=== nictuku [n=yves@ubuntu/member/nictuku] has joined #ubuntu-server | ||
=== ToonArmy [n=chris@Lafrowda-10.ex.ac.uk] has joined #ubuntu-server | ||
tmh__ | it shouldn't require z-window-system-core. funny. | 02:10 |
---|---|---|
tmh__ | if you're sure the package you installed requires X and it didn't install the required deps, that's a bug. | 02:11 |
=== jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server | ||
=== mgalvin [n=mgalvin@cpe-74-67-44-20.nycap.res.rr.com] has joined #ubuntu-server | ||
=== Hilmar [i=Hilmar@c85-196-76-250.static.sdsl.no] has joined #ubuntu-server | ||
Hilmar | Anyone here who can help me with some iptables, i have tried on my own for 4 hours now with the online docs, but I cant get it to work | 06:38 |
Hilmar | Have tried everything and starting to get frustrated :( | 06:38 |
fabbione | Hilmar: it really depends what you need to do | 06:39 |
fabbione | this is generally not an help channel | 06:39 |
Hilmar | I know, I was just sent here from the ubuntu channel, since you guys maybe knows more about servers | 06:40 |
Hilmar | Its a single server which is going to work as a gateway for a small network | 06:40 |
fabbione | iptables are not -server specific but whatever ;) | 06:40 |
fabbione | ok ask your question.. what can't you do? | 06:40 |
Hilmar | Sorry, Im just desperate for help now | 06:40 |
Hilmar | Ok, let me paste the rules I have applied | 06:40 |
Hilmar | sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE | 06:41 |
Hilmar | sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT | 06:41 |
Hilmar | sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT | 06:41 |
fabbione | MEH | 06:41 |
Hilmar | I switched out 192.168.0.0 with 10.0.23.0, and ppp0 with eth1, which is the card which is connected to the modem | 06:41 |
Hilmar | So they should adjust to my system | 06:42 |
fabbione | halt.. one second that i need to look at my rules too | 06:42 |
fabbione | that will never work... | 06:43 |
fabbione | clear up the tables | 06:43 |
Hilmar | iptables --clear ? | 06:43 |
fabbione | iptables -t filter -F INPUT | 06:43 |
fabbione | iptables -t filter -F FORWARD | 06:43 |
fabbione | iptables -t filter -F OUTPUT | 06:43 |
fabbione | iptables -t nat -F PREROUTING | 06:43 |
fabbione | iptables -t nat -F POSTROUTING | 06:43 |
fabbione | this will CLEAR EVERYTHING | 06:44 |
fabbione | iptables -t filter -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED | 06:44 |
Hilmar | --flush should do it also | 06:44 |
fabbione | that's for the state thingy | 06:44 |
Hilmar | What does that mean? | 06:45 |
fabbione | actually.. you can skip that | 06:45 |
fabbione | ok did you clear the tables? | 06:45 |
Hilmar | I did a flush, which should clear everything | 06:45 |
fabbione | ok | 06:45 |
Hilmar | Anyway, I take notes of what you write anyway | 06:45 |
fabbione | first of all.. cat /proc/sys/net/ipv4/ip_forward | 06:45 |
Hilmar | so I can do a reboot in worst case | 06:45 |
fabbione | nah.. no need to reboot | 06:46 |
Hilmar | nothing there | 06:46 |
Hilmar | in ip_forward | 06:46 |
fabbione | can you give me the output? | 06:46 |
fabbione | it's either 0 or 1 | 06:46 |
Hilmar | 0 | 06:46 |
fabbione | ok that's the first problem | 06:46 |
fabbione | echo 1 > /proc/sys/net/ipv4/ip_forward | 06:46 |
fabbione | you need to enable IP forwarding | 06:46 |
Hilmar | permission denied | 06:47 |
fabbione | sudo.. | 06:47 |
fabbione | you need to be root | 06:47 |
Hilmar | I did | 06:47 |
fabbione | it's impossible that gives you permission denied | 06:48 |
fabbione | uname -a ? | 06:48 |
Hilmar | 2.6.15-26-adml64-server #1 smp Date, UTC 2006 x86_64 | 06:49 |
Hilmar | amd64* | 06:50 |
fabbione | it's an old kernel... and it works here... | 06:50 |
fabbione | i know for a fact that the above operation works | 06:50 |
Hilmar | I downloaded the last image today | 06:50 |
Hilmar | installed it and followed the docs to set it up | 06:51 |
fabbione | it's not the last image.. -27- is | 06:51 |
Hilmar | I cant understand how I could do anything wrong, there wasnt much options during the install either | 06:51 |
fabbione | i am just saying that if you cannot do echo 1 >... it will never work | 06:52 |
Hilmar | Well, I downloaded it yesterday, so maybe the mirror wasnt updated | 06:52 |
fabbione | that image is at least a few weeks old.. check your mirror or change it | 06:52 |
