From Versha.Kamthan at ge.com Tue Mar 17 02:55:03 2015 From: Versha.Kamthan at ge.com (Kamthan, Versha (GE Capital, Consultant)) Date: Tue, 17 Mar 2015 02:55:03 +0000 Subject: Why RedHat doesnt support Higher Versions of Subversion Message-ID: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> Hi Team, I would like to know some information regarding the support of Subversion1.7 or Subversion1.8 over RHEL6 I understand that I can download the rpm package from other vendors (WANDisco, RepoForge etc) and install it over RHEL6, but I need some information As in "Why RedHat is not providing support for Subversion1.7 onwards." I couldn't find the reason behind this over internet , therefore can someone please let me know why RedHat does not provide support for Subversion1.7 and 1.8 over RHEL6. Any information will be helpful. Thanks, Versha -------------- next part -------------- An HTML attachment was scrubbed... URL: From smooge at gmail.com Tue Mar 17 04:06:34 2015 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 16 Mar 2015 22:06:34 -0600 Subject: Why RedHat doesnt support Higher Versions of Subversion In-Reply-To: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> Message-ID: On 16 March 2015 at 20:55, Kamthan, Versha (GE Capital, Consultant) < Versha.Kamthan at ge.com> wrote: > Hi Team, > > > > I would like to know some information regarding the support of > Subversion1.7 or Subversion1.8 over *RHEL6* > > I understand that I can download the rpm package from other vendors > (WANDisco, RepoForge etc) and install it over RHEL6, but I need some > information > > As in ?Why RedHat is not providing support for Subversion1.7 onwards.? > > > For every customer who wants a newer subversion there are many more who want a static OS which matches beyond bug fixes what was released when it first came out. That means that unless there is significant customer demand for change, updates for packages in the release need to be done through side products like Software Collections. > I couldn?t find the reason behind this over internet , therefore can > someone please let me know why RedHat does not provide support for > Subversion1.7 and 1.8 over *RHEL6*. > > > > Any information will be helpful. > > > > Thanks, > > Versha > > > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list > -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Versha.Kamthan at ge.com Tue Mar 17 04:51:37 2015 From: Versha.Kamthan at ge.com (Kamthan, Versha (GE Capital, Consultant)) Date: Tue, 17 Mar 2015 04:51:37 +0000 Subject: Why RedHat doesnt support Higher Versions of Subversion In-Reply-To: References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> Message-ID: <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> Hi Stephen, Thanks for your email, it helped me understand the picture . Brief context from our side: We are basically using RHEL6 for our build infrastructure, and as a part of Vulnerability management we found that Subversion1.6 is no longer supported by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . That is why I was looking forward for some authentic information to proceed with a proper reason in this area. Also, do you have any idea when Redhat is going to have a higher version of apache Subversion in near future? ? Thanks, Versha From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Stephen John Smoogen Sent: Tuesday, 17 March 2015 3:07 PM To: redhat-sysadmin-list at redhat.com Subject: Re: Why RedHat doesnt support Higher Versions of Subversion On 16 March 2015 at 20:55, Kamthan, Versha (GE Capital, Consultant) > wrote: Hi Team, I would like to know some information regarding the support of Subversion1.7 or Subversion1.8 over RHEL6 I understand that I can download the rpm package from other vendors (WANDisco, RepoForge etc) and install it over RHEL6, but I need some information As in ?Why RedHat is not providing support for Subversion1.7 onwards.? For every customer who wants a newer subversion there are many more who want a static OS which matches beyond bug fixes what was released when it first came out. That means that unless there is significant customer demand for change, updates for packages in the release need to be done through side products like Software Collections. I couldn?t find the reason behind this over internet , therefore can someone please let me know why RedHat does not provide support for Subversion1.7 and 1.8 over RHEL6. Any information will be helpful. Thanks, Versha -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From fernando at lozano.eti.br Tue Mar 17 12:48:46 2015 From: fernando at lozano.eti.br (Fernando Lozano) Date: Tue, 17 Mar 2015 09:48:46 -0300 Subject: Why RedHat doesnt support Higher Versions of