testing eFa v4 Release Candidate 2
Posted: 30 Jan 2019 14:11
Just did the new build from scratch. After 15 minutes ready to login
Had some minor issues. Could be related to NOT using IPV6 and using recusion. All the major issues are solved
the /etc/postfix/sender_canonical contained a malformed mailadres.
I will mention the changes made, as not all changes are required to be up and running (IPV6 disabled version)
The lines with a # are the original vaules afer running the EFA-INIT/Configure
1. EFA-Init
enable Ipv6 dns: only Y will continue (I use no Ipv6)
CONFIGURED:YES
HOSTNAME:sansspam
DOMAINNAME:test.lan
IPV4ADDRESS:172.16.1.15
IPV6ADDRESS:
DNSIP1:
DNSIP2:
RECURSION:ENABLED
INTERFACE:eth0
IPV4NETMASK:255.255.0.0
IPV4GATEWAY:172.16.1.1
IPV6MASK:
IPV6GATEWAY:
TZONE:Europe/Amsterdam
IANA:nl
ORGNAME:kaaskoppen.nl
MAILSERVER:127.0.0.1
ADMINEMAIL:adminuser@test.lan
ISUTC:true
#IPV6DNS:yes
IPV6DNS:no
/var/log/messages
Jan 30 12:20:29 unbound: [5360:0] error: can't bind socket: Permission denied for ::
Jan 30 12:20:29 unbound: [5360:0] error: can't bind socket: Permission denied for ::
Since unbound need to be configured per installation, al least disable ipv6 when EFA=Init enable Ipv6 is no
/etc/unbound/conf.d/unbound.conf
do-ip4: yes
do-ip6: no
2. /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.15 sansspam.test.lan sansspam
3. /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by parse-kickstart
#IPV6INIT=yes
IPV6INIT=no
IPV6_AUTOCONF=no
#IPV6_AUTOCONF=yes
BOOTPROTO="none"
DEVICE=eth0
ONBOOT=yes
UUID=xxxx
TYPE=Ethernet
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
#IPV6_DEFROUTE=yes
#IPV6_PEERDNS=yes
#IPV6_PEERROUTES=yes
NAME=eth0
#NAME="System eth0"
IPADDR="172.16.1.15"
NETMASK="255.255.0.0"
GATEWAY="172.16.1.1"
DNS1="127.0.0.1"
#DNS2="::1"
ZONE=public
4. the ifname.bak is still present, removed it
# ls -l
total 236
-rw-------. 1 root root 444 Jan 30 12:33 ifcfg-eth0
-rw-r--r--. 1 root root 408 Jan 30 12:04 ifcfg-eth0.bak
5./etc/sysconfig/network
# Created by anaconda and modified by henk
NETWORKING_IPV6=no
IPV6INIT=no
IPV6_AUTOCONF=no
DHCPV6=no
IPV6FORWARDING=no
6./etc/dovecot/dovecot.conf
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
listen = *
7./etc/postfix/main.cf
# Enable IPv4, and IPv6 if supported
#inet_protocols = ipv4, ipv6
inet_protocols = ipv4
#mynetworks = 127.0.0.0/8 [::1]/128
mynetworks = 127.0.0.0/8
#qmqpd_authorized_clients = 127.0.0.1 [::1]
qmqpd_authorized_clients = 127.0.0.1
/etc/postfix/header_checks
/^Received:\ from\ sansspam.test.lan\ \(localhost\ \[127.0.0.1/ IGNORE
#/^Received:\ from\ sansspam.test.lan\ \(localhost\ \[::1/ IGNORE
/etc/postfix/sender_canonical
#root@test.lan root@sansspamtest.lan <<<<<<<<<<<<<<<<<<<<<<
root@test.lan adminuser@test.lan
postmap /etc/postfix/header_checks
postmap /etc/postfix/sender_canonical
/etc/sysctl.d/disableipv6.conf
# Ensure IPv6 is disabled
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6= 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
/etc/sysconfig/chronyd
# Command-line options for chronyd
#OPTIONS=""
OPTIONS="-4"
SSH
/etc/ssh/ssh_config
# ssh_config(5) man page.
AddressFamily inet
# Host
/etc/ssh/sshd_config
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
AddressFamily inet
ListenAddress 0.0.0.0
/etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
#Listen 80
Listen 0.0.0.0:80
#
mysqltuner: /usr/sbin/mysqltuner.pl
So uou need to start it incl the path : /usr/sbin/mysqltuner.pl
Create a link to it?
