theunixgeek | What can I do with a newly-installed LAMP server? :) | 00:15 |
---|---|---|
theunixgeek | (I've never done anything like this before) | 00:15 |
nictuku | theunixgeek, the coolest thing is to host web pages | 00:17 |
nictuku | theunixgeek, try installing a wiki software to begin with :-) | 00:17 |
theunixgeek | What wiki programs are available? | 00:18 |
theunixgeek | nictuku: To make something Wikipedia-ish, perhaps? ;) | 00:19 |
nictuku | theunixgeek, yeah. make a personal wiki | 00:19 |
MenZa | Mediawiki is nice. | 00:19 |
nictuku | like a "notepad on steroids" | 00:19 |
theunixgeek | MenZa: Is it available from apt-get? | 00:20 |
MenZa | theunixgeek, probably is; I'm not sure. I prefer to install the original packages. | 00:20 |
MenZa | !find mediawiki | 00:20 |
ubotu | Found: libparse-mediawikidump-perl, libwww-mediawiki-client-perl, mediawiki, mediawiki-extensions, mediawiki-math (and 6 others) | 00:20 |
MenZa | Jep | 00:20 |
MenZa | Yep* | 00:20 |
theunixgeek | :P | 00:20 |
MenZa | !info mediawiki | theunixgeek | 00:20 |
ubotu | theunixgeek: mediawiki: website engine for collaborative work. In component universe, is optional. Version 1:1.10 (gutsy), package size 1 kB, installed size 32 kB | 00:20 |
theunixgeek | MenZa: does that mean it's preinstalled? :O | 00:21 |
nictuku | theunixgeek, no it's not | 00:21 |
theunixgeek | Ok. | 00:21 |
theunixgeek | How do I get a domain for my server box? | 00:21 |
MenZa | You purchase one. :) | 00:21 |
theunixgeek | How? Like if I get one from GoDaddy.com, how will I be able to apply it on my machine? | 00:22 |
nictuku | theunixgeek, then check if other people on the internet can reach you on port 80. depending on how is your connection, that may not work | 00:22 |
theunixgeek | nictuku: I have two computers, so I can check it more easily like that :) | 00:22 |
nictuku | theunixgeek, you'll point the hostnames for that domain to your servers' IP. is your IP dynamic or static? | 00:22 |
theunixgeek | nictuku: I'm guessing dynamic since it changes | 00:22 |
nictuku | theunixgeek, not if they are on the same local network | 00:23 |
theunixgeek | nictuku: oh. | 00:23 |
nictuku | theunixgeek, go to http://checkip.dyndns.org | 00:23 |
theunixgeek | ok. I have it :P | 00:23 |
nictuku | your IRC whois shows your address is c-71-203-10-234.hsd1.fl.comcast.net / 71.203.10.234. and this address has port 80 filtered | 00:24 |
theunixgeek | nictuku: what does that mean? | 00:24 |
theunixgeek | by having a port filtered? | 00:24 |
nictuku | so you'd have to make your site accessible from a different port if you want people on the internet to reach it | 00:24 |
theunixgeek | ok | 00:24 |
theunixgeek | Wow, this is a lot of info :P I'll come back later when I've installed it. I just wanted to get a sneak peek of what I'm able to do. | 00:25 |
theunixgeek | Thank, all :) | 00:25 |
nictuku | theunixgeek, your ISP prevents you from using your server to host HTTP content in the standard port. it's a way to make you pay for a more expensive connection | 00:25 |
theunixgeek | nictuku: lol :P | 00:25 |
theunixgeek | thank you! | 00:25 |
nealmcb | nictuku: so did you just get no response to a port 80 probe? perhaps he has a local firewall or modem doing that? | 00:50 |
nictuku | nealmcb, perhaps. | 00:51 |
fujin | anyone versed in the ways of redhat-cluster-manager / gnbd + gfs? | 00:57 |
Bawbatos | is the kernel build with what is need for ipsec out of the box. | 01:00 |
ScottK | nictuku: That's also, I'm pretty sure, a dynamic IP which causes another set of problems. | 01:13 |
kgoetz | fujin: #redhat :) | 01:14 |
