=========================== Mandrivalinux Configuration - making the server useful using urpmi =========================== -IAN! idallen@idallen.ca The Mandriva Mini system contains only a basic small set of software packages (about 274). It doesn't have a fancy window manager or desktop system, or telnet, host, tcpdump, or even the "man" command or man pages. You can use the Mandriva "urpmi" tool to fetch more software packages from the net, once you have told urpmi where the media sources are using "urpmi.addmedia". This file explains how to: - understand what a Mandriva "media source" is - use urpmi.addmedia to add new media sources to find new packages - use urpmi.update to update media sources with new package lists - use urpmi to fetch and install new packages - use rpm (Redhat Package Manager) to query installed files and packages Mandriva media sources - /etc/urpmi/urpmi.cfg ---------------------- A "media source" is a location, on disk, CDROM, or the Internet, that contains software packages (RPM files) for a Mandriva distribution. The master configuration file for media soures in the urpmi system is a text file named /etc/urpmi/urpmi.cfg. You can edit this file directly (as root) if you know what you are doing; but, Mandriva has some tools that do it for you. To list the currently defined media sources: # urpmq --list-media You will find that the Mandrake mini system has no media sources. The /etc/urpmi/urpmi.cfg file is empty. Adding media sources using urpmi.update --------------------------------------- Adding a new media source from which you can retrieve software packages involves two things: 1. finding the URL of the media source 2. using urpmi.addmedia to add the new source On campus at Algonquin College, your best basic media source is a local server located at "alinux.idallen.ca" (possibly 10.50.254.230). This is method "A" below. At home, you must use Internet-based sources for your media. This is method "B" below. Choose method A or B below, depending on where you are. Dual Media: If you want to switch back and forth between Algonquin media sources and Internet media sources, save your urpmi.cfg file between A and B and empty it before adding new media, then simply replace the current urpmi.cfg file with the saved one containing the media you want to use. You can put *all* the media in one urpmi.cfg file; but, urpmi will only use the first ones it finds. If you do put everything in one file, put the Algonquin media first and the Internet media last. (You can edit urpmi.cfg to re-order the media as you wish.) At home, the Algonquin media will fail and urpmi will use the Internet media. Choose method A or B: A. Adding media sources on campus at Algonquin College ------------------------------------------------------- A quick way to add "all" of the media sources available at a site (instead of using several separate urpmi.addmedia command lines) is to use the "--distrib" option to urpmi.addmedia and specify a URL that ends slightly above the media name. For the Algonquin lab media, the correct URL and urpmi.addmedia command line is given on the opening web page at: http://alinux.idallen.ca/ This URL only works on-campus at Algonquin College: # urpmi.addmedia --distrib http://alinux.idallen.ca/distributions/Mandriva/2005LE/Mandriva-Linux-2005-Limited-Edition.dir retrieving hdlists file... ...retrieving done added medium Installation CD11 added medium Installation CD21 added medium Installation CD31 added medium Drivers and Plugins Special Club CD41 added medium Drivers and Plugins Special Club CD42 added medium Drivers and Plugins Special Club CD43 added medium Drivers and Plugins Special Club CD44 added medium Drivers and Plugins Special Club CD45 added medium Silver Club Extra CD51 added medium Silver Club Extra CD61 added medium Silver Club Extra CD62 [...] wrote config file [/etc/urpmi/urpmi.cfg] You will now see many media sources defined: # urpmq --list-media Installation CD11 Installation CD21 Installation CD31 Drivers and Plugins Special Club CD41 Drivers and Plugins Special Club CD42 Drivers and Plugins Special Club CD43 Drivers and Plugins Special Club CD44 Drivers and Plugins Special Club CD45 Silver Club Extra CD51 Silver Club Extra CD61 Silver Club Extra CD62 In addition to the fixed media sources (the ones that correspond to the CDROMs distributed by Mandriva), we