[00:27] <warchief_ryan> Anyone know how to make a NAT box but still be able to use the host box with iptables? Ive seen a few "guides" but they don't seem to say if you can still use the host box, from the command its looks like there just forwarding everything...
[00:34] <warchief_ryan> example,
[00:34] <warchief_ryan> iptables -A FORWARD -i eth0 -o eth1 -m state ESTABLISHED,RELATED -j ACCEPT,
[00:34] <warchief_ryan> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT,
[00:34] <warchief_ryan> iptables -A FORWARD -j LOG,
[00:34] <warchief_ryan> iptables -i NAT -A POSTROUTING -o eth0 -j MASQUERADE.
[00:37] <warchief_ryan> im new to iptables but that looks like it would just forward everything, so I wouldn't be able to connect to that box and have it send and receive packets right?
[00:38] <warchief_ryan> like if I tryed to ssh into it
[00:43] <ajmitch> FORWARD chain is separate from INPUT
[00:43] <ajmitch> so you can still ssh to it
[00:45] <warchief_ryan> so it would still recognise packets for the host that aren't meant to be forwarded to box's behind it?
[00:45] <ajmitch> yes
[00:56] <twb> To save me a few minutes of searching, does anyone have the URL for Ubuntu's end-of-life policy for LTS releases?
[01:17] <leonel> twb: https://wiki.ubuntu.com/Releases
[01:17] <twb> Thanks.
[01:27] <Overand> jdstrand: thanks, re: ufw data location
[01:28] <Overand> jdstrand: Looks like I misread the wiki article, ah well.
[01:36] <jdstrand> np
[02:13] <spiritssight> any one recommend a good Dynamic DNS provider for website that uses gmail for the mail and a desktop for the webserver with a dynimic IP and also has ssl cert
[02:13] <spiritssight> also has more then one subdomain
[07:48] <arvind_khadri> does squid have GUI??
[07:49] <arvind_khadri> any proxy server which has a GUI?
[09:52] <NCommander> kees, ping?
[10:06] <ghatak> Hi, is it possible to use logrotate to only delete files older than a certain period of time and not do any rotation of logs or compression ?
[10:08] <soren> mdz: re vnc/kvm/evdev: It's the vnc frontend that needs to translate the incoming keycodes to pc scan codes. I don't know how familiar you are with NC, but it used to be that VNC sent keysyms over the wire, but back in January or February or thereabouts we added an extension to VNC that allows it to send scan codes instead, thus obviating the need to specify a keymap on the kvm command line, which it used to use to translate keysyms to scan codes.
[10:09] <soren> s/ NC/VNC/
[10:09] <soren> evdev, howver, changed the key code -> scan code mapping, so this went bonkers.
[10:10] <mdz> soren: I'm not (knowingly) using VNC; is that used for local X display as well or something?
[10:10] <soren> In the end, we found a way to detect evdev on the host, and make use of a different mapping when it's in use.
[10:10] <soren> mdz: It's used by virt-manager.
[10:10] <soren> mdz: ..and virt-viewer.
[10:11] <soren> mdz: The frontend you get when you use kvm directly is SDL-based, and isn't quite fixed yet.
[10:12] <soren> But the recommended way to use kvm anyway is through libvirt, so for all the recommended uses of kvm, the problem is fixed. I'm waiting for a patch for the SDL thing from upstream. It's not far off, but the guy working on it has been on holidays for the past couple of weeks.
[10:14] <soren> mdz: You use a dvorak keymap, right? You must have had your share of pain dealing with qemu in the past?
[10:21] <uvirtbot`> New bug: #264982 in samba (main) "Segfault in Samba" [Undecided,New] https://launchpad.net/bugs/264982
[10:25] <NCommander> soren, qemu is why I went back to QWERTY from Dvorak
[10:29] <soren> NCommander: You don't have to anymore.
[10:30] <NCommander> I don't remember Dvorak
[10:30] <NCommander> I tried using the Dvorak keyboard on my old desktop and find I don't remember how to touch type it anymore ;.;
[10:32] <NCommander> brb
[10:44] <mdz> soren: yes, I do, and no, I never had a problem with qemu
[10:47] <soren> mdz: Oh, right, your keyboard does remapping in hardware?
[10:49] <soren> mdz: Well, anyone who uses a non-US keyboard will know the pain it used to cause. With that new VNC extension all the known problems were solved. I would have been very sad to see it go away.
[10:49] <NCommander> mdz, you have a hardware Dvorak keyboard? Nice!
[11:26] <uvirtbot`> New bug: #265004 in postfix (main) "postfix upgrade does not replace /etc/postfix/postfix-script" [Undecided,New] https://launchpad.net/bugs/265004
[12:05] <mdz> soren: how is the kernel handled for building EC2 VMs?