Hilmar | err | 06:52 |
Hilmar | when I opend it in pico | 06:52 |
Hilmar | it worked | 06:52 |
Hilmar | but not with echo | 06:53 |
Hilmar | I swear | 06:53 |
fabbione | ok i don't really care either way | 06:53 |
Hilmar | Well, it set to 1 now | 06:53 |
fabbione | now add only the MASQUERADE entry in your rules | 06:53 |
fabbione | and only that one | 06:53 |
Hilmar | sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE | 06:53 |
Hilmar | this ? | 06:53 |
fabbione | if your outgoing interface is ppp0 yes | 06:54 |
fabbione | otherwise change it | 06:54 |
Hilmar | offcourse | 06:54 |
fabbione | ok.. now take a machine on the 192.168.0.0/16 network and try to connect to the internet | 06:54 |
fabbione | (I assume that the server already is connected and working) | 06:54 |
Hilmar | done, I need to reconnect the modem to the server again, I had to connect it to a workstation to be able to get on irc | 06:55 |
fabbione | well now you need to check that it's working | 06:55 |
Hilmar | So the other rules is not needed? | 06:55 |
Hilmar | but do you know why the ip_forward wasnt enabled? | 06:56 |
=== greenman [n=michael@12-216-242-213.client.mchsi.com] has joined #ubuntu-server | ||
greenman | hello | 06:56 |
fabbione | the other rules should not be required | 06:56 |
greenman | I have an installation question | 06:56 |
Hilmar | Hi | 06:56 |
fabbione | Hilmar: ip forwarding is disabled by default | 06:56 |
fabbione | greenman: -> #ubuntu | 06:56 |
greenman | there are two options install to the hard disk and install a lamp server | 06:57 |
greenman | do i do both or one first then the other | 06:57 |
Hilmar | hmm, ok. thanx a lot fabbione | 06:57 |
Hilmar | Will try it out now | 06:57 |
greenman | i'm think install to hard disk then install lamp | 06:57 |
fabbione | Hilmar: no problem | 06:57 |
fabbione | greenman: it's the same.. | 06:57 |
fabbione | lamp will just install lamp without you having to do anything later | 06:57 |
fabbione | makes no different | 06:57 |
fabbione | difference | 06:57 |
fabbione | anyway these are FAQ | 06:57 |
fabbione | so please ask in #ubuntu | 06:58 |
greenman | fabbione: so doing install lamp, installs ubuntu and lamp, while install to hard disk would just be ubuntu? | 06:58 |
greenman | fabbione: they sent me here. sorry for the bother. | 06:58 |
=== Hilmar [n=jalla@c85-196-76-250.static.sdsl.no] has joined #ubuntu-server | ||
fabbione | greenman: if you install lamp OR install ubuntu+amp will make no difference.. it's the same thing | 06:59 |
Hilmar | fabbione: *bows down* | 06:59 |
fabbione | greenman: you still need to install on an harddisk.. no matter | 06:59 |
fabbione | Hilmar: does it work? | 06:59 |
Hilmar | Aye | 06:59 |
fabbione | Hilmar: ok | 06:59 |
fabbione | Hilmar: the other rules are not required.. | 06:59 |
fabbione | not in your specific case at least | 07:00 |
greenman | i guess i'll try the lamp thingie first, it should tell me if I've screwed up. seems kinda redundant | 07:00 |
Hilmar | Does it hurt to applie them, or what effect do they have | 07:00 |
fabbione | Hilmar: it doesn't really hurt but they are useless because FORWARD policy is set to ACCEPT by default | 07:00 |
fabbione | you will just add an extra filter for an ip packet to go trough to obtain the same result | 07:01 |
Hilmar | fabbione: One more question, how can I add those rules each time it starts up, cause now I have to add them each time | 07:01 |
=== greenman [n=michael@12-216-242-213.client.mchsi.com] has left #ubuntu-server [] | ||
fabbione | also note that you are NATTING a private network (192.168.0.0/16) that is not routed over internet | 07:01 |
fabbione | there is no way to get a connection from outside | 07:01 |
Hilmar | I know, I need to forward ports then, right? | 07:02 |
fabbione | Hilmar: man interfaces and look in /etc/network/ | 07:02 |
Hilmar | Ok | 07:02 |
fabbione | there are all kind of facilities for what you want | 07:02 |
fabbione | from now.. your best friend is google :) | 07:02 |
Hilmar | You couldnt just paste me the line I need to add to /etc/network/interfaces ?:P, its realy late and tired and want to get this done :) | 07:05 |
Hilmar | For the masqurade rule | 07:05 |
fabbione | Hilmar: don't be lazy | 07:05 |
fabbione | and you are from norway.. that means it's 7:05 am there | 07:06 |
