[00:06] If I change my SSH port on my LAMP server will it affect anything in regards to SSH? I know I'll have to connect on a different port, but will it mess anything up? [00:09] no. not unless you have something that depends on it running there [00:17] I just have a basic LAMP installation going with MySQL, and PHP set up proper. Not too much. [00:28] you'll be fine [00:31] Cool, thanks. =) [02:41] Is it possible to stream from an external drive on a LAMP server only and just have communication with LAN? I still want the LAMP part on the WAN side of things so others and myself can go to my website. I just don't want people streaming from my ext. drive. Why do I want the ext. drive on my server? So I don't have any cords attached to my laptop, and cna move around in my house anywhere without the ext. drive attached. [02:53] I hope this question doesn't upset someone but I keep reading about people that have servers running for months without rebooting. Does that mean they aren't updating kernels with security flaws or is there a secret I don't know about that prevents rebooting? [02:56] I know LVM filesystems can be live while increasing / decreasing partition size. But I don't know if that really correlates to that question. I'd figure if you're on a LVM system you want the maximum uptime possible so maybe that has something to do with it? [02:57] Mind you that's just a guess. [02:57] But I do know you can change partitions, etc.. live. [02:58] Interesting, well it's not too important as I am capable of rebooting cause it only takes a couple minutes. I was just curious cause I know Linux is a lot more powerful than I can comprehend. :) [03:02] Centaur5, no, you're spot on .. kernel updates require reboots. for most uses, a scheduled reboot at 3am shouldn't be a kick in the pants [03:03] I'll have to research automatic rebooting after automatic updates that require it. [03:53] im having issues installing 6.6-2 on dell 2450 -scsi raid [03:54] i tried mylex and a perc 2 [04:01] with perc2 installer wont initiate the controller and the mylex installs but wont boot to kernel just dumps me in busybox - [04:06] is there a known work around for either of these scsi controllers [06:18] Hello.. I'm using gutsy. My sites are running well. I just want to ask this concern. My sites are running in LAMP. When I tried to do sudo apt-get upgrade this appear in the console: The following packages will be upgraded: libmysqlclient15-dev libmysqlclient15off mysql-client mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 unzip 8 upgraded, 0 newly installed, 0 to remove and... [06:18] ...0 not upgraded. Need to get 43.5MB of archives. After unpacking 16.4kB of additional disk space will be used. Do you want to continue [Y/n]?. NOW.. is it alright to go ahead? [06:24] rhineheart_m: It usually is [06:25] Jeeves_: thanks for that.. so is it safe? won't it destroy my existing databases? [06:25] No, that should not happen. [06:26] thank you.. [06:33] Is there a bandwidth tool that could be done in the console...by which you could still do even if you're remotely connected to the box? [06:52] rhineheart_m: bmon [07:01] <_ruben> and iftop [07:01] <_ruben> Jeeves_: using http debmirror completed just fine it seems [07:01] <_ruben> just fyi ;) [07:11] _ruben: Hmm, ok [07:11] Is there a ubuntu home server project still active? [07:22] <_ruben> keithclark: what should such a project entail? (read: not sure what you're asking for) [07:24] _ruben, a distro that is meant or the average home user to setup a simple server. Everything graphical and easy. [07:27] <_ruben> server + graphical .. hmm .. that's pretty much a contradiction in my book [07:28] <_ruben> with the upcoming release and ebox, i think ubuntu server itself would qualify tho [07:30] _ruben, I'm not sure why that would be a contradiction. Someone like me, and they may be rare, would like to setup a simple home server without command line usage. Just simple install point click and run. [07:31] _ruben, I've tried many things and they just confuse me. So much research and assistance needed. [07:36] _ruben,do you see what I mean? [07:39] is bmon realtime? [07:40] <_ruben> keithclark: after i said that i realised that "graphical" doesnt necesarily mean having an X server installed, a web interface would qualify as being graphical as well, which is where ebox comes in [07:41] _ruben, exactly! Something simple. [07:41] <_ruben> keithclark: havent really looked into ebox myself, since its not much use to me, but