[00:15] <theunixgeek> What can I do with a newly-installed LAMP server? :)
[00:15] <theunixgeek> (I've never done anything like this before)
[00:17] <nictuku> theunixgeek, the coolest thing is to host web pages
[00:17] <nictuku> theunixgeek, try installing a wiki software to begin with :-)
[00:18] <theunixgeek> What wiki programs are available?
[00:19] <theunixgeek> nictuku: To make something Wikipedia-ish, perhaps? ;)
[00:19] <nictuku> theunixgeek, yeah. make a personal wiki
[00:19] <MenZa> Mediawiki is nice.
[00:19] <nictuku> like a "notepad on steroids"
[00:20] <theunixgeek> MenZa: Is it available from apt-get?
[00:20] <MenZa> theunixgeek, probably is; I'm not sure. I prefer to install the original packages.
[00:20] <MenZa> !find mediawiki
[00:20] <ubotu> Found: libparse-mediawikidump-perl, libwww-mediawiki-client-perl, mediawiki, mediawiki-extensions, mediawiki-math (and 6 others)
[00:20] <MenZa> Jep
[00:20] <MenZa> Yep*
[00:20] <theunixgeek> :P
[00:20] <MenZa> !info mediawiki | theunixgeek
[00:20] <ubotu> theunixgeek: mediawiki: website engine for collaborative work. In component universe, is optional. Version 1:1.10 (gutsy), package size 1 kB, installed size 32 kB
[00:21] <theunixgeek> MenZa: does that mean it's preinstalled? :O
[00:21] <nictuku> theunixgeek, no it's not
[00:21] <theunixgeek> Ok.
[00:21] <theunixgeek> How do I get a domain for my server box?
[00:21] <MenZa> You purchase one. :)
[00:22] <theunixgeek> How? Like if I get one from GoDaddy.com, how will I be able to apply it on my machine?
[00:22] <nictuku> theunixgeek, then check if other people on the internet can reach you on port 80. depending on how is your connection, that may not work
[00:22] <theunixgeek> nictuku: I have two computers, so I can check it more easily like that :)
[00:22] <nictuku> theunixgeek, you'll point the hostnames for that domain to your servers' IP. is your IP dynamic or static?
[00:22] <theunixgeek> nictuku: I'm guessing dynamic since it changes
[00:23] <nictuku> theunixgeek, not if they are on the same local network
[00:23] <theunixgeek> nictuku: oh.
[00:23] <nictuku> theunixgeek, go to http://checkip.dyndns.org
[00:23] <theunixgeek> ok. I have it :P
[00:24] <nictuku> your IRC whois shows your address is c-71-203-10-234.hsd1.fl.comcast.net / 71.203.10.234. and this address has port 80 filtered
[00:24] <theunixgeek> nictuku: what does that mean?
[00:24] <theunixgeek> by having a port filtered?
[00:24] <nictuku> so you'd have to make your site accessible from a different port if you want people on the internet to reach it
[00:24] <theunixgeek> ok
[00:25] <theunixgeek> Wow, this is a lot of info :P I'll come back later when I've installed it. I just wanted to get a sneak peek of what I'm able to do.
[00:25] <theunixgeek> Thank, all :)
[00:25] <nictuku> theunixgeek, your ISP prevents you from using your server to host HTTP content in the standard port. it's a way to make you pay for a more expensive connection
[00:25] <theunixgeek> nictuku: lol :P
[00:25] <theunixgeek> thank you!
[00:50] <nealmcb> nictuku: so did you just get no response to a port 80 probe?  perhaps he has a local firewall or modem doing that?
[00:51] <nictuku> nealmcb, perhaps.
[00:57] <fujin> anyone versed in the ways of redhat-cluster-manager / gnbd + gfs?
[01:00] <Bawbatos> is the kernel build with what is need for ipsec out of the box.
[01:13] <ScottK> nictuku: That's also, I'm pretty sure, a dynamic IP which causes another set of problems.
[01:14] <kgoetz> fujin: #redhat :)
[01:14] <fujin> kgoetz: It's the only supported cluster suite in Ubuntu
[01:15] <fujin> (in main)
[01:15] <kgoetz> fujin: i didnt know there was a supported cluster suite
[01:15] <fujin> You fail.
[01:15] <kgoetz> hm....
[01:15] <kgoetz> cheers
[01:15] <fujin> np
[01:16] <kgoetz> yw
[01:35] <Centaur5> Ever since I quit using firestarter on my server and used a custom iptables script I'm no longer able to go to apple.com, msn.com, hotmail.com, or windowsupdate.microsoft.com. Can anybody give me an idea of why this is happening?
