/srv/irclogs.ubuntu.com/2007/12/12/#ubuntu-server.txt

theunixgeekWhat can I do with a newly-installed LAMP server? :)00:15
theunixgeek(I've never done anything like this before)00:15
nictukutheunixgeek, the coolest thing is to host web pages00:17
nictukutheunixgeek, try installing a wiki software to begin with :-)00:17
theunixgeekWhat wiki programs are available?00:18
theunixgeeknictuku: To make something Wikipedia-ish, perhaps? ;)00:19
nictukutheunixgeek, yeah. make a personal wiki00:19
MenZaMediawiki is nice.00:19
nictukulike a "notepad on steroids"00:19
theunixgeekMenZa: Is it available from apt-get?00:20
MenZatheunixgeek, probably is; I'm not sure. I prefer to install the original packages.00:20
MenZa!find mediawiki00:20
ubotuFound: libparse-mediawikidump-perl, libwww-mediawiki-client-perl, mediawiki, mediawiki-extensions, mediawiki-math (and 6 others)00:20
MenZaJep00:20
MenZaYep*00:20
theunixgeek:P00:20
MenZa!info mediawiki | theunixgeek00:20
ubotutheunixgeek: mediawiki: website engine for collaborative work. In component universe, is optional. Version 1:1.10 (gutsy), package size 1 kB, installed size 32 kB00:20
theunixgeekMenZa: does that mean it's preinstalled? :O00:21
nictukutheunixgeek, no it's not00:21
theunixgeekOk.00:21
theunixgeekHow do I get a domain for my server box?00:21
MenZaYou purchase one. :)00:21
theunixgeekHow? Like if I get one from GoDaddy.com, how will I be able to apply it on my machine?00:22
nictukutheunixgeek, then check if other people on the internet can reach you on port 80. depending on how is your connection, that may not work00:22
theunixgeeknictuku: I have two computers, so I can check it more easily like that :)00:22
nictukutheunixgeek, you'll point the hostnames for that domain to your servers' IP. is your IP dynamic or static?00:22
theunixgeeknictuku: I'm guessing dynamic since it changes00:22
nictukutheunixgeek, not if they are on the same local network00:23
theunixgeeknictuku: oh.00:23
nictukutheunixgeek, go to http://checkip.dyndns.org00:23
theunixgeekok. I have it :P00:23
nictukuyour IRC whois shows your address is c-71-203-10-234.hsd1.fl.comcast.net / 71.203.10.234. and this address has port 80 filtered00:24
theunixgeeknictuku: what does that mean?00:24
theunixgeekby having a port filtered?00:24
nictukuso you'd have to make your site accessible from a different port if you want people on the internet to reach it00:24
theunixgeekok00:24
theunixgeekWow, this is a lot of info :P I'll come back later when I've installed it. I just wanted to get a sneak peek of what I'm able to do.00:25
theunixgeekThank, all :)00:25
nictukutheunixgeek, your ISP prevents you from using your server to host HTTP content in the standard port. it's a way to make you pay for a more expensive connection00:25
theunixgeeknictuku: lol :P00:25
theunixgeekthank you!00:25
nealmcbnictuku: so did you just get no response to a port 80 probe?  perhaps he has a local firewall or modem doing that?00:50
nictukunealmcb, perhaps.00:51
fujinanyone versed in the ways of redhat-cluster-manager / gnbd + gfs?00:57
Bawbatosis the kernel build with what is need for ipsec out of the box.01:00
ScottKnictuku: That's also, I'm pretty sure, a dynamic IP which causes another set of problems.01:13
kgoetzfujin: #redhat :)01:14
fujinkgoetz: It's the only supported cluster suite in Ubuntu01:14
fujin(in main)01:15
kgoetzfujin: i didnt know there was a supported cluster suite01:15
fujinYou fail.01:15
kgoetzhm....01:15
kgoetzcheers01:15
fujinnp01:15
kgoetzyw01:16
Centaur5Ever since I quit using firestarter on my server and used a custom iptables script I'm no longer able to go to apple.com, msn.com, hotmail.com, or windowsupdate.microsoft.com. Can anybody give me an idea of why this is happening?01:35
nictukuCentaur5, can you resolve DNS? try pinging those hosts from the server and see what happens01:36
Centaur5I can't ping them cause they don't accept pings but yes they do resolve.01:37
Centaur5The server itself can go to the sites but the clients can't.  I noticed in wireshark that when I try to go to those sites I get a lot of bad checksums on the GET request and also duplicate TCP packet transmissions01:38
