[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: cups failed last week, now amanda



On Wednesday 10 December 2008, Dave Feustel wrote:
>On Wed, Dec 10, 2008 at 08:54:41AM -0500, Gene Heskett wrote:
>> And the cups update to fix a denial of service that yumex did last night,
>> now is a denial of service, my logs are drowning in:
>
>Can you add a rule to your firewall that drops all IP6 traffic?

I do not run a firewall between the boxes on my local net, which is behind a 
dd-wrt install on an x86 box, the best kept secret firewall ever.  So there 
is not a fireall involved in the paths around here in any direction but the 
internet, and certainly not between the server and client pieces of amanda 
all running on the same machine.

The point being that I have not configured anything here to use the ipv6 
addressing conventions.  Not samba, not cups, and not amanda, so where is it 
coming from and how to I turn it off.

Or, alternatively, since I use hosts files first, dnsmasq second (which I'm 
not sure I understand yet) and all failed dns requests are delivered to the 
box running dd-wrt, which in urn fwds them to the verizon servers it gets 
assigned by PPPoE, how do I go about setting up valid, private addresses that 
are the same as a 192.168.*.* address is for ipv4?

Hmm, dnsmasq is unk, lemme stop it.  And start nscd in its place since it has 
always worked.  Nope, same error timeout, the amanda client cannot talk to 
the amanda server, on the same machine.

Now I've made another discovery. I cannot disable the ipv6 address as shown in 
an ifconfig report in ifcfg-eth0.  I can edit it and change IPV6INIT from no 
to yes and back to no, with a restart after every edit, and still an ipv6 
address is being configured in both lo and eth0.

Is this:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1	localhost.localdomain localhost
::1		localhost6.localdomain6 localhost6
192.168.XX.XX	coyote.coyote.den	coyote

etc etc for the rest of my local network

A valid hosts file format for localhost?  I had found the machines FQDN 
included in the 127.0.0.1 aliases a few days ago, and since that is separate 
from the address assigned to that machine.domain.name, I took it out.  A 
leftover from the FU8 install I assume, and one I'd consider to be more 
breakage, according to the file, set by network manager, which I don't use.

Am I wrong, and I need to redefine the FQDN as an alias in the 127.0.0.1 line?

If thats the case, this is IMO, a security hole.  What were they thinking?  

Amanda has always considered that a no-no and refuses to do some things 
because of it when it finds a dle defined as localhost instead of the FQDN or 
a valid alias to that FQDN.  It is one of the foundation stones designed to 
prevent data theft by recovery on a machine that may not be the machine the 
backup represents.  Localhost can of course be any machine.

Plenty of unanswered questions above.  Whats the best fix?

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The best cure for insomnia is to get a  lot of sleep.
		-- W. C. Fields


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]