also want to add the Internet media sources that contain the "update" packages that fix security issues. For the Algonquin lab media, the correct URL and urpmi.addmedia command line for Update media is given on the opening web page at: http://alinux.idallen.ca/ This URL only works on-campus at Algonquin College: # urpmi.addmedia --update Updates1 http://alinux.idallen.ca/distributions/Mandriva/2005LE/updates/main_updates added medium Updates1 retrieving source hdlist (or synthesis) of "Updates1"... wrote config file [/etc/urpmi/urpmi.cfg] Note: The site alinux.idallen.ca only works at Algonquin College. Skip over section "B" below (Internet media) and go to the following section. B. Adding media sources from the Internet ----------------------------------------- This "B" section is for adding urpmi media sources if you are not on campus at Algonquin Collge. Internet media sources come and go - they are all unpaid gifts to the Mandriva community. You may find that what works today may not work tomorrow. Fetching from different media sources may be better or worse at different times of the day. Perhaps a good starting place to find Internet media sources is: http://easyurpmi.zarb.org/ In Step 1 (Select your system), we select version "2005", architecture "i586" and package manager "urpmi", then click on "Proceed to step 2". Mandriva classifies media sources into several broad categories, each of which will have one (or more) of its own separate media sources: contrib main updates jpackage You might arrange that these four categories all come from the same machine, or you could have media sources on four different machines. The EasyURPMI site also defines the "plf-free" and "plf-nonfree" categories for packages and technologies that are subject to patent issues and cannot be distributed by Mandriva. You will want to find at least one media source for each of the Mandriva categories "main", "contrib", "jpackage", and "updates". The EasyURPMI web site lets you select each category and generate the shell command lines for urpmi.addmedia that will add that media to your urpmi.cfg file for you. For example, selecting the only Canadian site for "main" and clicking on "proceed to step 3" gives this shell command line: urpmi.addmedia contrib http://gulus.usherbrooke.ca/pub/distro/Mandrakelinux/official/2005/i586/media/contrib with media_info/hdlist.cz A quick way to add "all" of the media sources available at a site (instead of using several separate urpmi.addmedia command lines) is to use the "--distrib" option to urpmi.addmedia and specify a URL that ends slightly above the media name. I decide to choose the USherbrooke site as my distribution source, and I truncate the URL as follows when I pass it to urpmi.addmedia using the --distrib option: # urpmi.addmedia --distrib http://gulus.usherbrooke.ca/pub/distro/Mandrakelinux/official/2005/i586 retrieving hdlists file... ...retrieving done added medium Main1 added medium Contrib1 added medium Jpackage1 retrieving source hdlist (or synthesis) of "Main1"... retrieving source hdlist (or synthesis) of "Contrib1"... retrieving source hdlist (or synthesis) of "Jpackage1"... wrote config file [/etc/urpmi/urpmi.cfg] The urpmi.addmedia program went to the USherbrooke site and found three types of media sources, and named and added them all for me. If I look at /etc/urpmi/urpmi.cfg now, I will see three media sources defined, with names "Main1", "Contrib1", and "Jpackage1". I can also list them using the urpmq command: # urpmq --list-media Contrib1 Main1 Jpackage1 In addition to the fixed media sources (the ones that correspond to the CDROMs distributed by Mandriva), we also want to add media sources that contain the "update" packages that fix security issues. Use the EasyURPMI web site to find an "update" source: http://easyurpmi.zarb.org/ Using the web interface, generate the urpmi.addmedia command line for an "updates" site for our current version of Mandriva. For example: I select an update site in Canada. EasyURPMI generates this command line for me: urpmi.addmedia --update Updates1 http://gulus.usherbrooke.ca/pub/distro/Mandrakelinux/official/updates/LE2005/main_updates/ with media_info/hdlist.cz I don't like the name "updates" given by EasyURPMI, and I choose instead to call the media "Updates1" when I add it using urpmi.addmedia: # urpmi.addmedia --update Updates1 ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates with media_info/hdlist.cz added medium Updates1 retrieving source hdlist (or synthesis) of "Updates1"... wrote config file [/etc/urpmi/urpmi.cfg] The name Updates1 looks more like the other names ("Main1", "Contrib1") and it allows me to define Updates2, Updates3, etc. later, if I want. Now /etc/urpmi/urpmi.cfg has four media sources defined: # urpmq --list-media Contrib1 Main1 Jpackage1 Updates1 You can continue to use urpmi.addmedia to add multiple sources for each of these categories. If one source is not responding, urpmi will move to try fetching the package from the next source. Sources can also be stored on your own local hard disk, if you have enough space. Keeping the updates updated --------------------------- Unlike the fixed-media CDROM, remote update sites keep having new packages added to them. The urpmi.update command will allow your machine to track changes in the remote cache and incorporate them in the local urpmi database. We will see how to use it later in this document. Using urpmq and urpmf to locate packages ---------------------------------------- The Mini system doesn't have a telnet command. I use the urpmq (query) command to find out if there is some package name that contains the string telnet, and tell me the media source from where it would be fetched: # urpmq --sources telnet no package named telnet The following packages contain telnet: gnome-telnet telnet-client-krb5 telnet-server-krb5 As you see, sometimes a string will be found in more than one package name, in which case you'll get a list of packages instead of just one, and you will have to be more specific about which package you want: # urpmq --sources telnet-client http://alinux.idallen.ca/distributions/Mandriva/2005LE/Mandriva-Linux-2005-Limited-Edition.dir/media/main2/telnet-client-krb5-1.3.6-6mdk.i586.rpm I expect that "telnet-client-krb5" is the package containing the "telnet" client command that I am seeking. In the case of "telnet", the command name and the package name have similar names, which isn't true for all (or even most) packages. There are no "date" or "sleep" packages - these commands are both in the "coreutils" package. You can find out which packages contain which files by locating them in the file system and then using the "urpmf" command: # whereis sleep sleep: /bin/sleep # urpmf /bin/sleep coreutils:/bin/sleep mkinitrd-net:/usr/lib/mkinitrd-net/initrd-skel/bin/sleep # urpmq --sources coreutils http://alinux.idallen.ca/distributions/Mandriva/2005LE/Mandriva-Linux-2005-Limited-Edition.dir/media/main/coreutils-5.2.1-5mdk.i586.rpm # rpm -q coreutils coreutils-5.2.1-5mdk If you aren't sure in which package a command or file resides, the "urpmf" command will search all the known package media sources for a string. Beware! It can produce a *lot* of output for non-unique strings: # urpmf ssh | wc 535 536 26282 If you know more about the location of the file you are seeking, you can be more specific about searching for where the command would reside: # urpmf /usr/bin/ssh openssh:/usr/bin/ssh-keygen openssh:/usr/bin/ssh-keyscan openssh-clients:/usr/bin/ssh openssh-clients:/usr/bin/ssh-add openssh-clients:/usr/bin/ssh-agent openssh-clients:/usr/bin/ssh-copy-id You can also use grep to help select leading package names in the output: # urpmf ssh | grep '^openssh' | wc 136 136 6272 # urpmf /ssh | grep '^openssh' | wc 64 64 2544 Using urpmi to install packages ------------------------------- I ask to install the "man" package using urpmi, using the media sources defined in my urpmi.cfg file. The urpmi program first fetches the package file to a cache directory and then uses the "rpm" command to install the package (and delete the package file from the cache): # urpmi man http://alinux.idallen.ca/distributions/Mandriva/2005LE/Mandriva-Linux-2005-Limited-Edition.dir/media/main/man-1.5m2-2mdk.i586.rpm installing man-1.5m2-2mdk.i586.rpm from /var/cache/urpmi/rpms Preparing... ############################################# 1/1: man ############################################# Sometimes a package will need other packages on installation, and you will be prompted to accept this: # urpmi telnet-client-krb5 To satisfy dependencies, the following 2 packages are going to be installed (1 MB): libkrb53-1.3.6-6.1.102mdk.i586 telnet-client-krb5-1.3.6-6.1.102mdk.i586 