from what i've heard/read about it, it sure looks promising [07:41] _ruben, I will look into that! [07:45] _ruben, thanks [08:08] http://releases.ubuntu.com/8.04/ [08:09] <_ruben> woohoo ;) [09:10] morning [09:15] <_ruben> mornin nijaba [09:19] yes, I'd agree, it is morning [09:19] I am none to happy about it though [09:20] nijaba: talked to the company about iscsi testing next week, they are cool with it [09:21] morning _ruben, faulkes- [09:21] thanks a lot faulkes- [09:21] np [09:22] nijaba: sun+ubuntu press annnouncement? [09:22] * faulkes- raises an eyebrow of interest [09:22] faulkes-: yes? [09:22] very nice to see server edition getting some press [09:22] I forwarded it on to the upper mgmt and marketing here as well [09:22] always nice :) [09:23] that should spur them on a bit more as well [09:26] <_ruben> i'll be playing with iscsi in the near future as well .. waiting for certain hardware to become available though .. might take a week or 2 even :( [10:30] morning all. how difficult is it to setup ubuntu-server to provide network logins where network clients desktop is maintained on the server. All clients would be ubuntu clientsand there are no windows clients at all. Is there a document out there that someone could point me to? [10:35] try to read samba server for ubuntu..google it.. [10:38] cjsstables: ubuntu + ltsp, or edubuntu [10:39] hey.. thanks blue frog.. Actually I have that docloaded in my browser right now and am reading it.. thanks again.. [10:40] cjsstables: if you have never played with ltsp, edubuntu will be the easiest to start with [10:51] ok.. I will look at that as well. [10:53] basically what I really wanted to do is to have several clients loaded with ubuntu. have 5 network users that coulld sign into any of the client pcs but have all there info from the server. we are currently doing this in a mac osx environment and would like to move it to a ubuntu environmnet [10:54] we are a small company and no it resources so it would be selfdeveloped === rhineheart_m_ is now known as rhineheart_m [10:55] cjsstables, theres a few ways, depending on how complex you can go [10:56] cjsstables, it would be worth your while to look at the various pam modules available (apt-cache search libpam*) to see your options for authenticatin/accounting [10:58] well right now, I have a test environment set up that followed rrcomputer consulting server setup. We can have network users logi in to each client, but the only thing that they get to their home folder and mounts that drive, but allof their desktop settings are stored locally. we really don't want that. [10:59] we'dlike the desktop settings to come to be stored and maintained on the server side. Our authentication in the test environment works pretty well. [11:00] sorry, my typingis pittyful [11:01] you could save that data on the server, but i havent tried myself [11:05] The authentication is user level though LDAP/Samba. I think what I'm looking for is for the client side to recognize a network logon. and then based on that have it look to the server for the desktop instead of the local client. However, the system must also be non network client aware If alocal user signs on the desktop must come from the local user configuration [11:07] the network stuff is entirely posible, not sure about the un-networked stuff. i know it was a 'to impliment' item a few years ago. not sure if its done ye [11:07] we also tried sme-server but that gave us the same thing as we have from rrconsulting except that it wasn't afull ldap implementation [11:10] and it was geared towards windows clients.. which btw, works well and the desktopis saved on the server [11:11] you'll have to hang around and hope someone else can help with the specifics of your question [11:11] ok cool... [11:32] morning chuck [11:32] <[mbm]> 'lo; anybody home? [11:34] <[mbm]> fromport: I've noticed that the packets go out the domU xen interfaces but the response never comes back into the domU [11:34] i totally agree. on my firewall i have "arpwatch" running and i get an email everytime a new domU is triggered. [11:35] you also see Tx counting where as Rx stays 0 [11:35] <[mbm]> also noticing that running gutsy the domU's occasionally crash with 100% cpu load on all cpus, completely unresponsive to console or sysrqs [11:36] <[mbm]> trying to dig through a crash dump now to figure out why [11:36] <[mbm]> gdb is choking on the xen core file, which is hampering my efforts [11:36] no core-dumps here yet [11:37] <[mbm]> seem