[00:51] <xiownthisplacex> hi all
[00:51] <xiownthisplacex> i have installed ubuntu 8.04 on a server, can i fxp on port 22? i've tried it and it doesn't work, do i need to config something? or do i need to install like glftpd?
[01:44] <vk5foss> xiownthisplacex: can you what on 22?
[01:53] <xiownthisplacex> i want to fxp from 2 servers that i have
[01:54] <vk5foss> fxp?
[01:55] <xiownthisplacex> yea, you know like, flashfxp
[01:55] <xiownthisplacex> site-to-site transfer
[01:59] <vk5foss> nope, never heard of it before. (might hae heard of it actually, certainly never used it)
[02:01] <PanzerMKZ> vk5foss it is ftp between two ftp servers not having the data pass thru the controller machine
[02:04] <vk5foss> PanzerMKZ: ah
[02:05] <vk5foss> xiownthisplacex: dare i ask why you want to run it on port 22?
[02:05] <xiownthisplacex> so i dont have to install a ftp server like proftd or glftpd
[02:06] <vk5foss> ... is your question "can i copy files between two hosts directly over ssh" ?
[03:42] <Level15> Hi: WHere can I suggest something to be added to Ubuntu server?
[03:45] <dendrobates> Level15:  the mailing list, or here during the week.
[04:10] <lukehasnoname> someone want to do a quick favor?
[05:47] <Emmett> We changed the server IP of an ubuntu server install. ssh'ed into the machine, no problem. But now it's locking out ssh attempts when it worked fine minutes ago.
[05:48] <Emmett> Someone just got in, ran an ls and it disconnected them.
[05:49] <Emmett> Any ideas?
[05:49] <azteech> reboot it and see if you can get back in?
[05:50] <Emmett> it's at a data center.
[05:50] <kgoetz> Emmett: are you using firewalling?
[05:51] <Emmett> no
[05:58] <nxvl> Emmett: check if you have ufw blocking stuff
[05:58] <nxvl> Emmett: it might be the problem
[05:59] <Emmett> nope.
[06:02] <nxvl> Emmett: are you sure? it's installed by default
[06:03] <Emmett> really?
[06:03] <Emmett> since I only have a minute on it, what are the chances that I could just
[06:03] <Emmett> sudo ufw disable
[06:04] <Emmett> and hit enter?
[06:04] <Emmett> would that kill it all immediately?
[06:06] <RoAkSoAx> Emmett, it's supposed to
[06:06] <nxvl> you can do "ssh $host $command"
[06:07] <Emmett> can I ps -ef | grep ufw to see if it's running anywhere?
[06:07] <Emmett> like, what daemon does it run?
[06:08] <nxvl> ufw status
[06:09] <Emmett> I only have a second, I don't have time for that
[06:09]  * ajmitch_ wonders if it's as simple as an address collision
[06:09] <nxvl> ssh $host sudo ufw status
[06:21] <twb> Is it a bad idea (or even impossible) to include masquerading and other NAT chains and rules in /var/lib/ufw?
[06:21] <RudyValencia> Hi, I'm trying to setup a Postfix service on my server, for sending out notifications from PHP. How do I configure it in the menus?
[06:22] <twb> RudyValencia: if it's just going to send mail to a "real" mail server, you want the "satellite" option
[06:22] <RudyValencia> twb: I'm setting it up to send out things like password reset, confirm account creation, etc. mails.
[06:23] <RudyValencia> PHP mail(), basically.
[06:23] <twb> I realize that.
[06:23] <RudyValencia> It's basically going to send it directly to the other MX for delivery to the user.
[06:24] <RudyValencia> Would it be a "Satellite system" then?
[06:24] <twb> RudyValencia: that's what I said.
[06:24] <RudyValencia> OK
[06:26] <RudyValencia> I think I may have it
[07:33] <soren> NCommander: hm?
[08:08] <ghaleb__> hello, I'm trying to get freeradius source, I get this problem E: Could not open file /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_hardy-security_main_source_Sources - open (2 No such file or directory)
[08:13] <scuser> hi all, I'm using ubuntu 8.04 and installed kerberos according to this tutorial http://doc.ubuntu.com/ubuntu/serverguide/C/kerberos.html, but when I type kinit I receive no tickets, can anyone help me with that ?
[08:32] <scuser> hi all, does this message mean that I have a ticket or not http://paste.ubuntu.com/49208/ ?
[08:38] <twb> krbtgt/SC.BIBALEX.ORG@SC.BIBALEX.ORG is your ticket
[08:38] <twb> Try #kerberos (#krb?)
[08:38] <twb> scuser: so you have a TGT, but no other tickets (e.g. an NFS-specific ticket)
[08:40] <scuser> twb: I'm new to kerberos, so what does this mean ?
[08:41] <twb> scuser: #kerberos is an IRC channel.
[08:41] <scuser> twb: ok thanks :)
[09:42] <Chipzz> scuser: first thing you have to check when you have problems with kerberos is, like btw any document on kerberos will tell you, if you have a working DNS setup, both forward and reverse DNS
[10:11] <uvirtbot`> New bug: #273043 in apache2 (main) "/etc/init.d/apache2 routinely prints to stderr if few modules are enabled, causing logrotate to spam in cron" [Undecided,New] https://launchpad.net/bugs/273043
[10:23] <ghaleb_> hello, is there an alternative for freeradius in for EAP wireless authentication ?
[10:38] <twb> Is there a way to list existing ufw rules in "ufw format", as opposed to the raw iptables-save format?
[10:41] <kraut> moin
[10:42] <henkjan> twb: sudo ufw status
[10:43] <twb> henkjan: oh!  That outputs useful information only if the thing is actually enabled
[10:43] <twb> henkjan: thanks
[10:44] <twb> How does it decide whether to be -p tcp, -p udp or both?
[10:44] <twb> Does it just say "well, for 'ufw add www' there's a www entry for both in /etc/services" ?
[10:47] <henkjan> hmm, don't know if it gets the names from /etc/services
[10:49] <henkjan> looks like it does
[10:49] <scuser> hi all, can anyone tell me how to use .k5login to login without password ?
[10:50] <henkjan> twb: newer ufw in intrepid add support for application profiles
[10:51] <henkjan> twb: see http://ubuntuserver.wordpress.com/ and search for ufw package integration
[10:52] <henkjan> twb: also check http://doc.ubuntu.com/ubuntu/serverguide/C/firewall.html for the updated ufw documentation
[10:52] <twb> henkjan: I asked because on Hardy I did "ufw add smtp" and "ufw add www"; and I got the following rules:
[10:53] <twb> tcp 25; tcp 80; udp 80
[10:53] <henkjan> twb:
[10:53] <twb> ...I was weirded out that it added UDP only for www.
[10:53] <henkjan> If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.
[10:53] <twb> henkjan: yeah, I realize that.
[10:54] <twb> henkjan: I'm trying to understand how it decides which protocol(s) to add if you don't specify any.
[10:55] <twb> Ooh, a bug.
[10:55] <twb> http://hpaste.org/10596
[10:56] <twb> Yeah, it does a different thing if you "add 25" to if you "add smtp".
[10:56] <twb> The latter only adds TCP, not UDP.
[10:57] <twb> It also doesn't understand "ufw add 25/icmp", which I just tried for kicks.
[11:21] <scuser> hi all, can anyone tell me how to use .k5login to login without password ?
[12:13] <papyromancer> I've gone through the goog and the book, but I'm having trouble getting outside network access to this samba share (local subnet access is great) there's no firewall installed (it think) on this (ubuntu) system, router is setup to DMZ to this server. I can ssh from client to server and vice versa. I try the 'echo "hello" telnet xxx.xxx.xxx.xxx 139' to the server from the client and get "telnet: Unable to connect to remote host: Connection tim
[12:19] <ropetin> papyromancer: Are you sure your ISP is allowing 139 through?  I know a lot of residential ISPs will block it for security reasons
[12:19] <ropetin> I wouldn't be surprised if business class ones do too.  I can't see any immediate reason why one would want an Internet available samba share
[12:20] <papyromancer> ropetin: I am business class... Let me call them up
[12:21] <papyromancer> hang on ;)
[12:21] <ropetin> OK :D
[13:07] <papyromancer> ropetin: comcast blocks those ports system wide at the request of homeland security and cannot unblock them... LOL .... time to build an ssh tunnel from my ec2 instance :D
[13:11] <Deeps> might i recommend a vpn instead
[13:11] <ropetin> papyromancer: yeah, as I thought.  I'd go with Deeps suggestion if it really has to be a samba share
[13:12] <Deeps> or infact, anything not tcp based unless you absolutely have to
[13:12] <papyromancer> Deeps: I'm going with the tunnel :)
[13:13] <ropetin> OpenVPN is so easy (relatively) to get running, I'd highly recommend it
[13:13] <Deeps> papyromancer: up to you, but tunnelling anything over tcp is best avoided unless absolutely necessary
[13:13] <papyromancer> Deeps: Why do you say so?
[13:13] <Deeps> due to the nature of how tcp works - it's a "reliable" protocol
[13:14] <Deeps> if a packet gets lost, it rerequests it
[13:14] <papyromancer> Deeps: So service will be spotty?
[13:14] <papyromancer> and slow?
[13:14] <Deeps> in the mean time, your protocol that your tunnelling might also have error handling too, at which point that also rerequests over the tunnel
[13:15] <Deeps> so you get a fair bit of duplication and unnecessary slowdown
[13:17] <papyromancer> Deeps: I'm still gonna go for it, I'm stubborn
[13:17] <papyromancer> Started a forum thread: http://ubuntuforums.org/showthread.php?p=5833814#post5833814
[13:18] <papyromancer> I'll let you know how it goes.  And thanks for the advice :)
[13:18] <Deeps> alrighty
[13:18] <Deeps> gl, enjoy
[13:26] <uvirtbot`> New bug: #273099 in net-snmp (main) "No debug symbols package for net-snmp" [Undecided,New] https://launchpad.net/bugs/273099
[13:30] <NCommander> soren, you are now running pinkie if your fully up to date
[13:31] <soren> I believe I am.
[13:32] <soren> -> #xubuntu-devel
[14:03] <psufan> hey
[14:03] <psufan> how do I compile newer 2.6.2x kernels on ubuntu 6.06lts if it's even possible, last time I tried it broke the system
[14:10] <henkjan> psufan: why do you want to compile your own kernel?
[14:11] <psufan> because 2.6.15 has a nfs crash and burn bug and the nit wit developers don't feel it warrents a patch
[14:18] <henkjan> psufan: any option to upgrade to the next lts (8.04) ?
[14:18] <psufan> not unless vmware server 1.x is supported on top
[14:18] <psufan> or I woul dhave dumped 6.66 already
[14:50] <slicslak__> how do i add a superuser (on the cli)?  is there a special command?  or just useradd and then add that user to a bunch of groups?
[14:50] <soren> slicslak__: Just the "admin" grop.
[14:50] <soren> group, even.
[14:51] <slicslak__> soren, great thanks
[14:53] <Chipzz> henkjan: just ignore psufan - iirc, he came insulting the developers on #ubuntu-dev a couple of weeks ago
[14:54]  * soren greps irclogs
[14:54] <Chipzz> soren: not 100% sure, but the name rings a bell and his behaviour matches
[14:55] <Chipzz> also the "6.66" was something I recall from then
[14:55] <Chipzz> or something along those lines
[14:57] <soren> Chipzz: Yeah, just found it. *shrug*
[14:58] <henkjan> Chipzz: ah, okay
[14:58] <nxvl> morging
[15:04] <slicslak__> soren, if i want the user to have their own group, do i need to create that group first?   useradd doesn't seem to have that option.
[15:04] <slicslak__> right now i have:  useradd -G admin -m name
[15:04] <soren> Use adduser instead.
[15:05] <soren> I'm not sure about useradd, but I know that adduser creates a group for each user.
[15:10] <slicslak__> soren, right, thanks
[15:18] <nxvl> kirkland: ping
[15:22] <piti> hi. I'm experiencing some trouble with libpam-chroot. I'm experiencing the same kind of problem than https://answers.launchpad.net/ubuntu/+question/33707
[15:22] <kirkland> nxvl: pong
[15:22] <piti> must I use the patch proposed ? why there isn't an update on the package ?
[15:23] <nxvl> kirkland: is it normal that my desktop show a "Private" icon?
[15:23] <nxvl> kirkland: i mean, i have an icon of a mounted drive called "Private" that calls to my Private crypted forlder
[15:23] <nxvl> kirkland: as if it were a flash drive or something
[15:23] <kirkland> nxvl: right, that's because "Private" is mounted
[15:24] <kirkland> nxvl: from a command line, run "mount"
[15:24] <nxvl> yup, that i know, but /home is also mounted and doesn't appear in there
[15:25] <nxvl> kirkland: because to have such an icon will be the first things people ask "why you have that, what you have inthere" and such stuff
[15:26] <nxvl> kirkland: so it will only raise and interest of other people (maybe system users) on try to break it
[15:30] <kirkland> nxvl: okay.
[16:30] <zul> mathiaz: does the patch to #273043 look reasonable to you it does to me
[16:30] <mathiaz> bug #273043
[16:30] <uvirtbot`> Launchpad bug 273043 in apache2 "/etc/init.d/apache2 routinely prints to stderr if few modules are enabled, causing logrotate to spam in cron" [Undecided,New] https://launchpad.net/bugs/273043
[16:34] <mathiaz> zul: seems like a good patch
[16:36] <zul> thats what I thought but I can see why you want those error messages to cron
[16:38] <piti> Hi I'm experimenting a trouble with libpam_chroot : I want to chroot someone from ssh, but when I login, I have the welcome message, but imediatly put me out. on the log side, I founded : http://pastebin.com/m7b33ccfb , and possibly a bugreport which may be linked (https://answers.launchpad.net/ubuntu/+question/33707 )
[16:38] <piti> the same config worked with gutsy, but no longer with hardy. is it a regression ?
