levanderIs there a page that documents the advantage of running Ubuntu Server over regular Ubuntu?  I mean, can't you just 'sudo apt-get install apache2' yourself?01:10
kgoetzafaik theres not one per-se01:11
levanderkgoetz: Careful, you'll get banned from the channel.01:12
kgoetzlevander: because?01:12
levanderYour dissing the product, man.  There's got to be some advantage.01:12
dendrobatesthere is more to a server distrobution than apache01:13
levanderdendrobates: Is there any page explaining to me what these differences are?01:13
dendrobatesuch smaller.01:14
kgoetzlevander: wtf are you going on about?01:14
dendrobatesthere is a different kernel, no gui, and the package list is much smaller01:14
levanderI'm just doing a small DNS server, apache2, a mail server, mysql.  Maybe I'm not the target candidate for Ubuntu Server?01:15
levanderWhy do they have a different kernel?01:15
dendrobatesthere are different needs for server and desktop.01:15
levanderdendrobates: What kernel do they have?01:15
levanderdendrobates: What are these differences?01:16
dendrobatesdifferent config01:16
levanderah, yeah01:16
dendrobatesupstream version, but a different congih01:16
levanderI guess I'm just in a weird situation, because this is actually just a small home server, not a production server.01:16
dendrobatesit is fine to use the server packages in ubuntu desktop if you feel more comfortable with that01:17
levanderdendrobates: I'm just trying to decide what's better for me.  I'd be comfortable with either.01:18
dendrobatesis it on server hardware?01:18
levanderNo, it's just an old AMD 1800+ that I want to run the above listed server software on.01:19
levanderOn thing I'm wondering is how much trouble it's gonig to cause my booting this machine without a monitor attached.01:19
dendrobatesubuntu server has a smaller memory footprint and installs much less cruft.01:19
dendrobatesbasically why would you install/run the desktop apps if you do not need them.01:20
levanderI got a GB of RAM and 40 GB of hard disk, but I guess it using less RAM could come in handy.01:20
levanderdendrobates: Yeah, it's not the idea that I'll run desktop apps on it.  But, I guess if the box goes down with serious problem, it would be nice to attach a monitor to it.01:21
dendrobatesyou can still use a monitor, just no x.01:21
levanderI see on ubuntu.com that they've got an integrated LAMP install.  But, I'm not using PHP, which I understand is the bitch in that config.01:21
dendrobatesyou don't have to install the lamp stack.  You can apt-get apache01:22
levanderYeah, I was just saying that looks like a big advantage of Ubuntu Server, if you're using PHP that is.01:22
dendrobatesyou can always install server and do an apt-get install ubuntu-desktop if you change your mind.01:23
jetolehey guys, does anyone know where I can find a listing of say all apnic ip address ranges or all ripe... well more specifically apnix02:31
kgoetzyou'd have to check their website probably02:32
jetoleyeah... do you know where, I assume it is a common place since the host tool on everyones computer queries the proper RIR02:32
jetolewhois tool does as well02:33
kgoetzwhois.apnic.net ?02:34
jetoleright, I am actually looking for a list of all apnic IP02:35
jetolewhois queries RIPE, how does my whois tool know it is a RIPE IP?02:35
kgoetzthe dns server/s tell it02:36
jetoleif I wanted to firewall every asian ip from connecting to port 25... can anyone think of a method?02:37
kgoetzSMTP? it would probably be easier to reject all .cn .jp etc domains02:39
jetolekgoetz: yeah... not really02:43
jetoleout of 640 hosts analyzed in my SMTP records for today, 222 had NXDOMAIN entries i.e. no DNS PTR02:44
jetoleand of coarse we get spam for canadian viagra that canadian-viagra.com (forget the real website name) points to jp02:44
kgoetzjetole: so perhaps not accepting from host without valid dns would work best for you02:45
jetolewell we have started implementing that as well as a lot of anti spam features but frankly I am about to ready to say fsck asia on the SMTP level02:45
jetolegrey lists don't seem to work because there seems to be a lot of broken legitimate SMTP servers out there and they mean too much to the corperation to just tell them they are broken and let us know when they are fixed02:46