Subversion In-Reply-To: <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> Message-ID: <550822AE.8020708@lozano.eti.br> Hi Versha, > > > Brief context from our side: > > We are basically using RHEL6 for our build infrastructure, and as a > part of Vulnerability management we found that Subversion1.6 is no > longer supported by Apache and we need to upgrade it to a higher > version like 1.7 or 1.8 . > > That is why I was looking forward for some authentic information to > proceed with a proper reason in this area. > Subversion 1.6 may not be supported anymore by Apache Foundation, but it is supported by Red Hat itself. If there's any security or stability fix released for newer Subversion, Red Hat has a contractual agreement with you to backport those fixes to the older Subversion included in RHEL. This is part of your subscription. From a legal standpoint Red Hat support is better than Apache support because the first is assured by a contract (your subscription agreement) and comes with well defined SLA terms. Apache support provides no assurances. Do you have a support contract with Apache Foundation? You as a Red Hat customer can open support tickets for subversion and Red Hat may well develop fixes and patches itself, before Apache. Those patches will later be submitted to Apache so they become part of the upstream Subversion. You can check if you downloaded the lastest Subversion updated released by Red Hat and use: # rpm -i --changelog subversion | grep -i cve to look for specific vulnerabilities fixed and so you can prove you already have vulnerabilities fixed by newer Subversion from Apache. > > > Also, do you have any idea when Redhat is going to have a higher > version of apache Subversion in near future? J > > > As someone already explained, the stability / compability / certification assurance from your RHEL subscription implies Red Hat will only update major versions of most packages on a new RHEL series. So you'd have to move to RHEL7 if you really need a newer subversion, but If your problem is just satisfying a security audit you should be fine with RHEL6 updates. Someone also already explained you can get a (free?) subscription to software collections to get newer releases for some packages, but I don't know if those include Subversion and if those are subject to the same support terms as regular RHEL packages. []s, Fernando Lozano -------------- next part -------------- An HTML attachment was scrubbed... URL: From unixadm28 at gmail.com Tue Mar 17 13:38:53 2015 From: unixadm28 at gmail.com (Unix) Date: Tue, 17 Mar 2015 09:38:53 -0400 Subject: Why rhel 5/Apache doesn't support TLS1.1 n 1.2 In-Reply-To: <550822AE.8020708@lozano.eti.br> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> Message-ID: Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 Apache web server? Sent from my iPhone > On Mar 17, 2015, at 8:48 AM, Fernando Lozano wrote: > > Hi Versha, >> >> Brief context from our side: >> We are basically using RHEL6 for our build infrastructure, and as a part of Vulnerability management we found that Subversion1.6 is no longer supported by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . >> That is why I was looking forward for some authentic information to proceed with a proper reason in this area. > Subversion 1.6 may not be supported anymore by Apache Foundation, but it is supported by Red Hat itself. If there's any security or stability fix released for newer Subversion, Red Hat has a contractual agreement with you to backport those fixes to the older Subversion included in RHEL. This is part of your subscription. > > From a legal standpoint Red Hat support is better than Apache support because the first is assured by a contract (your subscription agreement) and comes with well defined SLA terms. Apache support provides no assurances. Do you have a support contract with Apache Foundation? You as a Red Hat customer can open support tickets for subversion and Red Hat may well develop fixes and patches itself, before Apache. Those patches will later be submitted to Apache so they become part of the upstream Subversion. > > You can check if you downloaded the lastest Subversion updated released by Red Hat and use: > # rpm -i --changelog subversion | grep -i cve > to look for specific vulnerabilities fixed and so you can prove you already have vulnerabilities fixed by newer Subversion from Apache. > >> >> Also, do you have any idea when Redhat is going to have a higher version of apache Subversion in near future? J > As someone already explained, the stability / compability / certification assurance from your RHEL subscription implies Red Hat will only update major versions of most packages on a new RHEL series. So you'd