[12:10] <soren> mdz: Xen has its own bootloader. You pass a kernel and initrd (and kernel command line) to the hypervisor. In EC2, this works by building a manifest that describes where to find the filsystem images, and the kernel, and the initrd.
[12:10] <soren> ...so the kernel and initrd are entirely seperate from the image.
[12:16] <mdz> soren: so we don't include a kernel or modules at all?
[12:23] <soren> mdz: I'm still trying to work out the details of that. It depends somewhat on what the final outcome of the kernel is.
[12:23] <soren> mdz: But I'm thinking "no".
[13:08] <zul> soren: I was thinking about that last night and we might have to include the modules on the domU because there are use cases where poeple use things like asterisk on ec2
[13:10] <soren> I think that's meant to be handled separately, then.
[13:10] <zul> ?
[13:10] <soren> The way i've seen it done is that the initramfs contains the essential things like net and blk, and anything else gets wgotten.
[13:11] <zul> are you sure?
[13:12] <soren> Not entirely. I may be confused by looking at both init scripts and image building scripts over the last few days.
[13:12] <zul> heh
[14:23] <chumley> I'm needing to set up a backup mail server. If the primary goes down, this system would queue the mail until the primary server comes back up. There is an option during install called "Internet with smarthost". I tried this yesterday and it appears to work. Is that the best way to set this up?
[14:31] <uvirtbot`> New bug: #265058 in openvpn (universe) "openvpn2.1~rc7 fails to pick up the CN of certificates" [Undecided,New] https://launchpad.net/bugs/265058
[14:39] <zul> what if the smarthost goes down?
[14:40] <chumley> I'd like the ubuntu box to hold the mail and then deliver it when it comes back up.
[17:46] <uvirtbot`> New bug: #265102 in bacula (universe) "bacula not compiled with FORTIFY_SOURCE" [Medium,Confirmed] https://launchpad.net/bugs/265102
[17:48] <ScottK> leonel: http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/2008-September/000049.html
[20:03] <leonel> ScottK: suscribed to the list  and checking those patches ...
[20:52] <ScottK> leonel: Great.
[21:10] <fomigo>  I have a problem with Nautilus in Ubuntu 8.04. It doesn't work properly - CPU 50%, but in Nautlues over root it's all right. Maybe someone knows about it anything?
[21:37] <jdstrand> kees: so, I consider you a bit of an lvm guru...
[21:37]  * kees blushes
[21:37] <jdstrand> kees: I recently had a drive just totally crap out on me and  won't even show up in the BIOS
[21:37] <jdstrand> (post)
[21:38] <jdstrand> it was drive #2 in an lvm setup (no raid, data easy to  replicate)
[21:38] <jdstrand> but, in the interest of time, I'm hoping I can get to the data on drive one
[21:38] <kees> jdstrand: what sort of LVs did you have in your VG?
[21:38] <jdstrand> kees: it seems this should be possibly (I'm not sure drive #2 even really had much on it)
[21:39] <jdstrand> kees: you mean the fs?
[21:39] <kees> jdstrand: I actually mean the allocation of LV onto physical extents.
[21:39] <kees> did you have 1 big LV, or many small, etc?
[21:39]  * jdstrand goes and checks
[21:40] <jdstrand> oh, well just one big one
[21:40] <kees> was it larger than drive 1?
[21:40] <jdstrand> kees: I had just the one for a large backup disk
[21:40]  * kees nods
[21:40] <jdstrand> kees: 2 160GB identical drives
[21:41] <kees> lvdisplay -m LVPATH   will show you were it was allocated physically
[21:42] <jdstrand> kees: yeah, that's part of the problem-- lvdisplay was no help because of the way the drive died
[21:42] <kees> ah, the VG won't start?
[21:42] <jdstrand> correct
[21:43] <kees> hrm... this is now in a bit of a murky area for me.  Let me check the vgchange man page
[21:43] <kees> jdstrand: is it the only VG on the system?
[21:43] <Goosemoose> i set up apt-cacher, but im a bit confused on how to enter this in to preseed.cfg
[21:43] <jdstrand> yes
[21:44] <Goosemoose> anyone got a sec? the preseed.cfg docs are a bit confusing on this
[21:44] <kees> jdstrand: does  vgchange -a y    error out?
[21:44] <jdstrand> kees: it looks like I have the commands I used to set it up though
[21:44] <jdstrand> $ sudo vgchange -a y No volume groups found
[21:45] <kees> hunh.
[21:45] <kees> sudo pvdisplay /path/to/drive/1
[21:46] <jdstrand> kees: if you mean:
[21:46] <jdstrand> sudo pvdisplay /dev/sdc
[21:46] <jdstrand> or sdc[123]
[21:46] <jdstrand> I get:
[21:46] <kees> yeah, meant the partition
[21:47] <jdstrand> $ sudo pvdisplay /dev/sdc3 No physical volume label read from /dev/sdc3 Failed to read physical volume "/dev/sdc3"
[21:47] <kees> basically, is LVM able to read the "good" drive at all?
