.
Packages in the Core group tagged as 'default' can be configured to not be installed by subtracting them in the %packages section.
After the install finishes, you can run the following rpm command to get rid of yum stuff if desired:
rpm -e libxml2 python-elementtree python-iniparse python-sqlite python-urlgrabber rpm-python yum yum-metadata-parser
This 'minimal' load is mainly for educational purposes just to see how small it can get (about 300MB) -- its not very useful. A useful minimal load will be somewhere around 150-200 packages depending on what utilities you want to include.
- -- David Goldsmith
-------------------------------------------------------------------------------------------------------
---------- Forwarded message ---------- From: Paul Heinlein heinlein@madboa.com Date: Tue, Oct 28, 2008 at 5:15 PM Subject: Re: [CentOS] Kickstart package groups To: CentOS mailing list centos@centos.org
On Tue, 28 Oct 2008, Francisco Puente wrote:
Hello,
I'm building another kickstart CD, minimal, and creating my own repository.
Is there any way I can get the list of files that a group (like @core o @base) will install?
Below my .sig is an XSLT stylesheet that will do the trick. Save it to your filesystem as, e.g., comps.xsl. Then use xsltproc to apply it to the comps.xml file, e.g.,
xsltproc --novalid comps.xsl /path/to/repodata/comps.xml > comps.html
The resulting HTML file will provide you a reasonable list of packages associated with each group.
Warning: the list might not be complete because any given package in your named group(s) might might require packages not in those groups. That's why anaconda does dependency checking at installation time.
On Friday 24 April 2009 18:51, Jason Todd Slack-Moehrle wrote:
How do I add 5900 to the centos firewall? How do I edit the conf file?
I don't know your knowledge so.... Lets go through this step by step. Commands will be between []. Examples will be between ''.
You are looking to see why port 5900 is blocked. Are you sure something is listening on this port?
Check to see if port 5900 is listening with the following: [lsof -i]
If that port is not listed or if the service is listening on another port you should see this now. If not then start the service and try to connect again.
Still having issues connecting then we should check the firewall.
First lets see if the firewall is up: [service iptables status]
If the firewall is up this should give you a list of all the rules present. If the firewall is not running it will state firewall is not running.
If the firewall is not running, vcn is running and you still cannot connect the problem is outside your control and you will have to talke with your service provider. Even if the firewall is running the service provider can still be blocking the port so after ensureing/configuring the below and you are still unable to connect you need to contact the service provider and question them.
If the firewall is running you now have to figure out how it is being started. Some people use the default method (myself included) and some use scripts (which I believe is because they do not know how or understand how to configure the default setup).
First let us check in what run level the system is started. [grep id: /etc/inittab]
You should see something like 'id:3:initdefault:'
This is run level 3 and all my startup scripts are going to start from '/etc/rc.d/rc3.d'.
Look in this directory for anything that might be iptables or firewall related. As stated above some time a script other then the default is used to start the firewall. Do you see anything other then iptables?
Scripts starting with a 'K' are not run and those with an 'S' are.
We should also check rc.local to ensure there is nothing being started there that might over ride firewall if it is started in 'rc3.d'.
If you have determined that the firewall is being started the default way and it is up and running then /etc/sysconfig/iptables is the file you have to look at and edit. If the firewall is being started using another method then you are going to have to look at that script to determine how to correct/update that script.
You can edit the file with 'vim' or 'vi', depending on what is installed on your system, from the command line.
Here is a link to a very good IPTABLES Tutorial. http://iptables.rlworkman.net/chunkyhtml/index.html
Jason Todd Slack-Moehrle wrote on Fri, 24 Apr 2009 15:51:13 -0700:
I only have SSH ability at this point...
That's good enough. If you are not comfortable with managing the system from the command line then use Webmin. Some think that is unsafe, but it is surely several degrees safer than using blank VNC over the net.
Kai
on 4-24-2009 3:51 PM Jason Todd Slack-Moehrle spake the following:
Hi All,
I am new to CentOS and I signed up for a Mosso Cloud Server that runs Cent OS 5.2
I can ssh in.
I ran: yum install vnc vnc-server then: vncserver (and set desktop viewing password)
But I cannot connect.
How do I add 5900 to the centos firewall? How do I edit the conf file?
I only have SSH ability at this point...
-jason
If I remember right, vnc runs on 5900+ the number of the server started. So the first one would be on 5901, the next on 5902, etc...
-
Craig White -
Daniel_Curry@Dell.com -
David M Lemcoe Jr. -
dnk -
Eric Sisolak -
James A. Peltier -
Jason Todd Slack-Moehrle -
Kai Schaetzl -
listmail -
Mail List -
Richard Karhuse -
Robert Spangler -
Scott Silva -
Tru Huynh