to get them mostly from the www server [11:37] has anyone here succeeded in getting KVM to run with bridging for the guests ? [11:43] fromport? [11:43] yep! [11:43] hi! long time no see/talk ;-) [11:43] Indeed! [11:44] You betrayed Debian as well? :) [11:44] shhttt. [11:44] :P [11:44] it's simply not moving fast enough.. [11:44] even though i'm running some servers on sid allready ;-) [11:44] fromport: yes, I have bridging working here [11:46] nijaba: i followed https://wiki.ubuntu.com/KvmVirtManagerEtc & https://wiki.ubuntu.com/KvmWithBridge [11:46] but somehow i cant get the guest to get a "public" ip address. [11:46] fromport: and? [11:47] They always seem to go through the 192.168.122.x range somehow [11:48] that sounds suspiciously like dnsmasq [11:48] fromport: does it work with fixed ip? [11:48] dnsmasq not installed :-) [11:48] the br0 interface is up and running [11:49] but the virt-manager doesn't seem to detect it [11:49] <[mbm]> you're using dhcp and you get a 192.168.x.x address? [11:50] <[mbm]> means there's a dhcp server on your network, use tcpdump to help find it === \sh_away is now known as \sh [11:52] hi, does anyone know where i can find changes introduced in hardy heron for the server version? [11:53] i'm using virt-manager, and i dont get a change to really choose for dhcp, is there ? [11:53] you have a choise of "virtual network" or "shared network" [11:53] <[mbm]> oh, kvm [11:53] i think i need the "shared" but in the dropbox there is no "device" to choose from ;-) [11:54] <[mbm]> belive those options roughly translate to nat or tap [11:55] fromport: try with virt-install instead [12:00] with: kvm -m 512 -net nic -net tap -cdrom /archive/iso/linux/ubuntu/hardy-desktop-i386-alpha6.iso -boot d [12:00] i do get a bridged ip !! === MenZa_ is now known as MenZa [12:00] so only thing left is to convince virt-manager to use the bridging as well ;-) [12:02] fromport: yes, I believe so === MenZa_ is now known as MenZa [12:25] nijaba: got it working by editting the xml files: [12:25] [12:25] vs [12:25] [12:26] fromport: yep, virt-install allows to create this while virt-manager does not (yet) [12:27] fromport: see the -w option of virt-install [12:29] <\sh> window 11 [12:29] <\sh> grmpf [12:30] * _ruben just uses alt-q for window 11 ;) [12:35] * \sh shouldn't open so much channels ;) [12:35] <[mbm]> hmm .. not much symbol information available for the -xen kernels [12:35] <_ruben> only got 12 open atm [12:36] _ruben, can i have some of your sanity? [12:36] <_ruben> Kamping_Kaiser: rather not, its already rather rare [12:37] <_ruben> and i compensate a bit by having 60 firefox tabs open [12:38] :( [12:39] * Kamping_Kaiser has epiphany+ firefox stuffed with tabs, then two irc clients (me and kgoetz ) with lots of tabs. generally, little sanity [12:40] <_ruben> why 2 clients? [12:40] Kamping_Kaiser: Isn't it like 2 o'clock in the morning for you? [12:40] Jeeves_, 11pm [12:40] _ruben, because they share a base ~15-20 channels, then my home/work clients have extras on top of that [12:41] <_ruben> ah [12:47] /j ubuntu [13:15] ahhhh [13:15] at last [13:15] ubuntu chan with resonable amount of users ;D [13:16] <_ruben> the number of schizo's here make up for that [13:17] lol :P [13:17] Is he talking about you, dthacker [13:18] No, he's talking about *you* dthacker [13:18] :O [13:20] so why do you guys use ubuntu server rather than debian? [13:20] <_ruben> fast and fixed release cycle [13:20] <_ruben> debian takes ages to get new releases out [13:21] <_ruben> we used debian in the past .. then switched to suse since we needed a 2.6 kernel based os and sarge was getting delayed over and over .. currently we're transitioning from suse to ubuntu [13:21] if i need something simple, but stable i'll go for debian. cutting edge -> ubuntu [13:23] good points [13:24] im finding the no-root su-do malarkly annoying atm [13:24] can i just enable root? [13:24] <_ruben> i see it as an improvement [13:24] id rather use su [13:24] <_ruben> on our suse machines we pretty do everything as root, which is far from recommended [13:24] and screen [13:25] <_ruben> sudo passwd .. enter passwd twice .. and you can su [13:25] rather than typing sudo infront of every single operation [13:25] :D [13:25] cheers _ruben [13:28] <_ruben> i like the idea of sudo actions being logged [13:28] wo0f_: You can. It takes about a minute. Do note that the default ssh config for Debian/Ubuntu allows ssh root access. You'll want to change that. [13:29] <\sh> _ruben: well, then you should take a look on sudosh2 :) http://freshmeat.net/projects/sudosh2/ [13:29] lol ScottK [13:29] why would i want to do that? [13:30] wo0f_: Why would you want to do which? [13:30] oh sry [13:30] misread that sry [13:31] <\sh> wo0f_: because an opened root account is evil...and most entries to machines are coming via brute force attacks on sshd's with PermitRootLogin yes settings [13:31] <_ruben> \sh: nice ;) .. but rather stick to the ubuntu-way [13:31] neg [13:31] ill just diable root access [13:31] <\sh> _ruben: well, you can add this the ubuntu way...the only change: it logs everything you type, too ;) [13:32] i just wanted su ;] [13:32] <\sh> sudo su - is not enoug? [13:32] <\sh> alias su="sudo su -" is also a solution ;) [13:32] pardon? [13:32] <\sh> enough even [13:32] rofl [13:32] <_ruben> \sh: thats an approach i hadnt thought of [13:32] \sh: Actually you'd rather do sudo -i in that case than sudo su. [13:32] innit! [13:33] <\sh> ScottK: yepp [13:33] <_ruben> in fact what i do here is give root a passwd, and have sudo require the root pw, this because we log on using ssh keys [13:33] what's the difference between su and -i? [13:33] The environment variables are slightly different [13:33] nothing i guess [13:33] <_ruben> and i create a global alias 'su=echo "do not use su, use sudo instead!"' :p [13:33] both make the shell root [13:34] Most of the time sudo su will work, but sudo -i will give you a saner result in a few corner cases. [13:34] _ruben: I guess its not a good practice to give password to root [13:34] fromport: I have update https://wiki.ubuntu.com/KvmVirtManagerEtc with instruction for bridging [13:34] People argue about root versus sudo all the time. [13:35] Personally, I think the main benifit of sudo is that it goes away after a while and you have to retype sudo so you don't stay root. Personally, I think it's a crutch for sloppy admins. [13:35] YMMV of course. [13:36] lol [13:36] <\sh> the only usage for root: If your server doesn't respond anymore and you need to boot into a root shell which is secured by a password...e.g. via iLO or another remote insight board [13:36] but once you've used it already and you entered your password as admin.. it won't ask for a password anymore.. meaning you have the root access [13:37] rhineheart_m: That's about 98% right. There are a few differences that almost never matter. [13:37] wo0f_: I believe sudo is essential as it brings role based tracable admin [13:37] Ubuntu also implements a role-based administration model with no default root access. Other Linux distributions typically provide this root access but role-based administration allows for better security, error prevention and auditing. This is particularly useful on systems where more than one user might have been given root access, as in a traditional model. This default can be reversed once the user is confident that root access will be secure [13:37] in their particular situation. [13:38] For me the biggest difference is that to get root via ssh with sudo you need one user name and one password. With a root password you need one user name and two passwords (assuming you disable ssh root access). [13:38] But I can't still the point.. why you should not be using root account well in fact root privilege is there with sudo.... :) [13:38] *get [13:39] It's mostly because people get root and stay root, forget, and do something silly. [13:39] <\sh> rhineheart_m: the fun part: on a single user machine you are able to do whatever you want...even as root :) [13:39] sudo reverts itself automatically. [13:39] <_ruben> rhineheart_m: i know its not perfect .. but giving the users a local passwd without resorting to using ldap or smth because it wouldnt be maintainable otherwise [13:39] rhineheart_m: because: 1/ you will not know who does a modification if multiple admin have access to the machine [13:40] That's another difference that can be significant. [13:40] 2/ because it is dangerous to always be root if you leave the machine or type a bad command inavertantly [13:40] how about if only one person has the access to the box? is it still a good choice? [13:40] <\sh> rhineheart_m: the serious part: in companies you have several admins doing different admin tasks...you don't want to give them root access, because they could destroy something which is not their area..so sudo can be configured to give other admins more rights to do tasks as root, but not to destroy other things...(this is the ideal idee behind it) [13:41] anyways, glad to see iv sparked off this convo:P [13:41] rhineheart_m: that's really up to you to do a su passwd to have a root account [13:41] just wanted to use su :) [13:41] but it should not be default [13:41] wo0f_: then sudo su will work [13:42] honestly.. I gave root a pass before.. but when I encountered this issue.. I then reverse it to default... (without even knowing why did I reverse it.. for what reason or purpose LOL) [13:42] I must admit that I sudo su quit often, if I need to walk in a hierarchy my normal user does not have visibilty on [13:43] <_ruben> i already told my co-admins that they better have damn good reason ready when i see a sudo su - or sudo -i or smth similar in the logs ;) [13:44] <_ruben> then again, sudosh2 would make that less an issue, but still [13:44] rhineheart_m: having a root password is not "bad", encouraging the users to log in as root by default is, as it would be to have a simple password for root or for an account with sudo power [13:45] ScottK: I got your point actually.. so.. it is possible to configure level of root privileges to an environment where more than I admin? Like there are superadmin (could modify the system) admin (less privilege) user (very limited)? [13:45] _ruben: the good thing with sudo su is that it is logged as well :) [13:45] <_ruben> nijaba: but the commands after that arent, right? [13:45] _ruben: in history of root only [13:45] <_ruben> nijaba: ah ok, im talking syslog here [13:46] " as it would be to have a simple password for root or for an account with sudo power" <<<< what do you mean with this? [13:46] _ruben: yes, but I have been able to trace what a sudo su did through bash_history [13:46] <_ruben> nijaba: true enough [13:47] rhineheart_m: if you have an account in the admin group with an easy password, it is as bad as having a root account with a simple pssword [13:48] rhineheart_m: meaning it can and will be cracked by any dictionary attack [13:49] rhineheart_m: personally I disable password login on ssh on all my machine connected to the internet [13:49] <_ruben> same here [13:49] so what did you do instead? [13:49] rhineheart_m: ssh keys [13:49] ssh keys? mmm.... can you explain a little info about it? [13:49] rhineheart_m: and it is so much faster to logon :) [13:50] is it secured? [13:50] rhineheart_m: take a look at ssh-keygen, ssh-copy-id [13:50] I mean.. m sure it is... in fact you chose it.. I mean.. where that ssh keys saved? [13:51] rhineheart_m: yes, as long a the id file is kept secured and has a good passwor [13:51] <_ruben> public/private key authentication .. public key on server you want to logon to .. private key you keep secure and is protected with a passphrase [13:51] rhineheart_m: only on my laptop, that is always with me [13:51] rhineheart_m: some people store it on a crypted USB key [13:52] rhineheart_m: and you should never be reluctant to change it if you think it can have been compromised [13:52] what if somebody can gain access in the USB..let's say.. it's lost...and you didn'y know it is lost promptly... [13:53] rhineheart_m: he needs one password to access the crypted file system and a second one to unlock the key [13:53] rhineheart_m: but that would constitute a potential compromise any way, so i'd change the key ASAP anyway [13:53] uhuh! that's great.. honestly.. I've been using pass to gain access to the box remotely.. [13:54] rhineheart_m: have you looked in your log how many connection attempt you get on ssh? [13:54] yeah.. I could as well review the logs of incoming connections in my router... [13:54] rhineheart_m: it is really scary how many zombies are trying dictionary attacks these days [13:55] rhineheart_m: I'd say that a machine connected on the net with root root login would survive less than 10 min [13:55] really? ows!horrible [13:56] so.. where in the world I can get a guide the way you set up your ssh server to accept incoming connections? [13:58] rhineheart_m: man sshd ? [13:58] rhineheart_m: that's for limiting to key auth only [13:59] rhineheart_m: man ssh-keygen and man ssh-copy-id for creating and deploying the key (you should do that part first ;)) [14:00] rhineheart_m: actually man sshd_config is more what ou need to look at [14:01] can you point me to somewhere else with a guide on this matter? [14:02] rhineheart_m: I could write one or look for one, but I do not know one from the top of my head [14:03] Hey, I'm having an odd problems I can't seem to solve. I have an ubuntu 7.10 server running a few php/mysql