fujin | kgoetz: It's the only supported cluster suite in Ubuntu | 01:14 |
fujin | (in main) | 01:15 |
kgoetz | fujin: i didnt know there was a supported cluster suite | 01:15 |
fujin | You fail. | 01:15 |
kgoetz | hm.... | 01:15 |
kgoetz | cheers | 01:15 |
fujin | np | 01:15 |
kgoetz | yw | 01:16 |
Centaur5 | Ever since I quit using firestarter on my server and used a custom iptables script I'm no longer able to go to apple.com, msn.com, hotmail.com, or windowsupdate.microsoft.com. Can anybody give me an idea of why this is happening? | 01:35 |
nictuku | Centaur5, can you resolve DNS? try pinging those hosts from the server and see what happens | 01:36 |
Centaur5 | I can't ping them cause they don't accept pings but yes they do resolve. | 01:37 |
Centaur5 | The server itself can go to the sites but the clients can't. I noticed in wireshark that when I try to go to those sites I get a lot of bad checksums on the GET request and also duplicate TCP packet transmissions | 01:38 |
fujin | clients? | 01:38 |
Centaur5 | yes, the server routes the internet to the workstations from eth0 (ppp0) to eth1 and eth2 | 01:39 |
fujin | can the clients get to the internet, at all? | 01:40 |
Centaur5 | yes, it's mainly just the M$ sites and the apple.com site that don't work. | 01:40 |
kgoetz | any proxys running on the gateway? | 01:40 |
fujin | I had a similar issue along time ago, while routing a PPPoE connection through a linux gateway | 01:40 |
Centaur5 | no | 01:41 |
fujin | something about the MRU/MTU PMTU or something in iptables | 01:41 |
fujin | no | 01:41 |
Centaur5 | iptables script is here http://paste.ubuntu-nl.org/47896/ | 01:41 |
fujin | tcpmss | 01:41 |
Centaur5 | fujin: Do you remember what you changed to fix it? | 01:42 |
fujin | let me try and remember | 01:42 |
nictuku | Centaur5, sometimes you may require ICMP for some things work. like Path MTU detection | 01:43 |
Centaur5 | It really makes me wonder why their websites are so much different than the rest. | 01:43 |
nictuku | Centaur5, can you enable ICMP temporarily and see what happens? | 01:43 |
Centaur5 | nictuku: So you're saying that I should accept ping requests from outsiders? | 01:43 |
nictuku | Centaur5, not ping. ICMP is not used only for ECHO (ping) | 01:44 |
Centaur5 | nictuku: Sorry, I'm not real familiar with different packet types and uses. :) | 01:44 |
nictuku | Centaur5, in this case we're interested in the "can't fragment" message | 01:44 |
fujin | what's the policy on INPUT? | 01:45 |
nictuku | Centaur5, so just test that. it won't work | 01:45 |
nictuku | Centaur5, http://www.znep.com/~marcs/mtu/ | 01:45 |
nictuku | Centaur5, I mean, it wont *hurt | 01:45 |
fujin | try enable all icmp | 01:45 |
Centaur5 | nictuku: Okay, I'm currently googling for a iptables command to allow that but if you have one that would help. | 01:45 |
fujin | iptables -A INPUT -p icmp -j ACCEPT | 01:45 |
fujin | what's the policy on your input table? | 01:46 |
nictuku | yeah I was asking myself the same thing | 01:46 |
Centaur5 | my policies are here http://paste.ubuntu-nl.org/47895/ | 01:46 |
fujin | lol. | 01:46 |
fujin | no use having an allow ssh rule when you're already allowing everything | 01:47 |
nictuku | yeah | 01:47 |
fujin | anyway, the commands regarding tcpmss were: | 01:47 |
Centaur5 | fujin: Well I temporarily disabled the block everything just for testing. :) | 01:47 |
fujin | iptables -A FORWARD -i ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS | 01:47 |
fujin | iptables -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS | 01:47 |
fujin | err | 01:49 |