fujinclients?01:38
Centaur5yes, the server routes the internet to the workstations from eth0 (ppp0) to eth1 and eth201:39
fujincan the clients get to the internet, at all?01:40
Centaur5yes, it's mainly just the M$ sites and the apple.com site that don't work.01:40
kgoetzany proxys running on the gateway?01:40
fujinI had a similar issue along time ago, while routing a PPPoE connection through a linux gateway01:40
Centaur5no01:41
fujinsomething about the MRU/MTU PMTU or something in iptables01:41
fujinno01:41
Centaur5iptables script is here http://paste.ubuntu-nl.org/47896/01:41
fujintcpmss01:41
Centaur5fujin: Do you remember what you changed to fix it?01:42
fujinlet me try and remember01:42
nictukuCentaur5, sometimes you may require ICMP for some things work. like Path MTU detection01:43
Centaur5It really makes me wonder why their websites are so much different than the rest.01:43
nictukuCentaur5, can you enable ICMP temporarily and see what happens?01:43
Centaur5nictuku: So you're saying that I should accept ping requests from outsiders?01:43
nictukuCentaur5, not ping. ICMP is not used only for ECHO (ping)01:44
Centaur5nictuku: Sorry, I'm not real familiar with different packet types and uses.  :)01:44
nictukuCentaur5, in this case we're interested in the "can't fragment" message01:44
fujinwhat's the policy on INPUT?01:45
nictukuCentaur5, so just test that. it won't work01:45
nictukuCentaur5, http://www.znep.com/~marcs/mtu/01:45
nictukuCentaur5, I mean, it wont *hurt01:45
fujintry enable all icmp01:45
Centaur5nictuku: Okay, I'm currently googling for a iptables command to allow that but if you have one that would help.01:45
fujiniptables -A INPUT -p icmp -j ACCEPT01:45
fujinwhat's the policy on your input table?01:46
nictukuyeah I was asking myself the same thing01:46
Centaur5my policies are here http://paste.ubuntu-nl.org/47895/01:46
fujinlol.01:46
fujinno use having an allow ssh rule when you're already allowing everything01:47
nictukuyeah01:47
fujinanyway, the commands regarding tcpmss were:01:47
Centaur5fujin: Well I temporarily disabled the block everything just for testing.  :)01:47
fujiniptables -A FORWARD -i ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS01:47
fujiniptables -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS01:47
fujinerr01:49
fujins/tp/to/01:49
Centaur5so --clamp-mss-tp-pmtu should be --clamp-mss-to-pmtu?01:51
nictukuyes01:51
Centaur5that still gives me an error saying Unknown arg `--clamp-mss-to-pmtu'01:52
nictukuiptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu01:57
nictukuCentaur5, else try google01:57
Centaur5I'm currently searching google.  The allow ICMP command didn't seem to make a difference.01:58
fujinoh01:58
fujindoh01:58
fujinyou'll have to -j TCPMSS before --clamp..01:58
Centaur5that ran beautifully  :)01:59
Centaur5Hmm...those websites still aren't working.02:00
fujinhrghm02:01
fujinmaybe that wasn't it.02:01
fujinIt was something to do with tcpmss02:01
Centaur5alright, well atleast I know what direction to go.  I've been working on this all day.  It's amazing that firestarter does something different than this script to make it work.02:02
fujinfire up firestarter02:07
fujinmake everything work as you want02:07
fujinand then iptables-save > save02:07
fujinvi save02:07
fujintake a looky :)02:07
Centaur5fujin: maybe that's what I'll have to do.  I wish firestarter would give the option to share to 2 NICs that's the whole reason I had to search for this script.02:10
Centaur5nictuku: I'm really slow.  I just barely noticed your message was different than the one fujin gave me.  That command worked beautifully and everything is working!02:31
nictukuCentaur5, which one?02:32
Centaur5Thanks nictuku and fujin!  I'm very glad I can quit googling this now.02:32
Centaur5iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu02:32
nictukuCentaur5, cheers!02:32
Centaur5I didn't look close enough to see that yours didn't specify the external interface.02:33