Had some minor issues. Could be related to NOT using IPV6 and using recusion. All the major issues are solved
the /etc/postfix/sender_canonical contained a malformed mailadres.
I will mention the changes made, as not all changes are required to be up and running (IPV6 disabled version)
The lines with a # are the original vaules afer running the EFA-INIT/Configure
1. EFA-Init
enable Ipv6 dns: only Y will continue (I use no Ipv6)
Code: Select all
/etc/eFa/eFa-Config
HOSTNAME:sansspam
DOMAINNAME:test.lan
IPV4ADDRESS:172.16.1.15
IPV6ADDRESS:
DNSIP1:
DNSIP2:
RECURSION:ENABLED
INTERFACE:eth0
IPV4NETMASK:255.255.0.0
IPV4GATEWAY:172.16.1.1
IPV6MASK:
IPV6GATEWAY:
TZONE:Europe/Amsterdam
IANA:nl
ORGNAME:kaaskoppen.nl
MAILSERVER:127.0.0.1
ADMINEMAIL:adminuser@test.lan
ISUTC:true
#IPV6DNS:yes
IPV6DNS:no
/var/log/messages
Jan 30 12:20:29 unbound: [5360:0] error: can't bind socket: Permission denied for ::
Jan 30 12:20:29 unbound: [5360:0] error: can't bind socket: Permission denied for ::
Since unbound need to be configured per installation, al least disable ipv6 when EFA=Init enable Ipv6 is no
/etc/unbound/conf.d/unbound.conf
do-ip4: yes
do-ip6: no
2. /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.15 sansspam.test.lan sansspam
3. /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by parse-kickstart
#IPV6INIT=yes
IPV6INIT=no
IPV6_AUTOCONF=no
#IPV6_AUTOCONF=yes
BOOTPROTO="none"
DEVICE=eth0
ONBOOT=yes
UUID=xxxx
TYPE=Ethernet
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
#IPV6_DEFROUTE=yes
#IPV6_PEERDNS=yes
#IPV6_PEERROUTES=yes
NAME=eth0
#NAME="System eth0"
IPADDR="172.16.1.15"
NETMASK="255.255.0.0"
GATEWAY="172.16.1.1"
DNS1="127.0.0.1"
#DNS2="::1"
ZONE=public
4. the ifname.bak is still present, removed it
# ls -l
total 236
-rw-------. 1 root root 444 Jan 30 12:33 ifcfg-eth0
-rw-r--r--. 1 root root 408 Jan 30 12:04 ifcfg-eth0.bak
5./etc/sysconfig/network
# Created by anaconda and modified by henk
NETWORKING_IPV6=no
IPV6INIT=no
IPV6_AUTOCONF=no
DHCPV6=no
IPV6FORWARDING=no
6./etc/dovecot/dovecot.conf
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
listen = *
7./etc/postfix/main.cf
# Enable IPv4, and IPv6 if supported
#inet_protocols = ipv4, ipv6
inet_protocols = ipv4
#mynetworks = 127.0.0.0/8 [::1]/128
mynetworks = 127.0.0.0/8
#qmqpd_authorized_clients = 127.0.0.1 [::1]
qmqpd_authorized_clients = 127.0.0.1
/etc/postfix/header_checks
/^Received:\ from\ sansspam.test.lan\ \(localhost\ \[127.0.0.1/ IGNORE
#/^Received:\ from\ sansspam.test.lan\ \(localhost\ \[::1/ IGNORE
/etc/postfix/sender_canonical
#root@test.lan root@sansspamtest.lan <<<<<<<<<<<<<<<<<<<<<<
root@test.lan adminuser@test.lan
postmap /etc/postfix/header_checks
postmap /etc/postfix/sender_canonical
/etc/sysctl.d/disableipv6.conf
# Ensure IPv6 is disabled
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6= 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
Code: Select all
sysctl -p
# Command-line options for chronyd
#OPTIONS=""
OPTIONS="-4"
SSH
/etc/ssh/ssh_config
# ssh_config(5) man page.
AddressFamily inet
# Host
/etc/ssh/sshd_config
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
AddressFamily inet
ListenAddress 0.0.0.0
/etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
#Listen 80
Listen 0.0.0.0:80
#
Code: Select all
whereis mysqltuner
So uou need to start it incl the path : /usr/sbin/mysqltuner.pl
Create a link to it?