jetoleone of them I saw today in the logs belonged to some news company called dispatch.com or .net02:47
kgoetzsomething like spamcop RBL+not accepting from invalid dns should help a lot02:47
jetolewell spamcop is on the list but it is providing temporary issues atm02:48
ajmitchblacklisting everyone in APNIC makes a lot of people very very unhappy02:48
* kgoetz included02:48
jetoleajmitch: asian people?02:48
ajmitchpretty much anyone in australia or NZ02:48
jetoleyeah that doesn't help02:48
kgoetzjetole: the P stands for Pacific02:48
jetoleyeah but the A stand for asian ;)02:49
kgoetzAsia to be picky02:49
ajmitchand you're talking to people in the APNIC range at the moment :)02:49
jetolekidding, well I mean I am not but I understand what you mean02:49
* ajmitch really doesn't like trying to explain to customers why mail doesn't get through02:50
jetoleajmitch: yeah, our partnership department had to do that today @ grey listing02:52
kgoetzgreylisting is evil (from what i hear)02:52
=== jjesse_ is now known as jjesse
jetolekgoetz: grey listing is great, broken legitimate mail servers are whats evil02:53
kgoetz4517   Reject RBL                                87.91%02:54
kgoetzour one blacklist (which i forget where its from)02:54
jetolegrey listing is fully SMTP compliant and does not break protocol, if a mail server cannot communicate with a grey listed server then from time to time it may not communicate with any other server either and mail is lost02:54
jetoleall grey listing does is the server initially issues a try back later code, SMTP 45202:55
jetoleif a SMTP server gets the code from another server and does not retry then the server is broken02:56
ScottKkgoetz: There's really no evil in greylisting, but I do get sick of not getting my mail instantly.03:56
ScottKlamont: Thanks for the mail.06:51
lamontsorry for the delay - it's been an interestingly busy afternoon/evening06:54
lamontand now to bed.06:54
KalamansiScottK lamont : i have server ubunt 7.10 desktop. running on firestarter as firewall. how to filter the downloads of my pc2 and pc3 when they download a file? pc1 is my server.06:57
Kalamansifilter or auto scan by with anti virus06:57
Kalamansiin ubuntu server06:57
kgoetzset it up as a proxy06:57
ScottKKalamansi: This is not, however, a desktop support channel.  Try #ubuntu06:58
kgoetzyou'll want clamav+probably squid06:58
KalamansiScottK i have installed CLI server too still underconstruction because i dont know how to configure a firestarter in CLI06:59
Kalamansithanks kgoetz06:59
ScottKIsn't firstarter just a gui for iptables?06:59
KalamansiScottK : ahh ok i got it07:00
Kalamansiso whats the other alternative for CLI server aside from firestarter?07:00
kgoetzor save your rules after makin them with firestarter and load it onto the server07:01
ScottKI've never done it, but I believe you can set up firestarter on one box and then copy the iptables rules it produces to another.  That's not, however, a complete substitute for knowing what you're doing.07:01
KalamansiScottK : do you have tutorials and howto? configuring a server just for internet sharing, traffic shaping and dhcp or assigning ip?07:01
ScottKI don't, but Google does.07:02
KalamansiScottK : how to locate the iptables of firestarter? or the .conf of the firestarter kgotz?07:02
kgoetzKalamansi: no idea07:02
* ScottK neither07:03
ScottKI suspect the firestarter documentation would be a good place to start.07:03
* ScottK is going to quit and go to bed before he starts mumbling about consulting rates.07:04
ScottKGood night.07:04
KalamansiScottK : kgoetz : is it okay to use dhcp to pc2 and pc3 or better to assign each pc an ip?07:04
kgoetzScottK: later mate07:04
kgoetzKalamansi: much of a muchness07:04
Kalamansikgoetz : you mean better to assign ip each pc?07:11
kgoetzKalamansi: i mean it doesnt matter07:13
kgoetzafk , going home07:13
Kalamansithanks mate07:13
Kalamansikraut sup08:34
Kalamansikraut : how to save my config? when i type this "ip addr add dev eth1, udo ifconfig eth1 netmask,echo 1 > /proc/sys/net/ipv4/ip_forward and pc2 then pc3 can connect to the internet..i reboot my server, after backing up, and do a ifconfig all that i entered in eth1 was gone... and pc2 / pc3 cant connect to the internet.. how to solve this problem?08:34
krautwrite it down into /etc/network/interfaces08:36
Kalamansii see08:36
krauthow to use this file is described in man interfaces08:36
Kalamansikraut : what kind of apps is good for logging or process of workstations? like log all yahoo messenger chats and msn chats?08:37
krautwhat exactly do you mean and what do you want to log?08:38
krautlinux use a syslog-facility. everything system-relevant can be found in /var/log08:38
Kalamansikraut : is there any applications to install, like for example a application that can logs or chats that came from yahoo messenger and msn chats?08:40
Kalamansilogs all chats08:40
krautthat's application dependend. also this is #ubuntu-_server_, please remember this!08:41
Kalamansiok ok but still it is installed in ubuntu server08:42
krautof course it is, but that are desktop-applications08:42
krautand it's stupid to install desktop-applications on a server-distro. of course it's possible, but nobody does this.08:43
Kalamansikraut : i usually (but not many times) ..when my isp disconnected, i always dial so that i could connect using a windows os dialer then unplug the cable rj45 then put it back to server..how to config the server and let the server to dial my isp?my setup is isp's modem---server ubuntu pc1 --- switch --- pc1 and pc2 ..08:45
krauterm, how do you dial? PPPoE?08:47
Kalamansiyeah PPPoE they give me login and password (3mbps)08:47
krautnormal dsl-connection?08:48
Kalamansihow do i dial? i use windows box then plug the modem wire to the nic, then dial.if get connected, i unplug the modem cable wire and transfer to ubuntu box08:48
Kalamansiyes dsl connection08:49
krautdo you understand german?08:49
Kalamansii cannot understand german08:50
krauthmm, then have a look on pppoeconf08:50
krautit's easy to handle and will guide you through the config08:50
Kalamansihow to access pppoeconf?08:50
krautanyhow, the linux-dialer is called ppp, it creates the pppoe-tunnel to your dslam08:50
krautapt-cache search pppoeconf?08:51
Kalamansii see08:52
Kalamansithanks kraut08:56
krautyou should use google for example more in future08:57
krautyou could handle this easy thinks on your own if you search a bit08:57
Kalamansione last question kraut before i go, how to filter all download of pc2 and pc3? im not sure if there is anti virus in console08:59
krautthere isn't a free and good soloution08:59
krautplease try first to understand linux and how it works, then take care on special topics like that09:00
Kalamansiso its okay to use CLI than GUI servers?09:00
krauta server is a server and a desktop is a desktop09:01
Kalamansiyes but i dont really get it..why others want a desktop server and others want server without x window..which is really safe? server with desktop or server without x window?09:02
_rubenx is both insecure and a resource hog, avoid installing on a server when possible09:03
krautKalamansi: _ruben got the point exactly09:05
krautand installing a window-manager will bloat your package-list09:05
=== mdz_ is now known as mdz
=== \sh_away is now known as \sh
ScottKDebian Bug #31181216:12
ubotuDebian bug 311812 in postfix "postfix: syslog reconnection" [Important,Open] http://bugs.debian.org/31181216:12
XiXaQIsn't it very strange that Ubuntu still doesn't have a package for freenx?16:16
ScottKDoes Debian have one?16:18
XiXaQseveral. I think all of the other distros of some size has them.16:19
dantalizingsearch gave no results at packages.debian.org16:19
XiXaQI don't know if they're in their repositories.16:20
krielOkay, here's a strange question. I'm currently in the process of remapping my network, so my server currently has two active interfaces. However, my sshd only listens to one interface (eth0). Is there any way to coax my sshd into listening to both interfaces?16:23
lamontScottK: yeah - that's a syslog bug that affects postfix... :-)16:24
ScottKlamont: Please fix.  kthnxbye16:25
lamontand requires a change in postfix to use the non-existant syslog package interface for adding $CHROOT/dev/log16:25
lamontplease work with the debian syslog maintainer on how to add additional log files to syslogd16:25
ScottKCool.  Sounds like you've got it handled.16:25
ScottKlamont: Any thoughts on adding the VDA patch to your Postfix package?16:26
lamontremind me of what VDA is16:26
ScottKVirtual Delivery Agent16:27
ScottKAllows some kind of soft bounce quota thingy.16:27
ScottKIIRC, the last comment on it I saw from Weitse was "Doesn't meet Postfix quality standards".16:28
lamontis that the stupid half-ass quotas-sort-of for virtual mailboxen?16:28
ScottKYeah  That one.16:28
lamontsounds like the same thing.  and yeah.  fails.16:28
ScottKOK.  You may want to read the ubuntu-server ML and weigh in on the ebox thread.16:28
lamontI believe my last comment on the bug is something of the form "I'll provide this when it comes down from upstream. kthx"16:28
lamontsigh.  I'll take a look at that later today, I guess.16:29
sommerScottK: are you thinking they'll ship a different version of postfix?16:30
* sommer found the eBox udpate very interesting16:30
ScottKsommer: I'm thinking they'll want us to patch our postfix when we integrate ebox.16:30
ScottKThat, or, even worse, ship their own in the package.  That horror hadn't even ocurred to me.16:31
lamontand the patch fails to meet quality standards, so they'll need to update it.16:31
sommerfrom the language used my impression was they were shipping their own, but obviously it's still being developed16:31
sommercouldn't you configure filesystem quotas to give you a similar result?16:32
ScottKsommer: I believe ebox upstream is shipping their own.  Dunno what'll happen with the Ubuntu packages16:32
* ScottK doesn't have time to get into it right now.16:32
ScottKsommer: Short version is almost, but not quite.16:33
sommerScottK: gotcha, thanks16:33
nealmcbyeah - I'm glad to see the ebox conversation starting - it is a big challenge, and we really need something to bring servers to a wider audience16:34
sommernealmcb: seems like the biggest challenge is the large amount of options used to configure server apps, and how do you translate that to a web interface16:36
foolanoScottK: so far we are shipping our own postfix package16:43
ScottKfoolano: Right, but we don't want two postfix in Ubuntu.16:43
foolanobut as i just said on the mailing list we can easily strip out that part from the code16:43
foolanono problem16:44
ScottKfoolano: Sounds good.16:44
nealmcbsommer: well I don't think they have to handle all the options - just the ones that a typical soho would really need. but they have to avoid fouling up existing configs16:44
nealmcbfoolano: welcome!16:44
foolanothanks :)16:45
nealmcbfoolano: what's your name?16:45
ScottKfoolano: I just replied on the ML to close the thread.  Thanks.16:46
foolanohandling all the possible options and presenting a simple UI is too complicated16:47
sommernealmcb: I agree, lot of work though16:50
sommerfoolano: thanks for the update, eBox is a very interesting project16:53
foolanoour current released is debian based, but i really think that we are doing the right think by changing to Ubuntu. Hopefully, we'll have more users more testing, and we'll end up with a better product17:02
ScottKProbably.  I doubt that many people who are the type to run Debian servers are also the kind to run Ebox.17:07
* nealmcb nods17:07
nealmcbfoolano: ahh - I think I met you at UDS Boston :-)17:09
foolanommm, whois...17:09
foolanoi think you sat in front of me during the ebox meeting17:10
foolanohow's everything going? :)17:11
nealmcbas usual, trying to stay on top of too many things at once :-)17:12
foolanohehehe, that's the way to go :)17:12
nealmcbI seem to recall rumors that apache 1.3 might not be in hardy17:13
nealmcbthe memory size issue with apache2 and ebox seems surprising - do you know what causes it?17:14
nealmcbhow big is apache 1.3 plus mod-perl plus ebox?17:15
sorenWe don't even have apache1.3 anymore..17:15
sorenIt's not even in gutsy.17:15
nealmcbahh - on re-reading I see that is what foolano said :-)17:17
nealmcbin email - had to backport....17:17
foolanoi don't know what is causing it17:17
foolanoi have to do some profiling to find out17:17