Centaur5Just out of curiosity where do you learn stuff like that to come up with that command?02:34
nictukuCentaur5, the Path MTU issue is well know. it's described in all relevant TCP/IP books02:46
nictukuCentaur5, so I just googled for 'path mtu iptables' at google02:46
nictukutake a look for example at http://blue-labs.org/howto/mtu-mss.php02:47
Centaur5nictuku: I just got done eating.  I just finished a college class that taught a little bit about TCP/IP but didn't get advanced enough to help out that much in this situation.03:46
fujinCentaur5: good work :{03:46
Centaur5I'm guessing that none of the classes I take will get to that extent and I'll probably have to study all that on my own.03:46
fujinAll of the classes I ever took never taught me anything.03:47
fujinand now I'm a high rolling linux systems engineer *g*03:47
Centaur5haha, I'm not too surprised...I mean, this semester was a huge wake up call of how much I don't know but we also still didn't get near as advanced as I want to go.03:48
Centaur5So did you mainly have to learn it all at your first job or what did you do?03:48
fujinI've been using Linux for years03:48
fujinI'm 20 now, started when I was 12?03:49
fujin>.03:49
fujinfirst job I inherited loads of poorly built linux systems03:50
fujinwhich may have helped03:50
fujinbut really I probably learnt it by blowing away my pc numerous times over the year to try different distros and concepts03:50
fujinand freelance shit across the net03:50
Centaur5Well I didn't start playing with computers til I was 17 so I had a slow start compared to a few people I know and graduated with.  Also my problem is that I've never been able to play with anything that I can't afford.03:56
Centaur5I've read that most people that have real experience rather than degrees are the ones making the better money though.03:57
fujinCentaur5: that is true, in most parts of the world04:17
Centaur5So that's the way that you did it?04:18
fujinalthough I've seen multiple examples of the person with experience being out-paid and out-jobbed by others with qualifications04:18
fujinyes, indeed.04:18
fujinthe only training I've received so far is training on a Dell (EMC) SAN04:18
fujin:}04:18
Centaur5haha, that's pretty cool04:19
Centaur5I'm only taking classes that will give me experience I'm not going to bother with history and science....therefore, no degree for me.04:20
fujinclasses != experience unfortunately04:21
fujinI was on shit pay for ages04:21
fujindoing crappy repair work04:21
fujinwhich I probably could have skipped with qualifications04:22
fujinalthough I have seen many amply qualified Helpdesk operators.04:22
Centaur5crappy repair work like in a retail store fixing residential machines?04:23
fujinindeed :)04:24
Centaur5Well that's a good way to experience a lot of bizarre problems.04:24
Centaur5I do a little bit of work on some of the repairs brought in but I usually do the onsite work so you would probably hate my job.  :)04:25
antdedyetis there an incoming ubuntu server that functions similar to incoming.debian.org?05:30
* antdedyet could use the kvm 1:55 pkg to get his vm going after some paths quit working after building from the kvm-source 1:55 pkg05:32
ScottKLook in Launchpad.  It'll be there first.05:32
antdedyetOK ... I will check. Updating the bios.bin symlink seems to be the temporary fix.05:35
antdedyetthe files to build 1:55 from source are there, but I guess there's a process that hasn't reached the point of putting the .deb for amd64 in the "File Download" section.05:43
antdedyetmy problems are fixed, just though soren would want to know05:43
Bawbatosquestion - i come from openbsd where the ipsec tunnels get an interface. i just got a tunnel up using racoon. it seem that is not the way it is done under linux06:08
Bawbatosthe question is i have this in my logs - Dec 11 21:55:22 cork kernel: [ 7442.581865] RULE 6 -- DENY IN=eth0 OUT= MAC=00:50:da:bf:f5:e8:00:30:b8:aa:bb:b1:08:00 SRC=192.168.119.117 DST=192.168.22.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=61459 PROTO=UDP SPT=137 DPT=137 LEN=5806:08