[16:40] <psufan> how do I find out if a kernel update for 6.06lts includes the nfs crash and burn bug and root hole fix
[16:41] <zul> mathiaz: its for hardy by the looks of it
[16:41] <mathiaz> psufan: do you have a CVE number ?
[16:42] <mathiaz> zul: hm - it's probably won't qualify for a SRU.
[16:42] <psufan> hang on
[16:42] <psufan> this is what I have
[16:42] <psufan> https://lists.ubuntu.com/archives/dapper-changes/2008-June/012713.html
[16:43] <zul> mathiaz: probably not
[16:46] <psufan> hmm
[16:46] <psufan> box is still only at -51
[16:49] <zul> piti: it looks like it to me
[16:50] <psufan> also
[16:50] <psufan> what the HELL is with nano in 6.06.2 lts
[16:50] <psufan> if you hit enter to start a new blank line it suddentely smashes all the lines together
[16:50] <psufan> this has almost driven me to sucide
[16:51] <soren> psufan: Nano hasn't been touched in dapper.
[16:52] <piti> zul: I also found a package on that page : https://bugs.launchpad.net/ubuntu/hardy/+source/libpam-chroot/+bug/237308 . I'm trying it, but shouldn't it be on a repository ? (like -update or -security)
[16:52] <uvirtbot`> Launchpad bug 237308 in libpam-chroot "libpam-chroot broken" [Undecided,Confirmed]
[16:52] <soren> It's the exact same as it was when Dapper was first released.
[16:52] <superdump> hello
[16:52] <superdump> is it reasonable to ask about caching dns server stuff here?
[16:53] <zul> piti: its definently a SRU imho
[16:53] <soren> superdump: Probably :)
[16:54] <superdump> i'm looking to set up caching dns on a server on my lan and use that for internet dns lookups
[16:54] <superdump> rather than always using my isp/opendns
[16:54] <superdump> especially as sometimes they seem intermittent
[16:54] <piti> zul: what do you mean by SRU ?
[16:54] <superdump> firstly, what dns server would people recommend for a caching dns server?
[16:54] <superdump> i saw something about pdnsd but i was expecting that bind would do it
[16:55] <zul> piti: it should be in -updates
[16:55] <superdump> i haven't used a dns server before, but once i know what is recommended, i'll have a look around and try to get it working
[16:55] <Deeps> bind would do the job, and could happily bypass your isp's dns too
[16:55] <zul> piti: ill have a look
[16:55] <soren> superdump: If all you're ever going to do is simply dns caching, it doesn't really matter much. I think both bind and dnsmasq come preconfigured to do caching.
[16:55] <superdump> ok
[16:55] <superdump> then i just have to figure out how to get bind working :)
[16:56] <Deeps> apt-get install bind? heh
[16:56] <soren> Well, bind9, actually :)
[16:56] <Deeps> out of the box it pretty much does what you need
[16:56] <Deeps> well, yeah, i always forget that 9
[16:57] <superdump> yes, i read that it's supposed to
[16:57] <superdump> what should i have in resolv.conf on the server? just "nameserver 127.0.0.1"?
[16:58] <superdump> or also some public nameservers?
[16:59] <kirkland> zul: soren: I posted a pretty trivial debdiff that closes a KVM bug, https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/225260
[16:59] <uvirtbot`> Launchpad bug 225260 in kvm "control file description miss-leading" [Low,Confirmed]
[16:59] <kirkland> zul: soren: if one of you could sponsor that, i'd appreciate it
[17:00] <soren> I don't agree with the change, FWIW.
[17:00] <soren> The x86 architecture includes both x86 and x86-64.
[17:02] <psufan> well something is causing nano to spaz
[17:03] <psufan> dunno if it has to do with being over telnet to a virtual serial port on the blade or not
[17:03] <kirkland> soren: i understand that x86 includes x86_64, but it seems some users are confused
[17:03] <soren> kirkland: Also, kvm works on powerpc, s390 and ia64 now as well.
[17:03] <kirkland> soren: mark the bug as "Invalid" then, with your reason
[17:03] <kirkland> soren: that's a good point, i was wondering about
[17:03] <soren> kirkland: Well, we can certainly clarify the description somehow.
[17:03] <soren> Perhaps change it to "i386 and amd64" or "x86 (both 32 and 64 bit)"
[17:03] <kirkland> soren: shall i rework the text more generically?
[17:04] <soren> I think that's probably the best choice.
[17:04] <soren> I never liked the original description.
[17:04] <kirkland> soren: should i bother mentioning ppc or s390, since we don't really support those?
[17:06] <soren> kirkland: I don't think leaving them out and explicitly mentioning i386 and amd64 seems right.  If you could come up with something more generic, that would be cool.
[17:06] <kirkland> soren: uno momento
[17:09] <Fenix|work> Greetings and Salutations
[17:09] <Fenix|work> I have a ufw question and legacy iptable rules
[17:10] <Fenix|work> I'm going to add some prerouting rules to before.rules
[17:10] <Fenix|work> I'm looking at the server guide but have a question
[17:10] <Fenix|work> they show :POSTROUTING ACCEPT [0:0] then have their postrouting rules
[17:11] <Fenix|work> would I use :PREROUTING ACCEPT [0:0] before placing my prerouting rules?
[17:12] <jdstrand> Fenix|work: just put :PREROUTING ACCEPT [0:0] and :POSTROUTING ACCEPT [0:0] right next to each other, and first in the *nat table, then you can have the rules in any order after those two
[17:12] <jdstrand> s/right next to each other/one after the other/
[17:13] <kirkland> soren: http://pastebin.ubuntu.com/49347/
[17:13] <kirkland> soren: see if that looks any better to you
[17:13] <Fenix|work> jdstrand, thanks
[17:13] <Fenix|work> :)
[17:13] <jdstrand> np
[17:17] <soren> kirkland: Hmm... I kind of see your point about not mentioning the ones we don't support. We don't actually currently build the s390, ia64 and powerpc versions right now.
[17:17] <kirkland> soren: yeah, that's awkward, IMHO
[17:17] <soren> Yes, "currently right now".
[17:17] <Fenix|work> jdstrand, you wouldn't happen to know which protocols/ports that squid can actively and safely cache would ya? :)
[17:18] <kirkland> soren: another option: http://pastebin.ubuntu.com/49349/
[17:18] <lukehasnoname> kirkland: editing the 8.10 server guide kvm section?
[17:18] <kirkland> lukehasnoname: no, kvm package description
[17:19] <jdstrand> Fenix|work: it listens on 3128, by default IIRC it can cache for 80, 443 and ftp, but you'll likely need to check the docs for that (or at least squid.conf)
[17:19] <soren> kirkland: That works. Only problem is that we have to change it when we add the new architectures. meh, that's probably fine. Let's go with that.
[17:19] <Fenix|work> jdstrand, yeah, I'm looking at the docs now
[17:19] <soren> kirkland: How about I give you a day or so to come up with more patches, so that we can batch them together?
[17:19] <kirkland> soren: Okay.  I think that control file will be the least of our changes if/when we add s390 :-P
[17:19] <Fenix|work> http/https, ftp, rsync, gopher, wais, http-mgmt, gss-http, filemaker, multiling http, cups, rsync, SWAT
[17:20] <kirkland> soren: that's perfectly fine
[17:26] <Fenix|work> jdstrand, where does ufw log to?
[17:26] <jdstrand> kern.log
[17:27] <jdstrand> (it's just iptables logging)
[17:27] <jdstrand> sudo ufw logging on
[17:27] <Fenix|work> that's already on
[17:27] <jdstrand> see 'man ufw' for details
[17:27] <Fenix|work> any way to fine tune what gets logged?
[17:28] <Fenix|work> my network generages a tonne of broadcast traffic, and it's a waste of log file to see it
[17:28] <jdstrand> Fenix|work: not via the ufw command, no
[17:28] <jdstrand> Fenix|work: you can add rules to /etc/ufw/after.rules if that makes sense for your environment
[17:36] <Fenix|work> jdstrand, would -A ufw-after-input -m pkttype --pkt-type broadcast -j RETURN sufficient?
