Servidor:tallafocs-asi
De Manteniment IES Ebre
(S'ha redirigit des de: TortosaINSEbreSrvr1)
NOTA: Aquesta Màquina ha estat canviada. Abans HP Proliant (Enxarxa) ara és una màquina virtual més de les màquines virtuals que hi ha al servidor d'informàtica
| Xarxa de l'INS de l'ebre > Servidors > tallafocs-asi | |
|---|---|
| Nom: | tallafocs-asi |
| S.O''': | Ubuntu Server Karmic Koala 9.10 |
| Noms Unix: | tallafocs-asi.intracentre,tallafocs-asi TortosaINSEbreSrvr1 |
| Altres noms: | ... |
| Virtual/Host''': | sí/ INSEbreXen1 |
| IP's: | 192.168.0.46, 192.168.202.1, 192.168.203.1, 192.168.204.1 |
| Subxarxes''': | Subxarxa:Servidors, Subxarxa:Informàtica |
| Serveis''': | SSH |
| Comentaris: | Connectada a guifi.net i a les xarxes del departament d'Informàtica |
| Gateway Per defecte: | 192.168.0.32 |
| Seguretat: | |
Contingut |
Funcions
- Encaminador/Tallafocs de les aules d'informàtica
- Accés a serveis des de guifi.net (DNAT a la web i altres...)
- Servidor de DNS
- Servidor de DHCP
- Proxy Squid
- WINS
Encaminament
Activar ip_forwarding:
$ sudo joe /etc/network/if-pre-up.d/router #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward $ sudo chmod +x /etc/network/if-pre-up.d/router
I executeu l'script un primer cop:
$ sudo /etc/network/if-pre-up.d/router
sysctl
Desactiveu rp_filter:
$ sudo joe /etc/sysctl.conf ... net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0 ... net.ipv4.conf.all.send_redirects = 0
$ sudo joe /etc/sysctl.d/10-network-security.conf ... net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0
Rutes estàtiques
Ruta estàtica a Xtec:
$ sudo joe /etc/network/if-up.d/XtecRoute #!/bin/bash route add -net 213.176.160.0 netmask 255.255.224.0 gw 192.168.0.1
On 192.168.0.1 és el router de a xtec.
$ cat /etc/network/if-up.d/guifiNetRoute #!/bin/bash route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.36.253.1
$ cat /etc/network/if-up.d/rutesCentre
#!/bin/sh route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.0.4 2> /dev/null route add -net 172.16.0.0 netmask 255.255.252.0 gw 192.168.0.4 2> /dev/null
Vegeu també:
Servei de DNS
La configuració de a:DNS s'ha fet amb vistes per tal de mostrar diferents IP segons la IP de la màquina que fa la consulta DNS. Això és així per que per exemple la web de l'institut: www.iesebre.com té diferents IP segons els paquets provinguin de:
- IP interna de l'Institut 192.168.0.0/16''': La IP del servidor web és 192.168.0.9
- IP de guifi.net 10.0.0.0/8 : La IP és 10.36.253.3
- IP Internet (normalment servei proveït per DNS externs): la IP és 213.97.30.37
El fitxer principal de configuració queda de la següent manera:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl guifi {
172.0.0.0/8;
10.0.0.0/8;
};
acl insebre {
192.168.0.0/16;
127.0.0.0/8;
};
view "guifi" {
match-clients { guifi; };
recursion yes;
zone "iesebre.com" {
type master;
file "/etc/bind/guifi/db.iesebre.com";
};
};
view "insebre" {
match-clients { insebre; };
recursion yes;
//Obtenir la zona iesebre.com del servidor master
zone "iesebre.com" {
type slave;
masters {
192.168.0.9;
};
file "/var/cache/bind/iesebre.com.hosts";
};
//Obtenir la zona inversa 192.168.0.x del servidor master
zone "168.192.in-addr.arpa" {
type slave;
masters {
192.168.0.9;
};
file "/var/cache/bind/168.192.in-addr.arpa.hosts";
};
//Aquest és el servidor master de la zona informatica.iesebre.com
zone "informatica.iesebre.com" {
allow-transfer { any; };
type master;
file "/etc/bind/db.informatica.iesebre.com";
};
...
zone "guifi.net" {
type slave;
masters {
80.24.16.164;
};
file "/var/cache/bind/guifi.net.hosts";
};
//Fi vista insebre
};
view "external" {
match-clients { any; };
recursion no;
# zone "example.com" {
# type master;
# file "/etc/bind/externals/db.example.com";
# allow-transfer { slaves; };
# };
};
Cal tenir en compte que si fem així la configuració aleshores també cal modificar el fitxer /etc/bind/named.conf.default-zones:
// prime the server with knowledge of the root servers
view "external1" {
match-clients { any; };
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
Consulteu:
Subxarxes
Encaminador/Tallafocs
$ sudo mkdir -p /etc/firewall $ sudo bash -c "iptables-save > /etc/firewall/firewall.conf" $ sudo joe /etc/network/if-pre-up.d/firewall
#!/bin/sh iptables-restore < /etc/firewall/firewall.conf
$ sudo chmod +x /etc/network/if-pre-up.d/iptables
El contingut del fitxer és:
Accés a la web de l'Institut des de guifi.net
Dos passos per configurar.