Is this OK? (Y/n) y You can also supply multiple package names to urpmi. rpm - the Redhat Package Manager (RPM) -------------------------------------- The "urpmi" program deals with packages that *could* be installed. The "rpm" (Redhat Package Manager) program manages packages that have already been installed on the system, using a database of versions and dependencies. Where urpmi manages packages that reside in media sources that are often off-machine, rpm manages packages that have been installed. You use urpmi and friends to find packages and install them. You use rpm to find out what is installed, and to uninstall packages. Find out the version of the telnet package that is installed: # rpm -q telnet-client-krb5 telnet-client-krb5-1.3.6-6.1.102mdk Find an information description of the "tar" package: $ rpm -qi tar | less [...] The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. [...] Count all the packages that are currently installed: # rpm -qa | wc 276 276 5979 Filter the large output for package names containing a particular string: $ rpm -qa | grep net libnet2-1.1.2.1-3mdk net-tools-1.60-11mdk telnet-client-krb5-1.3.6-6.1.102mdk Show me all the file names that belong to the "which" package: $ rpm -ql which /usr/bin/which /usr/share/doc/which-2.16 /usr/share/doc/which-2.16/AUTHORS /usr/share/doc/which-2.16/COPYING /usr/share/doc/which-2.16/EXAMPLES /usr/share/doc/which-2.16/INSTALL /usr/share/doc/which-2.16/NEWS /usr/share/doc/which-2.16/README /usr/share/doc/which-2.16/README.alias /usr/share/info/which.info.bz2 /usr/share/man/man1/which.1.bz2 For an existing file on my system, tell me in what package it resides: $ rpm -qf /bin/date coreutils-5.2.1-5mdk $ rpm -qf /etc/passwd setup-2.6-1mdk $ rpm -qf /etc/inittab initscripts-7.61.1-26mdk Remove a package named foobar (must be run as root): # rpm -e foobar If other packages depend on foobar, you will have to include the names of those packages on the same command line and remove them all at the same time, or use options to force rpm to ignore dependencies. urpmi --auto-select - updating the system (including security updates) --------------------------------------------------------------------- You will recall that we did not install the software updates when we installed the Mini system. A good time to do the updates is now. We can ask urpmi to automatically select and update anything that needs it. Urpmi will use the Updates1 site that we defined earlier to find packages that are newer than the packages we have installed. In the output below, note that urpmi may first dectect that it has to upgrade itself - it does this before it restarts itself and goes on to upgrade the rest of the packages: # urpmi --auto-select To satisfy dependencies, the following 2 packages are going to be installed (3 MB): perl-URPM-1.03-2.1.101mdk.i586 urpmi-4.5-29.1.101mdk.noarch Is this OK? (Y/n) y ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates/./urpmi-4.5-29.1.101mdk.noarch.rpm ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates/./perl-URPM-1.03-2.1.101mdk.i586.rpm installing0/var/cache/urpmi/rpms/perl-URPM-1.03-2.1.101mdk.i586.rpm /var/cache/urpmi/rpms/urpmi-4.5-29.1.101mdk.noarch.rpm Preparing... ################################################## 1:perl-URPM ################################################## 2:urpmi ################################################## restarting urpmi To satisfy dependencies, the following 52 packages are going to be installed (168 MB): apache2-2.0.53-9.4.102mdk.i586 apache2-common-2.0.53-9.4.102mdk.i586 apache2-modules-2.0.53-9.4.102mdk.i586 bzip2-1.0.2-20.1.102mdk.i586 cpio-2.6-3.3.102mdk.i586 curl-7.13.1-2.2.102mdk.i586 drakxtools-backend-10.2-24.2.102mdk.i586 gnome-vfs2-2.8.4-6.1.102mdk.i586 gtk+2.0-2.6.4-2.2.102mdk.i586 gzip-1.2.4a-14.1.102mdk.i586 hal-0.4.7-12.1.102mdk.i586 indexhtml-10.2-6.1.102mdk.noarch info-install-4.8-1.1.102mdk.i586 ldetect-lst-0.1.82-1.1.102mdk.i586 libbzip2_1-1.0.2-20.1.102mdk.i586 libcups2-1.1.23-11.2.102mdk.i586 libcurl3-7.13.1-2.2.102mdk.i586 libgdk_pixbuf2.0_0-2.6.4-2.2.102mdk.i586 libgnome-vfs2_0-2.8.4-6.1.102mdk.i586 libgtk+-x11-2.0_0-2.6.4-2.2.102mdk.i586 libgtk+2.0_0-2.6.4-2.2.102mdk.i586 libhal0-0.4.7-12.1.102mdk.i586 libnspr4-1.0.2-10.1.102mdk.i586 libnss3-1.0.2-10.1.102mdk.i586 libopenssl0.9.7-0.9.7e-5.2.102mdk.i586 libpcre0-5.0-2.1.102mdk.i586 