first, thanks for your reply. > > * NFS: I can't seem to find any options for binding nfs to specific > > ports (-p option), either through the gui or in the scripts, which means > > that I can't have nfs for my vpn without unblocking all unprivileged > > ports. > > See "man nfs" for more details, but briefly: > > Use port=portnumber as an option to your /etc/fstab > > or > > Use mountport= for the port# of the mountd port. > > Or when specifying options from the command line: > > mount -tnfs -oport=port# ....etc Sorry, but I meant on the server. The client can use portmap to find out the port numbers and portmap can be allowed through the firewall as it uses a specific port (111) But the ports for the various nfs daemons are dynamically allocated by portmap. > > > * Where is the tool for configuring NIS? > > System Settings->Authentication or: > > authconfig-gtk Sorry, I meant on the server side again... Client-side is there, which is why I am wondering why the server side isn't. > > > * kudzu: > > - why is kudzu in /etc/fstab? it is not a filesystem option! It does > > not belong there! > > It does in this case AFAIK, it's set as owner of the floppy drive due to > probing I believe. >From man fstab: "The fourth field, (fs_mntops), describes the mount options associated with the filesystem." I still don't see what kudzu could have to do with filesystem mount options... > > > - How can i stop it from probing my serial ports? I have had to simply > > disable it for now. > > Add the '-s' option for "safe" probing mode, this prevents serial probe, > ddc monitor probe, and ps/2 probe. That is good if you want to disable all unsafe probes, but I just want to be able to say: do not probe ttyS2... but keep probing to see which monitor is plugged in. > > > - How can I stop it to *ever* ask me about my (offline) printer? (keep > > configuration should just keep it forever and not ask me again - unless > > I specifically say that I want to - needs doing too) > > You'll have to file a "request for enhancment" on this one, there is no > "keep" forever AFAIK. > > > - Who is going to tell a linux beginner that kudzu is 'hardware > > detection'? Why not have a more sensible name? > > I'm fairly certain it says hardware detection when it runs kudzu. Yes it does, but from a user point of view, everything else makes sense (dhcpd = dhcp daemon and so on) > > - It simply hangs my via-epia boxes half the time. > > File a bug then. I will do. > > > * firewalling: my firewall is on a dynamic IP and requires specific > > rules. lokkit does not allow you to specify which ports to add (beyond > > the basics: http/smtp...). So I end up running it from rc.local. > > Problem is that if my ISP's dhcp server ever gives me another IP, my > > script won't run again. There are /etc/dhcp scripts meant to be run on > > dhcp lease renewal, but I could never get this to run correctly. > > Why can't wget work properly behing a firewall? (wrong port errors) > > wget works perfectly behind a firewall, assuming you've configured it > properly. I'm behind one, and it works just fine... Most of the time. > > > * kernel: I can make it oops at will, just by using hdparm to spin down > > one of the disks (hdparm -Y) then doing something else. > > redhat kernel is too different from vanilla to be able to compile all > > sorts of things (macros changed, memcpy and friends) > > hdparm is not perfect, and subtle differences in hardware will expose > problems. File a bug. > > > I can't shutdown cleanly anymore: as soon as I exit X,it clears all my > > windows, looks like it is going back to the text console, but justs sits > > there in graphics mode, with the desktop background. Reset is the only > > way to get it going again. Nothing in XFree log or syslog. (dual athlon > > system) > > This has been fixed in rawhide I believe. Someone else mentioned this > earlier. Any idea what needs updating? XFree? (hope it hasn't got too many deps) > > In short, firewalls are not easy to configure, lokkit already states > that it's not for advanced configuration, just for "simple" > configuration, and advanced configurations like yours are definitely not > the norm. I am not asking for lokkit to do all the work, I am quite happy with my firewall script. I just want the ability to hook it up to the system more cleanly. rc.local isn't ideal, and iptables save does not work for dynamic ips. Antoine