have to move to RHEL7 if you really need a newer subversion, but If your problem is just satisfying a security audit you should be fine with RHEL6 updates. > > Someone also already explained you can get a (free?) subscription to software collections to get newer releases for some packages, but I don't know if those include Subversion and if those are subject to the same support terms as regular RHEL packages. > > > []s, Fernando Lozano > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -------------- next part -------------- An HTML attachment was scrubbed... URL: From fernando at lozano.eti.br Tue Mar 17 13:53:30 2015 From: fernando at lozano.eti.br (Fernando Lozano) Date: Tue, 17 Mar 2015 10:53:30 -0300 Subject: Why rhel 5/Apache doesn't support TLS1.1 n 1.2 In-Reply-To: References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> Message-ID: <550831DA.5040600@lozano.eti.br> Hi, > Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 > Apache web server? I don't remember the specifc steps but you can do this since apache 1.x. You can tell apache (so it tells openssl) which protocol levels, which ciphers, etc are allowed or not. You don't need a patch/update for changing configs if the defaults doesn't suit you. []s, Fernando Lozano -------------- next part -------------- An HTML attachment was scrubbed... URL: From rprice at redhat.com Tue Mar 17 15:14:54 2015 From: rprice at redhat.com (Robin Price II) Date: Tue, 17 Mar 2015 11:14:54 -0400 Subject: Why rhel 5/Apache doesn't support TLS1.1 n 1.2 In-Reply-To: References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> Message-ID: <550844EE.5010805@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hope this helps: * How to disable "SSLv2" and/or "SSLv3" in Apache httpd/mod_ssl * https://access.redhat.com/solutions/30970 and * Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in httpd * https://access.redhat.com/solutions/1232413 ~rp On 03/17/2015 09:38 AM, Unix wrote: > Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 > Apache web server? - -- Robin Price II - 0x75b328c4 Solutions Architect - Public Sector -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJVCETuAAoJEITmm5R1syjEeCoQAMnhODgnJ3531BKuRqCFCrKS AEkBiZ2f8zmSMmgZ+TpQnJZR6B2pV23PHxjnBlZwuRmZiLLlxwjG7hVDy6TAr/eO hscfsTEFqYZT20nbu5qYTd7/OKMZMu167yeYR43t3fDfg3BBTBPcaSkeSJ5AWrFn ncX5bm5ggasOBNo80uH1+W5n5RXg/l3G+9tYLgtbS5QTvpaYfNrVfp1vqcuLDXoF /ybEWzFnYZ/rvKpV8c7EXWjDw2znZSC7Hk/YHBQqplYiOerfFtK8Gvgwcm+cpRbo IiWkLlg2FujvSRsqZVQ66NNsq0pzpon0oSAFC4FQw/6+POHmv/PnrQDeiHfHuToe J6JM6S7Vbeq/nkDKc3Zr+uGF+zyOsGNsvgfk8KTPfUUoAiFCZ/CxO9sz+oRWxjkZ SQZfnPVTpjEPmoRePfNf1AoNbrISMr86teJIQ43N4iZwDRKB0Cgp+8U/WW3pQ7VP eAzNZY5oq1Gg3qXLWBjcxvrfNnOl+nimdBJr01OEXVGQ9Y81r7poJ78DX8kudyl5 mkV/KQ9LMsMm5huQgskLKkj1vxC7kPA+un0ajstMSeUxkGYK/M1x6cYVcKqMxk5F Yj93LK6hpdPU3i0/LNmGjrTZqCtu4QcHxU2Y6t7DzrijtBoz1Dm0m31yzvoGF//K 1xR4qSTUQJeA7yqPhCYN =/tqI -----END PGP SIGNATURE----- From smooge at gmail.com Tue Mar 17 15:54:32 2015 From: smooge at gmail.com (Stephen John Smoogen) Date: Tue, 17 Mar 2015 09:54:32 -0600 Subject: Why RedHat doesnt support Higher Versions of Subversion In-Reply-To: <550822AE.8020708@lozano.eti.br> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> Message-ID: On 17 March 2015 at 06:48, Fernando Lozano wrote: > Hi Versha, > > > > Brief context from our side: > > We are basically using RHEL6 for our build infrastructure, and as a part > of Vulnerability management we found that Subversion1.6 is no longer > supported by Apache and we need to upgrade it to a higher version like 1.7 > or 1.8 . > > That is why I was looking forward for some authentic information to > proceed with a proper reason in this area. > > Subversion 1.6 may not be supported anymore by Apache Foundation, but it > is supported by Red Hat itself. If there's any security or stability fix > released for newer S > Thank you Mr Lozano. You explained much better than I could. -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Versha.Kamthan at ge.com Tue Mar 17 23:35:51 2015 From: Versha.Kamthan at ge.com (Kamthan, Versha (GE Capital, Consultant)) Date: Tue, 17 Mar 2015 23:35:51 +0000 Subject: Why RedHat doesnt support Higher Versions of Subversion In-Reply-To: <550822AE.8020708@lozano.eti.br> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> Message-ID: <7F362FD0F732164096292D18210E12798323F8@SINURSNA06.e2k.ad.ge.com> Thank you so much Fernando, that was exactly what I was looking for :) Much appreciated. Thanks, Versha From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Fernando Lozano Sent: Tuesday, 17 March 2015 11:49 PM To: redhat-sysadmin-list at redhat.com Subject: Re: Why RedHat doesnt support Higher Versions of Subversion Hi Versha, Brief context