Linux: CentOS 6.5 DIY

CentOS 6.5 do it yourself…

Netinstall

Some hints as follows…

Text-only Installer

Press ESC and edit the boot parameters:

boot: linux text

Nearest Netinstall Mirror Selection

URL: http://ftp.cvut.cz/centos/6.5/os/x86_64

System Update

yum list updates
yum update

Alternatively (additionally),

yum clean all

Install/Search Packages

yum list PACKAGE
yum search PACKAGE

Static IPv4 Address Configuration

Edit /etc/sysconfig/network-scripts/ifcofg-eth0 and change/insert:

BOOTPROTO="static"
IPADDR="A.B.C.D"
NETMASK="W.X.Y.Z"
GATEWAY="F.G.H.I"

and run

service network restart

to apply changes.

IPv4/IPv6 Networking

Edit /etc/sysconfig/network for:

NETWORKING=yes
NETWORKING_IPV6=yes

and run

service network restart

to apply changes.

Higher Resolution of GRUB

CentOS is oldschool, thus edit /boot/grub/grub.conf and insert:

vga=791

as the kernel parameter to get a 1024x768@16b resolution.

Add Fedoras’s EPEL Repository

The extra packages for enterprise linux (EPEL) can be added with respect to the nearest repository as follows:

rpm -Uvh http://ftp.fi.muni.cz/pub/linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm

Now, some advanced packages can be installed as well.

List of Packages

bind-utils, boinc-client, cacti, elinks, htop, httpd, iputils, jwhois, links, logrotate, mc, mysql-server, nano, nmap, openssh-clients, pciutils, prosody, samba, samba-client, spectrum, sqlite, strongswan, syslog-ng, tcpdump, tcptraceroute, telnet, wget, wireshark

List Enabled Repos

Type the following commands:

yum repolist

OR

yum -v repolist | less

IPv4 Packet Forwarding

Run:

sysctl -w net.ipv4.ip_forward=1

Edit the /etc/sysctl.conf file and set

net.ipv4.ip_forward = 1

IPv6 NAT (i.e., new kernel and iptables)

The “oldschool” 2.6.32 kernel does not provide IPv6 NAT features. It can be checked as follows:

grep -i nf_nat_ipv6 /boot/config*

Therefore, a newer kernel (at least 3.7) needs to be provided. This can be done several ways. The elrepo way was the most suitable:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-lt

Now, the feature is available:

grep -i nf_nat_ipv6 /boot/config*
/boot/config-3.10.25-1.el6.elrepo.x86_64:CONFIG_NF_NAT_IPV6=m

It may be usefull to firstly install the connection tracking features of iptables but not necessary.

yum install libnetfilter_conntrack libnfnetlink

Unfortunately, the iptables package provided by the official CentOS repository is quite prehistoric, too. Therefore, the following steps needs to be done to remove the original and download and compile own up-to-date iptables, as the oldschool do not provide required features. What a shame…

yum install gcc
cd /tmp
wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.20.tar.bz2
tar -xjf iptables-1.4.20.tar.bz2
rpm --nodeps -e iptables iptables-ipv6
cd iptables-1.4.20
./configure
make
make install
# alternatively
# make install KERNEL_DIR=/usr/src/linux
iptables --version

Now, all is well, new iptables are compiled and installed. The last thing is to make them executable as a service.

ln -s /usr/local/sbin/iptables /sbin/iptables
ln -s /usr/local/sbin/iptables-save /sbin/iptables-save
ln -s /usr/local/sbin/iptables-restore /sbin/iptables-restore
ln -s /usr/local/sbin/ip6tables /sbin/ip6tables
ln -s /usr/local/sbin/ip6tables-save /sbin/ip6tables-save
ln -s /usr/local/sbin/ip6tables-restore /sbin/ip6tables-restore

cd /etc/init.d
wget http://www.squldvision.info/download/iptables/iptables
chmod +x /etc/init.d/iptables
cp /etc/init.d/iptables /etc/init.d/ip6tables
sed -i 's/IPTABLES=iptables/IPTABLES=ip6tables/' /etc/init.d/ip6tables
chkconfig --add iptables
chkconfig --level 2345 iptables on
chkconfig --add ip6tables
chkconfig --level 2345 ip6tables on

Now, the firewall rules can be but as usual in /etc/sysconfig/iptables and use /etc/init.d/iptables script to start/stop/reload the packet filtering. And /etc/sysconfig/ip6tables and use /etc/init.d/ip6tables respectively.

The script from squldvision.info team is cool. But if required, the original iptables init scripts can be preserved before uninstalling them.

Anyway, sending big thanks to the squldvision team! 🙂

Advertisements
This entry was posted in Linux, Server and tagged , , , , , , , , . Bookmark the permalink.