[01:36] <nictuku> Centaur5, can you resolve DNS? try pinging those hosts from the server and see what happens
[01:37] <Centaur5> I can't ping them cause they don't accept pings but yes they do resolve.
[01:38] <Centaur5> The server itself can go to the sites but the clients can't.  I noticed in wireshark that when I try to go to those sites I get a lot of bad checksums on the GET request and also duplicate TCP packet transmissions
[01:38] <fujin> clients?
[01:39] <Centaur5> yes, the server routes the internet to the workstations from eth0 (ppp0) to eth1 and eth2
[01:40] <fujin> can the clients get to the internet, at all?
[01:40] <Centaur5> yes, it's mainly just the M$ sites and the apple.com site that don't work.
[01:40] <kgoetz> any proxys running on the gateway?
[01:40] <fujin> I had a similar issue along time ago, while routing a PPPoE connection through a linux gateway
[01:41] <Centaur5> no
[01:41] <fujin> something about the MRU/MTU PMTU or something in iptables
[01:41] <fujin> no
[01:41] <Centaur5> iptables script is here http://paste.ubuntu-nl.org/47896/
[01:41] <fujin> tcpmss
[01:42] <Centaur5> fujin: Do you remember what you changed to fix it?
[01:42] <fujin> let me try and remember
[01:43] <nictuku> Centaur5, sometimes you may require ICMP for some things work. like Path MTU detection
[01:43] <Centaur5> It really makes me wonder why their websites are so much different than the rest.
[01:43] <nictuku> Centaur5, can you enable ICMP temporarily and see what happens?
[01:43] <Centaur5> nictuku: So you're saying that I should accept ping requests from outsiders?
[01:44] <nictuku> Centaur5, not ping. ICMP is not used only for ECHO (ping)
[01:44] <Centaur5> nictuku: Sorry, I'm not real familiar with different packet types and uses.  :)
[01:44] <nictuku> Centaur5, in this case we're interested in the "can't fragment" message
[01:45] <fujin> what's the policy on INPUT?
[01:45] <nictuku> Centaur5, so just test that. it won't work
[01:45] <nictuku> Centaur5, http://www.znep.com/~marcs/mtu/
[01:45] <nictuku> Centaur5, I mean, it wont *hurt
[01:45] <fujin> try enable all icmp
[01:45] <Centaur5> nictuku: Okay, I'm currently googling for a iptables command to allow that but if you have one that would help.
[01:45] <fujin> iptables -A INPUT -p icmp -j ACCEPT
[01:46] <fujin> what's the policy on your input table?
[01:46] <nictuku> yeah I was asking myself the same thing
[01:46] <Centaur5> my policies are here http://paste.ubuntu-nl.org/47895/
[01:46] <fujin> lol.
[01:47] <fujin> no use having an allow ssh rule when you're already allowing everything
[01:47] <nictuku> yeah
[01:47] <fujin> anyway, the commands regarding tcpmss were:
[01:47] <Centaur5> fujin: Well I temporarily disabled the block everything just for testing.  :)
[01:47] <fujin> iptables -A FORWARD -i ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS
[01:47] <fujin> iptables -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS
[01:49] <fujin> err
[01:49] <fujin> s/tp/to/
[01:51] <Centaur5> so --clamp-mss-tp-pmtu should be --clamp-mss-to-pmtu?
[01:51] <nictuku> yes
[01:52] <Centaur5> that still gives me an error saying Unknown arg `--clamp-mss-to-pmtu'
[01:57] <nictuku> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu
[01:57] <nictuku> Centaur5, else try google
[01:58] <Centaur5> I'm currently searching google.  The allow ICMP command didn't seem to make a difference.
[01:58] <fujin> oh
[01:58] <fujin> doh
[01:58] <fujin> you'll have to -j TCPMSS before --clamp..
[01:59] <Centaur5> that ran beautifully  :)
[02:00] <Centaur5> Hmm...those websites still aren't working.
[02:01] <fujin> hrghm
[02:01] <fujin> maybe that wasn't it.
[02:01] <fujin> It was something to do with tcpmss
[02:02] <Centaur5> alright, well atleast I know what direction to go.  I've been working on this all day.  It's amazing that firestarter does something different than this script to make it work.
[02:07] <fujin> fire up firestarter
[02:07] <fujin> make everything work as you want
[02:07] <fujin> and then iptables-save > save
[02:07] <fujin> vi save
[02:07] <fujin> take a looky :)
[02:10] <Centaur5> fujin: maybe that's what I'll have to do.  I wish firestarter would give the option to share to 2 NICs that's the whole reason I had to search for this script.
