I just installed CentOS 7 and I need to modify some existing iptables rules, but I cannot find the file where these rules are. Can you please help me find where are the default rules that are loaded once the system boots?
Thank you
I don't know where the rules live but the firewall seems to be controlled by firewalld by default.
See http://fedoraproject.org/wiki/FirewallD for some information (and of course the man pages).
They are found under /etc/sysconfig/iptables
You can also view them using:
iptables -L or
iptables -S
Related
I have enabled all required ports. When i enable the firewalld service then the core-dns doesnt resolve any domain-name with command $ kubectl exec -ti busybox -- nslookup kubernetes.default
This seems to be a know case, which you can find on GitHub Fresh deploy with CoreDNS not resolving any dns lookup #1056.
There seems to be few solutions which would mean different problems.
One being:
sudo systemctl stop firewalld
sudo systemctl stop firewalld
Please remember this is not recommended.
Another solution might be:
Adding iptables -p FORWARD ACCEPT.
Also check if core dns daemon controller has enough resources, as this might be causing restarts.
You need to provide more details regarding your cluster so we can pinpoint the issue.
This problem may originate due to forwarding packets between interfaces. There are two options:
First, for sessions, I also recommend this for testing:
$ vim /proc/sys/net/ipv4/ip_forward
# set to 1
For a more permanent solution:
$ vim /etc/sysctl.conf
# ADD net.ipv4.ip_forward=1
$ sudo /sbin/sysctl -p
Is there any way to validate the HAProxy haproxy.cfg file before restarting the HAProxy service? For example: There might be a small spelling/syntax error in a larger haproxy.cfg file. I searched through several forums, but was unable to find anything in relation to validating the haproxy.cfg files for syntax errors.
As of now, I use a trial and error basis on a developer machine before I upload the changes to a Production Server.
The official HaProxy configuration file check was buried in the help sections.
/usr/local/sbin/haproxy --help
There are two ways to check the haproxy.cfg syntax is to use..
One way is the /usr/local/sbin/haproxy -c -V -f /etc/haproxy/haproxy.cfg
which validates the file syntax. The -c switch in the command represents the Check, while the others denote "Verbose" & "file".
Another way is to sudo service haproxy configtest
I hope this helps anyone looking to check the syntax of the haproxy.cfg file before restarting the service.
We are using this command
sudo haproxy -f /etc/haproxy/haproxy.cfg -c
On Windows Server 2012R2, how to check SeAssignPrimaryTokenPrivilege is enabled or not?
In another word, how to enable SeAssignPrimaryTokenPrivilege, or other specific priviledges?
If Cygwin is installed, editrights can be used, for example:
/usr/bin/editrights -u vagrant -a SeAssignPrimaryTokenPrivilege
This is not a direct answer to native approach, but it may be a starting point.
I am on a Windows7 machine and I'm trying to get graphic view on the centOS machine to be displayed on my current screen. When typing xclock, gedit... in terminal, I am getting the following error
-bash: xclock: command not found
and This the result of # vi /etc/ssh/sshd_config command
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
#tewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
Also Xming is running on server:0.0 and I turned X11 forwarding on on putty
So what's the problem ?
sudo yum install xorg-x11-apps
Should cover it!
Do you have an .Xauthority file in your home directory?
I've recently found the answer for my issue, which might be similar to yours. I've seen quite a few open questions about this topic without resolution. You may have a few more things to work through, but SELinux settings ended up being my final hurdle. This among many other steps are covered here: ssh X11 forwarding won't work
That aside, you may need to change the Xming settings to match the default DisplayOffset of 10 for Centos. And after any changes to sshd_config, you'll need to restart the service via
/etc/init.d/sshd restart
I would like to emphasize that my situation is a non-critical operation within a (hopefully!) securely-managed intranet. I would NOT suggest turning off SELinux at work, or at home if you're hoping to open ports or configure VPN for your home network. Please consider: http://securityblog.org/2006/05/21/software-not-working-disable-selinux/
I have a Pi that runs hostapd and dhcpd on arch linux to create it's own land with the Pi's (routers) IP being 10.0.0.1. This uses the wlan0 interface and it only serves as a standalone router running a web server.
Once I connect to the Pi, I use 10.0.0.1 to display the web pages, but I want to use a hostname such as firepi. I have tried using dnsmasq, but I haven't been successful. Any help would be greatly appreciated especially if you can give me some detailed examples as I am a novice.
The purpose of this system is that I have created a web app that you can use to ignite fireworks over WiFi at a safe distance. I would just like the convenience of using a hostname instead of the IP address.
I must add that I will more than likely be using an iPhone to connect to the server, should this affect anything.
Not too sure how or why but this is what I did and it is successfully working now, so this is just for future users who may need a similar setup to mine.
First I installed hostapd and dhcpd and made sure they were working. Next I changed '/etc/hostname' to firepi and the '/etc/hosts' and added '10.0.0.1 firepi'. Then I installed dnsmasq, and set the interface to wlan0, and finally added '10.0.0.1 firepi' to '/etc/resolv.conf'.
After a full reboot, I joined the network on my iPhone, navigated to firepi and sure enough, it worked!
Thanks to the other users for their advice and tips.
You can use avahi on Arch as well to resolve your hostname:
sudo pacman -S avahi nss-mdns
Start the avahi daemon:
sudo systemctl enable avahi-daemon.service
sudo systemctl start avahi-daemon.service
Edit /etc/nsswitch.conf
sudo vim /etc/nsswitch.conf
Change the line:
hosts: files myhostname dns
to
hosts: files myhostname mdns_minimal [NOTFOUND=return] dns
Reboot
Note: don't forget to add .local to your hostname.
See also:
http://blog.pixxis.be/post/77285636682/resolve-hostname-with-arch-linux-on-a-raspberry-pi
If you just want to be able to use "firepi" as hostname to connect to it, you can simply add it to your /etc/hosts file using the syntax "IP host".
To make it as easy as possible, run this command as root:
echo "10.0.0.1 firepi" >> /etc/hosts
That'll do the trick.
Can you try avahi ?
sudo apt-get install avahi-daemon and
sudo apt-get install avahi-browse
I've successfully used that on Raspian. Unless you change the hostname using
sudo raspi-config you will access via raspberrypi.local
Note that if you plan to access the RPi from Windows you will need to install Bonjour Service first(if you have iTunes intalled, you might have those, run services.msc and check if the Bonjour Service is started)
Another note: On a friend's iphone I've installed a generic vnc client and had x11vnc running on the RPi and succesfully managed to connect to the RPi (since avahi-daemon was installed)