Bawbatosboth the network 192.x are each side of the vpn, lan side, the rules is is my deny all. do i need to 1. put a rule that says, no nat for those [2. do i really define letting an rfc1918 address on the external interface? that would make no sense06:08
=== ScottK2 is now known as ScottK
_rubensweet .. just found out that qmail is now in the public domain .. time for an ubuntu package i'd say ;)09:43
ScottK_ruben: It's already in multi-verse09:44
Kamping_Kaiser!info qmail09:44
ubotuPackage qmail does not exist in gutsy09:44
Kamping_Kaiserguess i'll have to put effort into finding out about it *heh*09:44
_rubenthe !info trigger doesnt cover multi-verse then i guess?09:46
_rubenhmm .. apt-cache search qmail doesnt show it on my ubuntu server and it has multiverse enabledf09:47
ScottKhttps://launchpad.net/ubuntu/+source/qmail09:48
ScottKapt-cache search shows binary packages09:48
_rubenah09:48
Kamping_Kaiserhttp://packages.ubuntu.com/cgi-bin/search_packages.pl?keywords=qmail&searchon=names&subword=1&version=gutsy&release=all09:48
avatar__ruben: why do you want qmail?09:48
_rubenbeen too long since i actively worked with apt09:48
_rubenavatar_: its what im used to .. i like its speed and the way its configration works09:49
_rubengrrr .. for some reason my remote X session died on my10:08
_rubenhmm .. on launchpad the qmail package is marked as 'failed to build' on feisty/gutsy/hardy .. doesnt sound very promising10:15
_rubenhmm .. build-daemontools is hanging .. bah :/14:35
_rubencrap .. and it assumes the presence of /etc/inittab14:51
pteague_workhow's ubuntu-server for a production environment?16:39
mralphabetuhh, great?16:40
leonelpteague_work: Just Works !16:40
mralphabetwell . .. not great for .net development16:41
leonelmralphabet: .net .. here is  .not ...16:41
mralphabetI know ;)16:41
pteague_workwas just wondering if there were any issues that i should be aware of... i'm using it at home for my file server/test server, etc, but wasn't sure about production16:41
leonelpteague_work:  just watch for the security for  universe packages  and if you can  send  patches :)16:41
pteague_workit's got to be better than this blasted rpm crap & whm/cpanel !#%16:42
pteague_workoh & did i forget to mention the current server being used has apache running as nobody:nobody? ;o)16:43
dendrobatespteague_work: google uses it.16:48
pteague_workuses which? ubuntu-server or whm/cpanel? =)16:49
pteague_worki'm guessing the suggestion is to use ubuntu-server gutsy?16:55
leonelpteague_work: an then upgrade to hardy  when released  in Apr   and stay there  for a long term17:00
=== Gamble61 is now known as gamble6x
=== gamble6x is now known as Gamble6x
=== XiXaQ is now known as XiXaQ_
=== XiXaQ_ is now known as XiXaQ
=== nictuku_ is now known as nictuku
stickystylepteague_work: if your still around, i use ubuntu as a production server on a dozen servers at work.  LTS (6.06) only though.19:37
pteague_workk19:41
fujinCentaur5: on your iptables yesterday, I noticed you weren't allowing in *all* established,related traffic20:08
fujinwhich you probably should be20:08
alejandrosomeone tested Xen 3.0 with gutsy? here it hungs up in xen-create-image when mounts the filesystem, any idea ?20:12
alejandrohttps://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/16117120:14
ubotuLaunchpad bug 161171 in xen-tools "create image  - kernel panic " [Undecided,New]20:14
alejandroyes20:15
alejandro:(20:15
=== gargeh is now known as Gargoyle
=== ember_ is now known as ember
=== ScottK2 is now known as ScottK
Centaur5fujin: So you're saying that after a client connects to a web site iptables doesn't notice that?23:12
fujinno, I'm saying you should have it for happy stateful behaviour ;)23:13
fujiniptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT23:13
fujiniptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT23:13
Centaur5fujin: Alright, well thanks for the tip I'll add it to my script right now.  I hope my class next semester covers iptables really well so I can be more fluent with this.23:19

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!