from our side: We are basically using RHEL6 for our build infrastructure, and as a part of Vulnerability management we found that Subversion1.6 is no longer supported by Apache and we need to upgrade it to a higher version like 1.7 or 1.8 . That is why I was looking forward for some authentic information to proceed with a proper reason in this area. Subversion 1.6 may not be supported anymore by Apache Foundation, but it is supported by Red Hat itself. If there's any security or stability fix released for newer Subversion, Red Hat has a contractual agreement with you to backport those fixes to the older Subversion included in RHEL. This is part of your subscription. >From a legal standpoint Red Hat support is better than Apache support because the first is assured by a contract (your subscription agreement) and comes with well defined SLA terms. Apache support provides no assurances. Do you have a support contract with Apache Foundation? You as a Red Hat customer can open support tickets for subversion and Red Hat may well develop fixes and patches itself, before Apache. Those patches will later be submitted to Apache so they become part of the upstream Subversion. You can check if you downloaded the lastest Subversion updated released by Red Hat and use: # rpm -i --changelog subversion | grep -i cve to look for specific vulnerabilities fixed and so you can prove you already have vulnerabilities fixed by newer Subversion from Apache. Also, do you have any idea when Redhat is going to have a higher version of apache Subversion in near future? :) As someone already explained, the stability / compability / certification assurance from your RHEL subscription implies Red Hat will only update major versions of most packages on a new RHEL series. So you'd have to move to RHEL7 if you really need a newer subversion, but If your problem is just satisfying a security audit you should be fine with RHEL6 updates. Someone also already explained you can get a (free?) subscription to software collections to get newer releases for some packages, but I don't know if those include Subversion and if those are subject to the same support terms as regular RHEL packages. []s, Fernando Lozano -------------- next part -------------- An HTML attachment was scrubbed... URL: From unixadm28 at gmail.com Wed Mar 18 11:45:15 2015 From: unixadm28 at gmail.com (Unix) Date: Wed, 18 Mar 2015 07:45:15 -0400 Subject: Why rhel 5/Apache doesn't support TLS1.1 n 1.2 In-Reply-To: <550844EE.5010805@redhat.com> References: <7F362FD0F732164096292D18210E1279828D9B@SINURSNA06.e2k.ad.ge.com> <7F362FD0F732164096292D18210E1279829A57@SINURSNA06.e2k.ad.ge.com> <550822AE.8020708@lozano.eti.br> <550844EE.5010805@redhat.com> Message-ID: <91310B0A-CC52-4E83-A904-444EBEB3E2EC@gmail.com> Thanks rprice. It was helpful information Sent from my iPhone > On Mar 17, 2015, at 11:14 AM, Robin Price II wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hope this helps: > > * How to disable "SSLv2" and/or "SSLv3" in Apache httpd/mod_ssl > * https://access.redhat.com/solutions/30970 > > and > > * Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in httpd > * https://access.redhat.com/solutions/1232413 > > > ~rp > >> On 03/17/2015 09:38 AM, Unix wrote: >> Wondering how I can effectively disable SSLv3 n TLSv1 from rhel5.11 >> Apache web server? > > - -- > > Robin Price II - 0x75b328c4 > Solutions Architect - Public Sector > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQIcBAEBAgAGBQJVCETuAAoJEITmm5R1syjEeCoQAMnhODgnJ3531BKuRqCFCrKS > AEkBiZ2f8zmSMmgZ+TpQnJZR6B2pV23PHxjnBlZwuRmZiLLlxwjG7hVDy6TAr/eO > hscfsTEFqYZT20nbu5qYTd7/OKMZMu167yeYR43t3fDfg3BBTBPcaSkeSJ5AWrFn > ncX5bm5ggasOBNo80uH1+W5n5RXg/l3G+9tYLgtbS5QTvpaYfNrVfp1vqcuLDXoF > /ybEWzFnYZ/rvKpV8c7EXWjDw2znZSC7Hk/YHBQqplYiOerfFtK8Gvgwcm+cpRbo > IiWkLlg2FujvSRsqZVQ66NNsq0pzpon0oSAFC4FQw/6+POHmv/PnrQDeiHfHuToe > J6JM6S7Vbeq/nkDKc3Zr+uGF+zyOsGNsvgfk8KTPfUUoAiFCZ/CxO9sz+oRWxjkZ > SQZfnPVTpjEPmoRePfNf1AoNbrISMr86teJIQ43N4iZwDRKB0Cgp+8U/WW3pQ7VP > eAzNZY5oq1Gg3qXLWBjcxvrfNnOl+nimdBJr01OEXVGQ9Y81r7poJ78DX8kudyl5 > mkV/KQ9LMsMm5huQgskLKkj1vxC7kPA+un0ajstMSeUxkGYK/M1x6cYVcKqMxk5F > Yj93LK6hpdPU3i0/LNmGjrTZqCtu4QcHxU2Y6t7DzrijtBoz1Dm0m31yzvoGF//K > 1xR4qSTUQJeA7yqPhCYN > =/tqI > -----END PGP SIGNATURE----- > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From NFlorez at sdcwa.org Thu Mar 26 15:34:14 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Thu, 26 Mar 2015 15:34:14 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> I am trying the rules below and the network guy tells me that he can not access my server for access with solar winds; -A RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport 162 -j ACCEPT Any ideas? N??t?r Authority gone to