Best of Technical Support

Our experts answer your technical questions.

Changing Red Hat's Firewall Level

I'm not able to change the security level on either Red Hat 7.2 or 9. It is always high on both versions and on all three computers on which I have installed these distributions. I have installed all recent attempts since the first install of 7.2 without Firewall. Firewall still installs and is at High. No one else has had this problem when I read over installs of 7.2. What am I doing so wrong?


Jeff Douglass


jdouglas25@yahoo.com

If you want to change graphically using env, you can click on Start Here from the desktop, then System Settings and then Security Level. If you are not running as root, enter root's password and you can change security levels. I believe something similar is offered during the installation of Red Hat.


Usman S. Ansari


uansari@yahoo.com

The firewall portion of Red Hat's installer is a bit confusing. Most importantly, in the Customize section the Trusted Devices options truly are trusted, allowing any and all traffic on them. When I first looked at that I assumed if I wanted to allow incoming SSH on eth0, I would click SSH on Allow incoming as well as selecting eth0 under trusted—not the case. This gives blanket permissions on all ports on the selected trusted device.

I'm not sure what went wrong during the installation, but you can change the configuration afterward by running lokkit to reconfigure the firewall. There also is a GUI-based utility that does the same thing called redhat-config-securitylevel. Run /etc/init.d/iptables restart after making changes.


Timothy Hamlin


thamlin@nmt.edu

Bear in mind that it is not a good idea to operate a system with a relaxed or disabled security, especially if linked to the Internet. You should learn to configure the firewall to let through the traffic you need but no more.


Felipe Barousse Boué


fbarousse@piensa.com

Mouse Pointer in VNC?

How can I change the mouse pointer to a big white cursor when displayed through a VNC viewer?


Marcos Machado


pimentamac@hotmail.com

Currently there are several flavors of VNC-based utilities, with many enhancements and differences among each them. A method you can try is to change the mouse configuration of your account locally (including the cursor or pointer size) with a tool like gnome-mouse-properties. Then, later on when you establish a remote session through VNC, you will get a larger cursor, again, depending on the VNC client and server you are using.


Felipe Barousse Boué


fbarousse@piensa.com

Distributing One POP Account to Multiple Users

We have registered a domain and one POP3 e-mail account with our registrar. Unfortunately, our DSL ISP (Earthlink) does not permit us to have SMTP port 25 open to send and receive mail directly. All outbound e-mail must be sent to our ISP's servers, and then they relay them onwards.

We have a small network consisting of six users. All users must see the same e-mail, thus one POP3 mail account for all. I have Postfix configured to send our outbound e-mail via the ISP without any problems. I have been playing with fetchmail to retrieve our inbound e-mail from our remote POP3 account but have not had any luck getting the e-mail distributed to our local users on our network. fetchmail polls and downloads the mail no problem, but when it hits our Postfix server it says:

X-Fetchmail-Warning: recipient address myaddress@earthlink.net didn't match any local name

I have tried to configure aliases using Webmin with success. I guess the problem is with multidrop distribution.


Walter


trance_fool@hotmail.com

Keep things simple. Either get several mail accounts on your ISP's servers—one per user and configure their workstations to log in to their POP accounts at the ISP's server, or arrange for open SMTP and POP or IMAP ports to your server. That way, it will be much easier for you to manage your e-mail without adding complexity to an already difficult-to-manage service (e-mail). You don't want to complicate your life when you have to filter spam, viruses and all that crap while having a home-crafted solution as you are describing in your post.


Felipe Barousse Boué


fbarousse@piensa.com

You don't need to use fetchmail multidrop if you want all six users to get copies of the same mail from the POP account. Just make an “all” alias in /etc/aliases, which you can do with Webmin, then configure fetchmail to deliver to “all” via SMTP:

poll pop.example.net:
   user joe there has password secr3t
   is all here

Postfix will do the rest.


Don Marti


dmarti@ssc.com

Adding a Nonstandard Kernel Module

I wanted to update my kernel to include a module that isn't provided by default. First, I thought I'd try building the kernel identical to what Red Hat provided. I've built Linux (a few years ago) without a problem, but when I tried to build the Red Hat configuration, copied from the configs subdirectory, it failed during the make modules step. The errors don't make sense to me. There's about 1,200 lines of errors generated. Why doesn't it compile right out of the box?


Chris Carlson


cwcarlson@cox.net

First, you do not have to compile the kernel to add a new module. You simply can compile with the header files from the running kernel, and it should work fine. As far as your problem with kernel compilation is concerned, I think you are missing the make oldconfig step, which would read the config file you mention. By the way, did you remember to rename it to .config?


Usman S. Ansari


uansari@yahoo.com

ADSL under Knoppix?

What is the easiest way to install an ADSL Internet connection using Knoppix?


Andrew Catchpole


krubby@hotmail.com

That really depends on the kind of ADSL modem you have and on the actual settings of your ISP's service. This page may be of help: www.rhapsodyk.net/adsl/HOWTO and this one too: christophe.delord.free.fr/en/adsl/debian.html.


Felipe Barousse Boué


fbarousse@piensa.com

Upgrading from Red Hat to SuSE?

I have tried to upgrade Red Hat 9 to SuSE 9.0 without success. Can this be done? Or does one need to reinstall the system?


L W Randerson


luthrw@att.net

You are trying to upgrade a system installed from one vendor of Linux distribution to another vendor. It is impossible that this will work. Many times upgrades from the same vendor have problems. I suggest that you start from scratch: repartition and make new filesystems. If you have enough disk space, you can have both SuSE and Red Hat installed at same time on different partitions.


Usman S. Ansari


uansari@yahoo.com

Perhaps it would be possible with a lot (a whole lot) of hacking, but generally, you don't want to upgrade across different distributions. Red Hat to Red Hat should work, and SuSE to SuSE, but the layouts are different, and it would be terrifically complicated. Back up all the user files you have, and do a fresh install rather than attempt an update.


Timothy Hamlin


thamlin@nmt.edu

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix