/srv/irclogs.ubuntu.com/2008/09/22/#ubuntu-server.txt

xiownthisplacex	hi all	00:51
xiownthisplacex	i have installed ubuntu 8.04 on a server, can i fxp on port 22? i've tried it and it doesn't work, do i need to config something? or do i need to install like glftpd?	00:51
vk5foss	xiownthisplacex: can you what on 22?	01:44
xiownthisplacex	i want to fxp from 2 servers that i have	01:53
vk5foss	fxp?	01:54
xiownthisplacex	yea, you know like, flashfxp	01:55
xiownthisplacex	site-to-site transfer	01:55
vk5foss	nope, never heard of it before. (might hae heard of it actually, certainly never used it)	01:59
PanzerMKZ	vk5foss it is ftp between two ftp servers not having the data pass thru the controller machine	02:01
vk5foss	PanzerMKZ: ah	02:04
vk5foss	xiownthisplacex: dare i ask why you want to run it on port 22?	02:05
xiownthisplacex	so i dont have to install a ftp server like proftd or glftpd	02:05
vk5foss	... is your question "can i copy files between two hosts directly over ssh" ?	02:06
=== vk5foss is now known as kgoetz
Level15	Hi: WHere can I suggest something to be added to Ubuntu server?	03:42
dendrobates	Level15: the mailing list, or here during the week.	03:45
lukehasnoname	someone want to do a quick favor?	04:10
Emmett	We changed the server IP of an ubuntu server install. ssh'ed into the machine, no problem. But now it's locking out ssh attempts when it worked fine minutes ago.	05:47
Emmett	Someone just got in, ran an ls and it disconnected them.	05:48
Emmett	Any ideas?	05:49
azteech	reboot it and see if you can get back in?	05:49
Emmett	it's at a data center.	05:50
kgoetz	Emmett: are you using firewalling?	05:50
Emmett	no	05:51
nxvl	Emmett: check if you have ufw blocking stuff	05:58
nxvl	Emmett: it might be the problem	05:58
Emmett	nope.	05:59
nxvl	Emmett: are you sure? it's installed by default	06:02
Emmett	really?	06:03
Emmett	since I only have a minute on it, what are the chances that I could just	06:03
Emmett	sudo ufw disable	06:03
Emmett	and hit enter?	06:04
Emmett	would that kill it all immediately?	06:04
RoAkSoAx	Emmett, it's supposed to	06:06
nxvl	you can do "ssh $host $command"	06:06
Emmett	can I ps -ef \| grep ufw to see if it's running anywhere?	06:07
Emmett	like, what daemon does it run?	06:07
nxvl	ufw status	06:08
Emmett	I only have a second, I don't have time for that	06:09
* ajmitch_ wonders if it's as simple as an address collision		06:09
nxvl	ssh $host sudo ufw status	06:09
twb	Is it a bad idea (or even impossible) to include masquerading and other NAT chains and rules in /var/lib/ufw?	06:21
RudyValencia	Hi, I'm trying to setup a Postfix service on my server, for sending out notifications from PHP. How do I configure it in the menus?	06:21
twb	RudyValencia: if it's just going to send mail to a "real" mail server, you want the "satellite" option	06:22
RudyValencia	twb: I'm setting it up to send out things like password reset, confirm account creation, etc. mails.	06:22
RudyValencia	PHP mail(), basically.	06:23
twb	I realize that.	06:23
RudyValencia	It's basically going to send it directly to the other MX for delivery to the user.	06:23
RudyValencia	Would it be a "Satellite system" then?	06:24
twb	RudyValencia: that's what I said.	06:24
RudyValencia	OK	06:24
RudyValencia	I think I may have it	06:26
=== PanzerMKZ_ is now known as PanzerMKZ
soren	NCommander: hm?	07:33
ghaleb__	hello, I'm trying to get freeradius source, I get this problem E: Could not open file /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_hardy-security_main_source_Sources - open (2 No such file or directory)	08:08
scuser	hi all, I'm using ubuntu 8.04 and installed kerberos according to this tutorial http://doc.ubuntu.com/ubuntu/serverguide/C/kerberos.html, but when I type kinit I receive no tickets, can anyone help me with that ?	08:13
scuser	hi all, does this message mean that I have a ticket or not http://paste.ubuntu.com/49208/ ?	08:32
twb	krbtgt/SC.BIBALEX.ORG@SC.BIBALEX.ORG is your ticket	08:38
twb	Try #kerberos (#krb?)	08:38
twb	scuser: so you have a TGT, but no other tickets (e.g. an NFS-specific ticket)	08:38
scuser	twb: I'm new to kerberos, so what does this mean ?	08:40
twb	scuser: #kerberos is an IRC channel.	08:41
scuser	twb: ok thanks :)	08:41
Chipzz	scuser: first thing you have to check when you have problems with kerberos is, like btw any document on kerberos will tell you, if you have a working DNS setup, both forward and reverse DNS	09:42
uvirtbot`	New bug: #273043 in apache2 (main) "/etc/init.d/apache2 routinely prints to stderr if few modules are enabled, causing logrotate to spam in cron" [Undecided,New] https://launchpad.net/bugs/273043	10:11
ghaleb_	hello, is there an alternative for freeradius in for EAP wireless authentication ?	10:23
twb	Is there a way to list existing ufw rules in "ufw format", as opposed to the raw iptables-save format?	10:38
kraut	moin	10:41
henkjan	twb: sudo ufw status	10:42
twb	henkjan: oh! That outputs useful information only if the thing is actually enabled	10:43
twb	henkjan: thanks	10:43
twb	How does it decide whether to be -p tcp, -p udp or both?	10:44
twb	Does it just say "well, for 'ufw add www' there's a www entry for both in /etc/services" ?	10:44
henkjan	hmm, don't know if it gets the names from /etc/services	10:47
henkjan	looks like it does	10:49
scuser	hi all, can anyone tell me how to use .k5login to login without password ?	10:49
henkjan	twb: newer ufw in intrepid add support for application profiles	10:50
henkjan	twb: see http://ubuntuserver.wordpress.com/ and search for ufw package integration	10:51
henkjan	twb: also check http://doc.ubuntu.com/ubuntu/serverguide/C/firewall.html for the updated ufw documentation	10:52
twb	henkjan: I asked because on Hardy I did "ufw add smtp" and "ufw add www"; and I got the following rules:	10:52
twb	tcp 25; tcp 80; udp 80	10:53
henkjan	twb:	10:53
twb	...I was weirded out that it added UDP only for www.	10:53
henkjan	If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.	10:53
twb	henkjan: yeah, I realize that.	10:53
twb	henkjan: I'm trying to understand how it decides which protocol(s) to add if you don't specify any.	10:54
twb	Ooh, a bug.	10:55
twb	http://hpaste.org/10596	10:55
twb	Yeah, it does a different thing if you "add 25" to if you "add smtp".	10:56
twb	The latter only adds TCP, not UDP.	10:56
twb	It also doesn't understand "ufw add 25/icmp", which I just tried for kicks.	10:57
scuser	hi all, can anyone tell me how to use .k5login to login without password ?	11:21
papyromancer	I've gone through the goog and the book, but I'm having trouble getting outside network access to this samba share (local subnet access is great) there's no firewall installed (it think) on this (ubuntu) system, router is setup to DMZ to this server. I can ssh from client to server and vice versa. I try the 'echo "hello" telnet xxx.xxx.xxx.xxx 139' to the server from the client and get "telnet: Unable to connect to remote host: Connection tim	12:13
ropetin	papyromancer: Are you sure your ISP is allowing 139 through? I know a lot of residential ISPs will block it for security reasons	12:19
ropetin	I wouldn't be surprised if business class ones do too. I can't see any immediate reason why one would want an Internet available samba share	12:19
papyromancer	ropetin: I am business class... Let me call them up	12:20
papyromancer	hang on ;)	12:21
ropetin	OK :D	12:21
=== ogra_ is now known as ogra
papyromancer	ropetin: comcast blocks those ports system wide at the request of homeland security and cannot unblock them... LOL .... time to build an ssh tunnel from my ec2 instance :D	13:07
Deeps	might i recommend a vpn instead	13:11
ropetin	papyromancer: yeah, as I thought. I'd go with Deeps suggestion if it really has to be a samba share	13:11
Deeps	or infact, anything not tcp based unless you absolutely have to	13:12
papyromancer	Deeps: I'm going with the tunnel :)	13:12
ropetin	OpenVPN is so easy (relatively) to get running, I'd highly recommend it	13:13
Deeps	papyromancer: up to you, but tunnelling anything over tcp is best avoided unless absolutely necessary	13:13
papyromancer	Deeps: Why do you say so?	13:13
Deeps	due to the nature of how tcp works - it's a "reliable" protocol	13:13
Deeps	if a packet gets lost, it rerequests it	13:14
papyromancer	Deeps: So service will be spotty?	13:14
papyromancer	and slow?	13:14
Deeps	in the mean time, your protocol that your tunnelling might also have error handling too, at which point that also rerequests over the tunnel	13:14
Deeps	so you get a fair bit of duplication and unnecessary slowdown	13:15
papyromancer	Deeps: I'm still gonna go for it, I'm stubborn	13:17
papyromancer	Started a forum thread: http://ubuntuforums.org/showthread.php?p=5833814#post5833814	13:17
papyromancer	I'll let you know how it goes. And thanks for the advice :)	13:18
Deeps	alrighty	13:18
Deeps	gl, enjoy	13:18
uvirtbot`	New bug: #273099 in net-snmp (main) "No debug symbols package for net-snmp" [Undecided,New] https://launchpad.net/bugs/273099	13:26
NCommander	soren, you are now running pinkie if your fully up to date	13:30
soren	I believe I am.	13:31
soren	-> #xubuntu-devel	13:32
psufan	hey	14:03
psufan	how do I compile newer 2.6.2x kernels on ubuntu 6.06lts if it's even possible, last time I tried it broke the system	14:03
henkjan	psufan: why do you want to compile your own kernel?	14:10
psufan	because 2.6.15 has a nfs crash and burn bug and the nit wit developers don't feel it warrents a patch	14:11
henkjan	psufan: any option to upgrade to the next lts (8.04) ?	14:18
psufan	not unless vmware server 1.x is supported on top	14:18
psufan	or I woul dhave dumped 6.66 already	14:18
slicslak__	how do i add a superuser (on the cli)? is there a special command? or just useradd and then add that user to a bunch of groups?	14:50
soren	slicslak__: Just the "admin" grop.	14:50
soren	group, even.	14:50
slicslak__	soren, great thanks	14:51
Chipzz	henkjan: just ignore psufan - iirc, he came insulting the developers on #ubuntu-dev a couple of weeks ago	14:53
* soren greps irclogs		14:54
Chipzz	soren: not 100% sure, but the name rings a bell and his behaviour matches	14:54
Chipzz	also the "6.66" was something I recall from then	14:55
Chipzz	or something along those lines	14:55
soren	Chipzz: Yeah, just found it. shrug	14:57
henkjan	Chipzz: ah, okay	14:58
nxvl	morging	14:58
slicslak__	soren, if i want the user to have their own group, do i need to create that group first? useradd doesn't seem to have that option.	15:04
slicslak__	right now i have: useradd -G admin -m name	15:04
soren	Use adduser instead.	15:04
soren	I'm not sure about useradd, but I know that adduser creates a group for each user.	15:05
slicslak__	soren, right, thanks	15:10
nxvl	kirkland: ping	15:18
piti	hi. I'm experiencing some trouble with libpam-chroot. I'm experiencing the same kind of problem than https://answers.launchpad.net/ubuntu/+question/33707	15:22
kirkland	nxvl: pong	15:22
piti	must I use the patch proposed ? why there isn't an update on the package ?	15:22
nxvl	kirkland: is it normal that my desktop show a "Private" icon?	15:23
nxvl	kirkland: i mean, i have an icon of a mounted drive called "Private" that calls to my Private crypted forlder	15:23
nxvl	kirkland: as if it were a flash drive or something	15:23
kirkland	nxvl: right, that's because "Private" is mounted	15:23
kirkland	nxvl: from a command line, run "mount"	15:24
nxvl	yup, that i know, but /home is also mounted and doesn't appear in there	15:24
nxvl	kirkland: because to have such an icon will be the first things people ask "why you have that, what you have inthere" and such stuff	15:25
nxvl	kirkland: so it will only raise and interest of other people (maybe system users) on try to break it	15:26
kirkland	nxvl: okay.	15:30
zul	mathiaz: does the patch to #273043 look reasonable to you it does to me	16:30
mathiaz	bug #273043	16:30
uvirtbot`	Launchpad bug 273043 in apache2 "/etc/init.d/apache2 routinely prints to stderr if few modules are enabled, causing logrotate to spam in cron" [Undecided,New] https://launchpad.net/bugs/273043	16:30
mathiaz	zul: seems like a good patch	16:34
zul	thats what I thought but I can see why you want those error messages to cron	16:36
piti	Hi I'm experimenting a trouble with libpam_chroot : I want to chroot someone from ssh, but when I login, I have the welcome message, but imediatly put me out. on the log side, I founded : http://pastebin.com/m7b33ccfb , and possibly a bugreport which may be linked (https://answers.launchpad.net/ubuntu/+question/33707 )	16:38
piti	the same config worked with gutsy, but no longer with hardy. is it a regression ?	16:38
psufan	how do I find out if a kernel update for 6.06lts includes the nfs crash and burn bug and root hole fix	16:40
zul	mathiaz: its for hardy by the looks of it	16:41
mathiaz	psufan: do you have a CVE number ?	16:41
mathiaz	zul: hm - it's probably won't qualify for a SRU.	16:42
psufan	hang on	16:42
psufan	this is what I have	16:42
psufan	https://lists.ubuntu.com/archives/dapper-changes/2008-June/012713.html	16:42
zul	mathiaz: probably not	16:43
psufan	hmm	16:46
psufan	box is still only at -51	16:46
zul	piti: it looks like it to me	16:49
psufan	also	16:50
psufan	what the HELL is with nano in 6.06.2 lts	16:50
psufan	if you hit enter to start a new blank line it suddentely smashes all the lines together	16:50
psufan	this has almost driven me to sucide	16:50
soren	psufan: Nano hasn't been touched in dapper.	16:51
piti	zul: I also found a package on that page : https://bugs.launchpad.net/ubuntu/hardy/+source/libpam-chroot/+bug/237308 . I'm trying it, but shouldn't it be on a repository ? (like -update or -security)	16:52
uvirtbot`	Launchpad bug 237308 in libpam-chroot "libpam-chroot broken" [Undecided,Confirmed]	16:52
soren	It's the exact same as it was when Dapper was first released.	16:52
superdump	hello	16:52
superdump	is it reasonable to ask about caching dns server stuff here?	16:52
zul	piti: its definently a SRU imho	16:53
soren	superdump: Probably :)	16:53
superdump	i'm looking to set up caching dns on a server on my lan and use that for internet dns lookups	16:54
superdump	rather than always using my isp/opendns	16:54
superdump	especially as sometimes they seem intermittent	16:54
piti	zul: what do you mean by SRU ?	16:54
superdump	firstly, what dns server would people recommend for a caching dns server?	16:54
superdump	i saw something about pdnsd but i was expecting that bind would do it	16:54
zul	piti: it should be in -updates	16:55
superdump	i haven't used a dns server before, but once i know what is recommended, i'll have a look around and try to get it working	16:55
Deeps	bind would do the job, and could happily bypass your isp's dns too	16:55
zul	piti: ill have a look	16:55
soren	superdump: If all you're ever going to do is simply dns caching, it doesn't really matter much. I think both bind and dnsmasq come preconfigured to do caching.	16:55
superdump	ok	16:55
superdump	then i just have to figure out how to get bind working :)	16:55
Deeps	apt-get install bind? heh	16:56
soren	Well, bind9, actually :)	16:56
Deeps	out of the box it pretty much does what you need	16:56
Deeps	well, yeah, i always forget that 9	16:56
superdump	yes, i read that it's supposed to	16:57
superdump	what should i have in resolv.conf on the server? just "nameserver 127.0.0.1"?	16:57
superdump	or also some public nameservers?	16:58
kirkland	zul: soren: I posted a pretty trivial debdiff that closes a KVM bug, https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/225260	16:59
uvirtbot`	Launchpad bug 225260 in kvm "control file description miss-leading" [Low,Confirmed]	16:59
kirkland	zul: soren: if one of you could sponsor that, i'd appreciate it	16:59
soren	I don't agree with the change, FWIW.	17:00
soren	The x86 architecture includes both x86 and x86-64.	17:00
psufan	well something is causing nano to spaz	17:02
psufan	dunno if it has to do with being over telnet to a virtual serial port on the blade or not	17:03
kirkland	soren: i understand that x86 includes x86_64, but it seems some users are confused	17:03
soren	kirkland: Also, kvm works on powerpc, s390 and ia64 now as well.	17:03
kirkland	soren: mark the bug as "Invalid" then, with your reason	17:03
kirkland	soren: that's a good point, i was wondering about	17:03
soren	kirkland: Well, we can certainly clarify the description somehow.	17:03
soren	Perhaps change it to "i386 and amd64" or "x86 (both 32 and 64 bit)"	17:03
kirkland	soren: shall i rework the text more generically?	17:03
soren	I think that's probably the best choice.	17:04
soren	I never liked the original description.	17:04
kirkland	soren: should i bother mentioning ppc or s390, since we don't really support those?	17:04
soren	kirkland: I don't think leaving them out and explicitly mentioning i386 and amd64 seems right. If you could come up with something more generic, that would be cool.	17:06
kirkland	soren: uno momento	17:06
Fenix\|work	Greetings and Salutations	17:09
Fenix\|work	I have a ufw question and legacy iptable rules	17:09
Fenix\|work	I'm going to add some prerouting rules to before.rules	17:10
Fenix\|work	I'm looking at the server guide but have a question	17:10
Fenix\|work	they show :POSTROUTING ACCEPT [0:0] then have their postrouting rules	17:10
Fenix\|work	would I use :PREROUTING ACCEPT [0:0] before placing my prerouting rules?	17:11
jdstrand	Fenix\|work: just put :PREROUTING ACCEPT [0:0] and :POSTROUTING ACCEPT [0:0] right next to each other, and first in the *nat table, then you can have the rules in any order after those two	17:12
jdstrand	s/right next to each other/one after the other/	17:12
kirkland	soren: http://pastebin.ubuntu.com/49347/	17:13
kirkland	soren: see if that looks any better to you	17:13
Fenix\|work	jdstrand, thanks	17:13
Fenix\|work	:)	17:13
jdstrand	np	17:13
soren	kirkland: Hmm... I kind of see your point about not mentioning the ones we don't support. We don't actually currently build the s390, ia64 and powerpc versions right now.	17:17
kirkland	soren: yeah, that's awkward, IMHO	17:17
soren	Yes, "currently right now".	17:17
Fenix\|work	jdstrand, you wouldn't happen to know which protocols/ports that squid can actively and safely cache would ya? :)	17:17
kirkland	soren: another option: http://pastebin.ubuntu.com/49349/	17:18
lukehasnoname	kirkland: editing the 8.10 server guide kvm section?	17:18
kirkland	lukehasnoname: no, kvm package description	17:18
jdstrand	Fenix\|work: it listens on 3128, by default IIRC it can cache for 80, 443 and ftp, but you'll likely need to check the docs for that (or at least squid.conf)	17:19
soren	kirkland: That works. Only problem is that we have to change it when we add the new architectures. meh, that's probably fine. Let's go with that.	17:19
Fenix\|work	jdstrand, yeah, I'm looking at the docs now	17:19
soren	kirkland: How about I give you a day or so to come up with more patches, so that we can batch them together?	17:19
kirkland	soren: Okay. I think that control file will be the least of our changes if/when we add s390 :-P	17:19
Fenix\|work	http/https, ftp, rsync, gopher, wais, http-mgmt, gss-http, filemaker, multiling http, cups, rsync, SWAT	17:19
kirkland	soren: that's perfectly fine	17:20
Fenix\|work	jdstrand, where does ufw log to?	17:26
jdstrand	kern.log	17:26
jdstrand	(it's just iptables logging)	17:27
jdstrand	sudo ufw logging on	17:27
Fenix\|work	that's already on	17:27
jdstrand	see 'man ufw' for details	17:27
Fenix\|work	any way to fine tune what gets logged?	17:27
Fenix\|work	my network generages a tonne of broadcast traffic, and it's a waste of log file to see it	17:28
jdstrand	Fenix\|work: not via the ufw command, no	17:28
jdstrand	Fenix\|work: you can add rules to /etc/ufw/after.rules if that makes sense for your environment	17:28
Fenix\|work	jdstrand, would -A ufw-after-input -m pkttype --pkt-type broadcast -j RETURN sufficient?	17:36
Fenix\|work	... perhaps adding multicast in there as well	17:36
jdstrand	Fenix\|work: there are example of using BROADCAST and MULTICAST in after.rules and before.rules	17:38
jdstrand	you might check there and 'man iptables' for what will be most appropriate for your environment	17:38
Fenix\|work	jdstrand, I didn't see any examples in my after.rules ... so I went IPTables style instead... I noticed the "don't log noisy services by default" used RETURN instead of DROP	17:39
kirkland	soren: I'm closing https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/89399 as "Wont Fix"	17:40
uvirtbot`	Launchpad bug 89399 in kvm "kvm update fails, if group "kvm" already exists and has non-system ID" [Undecided,Won't fix]	17:40
kirkland	soren: i added a note as to why... let me know if you disagree	17:40
Fenix\|work	but adding -A ufw-after-input -m pkttype --pkt-type broadcast -j RETURN eliminated broadcast from my log file	17:41
Fenix\|work	so I'll settle with that	17:41
jdstrand	Fenix\|work: that is simply to get out of the ufw-not-local chain and back into ufw-before-input for processing	17:41
jdstrand	Fenix\|work: that is likely what you want to do, as IIRC, you are using default ACCEPT	17:42
Fenix\|work	correct	17:42
jdstrand	so you avoid the 'BLOCK NOT-TO-ME' logging	17:42
Fenix\|work	so far working as expected	17:44
Fenix\|work	otherwide I'd drop it	17:44
Fenix\|work	time to test out my new gateway / proxy server	17:46
Fenix\|work	thanks jdstrand	17:46
soren	kirkland: Looks fine. Thanks.	17:47
kirkland	soren: zul was about to sponsor that description debdiff... did you want him to hold off on that?	17:48
soren	kirkland: I'm not really insistant either way.	17:50
kirkland	soren: regarding https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/193531, you were suggesting a README.PXE-boot since we don't have the source to a working PXE bios for an emulated card?	17:50
uvirtbot`	Launchpad bug 193531 in kvm "pxe booting not supported" [Undecided,Confirmed]	17:50
kirkland	soren: I can try to hack up that README and add it too, to close that bug, if you think that's sufficient	17:51
soren	kirkland: Oh, since then, I've added a new package called kvm-pxe which solves the problem.	17:51
kirkland	soren: ah, nice	17:51
kirkland	soren: i'll close that bug pointing to that package	17:51
zul	kirkland: soren gave his blessings on that bug?	17:55
kirkland	zul: he blessed the text, said he'd sponsor a stack of kvm changes in a few days, if i wanted, or you can do them incrementally	17:55
kirkland	zul: personally, i'd rather my changes sponsored incrementally if possible	17:56
kirkland	zul: i'm trying to reduce the kvm queue	17:56
zul	kirkland: okies	17:56
kirkland	soren: looking at https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/188878, do you mind if I add liw's kvm-ok shell script?	17:59
uvirtbot`	Launchpad bug 188878 in kvm "Utility to see if kvm acceleration can be used" [Undecided,New]	17:59
Fenix\|work	jdstrand, how do I open up ufw to allow everything	18:20
Fenix\|work	I appied ufw default accept and still it blocks	18:20
Fenix\|work	err allow	18:20
jdstrand	Fenix\|work: yes, you need to follow that with 'sudo ufw disable ; sudo ufw enable'	18:20
Fenix\|work	still is blocking	18:20
Fenix\|work	do I have to clean up the before and after rules?	18:21
jdstrand	Fenix\|work: you shouldn't with the defaults	18:22
jdstrand	of course you'll need to check anything added	18:22
jdstrand	by you	18:22
Fenix\|work	I only added *nat prerouting rules	18:22
Fenix\|work	I have a single homed box so I didn't add any forwarding/masquerading rules	18:22
zul	kirkland: lemme know which ones you want uploaded	18:23
Fenix\|work	(there's a COMMIT right after my prerouting rules... and nat is before filter	18:23
jdstrand	Fenix\|work: can you paste it somewhere?	18:23
kirkland	zul: the last debdiff in https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/225260	18:24
Fenix\|work	most definately	18:24
uvirtbot`	Launchpad bug 225260 in kvm "control file description miss-leading" [Low,In progress]	18:24
Fenix\|work	jdstrand, http://rafb.net/p/frMr8C26.html	18:27
zul	kirkland: done	18:28
lhnn	nothing like deleting one's /bin dir, eh?	18:28
kirkland	zul: sweet	18:28
kirkland	zul: i might have a few more coming today	18:28
zul	kirkland: lemme know so I can queue them up	18:28
kirkland	zul: no problemo!	18:28
jdstrand	Fenix\|work: the format looks fine (though you probably don't need the POSTROUTING line since you aren't doing that	18:29
Fenix\|work	jdstrand, my kern.log has the following for all gateway operations...	18:30
Fenix\|work	Sep 22 13:09:11 proxy kernel: [ 1213.921916] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:1f:29:0e:e9:48:00:0c:29:0c:75:ea:08:00 SRC=172.16.0.223 DST=172.16.0.4 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=762 DF PROTO=TCP SPT=49251 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0	18:30
jdstrand	Fenix\|work: one word of caution. because ufw doesn't manage these rules, it won't actually flush them when doing 'ufw disable' and the like	18:31
jdstrand	Fenix\|work: so if you want to start fresh, do 'iptables -F -t nat'	18:31
jdstrand	Fenix\|work: and you disabled and enabled?	18:32
Fenix\|work	yes	18:32
Fenix\|work	and rebooted a couple of times :)	18:32
Fenix\|work	I see the ufw-not-local DROPS all	18:33
jdstrand	Fenix\|work: can you access port 8000 directly? eg 'telnet proxy 8000'	18:34
psufan	where do I go	18:34
psufan	to browse updates released for a ubuntu version	18:34
jdstrand	Fenix\|work: or nmap -Po -p 8000 proxy	18:34
psufan	so I can check changelogs etc	18:34
Fenix\|work	jdstrand, the proxy works fine	18:34
Fenix\|work	it's when acting as gateway that doesn't	18:34
Fenix\|work	so bypassing the proxy	18:34
Fenix\|work	although kern.log says that all traffic destined to 8000 is blocked as well	18:35
Fenix\|work	UFW BLOCK INPUT	18:35
jdstrand	Fenix\|work: can you paste 'iptables -L -n -v' somewhere?	18:36
Fenix\|work	http://rafb.net/p/nw41S616.html	18:37
Fenix\|work	jdstrand, nmap says 8000 is http-alt	18:37
Fenix\|work	and it's open	18:37
jdstrand	Fenix\|work: and iptables -L -n -v -t nat	18:39
Fenix\|work	http://rafb.net/p/pCjaOf41.html	18:40
jdstrand	Fenix\|work: I feel silly. what you are seeing is from an unfinished item on the TODO list: "Default allow logging messages aren't correct in after*.rules"	18:43
jdstrand	Fenix\|work: is it actually blocking or just saying it is blocking, but everything works fine?	18:43
Fenix\|work	going to gmail.com fails	18:44
kirkland	zul: I just attached a debdiff to solve https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/188878 ... i'd be interested to know if soren is strongly against it	18:44
uvirtbot`	Launchpad bug 188878 in kvm "Utility to see if kvm acceleration can be used" [Wishlist,In progress]	18:44
kirkland	zul: assuming soren isn't -1 on it, i think it's ready to sponsor	18:44
Fenix\|work	jdstrand, and windows update isn't working either	18:45
jdstrand	Fenix\|work: so does this work:	18:47
jdstrand	http_proxy="http://proxy:8000" elinks -dump http://www.google.com	18:48
jdstrand	(assuming http://proxy:8000 is correct	18:48
zul	kirkland: cool	18:48
zul	lemme go check	18:48
jdstrand	Fenix\|work: you can check /var/log/squid/access.log on proxy to see if it is connected there	18:48
Fenix\|work	jdstrand, the proxy is working...	18:49
Fenix\|work	the box as a gateway isn't working properly	18:49
jdstrand	Fenix\|work: ok, then it is a problem with the redirection	18:49
Fenix\|work	what redirection?	18:49
zul	kirkland: little overkill me thinks but we'll see what soren says	18:49
Fenix\|work	if it isn't squid, it should go straight through	18:49
jdstrand	Fenix\|work: you are redirecting ports	18:49
Fenix\|work	no, only have one adapter	18:49
kirkland	zul: how so?	18:49
* jdstrand is confused		18:50
Fenix\|work	just redirecting 80/443 and 21	18:50
Fenix\|work	ok	18:50
Fenix\|work	I'm redirecting 80/443 and 21	18:50
Fenix\|work	they're fine	18:50
Fenix\|work	but when it's a non-squid port (ie, no redirection) its is failing	18:50
Fenix\|work	(like windows update for instance)	18:50
zul	kirkland: its just easier to put it in the init script I agree with soren on that one	18:50
Fenix\|work	jdstrand, I've tried to set up this box as a transparent proxy	18:51
jdstrand	Fenix\|work: what is the network topology for the affected systems?	18:51
Fenix\|work	I'm replacing my default gateway with this box	18:52
Kapli	Hello	18:52
Fenix\|work	jdstrand, star	18:52
kirkland	zul: okay, if you think so, then close the bug as a "Wont Fix" with your justification. i thought the binary was small, simple, and correct enough to just drop in place for anyone who might find it useful.	18:52
Fenix\|work	1000-BaseT	18:52
zul	kirkland: i think soren should have the last word though	18:53
Kapli	I have a problem, my server was working fine until today when i rebooted it using the command reboot, when it came back up i couldnt connect to it through the outside and i couldnt connect to it any way and now i try to type ifconfig but nothing shows up	18:53
kirkland	zul: true.	18:53
zul	kirkland: soren will turn green with rage if we did that ;)	18:53
zul	hulk...smash..	18:54
kirkland	zul: did what? applied that patch? or closed "Wont Fix"?	18:54
zul	applied the patch	18:54
kirkland	zul: k	18:54
kirkland	zul: well, i kinda noted that soren should probably look at that one first ;-)	18:54
zul	yep I agreee :)	18:54
kirkland	zul: i mean, the patch "solves the bug", but soren should probably decide if the bug is valid or not	18:55
trashguy	Kapli, did u try enabling the device?	18:55
zul	kirkland: of course	18:55
Kapli	enabling what device?	18:55
jdstrand	Fenix\|work: so the ufw firewall that I have been looking at is on a different machine than the squid proxy?	18:55
trashguy	Kapli, liek ifconfig eth0 up	18:56
trashguy	or whatever its labeled as	18:56
Kapli	i dont really understand whats going on now because i type ifconfig and nothign shows up usually it would show up loads of info	18:56
trashguy	no loopback?	18:56
Kapli	no it doesnt say the ip and the mac address and stuff	18:56
Kapli	it just goes back to the stuff	18:57
Kapli	it doesnt even say wrong command	18:57
Kapli	be right back	18:58
Fenix\|work	jdstrand, same machine	18:59
Fenix\|work	without ufw running and iptables set manually, everything works	19:00
Fenix\|work	(after clearing iptables)	19:00
jdstrand	Fenix\|work: can you give me all the commands you used for getting it to work outside of iptables?	19:01
Fenix\|work	sure	19:01
jdstrand	Fenix\|work: (just paste them)	19:01
Fenix\|work	ok	19:01
Kapli	trashguy, ifconfig eth0 up	19:04
Kapli	didnt work either	19:04
Kapli	the command just doesnt give any result, doesnt even say wrong command or anything	19:04
Ali_ix	Kapli: try: sudo ifconfig -a	19:05
trashguy	heh, me runs as root forgets that stuff rawr	19:06
Kapli	is there any other command	19:07
Kapli	to check internal ip	19:07
trashguy	what does sudo /etc/init.d/networking restart	19:07
trashguy	say	19:08
Kapli	sec, u see im on the phone with my dad hes the one typing the commands since im not at the server location hehe	19:08
trashguy	brutal	19:08
trashguy	IP kvm is handy now and then ^^	19:08
Fenix\|work	jdstrand, http://rafb.net/p/7j9FVs51.html	19:09
Kapli	what is IP kvm	19:10
trashguy	Keyboard video mouse i think	19:10
trashguy	KVM switch	19:10
trashguy	but works over ip	19:10
trashguy	essentially works like you are at the local machine	19:11
Kapli	huh	19:11
Kapli	:S	19:11
Kapli	dont understand	19:11
Kapli	anyways he typed ifconfig -a	19:11
Kapli	nothing happened	19:11
Kapli	and he also typed /etc/init.d/networking restart	19:11
trashguy	what kind of server hardware?	19:11
frith	hi, I've been setting up the ldap replication, however i have found a weird bug, if i delete or create an object the local cn=admin user get deleted	19:12