[17:36] <Fenix|work> ... perhaps adding multicast in there as well
[17:38] <jdstrand> Fenix|work: there are example of using BROADCAST and MULTICAST in after.rules and before.rules
[17:38] <jdstrand> you might check there and 'man iptables' for what will be most appropriate for your environment
[17:39] <Fenix|work> jdstrand, I didn't see any examples in my after.rules ... so I went IPTables style instead... I noticed the "don't log noisy services by default" used RETURN instead of DROP
[17:40] <kirkland> soren: I'm closing https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/89399 as "Wont Fix"
[17:40] <uvirtbot`> Launchpad bug 89399 in kvm "kvm update fails, if group "kvm" already exists and has non-system ID" [Undecided,Won't fix]
[17:40] <kirkland> soren: i added a note as to why...  let me know if you disagree
[17:41] <Fenix|work> but adding -A ufw-after-input -m pkttype --pkt-type broadcast -j RETURN eliminated broadcast from my log file
[17:41] <Fenix|work> so I'll settle with that
[17:41] <jdstrand> Fenix|work: that is simply to get out of the ufw-not-local chain and back into ufw-before-input for processing
[17:42] <jdstrand> Fenix|work: that is likely what you want to do, as IIRC, you are using default ACCEPT
[17:42] <Fenix|work> correct
[17:42] <jdstrand> so you avoid the 'BLOCK NOT-TO-ME' logging
[17:44] <Fenix|work> so far working as expected
[17:44] <Fenix|work> otherwide I'd drop it
[17:46] <Fenix|work> time to test out my new gateway / proxy server
[17:46] <Fenix|work> thanks jdstrand
[17:47] <soren> kirkland: Looks fine. Thanks.
[17:48] <kirkland> soren: zul was about to sponsor that description debdiff... did you want him to hold off on that?
[17:50] <soren> kirkland: I'm not really insistant either way.
[17:50] <kirkland> soren: regarding https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/193531, you were suggesting a README.PXE-boot since we don't have the source to a working PXE bios for an emulated card?
[17:50] <uvirtbot`> Launchpad bug 193531 in kvm "pxe booting not supported" [Undecided,Confirmed]
[17:51] <kirkland> soren: I can try to hack up that README and add it too, to close that bug, if you think that's sufficient
[17:51] <soren> kirkland: Oh, since then, I've added a new package called kvm-pxe which solves the problem.
[17:51] <kirkland> soren: ah, nice
[17:51] <kirkland> soren: i'll close that bug pointing to that package
[17:55] <zul> kirkland: soren gave his blessings on that bug?
[17:55] <kirkland> zul: he blessed the text, said he'd sponsor a stack of kvm changes in a few days, if i wanted, or you can do them incrementally
[17:56] <kirkland> zul: personally, i'd rather my changes sponsored incrementally if possible
[17:56] <kirkland> zul: i'm trying to reduce the kvm queue
[17:56] <zul> kirkland: okies
[17:59] <kirkland> soren: looking at https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/188878, do you mind if I add liw's kvm-ok shell script?
[17:59] <uvirtbot`> Launchpad bug 188878 in kvm "Utility to see if kvm acceleration can be used" [Undecided,New]
[18:20] <Fenix|work> jdstrand, how do I open up ufw to allow everything
[18:20] <Fenix|work> I appied ufw default accept and still it blocks
[18:20] <Fenix|work> err allow
[18:20] <jdstrand> Fenix|work: yes, you need to follow that with 'sudo ufw disable ; sudo ufw enable'
[18:20] <Fenix|work> still is blocking
[18:21] <Fenix|work> do I have to clean up the before and after rules?
[18:22] <jdstrand> Fenix|work: you shouldn't with the defaults
[18:22] <jdstrand> of course you'll need to check anything added
[18:22] <jdstrand> by you
[18:22] <Fenix|work> I only added *nat prerouting rules
[18:22] <Fenix|work> I have a single homed box so I didn't add any forwarding/masquerading rules
[18:23] <zul> kirkland: lemme know which ones you want uploaded
[18:23] <Fenix|work> (there's a COMMIT right after my prerouting rules... and *nat is before *filter
[18:23] <jdstrand> Fenix|work: can you paste it somewhere?
[18:24] <kirkland> zul: the last debdiff in https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/225260
[18:24] <Fenix|work> most definately
[18:24] <uvirtbot`> Launchpad bug 225260 in kvm "control file description miss-leading" [Low,In progress]
[18:27] <Fenix|work> jdstrand, http://rafb.net/p/frMr8C26.html
[18:28] <zul> kirkland: done
[18:28] <lhnn> nothing like deleting one's /bin dir, eh?
[18:28] <kirkland> zul: sweet
[18:28] <kirkland> zul: i might have a few more coming today
[18:28] <zul> kirkland: lemme know so I can queue them up
[18:28] <kirkland> zul: no problemo!
[18:29] <jdstrand> Fenix|work: the format looks fine (though you probably don't need the POSTROUTING line since you aren't doing that
[18:30] <Fenix|work> jdstrand, my kern.log has the following for all gateway operations...