El primer s'ha fet al servidor Servidor:Web (192.168.0.9) afegint una ruta per arribar a guifi.net:
$ cat /etc/network/if-up.d/guifiNetRoute #!/bin/bash /sbin/route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.46
$ sudo chmod +x /etc/network/if-up.d/guifiNetRoute
El segon és la configuració de DNAT al iptables del servidor tallafocs-asi. A /etc/firewall/firewall.conf s'ha afegit:
# Accessos des de guifi.net # http://guifi.net/tortosa # http://guifi.net/ca/node/26725 # TortosaINSEbreSrvr1:http://guifi.net/ca/guifi/device/19639 -A PREROUTING -d 10.36.253.3/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.9:80
Servidor de gràfiques
IMPORTANT: El servidor de gràfiques ha de ser accessible via web i per aquesta raó no s'ha instal·lat al tallafocs-asi sinó que l'hem instal·lat al Servidor:servidor-web. El servidor web és accessible per DNAT a través d'aquest tallafocs
Configuració
Molts dels passos seguits per configurar aquesta màquina són similars a:
Cop
Targetes de xarxa MAC
Al ser una màquina domU no està disponible lspci.
Les MAC (virtuals de Xen) són (abans del canvi de nom de les interficies):
$ ifconfig -a | grep HW eth0 Link encap:Ethernet HWaddr 00:16:3e:00:ab:00 eth1 Link encap:Ethernet HWaddr 00:16:3e:00:ab:01 eth2 Link encap:Ethernet HWaddr 00:16:3e:00:ab:02 eth3 Link encap:Ethernet HWaddr 00:16:3e:00:ab:03 eth4 Link encap:Ethernet HWaddr 00:16:3e:00:ab:04 eth5 Link encap:Ethernet HWaddr 00:16:3e:00:ab:05 eth6 Link encap:Ethernet HWaddr 00:16:3e:00:ab:06 eth7 Link encap:Ethernet HWaddr 00:16:3e:00:ab:07
Després del canvi de noms:
$ ifconfig -a | grep HW aula1 Link encap:Ethernet HWaddr 00:16:3e:00:ab:01 aula2 Link encap:Ethernet HWaddr 00:16:3e:00:ab:02 aula3 Link encap:Ethernet HWaddr 00:16:3e:00:ab:03 aula4 Link encap:Ethernet HWaddr 00:16:3e:00:ab:04 departament Link encap:Ethernet HWaddr 00:16:3e:00:ab:06 guifi Link encap:Ethernet HWaddr 00:16:3e:00:ab:07 internet Link encap:Ethernet HWaddr 00:16:3e:00:ab:05 intranet Link encap:Ethernet HWaddr 00:16:3e:00:ab:00
ifconfig
8 targetes de xarxa:
dmidecode
$ dmidecode ... HP ProLiant ML110 G4 Serial Number: CZC7353QM8 UUID: 07C26F88-1E3C-1DD2-11B2-001A4BEDB909 Wake-up Type: Power Switch SKU Number: 432535-075 Family: ProLiant Server ... Base Board Information Manufacturer: HP Product Name: ML110 G4 Version: Serial Number: ... Processor Information Socket Designation: PROCESSOR Type: Central Processor Family: Xeon Manufacturer: Intel Version: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz Voltage: 1.2 V External Clock: 1066 MHz Max Speed: 4000 MHz Current Speed: 1860 MHz
4 ports SATA...
Interficies de xarxa
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:4B:ED:B9:09
inet addr:192.168.7.1 Bcast:192.168.7.255 Mask:255.255.255.0
inet6 addr: fe80::21a:4bff:feed:b909/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:146635765 errors:0 dropped:0 overruns:0 frame:0
TX packets:232468655 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24739723096 (23593.6 Mb) TX bytes:294651911594 (281001.9 Mb)
Interrupt:17
eth0:ip2 Link encap:Ethernet HWaddr 00:1A:4B:ED:B9:09
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:17
eth1 Link encap:Ethernet HWaddr 00:02:55:64:66:7B
inet addr:192.168.0.13 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::202:55ff:fe64:667b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:283794993 errors:0 dropped:0 overruns:0 frame:0
TX packets:184932221 errors:32 dropped:0 overruns:0 carrier:32
collisions:0 txqueuelen:1000
RX bytes:355694694868 (339216.8 Mb) TX bytes:31445992097 (29989.2 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1252416 errors:0 dropped:0 overruns:0 frame:0
TX packets:1252416 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:248067057 (236.5 Mb) TX bytes:248067057 (236.5 Mb)
NAT
Proxy Transparent:
-A PREROUTING -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -s 192.168.8.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
MASCARADA?