Kapli	it worked then went back to normal and he typed ifconfig again afterwards still no response	19:12
Kapli	well this is just so confusing ive never had this problem before	19:12
trashguy	shit happens when you party naked	19:12
trashguy	murphys law	19:12
Kapli	i was at school connected through ssh changed some ssh settings and wrote reboot, it came back up but net doesnt seem to be working ...	19:12
trashguy	could be coincidence with some sort of hardware failure	19:13
Kapli	god damnit now is the worst time	19:14
Kapli	but there isnt any other command than ifconfig to check ip	19:14
jdstrand	Fenix\|work: I'll look at it and see what the problem is	19:14
trashguy	Kapli, have him do a lspci	19:15
trashguy	see if he sees any ethernet controller	19:15
Kapli	is that a command?	19:15
trashguy	lspci	19:16
Kapli	omg he wrote "if config" now he doesnt know where he is	19:17
trashguy	u can do it anywhere	19:17
trashguy	lspci	19:17
trashguy	hit enter a few time space out the prompts	19:17
Kapli	it says command not found he says :S	19:22
trashguy	lspci	19:22
trashguy	What ver are you running?	19:22
Kapli	ubuntu server	19:23
Kapli	the latest	19:23
trashguy	hrm	19:23
Kapli	however he says lsusb worked	19:23
trashguy	might help if ur ethernert controller was usb :/	19:24
Kapli	its not :/	19:24
Kapli	well how come lspci is giving command not found :S	19:24
trashguy	i have no idea	19:25
trashguy	maybe your path is fucked?	19:26
trashguy	try /bin/lspci	19:26
trashguy	lol	19:26
trashguy	but that would make no sense	19:26
Kapli	no such file or directory	19:27
trashguy	lol	19:27
trashguy	/usr/bin/lspci	19:28
Kapli	same error	19:29
Kapli	:S	19:29
trashguy	i dunno what to say man	19:29
trashguy	did the server not boot up correctly?	19:29
Kapli	i dont know	19:30
Kapli	how can i know if it starts up correctly or not	19:30
Kapli	look for errors in the startup?	19:30
trashguy	lokoa orund in /var/log	19:30
Kapli	too difficult i think	19:31
Kapli	since im on phone and i cant see it and stuff and my dads english = shit	19:31
trashguy	couldalso look at dmesg	19:32
trashguy	see if you see anything for your nic	19:33
Kapli	what do u mean by my nic	19:35
trashguy	network interface card	19:35
Kapli	he cant find anything with network in there, i think my network card name is SiS something.. but he cant find anything by it	19:38
trashguy	maybe go in tot he bios and see if it got disabled or something :/	19:39
Kapli	how	19:39
Kapli	i dont understand how a reboot made all this trouble :S	19:39
Kapli	but considering that ifconfig	19:40
Kapli	doesnt return anything	19:40
Kapli	at all	19:40
Kapli	what does it indicate	19:40
trashguy	something is wrong lol	19:40
Kapli	but what is wrong	19:40
Kapli	or wrong with what	19:40
Kapli	the network card?	19:40
trashguy	is it an onboard?	19:40
Kapli	i think so yes	19:41
trashguy	go in to bios and see if its enabled	19:41
Kapli	oh i see	19:41
Kapli	hm he says that behind the computer	19:41
Kapli	where the network cable is plugged in	19:41
Kapli	the light is yellow	19:41
Kapli	isnt it usually green	19:41
Kapli	or no maybe its supposed to be yellow i dont know	19:41
trashguy	i dunno	19:43
jdstrand	Fenix\|work: can you try:	19:49
jdstrand	http_proxy="http://proxy:80" elinks -dump http://www.google.com	19:49
jdstrand	Fenix\|work: basically, I took a stock ufw installation running only ssh, and did:	19:51
jdstrand	*nat	19:52
jdstrand	:PREROUTING ACCEPT [0:0]	19:52
jdstrand	-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 22	19:52
jdstrand	COMMIT	19:52
jdstrand	in /etc/ufw/before.rules, then did 'ufw default allow; ufw disable ; ufw enable'	19:52
jdstrand	and could then successfully 'ssh -p 80 host'	19:52
jdstrand	where 'host' is my virtual machine	19:53
jdstrand	Fenix\|work: yes, the logging still shows 'UFW BLOCK INPUT', which is because of the TODO item I mentioned earlier (I'll file a bug btw)	19:53
jdstrand	but it all actually works	19:53
Fenix\|work	I've been doing some testing as well, and yes it all works	19:56
Fenix\|work	now my only problem is squid handling windows update requests	19:56
Fenix\|work	which I think I just fixed	19:57
Kapli	trashguy he says theres some weird errors or sometihng on startup it says something eth0 then rs packet error something	19:58
Kapli	something loads of weird stuff	19:58
Kapli	think it might be something?	19:58
trashguy	yes	19:59
Kapli	im afraid what us aid at the beginning might be right	20:01
Kapli	i restarted it and the network card or the pc or whatever some of the hardware is malfunctioning	20:01
Kapli	i guess ill have to buy a new server	20:02
slicslak__	i need to add a second ip address. i'm assuming editing /etc/network/interfaces and restarting networking is still the way to go?	20:02
Kapli	the one i use is just my old computer its like 6 years old	20:02
trashguy	consumer hardware is known to fail	20:03
trashguy	you might be able to get by adding a pci ethernet controller	20:03
Kapli	i will try	20:03
Kapli	with another network card	20:03
Kapli	but how do i go forward with that	20:03
Kapli	add it and what to do	20:03
trashguy	id disable	20:03
trashguy	the onbaord in the bios	20:03
Kapli	like how to install drivers and stuff	20:03
trashguy	typically the autodetect	20:04