one's head is the greatest enemy of Truth -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 5693 bytes Desc: not available URL: From sean at ttys0.net Thu Mar 26 15:52:30 2015 From: sean at ttys0.net (Sean) Date: Thu, 26 Mar 2015 10:52:30 -0500 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> Message-ID: > Any ideas? Do you mean for the ports to be different? > On Mar 26, 2015, at 10:34 AM, Florez, Nestor wrote: > > I am trying the rules below and the network guy tells me that he can not access my server for access with solar winds; > -A RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport 162 -j ACCEPT > > Any ideas? > > > N??t?r Authority gone to one's head is the greatest enemy of Truth > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From NFlorez at sdcwa.org Thu Mar 26 17:08:31 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Thu, 26 Mar 2015 17:08:31 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB104@Marlin.sdcwa.org> I meant any ideas why my iptables set up is not working to allow IP 192.168.324.27 snmp access on port 161 and 162 N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sean Sent: Thursday, March 26, 2015 8:53 AM To: redhat-sysadmin-list at redhat.com Subject: Re: how to Allow udp access to 1 ip address on 1 port - iptables > Any ideas? Do you mean for the ports to be different? > On Mar 26, 2015, at 10:34 AM, Florez, Nestor wrote: > > I am trying the rules below and the network guy tells me that he can > not access my server for access with solar winds; -A > RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j > ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport > 162 -j ACCEPT > > Any ideas? > > > N??t?r Authority gone to one's head is the greatest enemy of Truth > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From NFlorez at sdcwa.org Thu Mar 26 17:44:45 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Thu, 26 Mar 2015 17:44:45 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB104@Marlin.sdcwa.org> References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB104@Marlin.sdcwa.org> Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB146@Marlin.sdcwa.org> I had a typo when I enter the IP address and this is the rule I am using to Allow solar winds to access my server. Once it is working I need to add the rule other server: -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT Thanks N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:09 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables I meant any ideas why my iptables set up is not working to allow IP 192.168.324.27 snmp access on port 161 and 162 N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sean Sent: Thursday, March 26, 2015 8:53 AM To: redhat-sysadmin-list at redhat.com Subject: Re: how to Allow udp access to 1 ip address on 1 port - iptables > Any ideas? Do you mean for the ports to be different? > On Mar 26, 2015, at 10:34 AM, Florez, Nestor wrote: > > I am trying the rules below and the network guy tells me that he can > not access my server for access with solar winds; -A > RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j > ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport > 162 -j ACCEPT > > Any ideas? > > > N??t?r Authority gone to one's head is the greatest enemy of Truth > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From NFlorez at sdcwa.org Thu Mar 26 17:51:02 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Thu, 26 Mar 2015 17:51:02 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB146@Marlin.sdcwa.org> References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB104@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB146@Marlin.sdcwa.org> Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB177@Marlin.sdcwa.org> Copy paste failed me - the iptables rules should be like this: -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:45 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables I had a typo when I enter the IP address and this is the rule I am using to Allow solar winds to access my server. Once it is working I need to add the rule other server: -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT Thanks N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:09 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables I meant any ideas why my iptables set up is not working to allow IP 192.168.324.27 snmp access on port 161 and 162 N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sean Sent: Thursday, March 26, 2015 8:53 AM To: redhat-sysadmin-list at redhat.com Subject: Re: how to Allow udp access to 1 ip address on 1 port - iptables > Any ideas? Do you mean for the ports to be different? > On Mar 26, 2015, at 10:34 AM, Florez, Nestor