similar to: portmap messages under /var/log/messages

Hi, I believe having less root setuid binaries on system is The Way ... so: Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These are for sysadmins, not for regular users I hope. Is /sbin/unix_chkpwd really used and what is it used for? I haven't find anything about it in pam documentation. Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does

https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Bug ID: 1276 Summary: "icmpv6 code" test returns wrong data type. Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

Hi Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node. The other computers behind the other nodes have no use for ipv6

Hi thank you for looking in to this. I haven't tried it before now. I cant get it to work. after running the commands you suggest I get this when I run ip6tables --list-rules root at JOTVPN:~# ip6tables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j

https://bugzilla.netfilter.org/show_bug.cgi?id=1073 Bug ID: 1073 Summary: inet-service vs icmp conflict Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

I don't know if this is RedHat 5.1 specific, but be aware that the version of portmap distributed is the enhanced (Wietse Venema) version. That's great, except for two things. The first is documented, but easy to overlook: "In order to avoid deadlocks, the portmap program does not attempt to look up the remote host name or user name...The upshot of all this is that only network

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source

Hi all, I want to map an NFS share from a remote server to a local CentOS 5.4 server, but have a problem with portmap: root at mercury:[~]$ service portmap restart pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection reset by peer Stopping portmap: [FAILED] Starting portmap: [ OK ] root at

hi It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card root at JOTVPN:~# brctl show bridge name bridge id STP enabled    interfaces bridge 8000.000c29638a7e no           eth0                                                                   vpn so I tried the

https://bugzilla.netfilter.org/show_bug.cgi?id=1468 Bug ID: 1468 Summary: [netdev] dropping ether type vlan frames drops ICMPv6 type 134 Product: nftables Version: unspecified Hardware: other OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

Greetings I'm running an NIS server that I would very much *not* want to be accessible on some of its interfaces. portmap can be instructed to bind to specific addresses using the -h flag, but this seems to break ypbind. ypbind will attempt to find a server by issuing a broadcast rpc request to the local network. When portmap is not bound to INADDR_ANY, it will not reply to these requests.

CentOS 5 updated, Xen host. The portmap on this machine is somehow "stuck" and I can't figure out why. I enabled it to be able to mount a remote nfs share. The first hurdle was that "portmap" didn't appear in the chkconfig list, it was installed with the initial packages but not added to chkconfig. Took me a while to figure this out. Adding and starting it up is no

Hi all I have a CentOS 5.1 server running Xen and recently installed ConfigServer Firewall (CSF) on the main node to give it some protection. On a daily basis I''m getting an email about portmap. haldeamon and xfs consumming too much resources. The main node, dom0 doesn''t even do anything, and everything is done on the domU''s Here''s a thread I''ve

Hi all, I have implemented portmap spoofing in klibc nfsmount (released as klibc-0.144) This is basically a vestigial portmap daemon which gets launched before the mount() call and then just records any transactions it gets to a file and sends back an affirmative reply. There are two ways to use it (this belongs in a README file, but it's too late at night right now): a) Set a fixed

http://bugzilla.netfilter.org/show_bug.cgi?id=567 Summary: Local multicast ICMPv6 and --state INVALID Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: Ubuntu Status: NEW Severity: blocker Priority: P1 Component: unknown AssignedTo: laforge at netfilter.org

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t

Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode:

Hello all, I have seen various reports on this error posted in the past few years, but was unable to find a resolution to the various postings. I've googled the error messages too, and have hit on various sporadic similar problems encountered with no resolutions .. Apologize if this has been exhaustively queried upon in the past; however, I'd like to try asking again, nevertheless:

Hallo, as described by CISCO in http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/ipv6_autoconfig.html a router hast to send ICMPv6 messages of type RS to the all-router multicast group: ff02::1 and ff02::2 for stateless autoconfiguration. How can I activate this sending in CentOS? Best regards Helmut -------------- next part -------------- An HTML attachment was