trashguy	especially if its an intel	20:04
Kapli	its asus	20:04
trashguy	https://wiki.ubuntu.com/HardwareSupportComponentsWiredNetworkCards	20:05
Kapli	asus isnt there :/	20:07
trashguy	prob dif chipset?	20:07
trashguy	just liek asus makes	20:08
trashguy	nvidia stuff	20:08
Kapli	i dont know	20:08
Kapli	its a ASUS Wireless PCI Card 11b/g Retail (WL-138g V2) i have that i can try on it	20:09
trashguy	...	20:09
trashguy	oh	20:09
trashguy	wireless	20:09
Kapli	well i dont need to use the wireless do i	20:09
trashguy	https://help.ubuntu.com/community/WifiDocs/WirelessCardsSupported	20:10
Kapli	haha, my card is actually there	20:10
Kapli	well whatever im so confused at the moment	20:10
Kapli	ill postpone it until i go there myself and can look into it myself	20:11
trashguy	i dont generally use wireless for anything but laptops and smart devices	20:11
Kapli	thanks for all the help	20:11
trashguy	np	20:11
Kapli	i will be back when im there :D	20:11
Kapli	have been thinking about buying a proper server from like dell or something anyway	20:11
Kapli	only thing is that ill have to do all the install and config and shit again :(	20:11
Kapli	anyways bye bye :)	20:12
trashguy	i dont think he knew what nic ment	20:12
Fenix\|work	jdstrand, ftp doesn't seem to be working	20:17
jdstrand	Fenix\|work: ftp will likely be problematic due to how it uses ports	20:18
jdstrand	Fenix\|work: I don't have the fix for it, but imagine passive connections are the way to go	20:18
Fenix\|work	jdstrand, understandable... but if the firewall should be blocking nothing.	20:18
jdstrand	Fenix\|work: check the squid docs for transparent ftp (I'm not totally sure it's possible)	20:19
Fenix\|work	I'm avoiding squid and FTP	20:19
Fenix\|work	not really worth the effor	20:19
Fenix\|work	t	20:19
jdstrand	Fenix\|work: you had 21 redirected in one of your earlier pastes	20:20
Fenix\|work	D'oh	20:20
Fenix\|work	how can I use ufw to find out which ports are disabled?	20:20
jdstrand	Fenix\|work: which ports are disabled?	20:20
Fenix\|work	how do I find out which ones are disabled	20:21
Fenix\|work	besides ufw allow 21	20:21
Fenix\|work	etc	20:21
jdstrand	ufw status	20:21
jdstrand	'man ufw'	20:21
Fenix\|work	Firewall loaded	20:21
jdstrand	Fenix\|work: but that only works for ufw managed ports	20:21
jdstrand	Fenix\|work: right now, you'll have to do iptables -L -n...	20:21
jdstrand	to see all the stuff you added in before.rules	20:22
jdstrand	(this is also documented in the man page)	20:22
Fenix\|work	jdstrand, ugh... I've fubar'ed this. :(	20:56
Fenix\|work	ufw isn't working as a gateway	20:57
Fenix\|work	I removed everything and now have a stock ufw and it isn't working	20:57
Fenix\|work	I'm reading the ufw serverguide ... makes the assumption that it's multi-nic	20:58
frith	why is it now the default not to send the hostname in dhclient?	21:09
=== Nicol is now known as NicolAnEt
kirkland	mathiaz: jdstrand: I see both of you commented on https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/219326	22:11
uvirtbot`	Launchpad bug 219326 in kvm "a reboot issued from the guest shutdowns the guest instead of rebooting it" [Undecided,Confirmed]	22:11
kirkland	mathiaz: jdstrand: can either of you reproduce this?	22:11
kirkland	mathiaz: jdstrand: I'm doing some kvm housecleaning of bugs, and I suspect this one has been fixed	22:11
mathiaz	kirkland: looking at it	22:25
mathiaz	kirkland: FYI I still have a hardy host	22:26
kirkland	mathiaz: cool! i'm copying over my image to a hardy machine i have now	22:26
mathiaz	kirkland: you have to systems - one running intrepid as a kvm host and one running hardy as a kvm host ?	22:39
nxvl	mathiaz: to or two?	22:39
kirkland	mathiaz: i've tested hardy-guest on intrepid-host, reboot works fine	22:39
kirkland	mathiaz: i'm now scp'ing the hardy.img guest over to my hardy-host	22:40
mathiaz	kirkland: nxvl: 2	22:40
kirkland	mathiaz: as soon as that scp completes, i'll test there too	22:40
kirkland	mathiaz: if that works, i'm going to close the bug with 'Fix Released', unless someone else can reproduce the problem	22:40
mathiaz	kirkland: hmm - I cannot reproduce it for now.	22:44
kirkland	mathiaz: you booted what kind of guest in a hardy host?	22:44
mathiaz	kirkland: however my current setup is slightly different as I'm not using a bridged network	22:44
mathiaz	kirkland: hardy guest on a hardy host	22:44
kirkland	mathiaz: i can't imagine bridged network would cause reboot to shutdown	22:45
mathiaz	kirkland: using a logical volume with an ide bus	22:45
mathiaz	kirkland: well - IIRC it was the kvm process that was crashing on the host	22:45
kirkland	mathiaz: ah	22:45
mathiaz	kirkland: so anything could trigger this crash.	22:45
kirkland	mathiaz: okay	22:45
mathiaz	kirkland: OTOH a couple of things have changed since then - a new hardy kernel	22:46
kirkland	yeah	22:46
mathiaz	kirkland: the kernel guest may not be crashing the kvm host process anymore	22:46
kirkland	mathiaz: right. it seems that's worthy of re-testing	22:47
=== ajmitch_ is now known as ajmitch
mathiaz	kirkland: hm - I wasn't able to reproduce that bug.	22:50
mathiaz	kirkland: you can mark it Fix Released AFAICT	22:50
kirkland	mathiaz: cool, thanks.	22:51
kirkland	mathiaz: i couldn't reproduce it on hardy either	22:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!