libtiff3-3.6.1-11.1.102mdk.i586 libungif4-4.1.3-1.1.102mdk.i586 libxorg-x11-6.8.2-7.2.102mdk.i586 libxpm4-3.4k-30.1.102mdk.i586 losetup-2.12a-12.1.102mdk.i586 lynx-2.8.5-1.3.102mdk.i586 mount-2.12a-12.1.102mdk.i586 mozilla-firefox-1.0.2-10.1.102mdk.i586 openssh-3.9p1-9.1.102mdk.i586 openssh-clients-3.9p1-9.1.102mdk.i586 openssh-server-3.9p1-9.1.102mdk.i586 openssl-0.9.7e-5.2.102mdk.i586 perl-5.8.6-6.2.102mdk.i586 perl-base-5.8.6-6.2.102mdk.i586 proftpd-1.2.10-9.1.102mdk.i586 udev-054-6.1.102mdk.i586 unzip-5.51-1.2.102mdk.i586 util-linux-2.12a-12.1.102mdk.i586 vim-minimal-6.3-12.1.102mdk.i586 wget-1.9.1-5.2.102mdk.i586 xorg-x11-6.8.2-7.2.102mdk.i586 xorg-x11-75dpi-fonts-6.8.2-7.2.102mdk.i586 xorg-x11-server-6.8.2-7.2.102mdk.i586 xorg-x11-xauth-6.8.2-7.2.102mdk.i586 xorg-x11-xfs-6.8.2-7.2.102mdk.i586 zlib1-1.2.2.2-2.2.102mdk.i586 Is this OK? (Y/n) n If we were to take the time to examine the version numbers on all the above packages, we would see that the above packages are all newer than the ones currently installed on our Mini system. For example, if we query the currently installed version of the "xorg-x11" package: # rpm -q xorg-x11 xorg-x11-6.8.2-7mdk This installed version is older than the one found for us by urpmi (presumably on the Updates1 media source site): xorg-x11-6.8.2-7.2.102mdk.i586 We could reply "yes" to have urpmi download and upgrade all of the out-of-date packages on the Mini system. Depending on the network load (especially if we have chosen a non-local site out on the Internet), this could take a long time. Choose an update site and time of day to make this go as quickly as possible - don't try a major update during peak network hours. From home, late at night, when the network was less busy, I said "yes" to the above update. During some of the connections to the Updates1 remote site that I had defined, this happened: ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates/./curl-7.12.1-1.1.101mdk.i586.rpm ...retrieving failed: curl failed: exited with 28 or signal 0 Installation failed, some files are missing: This usually indicates that the site had "too many" ftp connections, and I was refused access for some of the updates I wanted to fetch. Retrying the same updates later, the two missing package updates were downloaded successfully: # urpmi --auto-select To satisfy dependencies, the following 2 packages are going to be installed (1 MB): curl-7.12.1-1.1.101mdk.i586 timezone-2.3.3-23.1.101mdk.i586 Is this OK? (Y/n) y ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates/./curl-7.12.1-1.1.101mdk.i586.rpm ftp://mirror.aca.oakland.edu/pub/linux/mandrakelinux/official/updates/10.1/main_updates/./timezone-2.3.3-23.1.101mdk.i586.rpm installing /var/cache/urpmi/rpms/curl-7.12.1-1.1.101mdk.i586.rpm /var/cache/urpmi/rpms/timezone-2.3.3-23.1.101mdk.i586.rpm Preparing... ################################################## 1:timezone ################################################## 2:curl ################################################## I now have a fully updated Mini system: # urpmi --auto-select Everything already installed When I request new packages to be installed, if the packages have newer versions in the Updates1 media source, that is from where the packages will be fetched. The urpmi system always fetches the newest version of a package that it can find. urpmi.update - keeping the update media source updated ------------------------------------------------------ The remote "update" media sources will contain new versions of packages. Unlike the static media sources that never change (they are based on the CDROM images!), the "update" media sources change by having newly updated packages added to them from time-to-time. Our Mandriva system keeps a local cache of the packages that it thinks are in each media source, in the directory /var/lib/urpmi/. The caches are always correct for the static media sites that never change; but, the caches become stale for the "update" media sites. To update local "update" media caches by fetching the current accurate list of packages from a remote update media site, use "urpmi.update": # urpmi.update Updates1 [...] retrieving source hdlist (or synthesis) of "Updates1"... ...retrieving done The best time to update the update media is just before doing "urpmi --auto-select" to update all your packages to the latest versions. If you have many media