fujin | s/tp/to/ | 01:49 |
Centaur5 | so --clamp-mss-tp-pmtu should be --clamp-mss-to-pmtu? | 01:51 |
nictuku | yes | 01:51 |
Centaur5 | that still gives me an error saying Unknown arg `--clamp-mss-to-pmtu' | 01:52 |
nictuku | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu | 01:57 |
nictuku | Centaur5, else try google | 01:57 |
Centaur5 | I'm currently searching google. The allow ICMP command didn't seem to make a difference. | 01:58 |
fujin | oh | 01:58 |
fujin | doh | 01:58 |
fujin | you'll have to -j TCPMSS before --clamp.. | 01:58 |
Centaur5 | that ran beautifully :) | 01:59 |
Centaur5 | Hmm...those websites still aren't working. | 02:00 |
fujin | hrghm | 02:01 |
fujin | maybe that wasn't it. | 02:01 |
fujin | It was something to do with tcpmss | 02:01 |
Centaur5 | alright, well atleast I know what direction to go. I've been working on this all day. It's amazing that firestarter does something different than this script to make it work. | 02:02 |
fujin | fire up firestarter | 02:07 |
fujin | make everything work as you want | 02:07 |
fujin | and then iptables-save > save | 02:07 |
fujin | vi save | 02:07 |
fujin | take a looky :) | 02:07 |
Centaur5 | fujin: maybe that's what I'll have to do. I wish firestarter would give the option to share to 2 NICs that's the whole reason I had to search for this script. | 02:10 |
Centaur5 | nictuku: I'm really slow. I just barely noticed your message was different than the one fujin gave me. That command worked beautifully and everything is working! | 02:31 |
nictuku | Centaur5, which one? | 02:32 |
Centaur5 | Thanks nictuku and fujin! I'm very glad I can quit googling this now. | 02:32 |
Centaur5 | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu | 02:32 |
nictuku | Centaur5, cheers! | 02:32 |
Centaur5 | I didn't look close enough to see that yours didn't specify the external interface. | 02:33 |
Centaur5 | Just out of curiosity where do you learn stuff like that to come up with that command? | 02:34 |
nictuku | Centaur5, the Path MTU issue is well know. it's described in all relevant TCP/IP books | 02:46 |
nictuku | Centaur5, so I just googled for 'path mtu iptables' at google | 02:46 |
nictuku | take a look for example at http://blue-labs.org/howto/mtu-mss.php | 02:47 |
Centaur5 | nictuku: I just got done eating. I just finished a college class that taught a little bit about TCP/IP but didn't get advanced enough to help out that much in this situation. | 03:46 |
fujin | Centaur5: good work :{ | 03:46 |
Centaur5 | I'm guessing that none of the classes I take will get to that extent and I'll probably have to study all that on my own. | 03:46 |
fujin | All of the classes I ever took never taught me anything. | 03:47 |
fujin | and now I'm a high rolling linux systems engineer *g* | 03:47 |
Centaur5 | haha, I'm not too surprised...I mean, this semester was a huge wake up call of how much I don't know but we also still didn't get near as advanced as I want to go. | 03:48 |
Centaur5 | So did you mainly have to learn it all at your first job or what did you do? | 03:48 |
fujin | I've been using Linux for years | 03:48 |
fujin | I'm 20 now, started when I was 12? | 03:49 |
fujin | >. | 03:49 |
fujin | first job I inherited loads of poorly built linux systems | 03:50 |
fujin | which may have helped | 03:50 |
fujin | but really I probably learnt it by blowing away my pc numerous times over the year to try different distros and concepts | 03:50 |
fujin | and freelance shit across the net | 03:50 |