[18:30] <Fenix|work> Sep 22 13:09:11 proxy kernel: [ 1213.921916] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:1f:29:0e:e9:48:00:0c:29:0c:75:ea:08:00 SRC=172.16.0.223 DST=172.16.0.4 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=762 DF PROTO=TCP SPT=49251 DPT=8000 WINDOW=8192 RES=0x00 SYN URGP=0
[18:31] <jdstrand> Fenix|work: one word of caution. because ufw doesn't manage these rules, it won't actually flush them when doing 'ufw disable' and the like
[18:31] <jdstrand> Fenix|work: so if you want to start fresh, do 'iptables -F -t nat'
[18:32] <jdstrand> Fenix|work: and you disabled and enabled?
[18:32] <Fenix|work> yes
[18:32] <Fenix|work> and rebooted a couple of times :)
[18:33] <Fenix|work> I see the ufw-not-local DROPS all
[18:34] <jdstrand> Fenix|work: can you access port 8000 directly? eg 'telnet proxy 8000'
[18:34] <psufan> where do I go
[18:34] <psufan> to browse updates released for a ubuntu version
[18:34] <jdstrand> Fenix|work: or nmap -Po -p 8000 proxy
[18:34] <psufan> so I can check changelogs etc
[18:34] <Fenix|work> jdstrand, the proxy works fine
[18:34] <Fenix|work> it's when acting as gateway that doesn't
[18:34] <Fenix|work> so bypassing the proxy
[18:35] <Fenix|work> although kern.log says that all traffic destined to 8000 is blocked as well
[18:35] <Fenix|work> UFW BLOCK INPUT
[18:36] <jdstrand> Fenix|work: can you paste 'iptables -L -n -v' somewhere?
[18:37] <Fenix|work> http://rafb.net/p/nw41S616.html
[18:37] <Fenix|work> jdstrand, nmap says 8000 is http-alt
[18:37] <Fenix|work> and it's open
[18:39] <jdstrand> Fenix|work: and iptables -L -n -v -t nat
[18:40] <Fenix|work> http://rafb.net/p/pCjaOf41.html
[18:43] <jdstrand> Fenix|work: I feel silly. what you are seeing is from an unfinished item on the TODO list: "Default allow logging messages aren't correct in after*.rules"
[18:43] <jdstrand> Fenix|work: is it actually blocking or just saying it is blocking, but everything works fine?
[18:44] <Fenix|work> going to gmail.com fails
[18:44] <kirkland> zul: I just attached a debdiff to solve https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/188878 ... i'd be interested to know if soren is strongly against it
[18:44] <uvirtbot`> Launchpad bug 188878 in kvm "Utility to see if kvm acceleration can be used" [Wishlist,In progress]
[18:44] <kirkland> zul: assuming soren isn't -1 on it, i think it's ready to sponsor
[18:45] <Fenix|work> jdstrand, and windows update isn't working either
[18:47] <jdstrand> Fenix|work: so does this work:
[18:48] <jdstrand> http_proxy="http://proxy:8000" elinks -dump http://www.google.com
[18:48] <jdstrand> (assuming http://proxy:8000 is correct
[18:48] <zul> kirkland: cool
[18:48] <zul> lemme go check
[18:48] <jdstrand> Fenix|work: you can check /var/log/squid/access.log on proxy to see if it is connected there
[18:49] <Fenix|work> jdstrand, the proxy is working...
[18:49] <Fenix|work> the box as a gateway isn't working properly
[18:49] <jdstrand> Fenix|work: ok, then it is a problem with the redirection
[18:49] <Fenix|work> what redirection?
[18:49] <zul> kirkland: little overkill me thinks but we'll see what soren says
[18:49] <Fenix|work> if it isn't squid, it should go straight through
[18:49] <jdstrand> Fenix|work: you are redirecting ports
[18:49] <Fenix|work> no, only have one adapter
[18:49] <kirkland> zul: how so?
[18:50]  * jdstrand is confused
[18:50] <Fenix|work> just redirecting 80/443 and 21
[18:50] <Fenix|work> ok
[18:50] <Fenix|work> I'm redirecting 80/443 and 21
[18:50] <Fenix|work> they're fine
[18:50] <Fenix|work> but when it's a non-squid port (ie, no redirection) its is failing
[18:50] <Fenix|work> (like windows update for instance)
[18:50] <zul> kirkland: its just easier to put it in the init script I agree with soren on that one
[18:51] <Fenix|work> jdstrand, I've tried to set up this box as a transparent proxy
[18:51] <jdstrand> Fenix|work: what is the network topology for the affected systems?
[18:52] <Fenix|work> I'm replacing my default gateway with this box
[18:52] <Kapli> Hello
[18:52] <Fenix|work> jdstrand, star
[18:52] <kirkland> zul: okay, if you think so, then close the bug as a "Wont Fix" with your justification.  i thought the binary was small, simple, and correct enough to just drop in place for anyone who might find it useful.