websites. I've been having some problems with packet loss and the website timeing out A LOT. So it seems there's an etworking problem with our host. However, connecting to lcoalhost still has issues. For example, I run a caching BIND and a memcache daemon. Often, both DNS lookups say "no servers found" and memcached clients say ... [14:03] rhineheart_m: found this, looks good : https://help.ubuntu.com/community/AdvancedOpenSSH [14:03] ... "connection timeout to 127.0.0.1" [14:03] okay. so what are the key terms here? so that I could find it myself? [14:04] what would cause connections to localhost time out all of a sudden? It was working perfectly a week ago, and nothing changed. I'm guessing some sort of ip stack corruption due to the packet loss issue or somethign? But I really have no idea [14:04] Schiz0|SD: when you do an ifconfig, do you see interface lo ? [14:04] yep, it's there [14:05] it does connect to lcoalhost, but only randomly. As in, it doesn't work all the time [14:05] Schiz0|SD: can you ping localhost? [14:05] Yeah, I just tried and it works fine [14:06] althoguh, I'm getting packet loss on localhost [14:06] Schiz0|SD: when you say "fail to connect" what service/command are you talking about [14:06] ? [14:06] Schiz0|SD: Packet loss on localhost? really? that is new to me ! [14:07] --- localhost ping statistics --- [14:07] 30 packets transmitted, 12 received, 60% packet loss, time 29000ms [14:07] rtt min/avg/max/mdev = 0.036/0.052/0.060/0.011 ms [14:07] how to review again the ssh logs? [14:08] rhineheart_m: /var/log/auth.log [14:08] nijaba: As for other connections, when I run "host www.google.com" it occasionally says "Server not found" The only thing in my /etc/resolv.conf is 127.0.0.1 [14:08] Schiz0|SD: something is really wrong with your network [14:09] :-\ [14:09] <_ruben> packetloss on localhost sure is new to me as well [14:10] could it be some sort of ip stack corruption or something? [14:10] $ host efnet.org [14:10] ;; connection timed out; no servers could be reached [14:10] it hsould be able to connect to bind on localhost :-\ [14:11] I really have no idea what to do. I'm more of a php coder than a tcp/ip network tech :-X [14:11] <_ruben> Schiz0|SD: well .. it *could* also mean that you can reach your own dns server, but your dns server cant reach the actual dns server [14:11] ah [14:11] is it possible to just allow ssh access to a range of IP? like I want it to be accessible by IP in our locality? [14:11] that makes sense [14:11] <_ruben> rhineheart_m: thats what packet filters are for [14:12] packet filters? where would I configure it? [14:12] ip tables? [14:12] Schiz0|SD: I would first try to find why you have packet loos on localhost, as it sounds like a much more fundamental problem [14:13] Schiz0|SD: out of curiosity, what is your MTU on localhost? [14:13] Could it be a duplex issue between some routing hardware at our host? [14:13] kirkland: [14:13] UP LOOPBACK RUNNING MTU:16436 Metric:1 [14:14] Schiz0|SD: it clearly a problem, that you have packet loss on loopback, but you might try narrowing it down by adjusting ping's packet size [14:14] Schiz0|SD: localhost is not going through the hw, so it should not be related [14:14] ows.. I guess MTU should be somewhere 1300 -1500.. correct? mmm a newbie here. L) [14:14] Schiz0|SD: ping -s 10 localhost, ping -s 100 localhost, ping -s 1000 localhost, ping -s 10000 localhost, ping -s 65000 localhost [14:14] rhineheart_m: not on localhost, it can be much bigger [14:15] rhineheart_m: my MTU on localhost is also 16436 [14:15] okay.. that's for etho? [14:15] I'm getting a some of these errors during the pings: ping: sendmsg: Operation not permitted [14:15] rhineheart_m: yeah, eth is usually more in the 1400-1500 range [14:15] rhineheart_m: yes, the value you gave are for ethernet [14:15] that would be the firewall, right? [14:15] Schiz0|SD: are you using any other parameters to ping? [14:15] Although, our firewall shouldn't touch localhost [14:16] nope, I just ran what you told me above, the first one [14:16] they're of the same machine...right? lo and eth? [14:16] Schiz0|SD: and are you running as root, or unpriv user? are you using sudo? [14:16] As root [14:16] so.. it might be a hardware problem.. just don't know... :) [14:16] Schiz0|SD: "Operation not permitted" is emitted by ping, if perhaps you try and ping flood as an unpriv user [14:17] kirkland: I guess yo would know about flooding ;) [14:17] I can pastebin some output...gimmie a minute or two [14:17] nijaba: learned a bit about it this week, nijaba ;-) [14:17] Schiz0|SD: Try iptables -F [14:17] uhh. [14:17] what's that do Jeeves_? [14:18] Schiz0|SD: one other thing that could cause packet loss on localhost is if localhost is getting HAMMERED by something else at the same time [14:18] I think my ssh connection just died [14:18] <_ruben> could run a tcpdump -nvi lo as well to see that [14:19] Schiz0|SD: That flushes your firewall [14:20] yeah, it's not responding to anything now :-X [14:20] <_ruben> iptables -F can be rather harmful when performed remotely with policies set to DROP [14:20] Oh. Damn. [14:20] * Schiz0|SD just got in trouble [14:21] _ruben: That's true ... [14:21] Schiz0|SD: Should I feel guilty? [14:21] Well. How can I fix it? or rather, how can our host fix it? [14:22] <_ruben> depending on ur host, reload the firewall ruleset should do the trick [14:22] Schiz0|SD: If you're policy is indeed DROP, you need te login locally and reload the firewall [14:22] <_ruben> then again, your connectivity problems *might* be caused by that very ruleset [14:22] And sorry for missing out on this step .. [14:22] Well considering I'm in the US, and the server is in Sweden :-X [14:23] It's fine Jeeves_...I should've looked up the manpage before running it anyway :-X [14:24] :/ [14:25] Anyway, our firewall script is here: http://silenceisdefeat.org/~schiz0/iptables.rules [14:25] We've been using it for a while, and it's been ok [14:25] so I don't think that's the problem [14:25] echo "Setting default DROP policies ..." [14:25] # Set default policies [14:25] $IPT -P INPUT DROP [14:25] $IPT -P OUTPUT DROP [14:25] $IPT -P FORWARD DROP [14:25] Jup, that's dropping everything... [14:34] <_ruben> even output filtering .. hardcore ;) [15:05] <_ruben> hmm .. 'scary' : [15:05] <_ruben> [271085.238264] EDAC e752x: Non-Fatal Error DRAM Controler [15:05] <_ruben> [271085.238276] EDAC MC0: CE page 0xa279a, offset 0x640, grain 4096, syndrome 0x2, row 2, channel 0, label "": e752x CE [15:06] <_ruben> lets run a memtest86+ [15:11] hello [15:11] hi ivoks ! [15:11] hi, sorry for meeting :/ [15:12] how ugly would be to add new system group (sasl) and configure dovecot to provide sasl socket by default for that group [15:12] ivoks: np - the earth is still round and the sun came back this morning :) [15:12] then, have an additional binary package (from dovecot source), which, when installed, would move that socket to postfix chroot and link old path to new path [15:13] and add postfix to sasl group [15:13] no configs would get changed [15:14] but it would be ugly to have /var/run/dovecot/sasl/socket linked to /var/spool/postfix/private//something [15:14] what say you? :) [15:15] ivoks: that's seems complicated. [15:15] ivoks: I've had a quick glance at the dovecot source code [15:15] ivoks: and it seems that's it should be easy to modify dovecot to not break if the sasl socket doesn't exists [15:16] ivoks: or better - if the directory to create the sasl socket doesn't exists [15:16] well, i'm not programmer :/ [15:17] i tried changing code so that it doesn't fail; and it didn't, but it failed with another error, at glance, unrelated to non-existing directory [15:17] I have a ssh connection going that looks like this: ssh -l -L 8088:192.168.0.100:80 lan.mysite.com. I'm trying to make sites on this lan local so I can work on them, by adding "hostname 127.0.0.1" to my hosts file, but I cannot get these to resolve in the browser... any ideas? [15:17] but, once i reverted those changes, it started normaly [15:17] ferric84: hosts is 'IP hostname', not 'hostname IP' [15:18] hmmm [15:21] arg [15:21] now it's a cannot find server erro [15:21] r === gregory is now known as tuxbox [16:07] does the normal LAMP install have wake on LAN installed or something? I just logged into the server from where it is, and it sounded like it did a fast boot up, almost like when you boot up a pc, just much more faster [16:08] wol is bios thing [16:08] hmm [16:09] not sure what's wrong with this server. I shall restart and see if it works. [16:09] bbl [16:11] In dmesg, I see: "Call Trace" is that normal? === nijaba is now known as nijaba[away] === nijaba[away] is now known as nijaba [16:38] To those who were helping me earlier today: Our host rebooted the server and reloaded the iptables script, so all is well. [16:39] As for the networking issues, the reboot seemed to help A LOT. Everything seems to be running fine now, and there's no packet loss as far as I can see [16:39] So I'm still