[02:31] <Centaur5> nictuku: I'm really slow.  I just barely noticed your message was different than the one fujin gave me.  That command worked beautifully and everything is working!
[02:32] <nictuku> Centaur5, which one?
[02:32] <Centaur5> Thanks nictuku and fujin!  I'm very glad I can quit googling this now.
[02:32] <Centaur5> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu
[02:32] <nictuku> Centaur5, cheers!
[02:33] <Centaur5> I didn't look close enough to see that yours didn't specify the external interface.
[02:34] <Centaur5> Just out of curiosity where do you learn stuff like that to come up with that command?
[02:46] <nictuku> Centaur5, the Path MTU issue is well know. it's described in all relevant TCP/IP books
[02:46] <nictuku> Centaur5, so I just googled for 'path mtu iptables' at google
[02:47] <nictuku> take a look for example at http://blue-labs.org/howto/mtu-mss.php
[03:46] <Centaur5> nictuku: I just got done eating.  I just finished a college class that taught a little bit about TCP/IP but didn't get advanced enough to help out that much in this situation.
[03:46] <fujin> Centaur5: good work :{
[03:46] <Centaur5> I'm guessing that none of the classes I take will get to that extent and I'll probably have to study all that on my own.
[03:47] <fujin> All of the classes I ever took never taught me anything.
[03:47] <fujin> and now I'm a high rolling linux systems engineer *g*
[03:48] <Centaur5> haha, I'm not too surprised...I mean, this semester was a huge wake up call of how much I don't know but we also still didn't get near as advanced as I want to go.
[03:48] <Centaur5> So did you mainly have to learn it all at your first job or what did you do?
[03:48] <fujin> I've been using Linux for years
[03:49] <fujin> I'm 20 now, started when I was 12?
[03:49] <fujin> >.
[03:50] <fujin> first job I inherited loads of poorly built linux systems
[03:50] <fujin> which may have helped
[03:50] <fujin> but really I probably learnt it by blowing away my pc numerous times over the year to try different distros and concepts
[03:50] <fujin> and freelance shit across the net
[03:56] <Centaur5> Well I didn't start playing with computers til I was 17 so I had a slow start compared to a few people I know and graduated with.  Also my problem is that I've never been able to play with anything that I can't afford.
[03:57] <Centaur5> I've read that most people that have real experience rather than degrees are the ones making the better money though.
[04:17] <fujin> Centaur5: that is true, in most parts of the world
[04:18] <Centaur5> So that's the way that you did it?
[04:18] <fujin> although I've seen multiple examples of the person with experience being out-paid and out-jobbed by others with qualifications
[04:18] <fujin> yes, indeed.
[04:18] <fujin> the only training I've received so far is training on a Dell (EMC) SAN
[04:18] <fujin> :}
[04:19] <Centaur5> haha, that's pretty cool
[04:20] <Centaur5> I'm only taking classes that will give me experience I'm not going to bother with history and science....therefore, no degree for me.
[04:21] <fujin> classes != experience unfortunately
[04:21] <fujin> I was on shit pay for ages
[04:21] <fujin> doing crappy repair work
[04:22] <fujin> which I probably could have skipped with qualifications
[04:22] <fujin> although I have seen many amply qualified Helpdesk operators.
[04:23] <Centaur5> crappy repair work like in a retail store fixing residential machines?
[04:24] <fujin> indeed :)
[04:24] <Centaur5> Well that's a good way to experience a lot of bizarre problems.
[04:25] <Centaur5> I do a little bit of work on some of the repairs brought in but I usually do the onsite work so you would probably hate my job.  :)
[05:30] <antdedyet> is there an incoming ubuntu server that functions similar to incoming.debian.org?
[05:32]  * antdedyet could use the kvm 1:55 pkg to get his vm going after some paths quit working after building from the kvm-source 1:55 pkg
[05:32] <ScottK> Look in Launchpad.  It'll be there first.
[05:35] <antdedyet> OK ... I will check. Updating the bios.bin symlink seems to be the temporary fix.
[05:43] <antdedyet> the files to build 1:55 from source are there, but I guess there's a process that hasn't reached the point of putting the .deb for amd64 in the "File Download" section.