fabbione | can't be late.. you might say it's early | 07:06 |
Hilmar | Well, I have been up all night :P | 07:06 |
Hilmar | But nm, I figure it out, you have been a great help anyway | 07:07 |
=== jsgotangco [n=jsg123@ubuntu/member/jsgotangco] has joined #ubuntu-server | ||
=== jsgotangco_ [n=jsg123@125.212.8.56] has joined #ubuntu-server | ||
=== ToonArmy [n=chris@Lafrowda-4.ex.ac.uk] has joined #ubuntu-server | ||
=== thefish [n=thefish@unaffiliated/thefish] has joined #ubuntu-server | ||
=== ToonArmy [n=chris@Lafrowda-16.ex.ac.uk] has joined #ubuntu-server | ||
=== spike [n=spike@unaffiliated/spike] has joined #ubuntu-server | ||
=== pschulz01_ [n=paul@eth14611.sa.adsl.internode.on.net] has joined #ubuntu-server | ||
=== ToonArmy [n=chris@Lafrowda-18.ex.ac.uk] has joined #ubuntu-server | ||
=== Pazzo [n=thomas@dialin-225136.rol.raiffeisen.net] has joined #ubuntu-server | ||
=== thefish [n=thefish@unaffiliated/thefish] has joined #ubuntu-server | ||
=== thefish [n=thefish@unaffiliated/thefish] has joined #ubuntu-server | ||
=== truz_`24 [n=truz_`24@74.129.166.232] has joined #ubuntu-server | ||
=== MagicFab [n=fabian@modemcable035.165-57-74.mc.videotron.ca] has joined #ubuntu-server | ||
=== gregbuntu [n=renegarg@net35.arts.umanitoba.ca] has joined #ubuntu-server | ||
MagicFab | is there any marketing material for ubuntu server ? like past presentations / figures of TCO, security etc. ? Searched the wiki without much luck | 04:43 |
=== lbm [n=lbm@82.192.173.92] has joined #ubuntu-server | ||
=== cmazzetti|out [n=chatzill@151.55.92.102] has joined #ubuntu-server | ||
=== ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server | ||
=== ivoks_ [n=ivoks@vipnet175-164.mobile.CARNet.hr] has joined #ubuntu-server | ||
=== lbm [n=lbm@82.192.173.92] has joined #ubuntu-server | ||
=== n3storm [n=nest0rm@87.218.255.102] has joined #ubuntu-server | ||
n3storm | hi | 05:32 |
n3storm | I have setup an ubuntu server | 05:32 |
n3storm | when a ssh user logs in the system | 05:34 |
n3storm | their home directory is not writable | 05:35 |
n3storm | Could not chdir to home directory /home/josu: Permission denied | 05:35 |
n3storm | I checked quotas | 05:35 |
n3storm | but they are ok | 05:36 |
n3storm | I created new users in new groups | 05:36 |
n3storm | and nothing | 05:36 |
n3storm | the last thing I have done is have a look at fstab | 05:36 |
n3storm | the /home partition is /dev/sdb1 /home ext3 defaults,usrquota,grpquota 0 2 | 05:37 |
n3storm | any idea so far? | 05:37 |
n3storm | really sorry guys and girls | 05:40 |
n3storm | I didn't read the topic | 05:40 |
n3storm | byes | 05:40 |
n3storm | :D | 05:40 |
=== n3storm [n=nest0rm@87.218.255.102] has left #ubuntu-server ["Konversation] | ||
=== [NB] Mahem [n=asdf@90-228-225-95-no126.tbcn.telia.com] has left #ubuntu-server [] | ||
=== ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server | ||
=== hawk_ [n=hawk@1-1-4-25a.lio.sth.bostream.se] has joined #ubuntu-server | ||
=== DJ_Mirage [n=martijn@biggetje.xs4all.nl] has joined #ubuntu-server | ||
=== DJ_Mirage [n=martijn@biggetje.xs4all.nl] has joined #ubuntu-server | ||
=== daq4th [n=darkness@netstation-005.cafe.zSeries.org] has joined #ubuntu-server | ||
=== MagicFab [n=fabian@modemcable035.165-57-74.mc.videotron.ca] has joined #ubuntu-server | ||
=== yogurtthewise [n=yogurt@bb-87-81-167-77.ukonline.co.uk] has joined #ubuntu-server | ||
=== ivoks [n=ivoks@2-199.dsl.iskon.hr] has joined #ubuntu-server | ||
=== stubblechin [n=fizz@c-68-52-163-167.hsd1.tn.comcast.net] has joined #ubuntu-server | ||
stubblechin | any chance of getting nginx added as an ubuntu server package? debian has it and it beats the pants off lighttpd | 10:53 |
stubblechin | also, where's the best place to make this sort of request? | 10:55 |
ajmitch | if debian has it, then it'll likely get imported automatically to universe for feisty | 10:59 |
=== stubblechin [n=fizz@c-68-52-163-167.hsd1.tn.comcast.net] has joined #ubuntu-server | ||
tmh__ | stubblechin: https://wiki.ubuntu.com/MOTU/Packages/Candidates | 11:32 |
ajmitch | tmh__: hardly needed if it's already in debian | 11:34 |
tmh__ | I guess you're right. | 11:35 |
tmh__ | so what's the deal with apache 2.2? | 11:36 |
ajmitch | it's been in debian unstable for about 3 weeks | 11:37 |
ajmitch | so feisty will most likely get it | 11:37 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!