not sure what the problem was :-\ [16:45] In dmesg, I see: "Call Trace" is that normal for a server? It's quite repeatative. [16:48] Schiz0|SD: thanks for the follow up [16:56] bleh [17:01] could some operator mayby ban the pumpernickle ? [17:39] ah ok thanks, ill do that. is there a way i can confirmed i did install the server version though? [17:39] oops [17:39] i just installed (what was supposedly ubuntu server 7.1), doesn't have sshd, apache...really any server stuff. anyway, regardless, im trying to install the server stuff i need, and this is my first time using ubuntu. i installed apache using synaptic package manager, and i thought i also installed phpBB2, but i can't find it anywhere. my past experience with phpBB2 was a tar, untaring in the appropriate folder, and configurin [17:40] also, is there a way to confirm i installed the server edition of ubuntu? [17:40] all the other version start with a graphical login after bootup ;-) [17:41] so if you have the text login: -> server version [17:41] i burned the right cd, and downloaded the right cd...hmm [17:41] cause i do have a graphical login. and no server stuff installed [17:42] what does "dpkg -l ubuntu-desktop" show ? only confirm if has an "i" at the beginnen of the line [17:43] ok, i typed in the command, what am i looking for in the response? [17:54] any objections for upload of new bacula (closes 3-4 bugs) [17:54] :) [17:58] themime: there should be 1 line and at the beginning there is probably an "i" or an "u" [17:59] theres no ssh so i can't c/p but its more than 1 line, it looks like there was some sort of error. let me get on irc on the box itself so i can c/p [17:59] er, sshd [18:01] apt-get install ssh [18:01] a server (and desktop as well) never is installed with ssh. always have to install that seperately [18:05] ah ok [18:05] im epic failing to get pidgin to work with irc haha [18:10] theres no way this is the server edition, theres no server software on here at all [18:10] and it has a gui [18:13] Desired=Unknown/Install/Remove/Purge/Hold [18:13] | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend [18:13] |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) [18:13] ||/ Name Version Description [18:13] +++-==============-==============-============================================ [18:13] ii ubuntu-desktop 1.79 The Ubuntu desktop system [18:13] after running the dpkg -l ubuntu-desktop [18:15] ehh.. you're not supposed to use cut&paste. they will warn/ban you on certain channels :-) [18:15] just the "i" at the beginnen of the line would have been suffciant [18:15] heh yea sorry, i should have used a pastebin [18:16] the other stuff seemed important too [18:16] so do i have desktop installed then? [18:17] could be: OR during install it has asked you to install "desktop" . if you answered yes it installed the whole .... [18:17] i never remember it asking me if i wanted to install desktop [18:18] is there a way to install the server and uninstall the desktop without reinstalling via cd? [18:20] just delete the graphical stuff: eg aptitude purge ubuntu-desktop [18:21] did i mess up package stuff by using synaptic manager? [18:21] sudo apt-get install apache didn't work, said the package didn't exist [18:21] no ! [18:22] it's apache2 nowadays [18:22] apt-cache search apache2 [18:22] ah ok [18:22] should i unstall using synaptic and reinstall with apt? [18:22] the mixed managers bothers me haha [18:23] aptitude is just a graphical way to access the package system. apt-get/aptitude is from the command line. [18:23] the effects are the same, you can mix&match. [18:26] why, when prompted for the "admin" password, i have to enter my user password and not the root password (like to install stuff? [18:31] themime: The password is for sudo. [18:33] which i thought was the root password [18:35] sudo(8): ... Otherwise, sudo requires that users authenticate [18:35] themselves with a password by default (NOTE: in the default configura‐ [18:35] tion this is the user’s password, not the root password). ... [18:35] is ubuntu capable to be stable server? [18:37] ah, man sudo, im dumb haha [18:37] * themime goes and rtfm [18:38] http://pastebin.ca/951848 any ideas? What can I do to fix this? [18:41] http://pastebin.ca/951851 Here is my syslog [18:41] J-_: did you check if /var/run/mysqld/mysqld.sock exist? [18:43] ivoks: I just cd /var/run/mysqld, typed ls, and mysqld.sock doesn't exist. [18:44] ivoks: what can I do to fix it? [18:44] J-_: can you start mysql? [18:44] no [18:44]