-A POSTROUTING -o eth1 -j MASQUERADE
firewall Open Suse
# Generated by iptables-save v1.3.8 on Fri Jan 8 18:35:38 2010
*mangle
:PREROUTING ACCEPT [462529934:379636708968]
:INPUT ACCEPT [268485755:223171463380]
:FORWARD ACCEPT [193883874:156446728142]
:OUTPUT ACCEPT [273343362:239368791347]
:POSTROUTING ACCEPT [467020476:395814843846]
-A PREROUTING -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x1
-A PREROUTING -s 192.168.8.0/255.255.255.0 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x1
COMMIT
# Completed on Fri Jan 8 18:35:38 2010
# Generated by iptables-save v1.3.8 on Fri Jan 8 18:35:38 2010
*nat
:PREROUTING ACCEPT [4815614:495469776]
:POSTROUTING ACCEPT [101448:87272717]
:OUTPUT ACCEPT [3283847:282219718]
-A PREROUTING -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.8.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Jan 8 18:35:38 2010
# Generated by iptables-save v1.3.8 on Fri Jan 8 18:35:38 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [252545:12730116]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j input_int
-A INPUT -i eth1 -j input_ext
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -j forward_int
-A FORWARD -i eth1 -j forward_ext
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options
--log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A forward_ext -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix
"SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix
"SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A forward_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A forward_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT-INV
" --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_int -p icmp -m state --state RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_int -i eth0 -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A forward_int -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix
"SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -m pkttype --pkt-type multicast -j DROP
-A forward_int -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix
"SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A forward_int -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A forward_int -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT-INV
" --log-tcp-options --log-ip-options
-A forward_int -j reject_func
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p esp -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 10013 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
--log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 10013 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 2210 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
--log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 2210 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 2213 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
--log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 2213 -j ACCEPT
-A input_ext -p udp -m udp --dport 4500 -j ACCEPT
-A input_ext -p udp -m udp --dport 500 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 113 -m state --state NEW -j reject_func
-A input_ext -m limit --limit 3/min -m mark --mark 0x1 -m state --state NEW -j LOG --log-prefix
"SFW2-INext-ACC-REDIR " --log-tcp-options --log-ip-options
-A input_ext -m state --state NEW,RELATED,ESTABLISHED -m mark --mark 0x1 -j ACCEPT
-A input_ext -m limit --limit 3/min -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT
" --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix
"SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A input_ext -p udp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options
--log-ip-options
-A input_ext -m limit --limit 3/min -m state --state INVALID -j LOG --log-prefix "SFW2-INext-DROP-DEFLT-INV "
--log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Fri Jan 8 18:35:38 2010
route
# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.7.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.32 0.0.0.0 UG 0 0 0 eth1
- Actualitzat! 07/05/2012
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.36.253.0 0.0.0.0 255.255.255.224 U 0 0 0 guifi 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 internet 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 intranet 192.168.203.0 0.0.0.0 255.255.255.0 U 0 0 0 aula3 192.168.202.0 0.0.0.0 255.255.255.0 U 0 0 0 aula2 192.168.204.0 0.0.0.0 255.255.255.0 U 0 0 0 aula4 172.16.0.0 192.168.0.4 255.255.252.0 UG 0 0 0 intranet 213.176.160.0 192.168.0.1 255.255.224.0 UG 0 0 0 intranet 192.168.0.0 192.168.0.4 255.255.0.0 UG 0 0 0 intranet 10.0.0.0 10.36.253.1 255.0.0.0 UG 0 0 0 guifi 0.0.0.0 192.168.19.1 0.0.0.0 UG 0 0 0 internet
cat /etc/resolv.conf
### BEGIN INFO # # ### END INFO # nameserver 192.168.0.13 nameserver 192.168.0.8 nameserver 213.176.161.16 search enxarxa
lsb_release -a
LSB Version: core-2.0-noarch:core-3.0-noarch:core-2.0-x86_64:core-3.0-x86_64:desktop-3.1-amd64:desktop-3.1-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics- 3.1-amd64:graphics-3.1-noarch Distributor ID: SUSE LINUX Description: openSUSE 10.3 (X86-64) Release: 10.3 Codename: n/a