[21:47] <jdstrand> kees: doesn't seem so, but fdisk can see the partition table
[21:48] <kees> whoa, that's really odd
[21:48] <kees> can you pastebin the commands you used to create it?
[21:48] <jdstrand> kees: I have in my notes that I used partition typ 8e, but see in fdisk that it's 83...
[21:49] <kees> something seems to have clobbered the drive?  or re-ordered it?
[21:49] <jdstrand> kees: http://paste.ubuntu.com/43737/
[21:50] <jdstrand> kees: this is not the exact commands after all..
[21:50] <kees> yeah, looks fine.  (I've seen people do "whole drive" LVM stuff, and it's just painful)
[21:50] <mathiaz> Goosemoose: http://paste.ubuntu.com/43738/ <- does that help ?
[21:51] <jdstrand> kees: but I guarantee it is what I used, caused that's my recipe :)
[21:51] <kees> so... if pvdisplay doesn't think it's an LVM PV, that's pretty unfun.  :(
[21:51] <jdstrand> (with the possible exception of the extents)
[21:52] <kees> jdstrand: I wonder if pvscan shows anything?
[21:52] <kees> or pvscan -n ?
[21:52] <jdstrand> no
[21:53] <NCommander> hey kees
[21:54] <Goosemoose> mathiaz ,looking
[21:54] <jdstrand> kees: this machine goes way back and I remember when upgrading to hardy, I redid the drives
[21:55] <kees> heya NCommander
[21:55] <jdstrand> kees: maybe I only added the other drive to the lv
[21:55] <jdstrand> kees: I won't waste any more of your time. thanks!
[21:55] <NCommander> kees, I talked to the archive admins on doing the PIE changes
[21:55] <NCommander> And worked out generally how it can be done
[21:55] <kees> jdstrand: hrm.  yeah, if there's no PV signature, I'm stumped.  :P
[21:55] <Goosemoose> mathiaz, i already have that part setup, this is for the apt setup
[21:55] <kees> NCommander: ah cool.  who did you talk with?
[21:55] <NCommander> kees, slangasek, pitti, and I'm blocking on the last name
[21:56] <Goosemoose> the preseed i d/l had additional repositories, does the info you listed cover the apt-cacher already?
[21:56] <Goosemoose> seemed like they were two different things
[21:56] <NCommander> kees, it generally agreed that rebootstrapping the base system due to the static libraries is required since we have circular dependencies. However, they don't feel a full archive rebuild is needed, thus we just need to make sure any important packages are properly touched
[21:56] <mathiaz> Goosemoose: the three entries I've used are used to setup the mirror option in the install
[21:57] <mathiaz> Goosemoose: adding aditional apt repositories is also possible
[21:57] <mathiaz> Goosemoose: it depends on what you wanna do
[21:58] <Goosemoose> ok
[21:58] <kees> NCommander: yeah, sounds right.
[21:58] <kees> NCommander: can you document this stuff on the PIEExperiment wiki?
[21:58] <kees> just so we have a record of issues and solutions
[21:59] <NCommander> kees, once I make sure my resulting compiler works, I'm waiting on the regression testing
[21:59] <kees> heh
[22:00] <cameronh> When I enable AHCI for my SATA drive in my BIOS, Grub won't work (I get error 18 -- apparently Selected cylinder exceeds maximum supported by BIOS)
[22:01] <NCommander> kees, ATM, I'm having trouble making the spec string changes "stick" so to speak
[22:01] <kees> NCommander: did you see the patches I wrote?
[22:01] <NCommander> kees, yeah, but your patches would affect all architectures
[22:01] <kees> true, true.
[22:01] <NCommander> I need the CPU dependent CC1 strings
[22:02] <kees> look in debian/rules.patch (or something?).  it has per-arch patches.
[22:02] <NCommander> Hrm
[22:02] <NCommander> If a per architecture rules patch is possible then I could do it that way
[22:03] <kees> yeah, that's what made patching it such a PITA.  My first few attempts would break PPC builds, etc.
[22:06] <NCommander> kees, the i386 biarch build likes to break, so I'm still having compiler issues
[22:29] <Goosemoose> anyone figure out how to get a computer to join a domain from a preseed.cfg ?
[22:29] <Goosemoose> and user login authenticated against AD?
[22:41] <uvirtbot`> New bug: #266910 in likewise-open (main) "likewise-open does not clean up conf files" [Undecided,New] https://launchpad.net/bugs/266910
[22:42] <jdstrand> kees: well seems like it was user error-- just had the one bad drive in the lv
[22:42] <kees> jdstrand: d'oh.
[22:42] <jdstrand> ya, total d'oh!
[23:20] <Goosemoose> anyone figure out how to get a computer to join a domain and log in a user against AD from a preseed.cfg ?