wrote: > > I am trying the rules below and the network guy tells me that he can > not access my server for access with solar winds; -A > RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j > ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport > 162 -j ACCEPT > > Any ideas? > > > N??t?r Authority gone to one's head is the greatest enemy of Truth > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From NFlorez at sdcwa.org Thu Mar 26 18:01:12 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Thu, 26 Mar 2015 18:01:12 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB177@Marlin.sdcwa.org> References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB104@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB146@Marlin.sdcwa.org> <01ABA00A02EC6F459EF49DA10944BB8CFBFAB177@Marlin.sdcwa.org> Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB19D@Marlin.sdcwa.org> Agggggggg, it keeps removing my newline character -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:51 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables Copy paste failed me - the iptables rules should be like this: -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:45 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables I had a typo when I enter the IP address and this is the rule I am using to Allow solar winds to access my server. Once it is working I need to add the rule other server: -A RH-Firewall-1-INPUT -p tcp -s 192.168.124.27 -m tcp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.124.27 -m udp --dport 162 -j ACCEPT Thanks N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Florez, Nestor Sent: Thursday, March 26, 2015 10:09 AM To: redhat-sysadmin-list at redhat.com Subject: RE: how to Allow udp access to 1 ip address on 1 port - iptables I meant any ideas why my iptables set up is not working to allow IP 192.168.324.27 snmp access on port 161 and 162 N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Sean Sent: Thursday, March 26, 2015 8:53 AM To: redhat-sysadmin-list at redhat.com Subject: Re: how to Allow udp access to 1 ip address on 1 port - iptables > Any ideas? Do you mean for the ports to be different? > On Mar 26, 2015, at 10:34 AM, Florez, Nestor wrote: > > I am trying the rules below and the network guy tells me that he can > not access my server for access with solar winds; -A > RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j > ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport > 162 -j ACCEPT > > Any ideas? > > > N??t?r Authority gone to one's head is the greatest enemy of Truth > > -- > redhat-sysadmin-list mailing list > redhat-sysadmin-list at redhat.com > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list From franchu.garcia at gmail.com Thu Mar 26 22:08:30 2015 From: franchu.garcia at gmail.com (Fran Garcia) Date: Thu, 26 Mar 2015 23:08:30 +0100 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> Message-ID: On 26 March 2015 at 16:34, Florez, Nestor wrote: > I am trying the rules below and the network guy tells me that he can not access my server for access with solar winds; > -A RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport 162 -j ACCEPT "snmp poll" traffic is usually 161/UDP, not tcp. if this doesn't fix the issue, paste iptables -L -n -v --line-numbers . You might be dropping the traffic with some other DROP line above. Cheers f. From NFlorez at sdcwa.org Fri Mar 27 00:04:36 2015 From: NFlorez at sdcwa.org (Florez, Nestor) Date: Fri, 27 Mar 2015 00:04:36 +0000 Subject: how to Allow udp access to 1 ip address on 1 port - iptables In-Reply-To: References: <01ABA00A02EC6F459EF49DA10944BB8CFBFAAF90@Marlin.sdcwa.org> Message-ID: <01ABA00A02EC6F459EF49DA10944BB8CFBFAB58D@Marlin.sdcwa.org> Frank, I will try that, thanks N??t?r Authority gone to one's head is the greatest enemy of Truth -----Original Message----- From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Fran Garcia Sent: Thursday, March 26, 2015 3:09 PM To: redhat-sysadmin-list at redhat.com Subject: Re: how to Allow udp access to 1 ip address on 1 port - iptables On 26 March 2015 at 16:34, Florez, Nestor wrote: > I am trying the rules below and the network guy tells me that he can > not access my server for access with solar winds; -A > RH-Firewall-1-INPUT -p tcp -s 192.168.324.27 -m tcp --dport 161 -j > ACCEPT -A RH-Firewall-1-INPUT -p udp -s 192.168.324.27 -m udp --dport > 162 -j ACCEPT "snmp poll" traffic is usually 161/UDP, not tcp. if this doesn't fix the issue, paste iptables -L -n -v --line-numbers . You might be dropping the traffic with some other DROP line above. Cheers f. -- redhat-sysadmin-list mailing list redhat-sysadmin-list at redhat.com https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list