Centaur5 | Well I didn't start playing with computers til I was 17 so I had a slow start compared to a few people I know and graduated with. Also my problem is that I've never been able to play with anything that I can't afford. | 03:56 |
Centaur5 | I've read that most people that have real experience rather than degrees are the ones making the better money though. | 03:57 |
fujin | Centaur5: that is true, in most parts of the world | 04:17 |
Centaur5 | So that's the way that you did it? | 04:18 |
fujin | although I've seen multiple examples of the person with experience being out-paid and out-jobbed by others with qualifications | 04:18 |
fujin | yes, indeed. | 04:18 |
fujin | the only training I've received so far is training on a Dell (EMC) SAN | 04:18 |
fujin | :} | 04:18 |
Centaur5 | haha, that's pretty cool | 04:19 |
Centaur5 | I'm only taking classes that will give me experience I'm not going to bother with history and science....therefore, no degree for me. | 04:20 |
fujin | classes != experience unfortunately | 04:21 |
fujin | I was on shit pay for ages | 04:21 |
fujin | doing crappy repair work | 04:21 |
fujin | which I probably could have skipped with qualifications | 04:22 |
fujin | although I have seen many amply qualified Helpdesk operators. | 04:22 |
Centaur5 | crappy repair work like in a retail store fixing residential machines? | 04:23 |
fujin | indeed :) | 04:24 |
Centaur5 | Well that's a good way to experience a lot of bizarre problems. | 04:24 |
Centaur5 | I do a little bit of work on some of the repairs brought in but I usually do the onsite work so you would probably hate my job. :) | 04:25 |
antdedyet | is there an incoming ubuntu server that functions similar to incoming.debian.org? | 05:30 |
* antdedyet could use the kvm 1:55 pkg to get his vm going after some paths quit working after building from the kvm-source 1:55 pkg | 05:32 | |
ScottK | Look in Launchpad. It'll be there first. | 05:32 |
antdedyet | OK ... I will check. Updating the bios.bin symlink seems to be the temporary fix. | 05:35 |
antdedyet | the files to build 1:55 from source are there, but I guess there's a process that hasn't reached the point of putting the .deb for amd64 in the "File Download" section. | 05:43 |
antdedyet | my problems are fixed, just though soren would want to know | 05:43 |
Bawbatos | question - i come from openbsd where the ipsec tunnels get an interface. i just got a tunnel up using racoon. it seem that is not the way it is done under linux | 06:08 |
Bawbatos | the question is i have this in my logs - Dec 11 21:55:22 cork kernel: [ 7442.581865] RULE 6 -- DENY IN=eth0 OUT= MAC=00:50:da:bf:f5:e8:00:30:b8:aa:bb:b1:08:00 SRC=192.168.119.117 DST=192.168.22.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=61459 PROTO=UDP SPT=137 DPT=137 LEN=58 | 06:08 |
Bawbatos | both the network 192.x are each side of the vpn, lan side, the rules is is my deny all. do i need to 1. put a rule that says, no nat for those [2. do i really define letting an rfc1918 address on the external interface? that would make no sense | 06:08 |
=== ScottK2 is now known as ScottK | ||
_ruben | sweet .. just found out that qmail is now in the public domain .. time for an ubuntu package i'd say ;) | 09:43 |
ScottK | _ruben: It's already in multi-verse | 09:44 |
Kamping_Kaiser | !info qmail | 09:44 |
ubotu | Package qmail does not exist in gutsy | 09:44 |
Kamping_Kaiser | guess i'll have to put effort into finding out about it *heh* | 09:44 |
_ruben | the !info trigger doesnt cover multi-verse then i guess? | 09:46 |
_ruben | hmm .. apt-cache search qmail doesnt show it on my ubuntu server and it has multiverse enabledf | 09:47 |
ScottK | https://launchpad.net/ubuntu/+source/qmail | 09:48 |