[05:43] <antdedyet> my problems are fixed, just though soren would want to know
[06:08] <Bawbatos> question - i come from openbsd where the ipsec tunnels get an interface. i just got a tunnel up using racoon. it seem that is not the way it is done under linux
[06:08] <Bawbatos> the question is i have this in my logs - Dec 11 21:55:22 cork kernel: [ 7442.581865] RULE 6 -- DENY IN=eth0 OUT= MAC=00:50:da:bf:f5:e8:00:30:b8:aa:bb:b1:08:00 SRC=192.168.119.117 DST=192.168.22.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=61459 PROTO=UDP SPT=137 DPT=137 LEN=58
[06:08] <Bawbatos> both the network 192.x are each side of the vpn, lan side, the rules is is my deny all. do i need to 1. put a rule that says, no nat for those [2. do i really define letting an rfc1918 address on the external interface? that would make no sense
=== ScottK2 is now known as ScottK
[09:43] <_ruben> sweet .. just found out that qmail is now in the public domain .. time for an ubuntu package i'd say ;)
[09:44] <ScottK> _ruben: It's already in multi-verse
[09:44] <Kamping_Kaiser> !info qmail
[09:44] <ubotu> Package qmail does not exist in gutsy
[09:44] <Kamping_Kaiser> guess i'll have to put effort into finding out about it *heh*
[09:46] <_ruben> the !info trigger doesnt cover multi-verse then i guess?
[09:47] <_ruben> hmm .. apt-cache search qmail doesnt show it on my ubuntu server and it has multiverse enabledf
[09:48] <ScottK> https://launchpad.net/ubuntu/+source/qmail
[09:48] <ScottK> apt-cache search shows binary packages
[09:48] <_ruben> ah
[09:48] <Kamping_Kaiser> http://packages.ubuntu.com/cgi-bin/search_packages.pl?keywords=qmail&searchon=names&subword=1&version=gutsy&release=all
[09:48] <avatar_> _ruben: why do you want qmail?
[09:48] <_ruben> been too long since i actively worked with apt
[09:49] <_ruben> avatar_: its what im used to .. i like its speed and the way its configration works
[10:08] <_ruben> grrr .. for some reason my remote X session died on my
[10:15] <_ruben> hmm .. on launchpad the qmail package is marked as 'failed to build' on feisty/gutsy/hardy .. doesnt sound very promising
[14:35] <_ruben> hmm .. build-daemontools is hanging .. bah :/
[14:51] <_ruben> crap .. and it assumes the presence of /etc/inittab
[16:39] <pteague_work> how's ubuntu-server for a production environment?
[16:40] <mralphabet> uhh, great?
[16:40] <leonel> pteague_work: Just Works !
[16:41] <mralphabet> well . .. not great for .net development
[16:41] <leonel> mralphabet: .net .. here is  .not ...
[16:41] <mralphabet> I know ;)
[16:41] <pteague_work> was just wondering if there were any issues that i should be aware of... i'm using it at home for my file server/test server, etc, but wasn't sure about production
[16:41] <leonel> pteague_work:  just watch for the security for  universe packages  and if you can  send  patches :)
[16:42] <pteague_work> it's got to be better than this blasted rpm crap & whm/cpanel !#%
[16:43] <pteague_work> oh & did i forget to mention the current server being used has apache running as nobody:nobody? ;o)
[16:48] <dendrobates> pteague_work: google uses it.
[16:49] <pteague_work> uses which? ubuntu-server or whm/cpanel? =)
[16:55] <pteague_work> i'm guessing the suggestion is to use ubuntu-server gutsy?
[17:00] <leonel> pteague_work: an then upgrade to hardy  when released  in Apr   and stay there  for a long term
=== Gamble61 is now known as gamble6x
=== gamble6x is now known as Gamble6x
=== XiXaQ is now known as XiXaQ_
=== XiXaQ_ is now known as XiXaQ
=== nictuku_ is now known as nictuku
[19:37] <stickystyle> pteague_work: if your still around, i use ubuntu as a production server on a dozen servers at work.  LTS (6.06) only though.
[19:41] <pteague_work> k
[20:08] <fujin> Centaur5: on your iptables yesterday, I noticed you weren't allowing in *all* established,related traffic
[20:08] <fujin> which you probably should be
[20:12] <alejandro> someone tested Xen 3.0 with gutsy? here it hungs up in xen-create-image when mounts the filesystem, any idea ?
[20:14] <alejandro> https://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/161171
[20:14] <ubotu> Launchpad bug 161171 in xen-tools "create image  - kernel panic " [Undecided,New]
[20:15] <alejandro> yes
[20:15] <alejandro> :(
=== gargeh is now known as Gargoyle
=== ember_ is now known as ember
=== ScottK2 is now known as ScottK
[23:12] <Centaur5> fujin: So you're saying that after a client connects to a web site iptables doesn't notice that?
[23:13] <fujin> no, I'm saying you should have it for happy stateful behaviour ;)
[23:13] <fujin> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[23:13] <fujin> iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
[23:19] <Centaur5> fujin: Alright, well thanks for the tip I'll add it to my script right now.  I hope my class next semester covers iptables really well so I can be more fluent with this.