sources defined, you can update all the media sources at once, then request an update of all new packages: # urpmi.update -a # urpmi --auto-select The above pair of lines keep your system current. (Requesting updates for the CDROM static media sources is rather pointless, since they never change. It's faster to request the Updates1 media directly.) Using the GUI to install packages --------------------------------- If I have an X11 GUI available (and the Mini system does, using the "startx" command), I can use the "rpmdrake" GUI program (as root) to find and install packages. The Mini system doesn't have rpmdrake installed; I have to use urpmi to fetch it first. To install rpmdrake, urpmi detects that it has to install many other missing packages: # urpmi rpmdrake To satisfy dependencies, the following 24 packages are going to be installed (34 MB): drakconf-icons-10.2-5mdk.i586 drakxtools-10.2-24.2.102mdk.i586 drakxtools-backend-10.2-24.2.102mdk.i586 drakxtools-newt-10.2-24.2.102mdk.i586 font-tools-0.1-11mdk.i586 foomatic-db-engine-3.0.2-1.20050224.4mdk.i586 foomatic-filters-3.0.2-1.20050128.4mdk.i586 freetype-tools-1.3.1-23mdk.i586 gtkdialogs-2.1-1mdk.i586 mandrake-doc-common-10.2-2mdk.noarch mpage-2.5.4-1mdk.i586 netprofile-0.9.2-1mdk.noarch perl-Compress-Zlib-1.37-0.1.102mdk.i586 perl-Glib-1.080-1mdk.i586 perl-Gtk2-1.080-1mdk.i586 perl-Gtk2-TrayIcon-0.04-2mdk.i586 perl-Libconf-0.39.9-2mdk.noarch perl-MailTools-1.66-1mdk.noarch perl-Net-DBus-0.0.1-3mdk.i586 perl-TimeDate-1.16-4mdk.noarch rpmdrake-2.10-4.2.102mdk.i586 t1utils-1.32-1mdk.i586 usermode-1.63-12mdk.i586 usermode-consoleonly-1.63-12mdk.i586 Is this OK? (Y/n) The rpmdrake package has a long list of package dependencies that aren't available on the Mini system yet. You are given the list of dependencies and asked if urpmi should install all of them (including rpmdrake itself). On a production network server, the more software you install, the more risk you take in having faulty software provide a means of compromising the server. (More software installed also means more software to keep updated!) Given the risk, a production server might choose *NOT* to install the graphical rpmdrake and all its dependencies. For the moment, I choose to say "NO" to this update for rpmdrake. I can use urpmi to install any packages I need. Packages to add to the Mini system ---------------------------------- Use urpmi to fetch the packages below to the Mini system (the packages in parentheses are dependencies that urpmi automatically selects and asks you to agree to install along with the intended package): bind (and bind-utils) bittorrent (and python) coreutils-doc ethereal (and libadns1 libethereal0 libnet-snmp5 net-snmp-mibs net-snmp-utils tcp_wrappers) harddrake (and drakxtools-newt msec netprofile perl-Glib perl-Gtk2 perl-Libconf usermode-consoleonly) man (and groff-for-man) man-pages nc (often called "netcat" - the TCP Swiss Army Knife) nmap ntp (and ntp-client) shorewall (SEE NOTE BELOW ABOUT SHOREWALL!) tcpdump telnet-client traceroute Again, on a production network server, one would avoid installing software not absolutely essential to the operation of the server or that crackers might use to compromise the server (e.g. ethereal, tcpdump, nc). For our classroom purposes (since we only have a single machine in front of us), we will install more software that would normally be prudent. Shorewall firewall ------------------ IMPORTANT NOTE: The default for the unconfigured "shorewall" firewall package is to block all incoming and outgoing connections. If you reboot your machine with shorewall installed and enabled, your machine will not be able to resolve host names or communicate with the network. Until you configure shorewall, disable it so that it does not start at boot time: # chkconfig --del shorewall The above helper program removes all the shorewall start and stop symbolic links from the /etc/rc?.d directories. Shorewall remains installed on the system; but, it will not start on the next reboot. You can start and stop shorewall at the command line using (as root): # shorewall start # shorewall stop Stopping shorewall opens your system up to all incoming/outgoing traffic. See Also: "less /usr/share/doc/shorewall*/releasenotes.txt" Resources --------- "man urpmi.addmedia" "man urpmi" "man urpmq" "man urpmf" "man rpm" urpmi http://easyurpmi.zarb.org/