ScottK | apt-cache search shows binary packages | 09:48 |
_ruben | ah | 09:48 |
Kamping_Kaiser | http://packages.ubuntu.com/cgi-bin/search_packages.pl?keywords=qmail&searchon=names&subword=1&version=gutsy&release=all | 09:48 |
avatar_ | _ruben: why do you want qmail? | 09:48 |
_ruben | been too long since i actively worked with apt | 09:48 |
_ruben | avatar_: its what im used to .. i like its speed and the way its configration works | 09:49 |
_ruben | grrr .. for some reason my remote X session died on my | 10:08 |
_ruben | hmm .. on launchpad the qmail package is marked as 'failed to build' on feisty/gutsy/hardy .. doesnt sound very promising | 10:15 |
_ruben | hmm .. build-daemontools is hanging .. bah :/ | 14:35 |
_ruben | crap .. and it assumes the presence of /etc/inittab | 14:51 |
pteague_work | how's ubuntu-server for a production environment? | 16:39 |
mralphabet | uhh, great? | 16:40 |
leonel | pteague_work: Just Works ! | 16:40 |
mralphabet | well . .. not great for .net development | 16:41 |
leonel | mralphabet: .net .. here is .not ... | 16:41 |
mralphabet | I know ;) | 16:41 |
pteague_work | was just wondering if there were any issues that i should be aware of... i'm using it at home for my file server/test server, etc, but wasn't sure about production | 16:41 |
leonel | pteague_work: just watch for the security for universe packages and if you can send patches :) | 16:41 |
pteague_work | it's got to be better than this blasted rpm crap & whm/cpanel !#% | 16:42 |
pteague_work | oh & did i forget to mention the current server being used has apache running as nobody:nobody? ;o) | 16:43 |
dendrobates | pteague_work: google uses it. | 16:48 |
pteague_work | uses which? ubuntu-server or whm/cpanel? =) | 16:49 |
pteague_work | i'm guessing the suggestion is to use ubuntu-server gutsy? | 16:55 |
leonel | pteague_work: an then upgrade to hardy when released in Apr and stay there for a long term | 17:00 |
=== Gamble61 is now known as gamble6x | ||
=== gamble6x is now known as Gamble6x | ||
=== XiXaQ is now known as XiXaQ_ | ||
=== XiXaQ_ is now known as XiXaQ | ||
=== nictuku_ is now known as nictuku | ||
stickystyle | pteague_work: if your still around, i use ubuntu as a production server on a dozen servers at work. LTS (6.06) only though. | 19:37 |
pteague_work | k | 19:41 |
fujin | Centaur5: on your iptables yesterday, I noticed you weren't allowing in *all* established,related traffic | 20:08 |
fujin | which you probably should be | 20:08 |
alejandro | someone tested Xen 3.0 with gutsy? here it hungs up in xen-create-image when mounts the filesystem, any idea ? | 20:12 |
alejandro | https://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/161171 | 20:14 |
ubotu | Launchpad bug 161171 in xen-tools "create image - kernel panic " [Undecided,New] | 20:14 |
alejandro | yes | 20:15 |
alejandro | :( | 20:15 |
=== gargeh is now known as Gargoyle | ||
=== ember_ is now known as ember | ||
=== ScottK2 is now known as ScottK | ||
Centaur5 | fujin: So you're saying that after a client connects to a web site iptables doesn't notice that? | 23:12 |
fujin | no, I'm saying you should have it for happy stateful behaviour ;) | 23:13 |
fujin | iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | 23:13 |
fujin | iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT | 23:13 |
Centaur5 | fujin: Alright, well thanks for the tip I'll add it to my script right now. I hope my class next semester covers iptables really well so I can be more fluent with this. | 23:19 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!