foolanoin the meantime, i'm using apache 1.317:18
krielI have two interfaces connected to my Ubuntu 7.10 (server) machine. lspci shows two interfaces, and originally ifconfig showed two interfaces (plus loopback) as well. After a reboot (with no hardware changes at all) lspci still shows two interfaces, but ifconfig only shows one. Where could I begin troubleshooting this? (besides using lspci and ifconfig)17:18
nealmcbfoolano:  http://vda.sourceforge.net/se doesn't work for me (from your email)17:18
foolanonealmcb: i pasted the wrong URL, remove the trailing "/se"17:18
nealmcbyeah - and I guess it is moot now anyway.  thanks17:19
fishorkriel: dmesg, /etc/netwok/interfaces, /var/log/syslog17:23
foolanogotta go. see you later17:28
krielfishor: if i pastebin those files, would you mind helping me figure out what happened?17:28
fishorkriel: 1. you should check in dmesg if netwok interface driver was loaded corrctly 2. in /etc/netwok/interfaces if it was korrectly configured 3. in /var/log/syslog if there is some other errors17:32
krielfishor: thanks.17:36
nealmcbmemes we'll be hearing about: home servers - take off on stay-at-home-dads: http://www.stayathomeserver.com/17:59
ScottKsommer: I'm taking another stab at backporting clamav to Dapper/Edgy/Feisty/Gutsy.  Please have a look at the team wiki page.  Testing needed.18:38
sommerScottK: cool, will do18:41
sommerhaven't gotten very far in backporting the API to the dapper version, but really haven't looked at it since before x-mas18:42
ScottKWith PPA, I can build test packages against the curren clamav pretty easily and others can test, so we'll get that a shot.  0.92 had additional API changes anywya.18:44
sommergotcha, should be able to do some testing this evening18:46
pHazeWhat's the best way to auto build and deploy servers in a cluster with ubuntu server?20:18
nealmcbpHaze: what sort of cluster?20:19
pHazeJust a regular web cluster. Running apaches and some of our own software.20:20
pHazebehind a load sharer.20:20
pHazeI'm building machines individually right now and want to automate the process so I can just slap a disk in and a new ubuntu spins up along with our own software installed.20:21
zulkickstart might help20:21
ubotuWays to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/6.10/ubuntu/installation-guide/i386/automatic-install.html - See also !cloning20:22
ubotuTo replicate your packages selection on another machine (or restore it if re-installing), you can type « dpkg --get-selections > ~/my-packages », move the file "my-packages" to the other machine, and there type « sudo dpkg --set-selections < my-packages && apt-get dselect-upgrade » - See also !automate20:22
ubotuWays to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/6.10/ubuntu/installation-guide/i386/automatic-install.html - See also !cloning20:23
* nealmcb mumbles about best-effort delivery to uboto :-)20:23
nealmcband I wonder if those techniques have changed much since dapper20:24
zulpreseed as well20:29
ScottKHell ivoks21:25
ScottKHello I mean21:25
ScottKivoks: I'm -> <- this close to having amavisd-new in Main21:25
astabenoscottk: I am going to report you21:25
ivokshi all21:25
ivokshell ivoks :)21:26
ivoksScottK: awsome21:26
astabenojust kidding21:26
ScottKOnce that's done you can integrate it into task select ...21:26
ScottKastabeno: Glad to hear it.  I'm famously grumpy and would have hated to have to have pointed some of it at you.21:27
ScottKivoks: I decided to kill of amavisd-new-milter once I say the Debian amavisd-new maintainer comment that he just assumed it worked because he had no way to test it.21:29
ScottKI think we don't want that in Main and it saves me having to split libmilter out of sendmail.21:29
=== \sh is now known as \sh_away
vareki hate grub error 1721:38
varekno idea what's happening, but i've called grub-install onto the right hard drive 1000 times now21:39
varekis there any way to get grub to be a little more verbose21:42
qmangoogle is your friend21:45
qmangrub error 17 means the partition exists but the fiesystem type cannot be recognized21:45
varekno shit.21:45
varekthanks for that.21:45
qmanpretty straightforward21:46
varekhow is it straightforward ?21:46
qmaneither your filesystem is damaged, has the wrong type code, your drive is toast, or your BIOS is interfering21:46
qmanit really can't be anything else21:47
varekmust be the bios.21:47
qmango in and make sure all your disks are set to "auto", not "user" or "LBA21:48
varekthey're all set to auto :\21:54
varekapparently someone on a gentoo forum found that the bios helpfully re-ordered drives at boot time21:57
ajmitchyep, /dev/sd{a,b,c} are certainly not in that order for me in the BIOS22:00
ajmitchI think that the first SATA drive that the BIOS sees turns up as sdb for me22:00
vareki'm using a sata PCI card for my boot hard drive22:04
vareks'pose i'll just guess hard drives22:07
varekfive to choose from :(22:07
varekthis is ridiculous.22:09
ivoksthere's a magic command22:11
varekyeah but presumably it'll be different at boot22:11
varekaccording to device.map it's hd4,0 but that gives me error 17, so it must be one of my software RAID disks at boot22:12
ivokssoftware raid disk?22:12
ivokslike... windows software raid?22:12
vareklinux software raid.22:13
ivokswhat raid type?22:13
varekmd, raid 522:14
ivoksi hope you don't have /boot on md raid522:15
varekit's on a seperate disk, first partition22:17
varekany ideas besides just guessing ?22:23
=== mtp_ is now known as matttp
varekguessing it is.22:27
varekwait, how is that going to help22:28
varekerror 17 means grub isn't even loading22:29
varekwhen it says 'cannoy mountselected partition' what does it mean ?22:31
somerville32It means it can not mount the partition you selected to mount22:34
varekwhich is specified when you install grub right?22:35
Thorsten11hello all22:37
Thorsten11is anyone on this channel/22:37
varekfellow has less patience than i do.22:38
Thorsten11i have a question if anyone is out there22:39
Thorsten11well its actually more of a concern22:39
ScottK!ask | Thorsten1122:39
ubotuThorsten11: Please don't ask to ask a question, ask the question -- All On One Line, so others can read it and follow it easily --. and if anyone knows the answer they will most likely answer. :-)22:39
Thorsten11I was viewing the auth.log file on my server back home from the hotel room i am in and i have one hell of alot of remote login attempts, obviously a brute force, my question is what can i do to make sure no one gets in22:40
ScottKThis is SSH, I assume?22:41
ScottKYou can use iptables to limit the number of SSH connection attempts.  If the server has lots of people trying to logon, this may have unwanted side effects.22:42
ScottKI'm the only one SSH'ing into servers I administer, so it works quite well for me.22:42
ScottKOnce they hit the limit, SSH just stops responding and they go away.22:42
Thorsten11that would work perfect, I am the only one that really logs in, ocasionally my brother does, but basically me.22:43
ubotupastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)22:44
Thorsten11Because i travel so much the ip address restriciton could never work so i have been looking for another solution22:44
Thorsten11thanks alot scottk22:45
ScottKhttp://paste.ubuntu-nl.org/52350/ is the basic idea.  You'll have to figure out how to integrate it into your iptables rules.22:45
varekwhat the hell22:45
varekit actually loaded grub22:45
Thorsten11thanks again too all22:45
ScottKThorsten11: Test it when you have local access to the server22:46
Thorsten11i shall, probably tomorrow when i get home22:46
Thorsten11are you on here often?  I'd like to let you know how it works out22:46
* ScottK is usually either here or logged in and reads the scrollback22:47
Thorsten11cheers and thanks, i'll let you know22:47
ajmitchvarek: you found the right partition & disk then?22:49
vareki changed the boot order in the bios22:49
ajmitchcomputers are wonderful22:49
varekit didn't like it being fifth, but did like it being first :\22:50
vareknow i just have to figure out how to get it to recognize raid.22:56
nealmcbScottK: so that ssh rate limiting rule links to a ratedrop chain, right?  how do you define that?22:57
ScottKnealmcb: http://paste.ubuntu-nl.org/52352/22:59
nealmcbScottK: cool - thanks23:00
ScottKnealmcb: No problem.  That's mostly thanks to Google.23:01

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!