[18:52] <Fenix|work> 1000-BaseT
[18:53] <zul> kirkland: i think soren should have the last word though
[18:53] <Kapli> I have a problem, my server was working fine until today when i rebooted it using the command reboot, when it came back up i couldnt connect to it through the outside and i couldnt connect to it any way and now i try to type ifconfig but nothing shows up
[18:53] <kirkland> zul: true.
[18:53] <zul> kirkland: soren will turn green with rage if we did that ;)
[18:54] <zul> hulk...smash..
[18:54] <kirkland> zul: did what?  applied that patch?  or closed "Wont Fix"?
[18:54] <zul> applied the patch
[18:54] <kirkland> zul: k
[18:54] <kirkland> zul: well, i kinda noted that soren should probably look at that one first ;-)
[18:54] <zul> yep I agreee :)
[18:55] <kirkland> zul: i mean, the patch "solves the bug", but soren should probably decide if the bug is valid or not
[18:55] <trashguy> Kapli, did u try enabling the device?
[18:55] <zul> kirkland: of course
[18:55] <Kapli> enabling what device?
[18:55] <jdstrand> Fenix|work: so the ufw firewall that I have been looking at is on a different machine than the squid proxy?
[18:56] <trashguy> Kapli, liek ifconfig eth0 up
[18:56] <trashguy> or whatever its labeled as
[18:56] <Kapli> i dont really understand whats going on now because i type ifconfig and nothign shows up usually it would show up loads of info
[18:56] <trashguy> no loopback?
[18:56] <Kapli> no it doesnt say the ip and the mac address and stuff
[18:57] <Kapli> it just goes back to the stuff
[18:57] <Kapli> it doesnt even say wrong command
[18:58] <Kapli> be right back
[18:59] <Fenix|work> jdstrand, same machine
[19:00] <Fenix|work> without ufw running and iptables set manually, everything works
[19:00] <Fenix|work> (after clearing iptables)
[19:01] <jdstrand> Fenix|work: can you give me all the commands you used for getting it to work outside of iptables?
[19:01] <Fenix|work> sure
[19:01] <jdstrand> Fenix|work: (just paste them)
[19:01] <Fenix|work> ok
[19:04] <Kapli> trashguy, ifconfig eth0 up
[19:04] <Kapli> didnt work either
[19:04] <Kapli> the command just doesnt give any result, doesnt even say wrong command or anything
[19:05] <Ali_ix> Kapli: try: sudo ifconfig -a
[19:06] <trashguy> heh, me runs as root forgets that stuff rawr
[19:07] <Kapli> is there any other command
[19:07] <Kapli> to check internal ip
[19:07] <trashguy> what does sudo /etc/init.d/networking restart
[19:08] <trashguy> say
[19:08] <Kapli> sec, u see im on the phone with my dad hes the one typing the commands since im not at the server location hehe
[19:08] <trashguy> brutal
[19:08] <trashguy> IP kvm is handy now and then ^^
[19:09] <Fenix|work> jdstrand, http://rafb.net/p/7j9FVs51.html
[19:10] <Kapli> what is IP kvm
[19:10] <trashguy> Keyboard video mouse i think
[19:10] <trashguy> KVM switch
[19:10] <trashguy> but works over ip
[19:11] <trashguy> essentially works like you are at the local machine
[19:11] <Kapli> huh
[19:11] <Kapli> :S
[19:11] <Kapli> dont understand
[19:11] <Kapli> anyways he typed ifconfig -a
[19:11] <Kapli> nothing happened
[19:11] <Kapli> and he also typed /etc/init.d/networking restart
[19:11] <trashguy> what kind of server hardware?
[19:12] <frith> hi, I've been setting up the ldap replication,  however i have found a weird bug, if i delete or create an object the local cn=admin user get deleted
[19:12] <Kapli> it worked then went back to normal and he typed ifconfig again afterwards still no response
[19:12] <Kapli> well this is just so confusing ive never had this problem before
[19:12] <trashguy> shit happens when you party naked
[19:12] <trashguy> murphys law
[19:12] <Kapli> i was at school connected through ssh changed some ssh settings and wrote reboot, it came back up but net doesnt seem to be working ...
[19:13] <trashguy> could be coincidence with some sort of hardware failure
[19:14] <Kapli> god damnit now is the worst time
[19:14] <Kapli> but there isnt any other command than ifconfig to check ip
[19:14] <jdstrand> Fenix|work: I'll look at it and see what the problem is
[19:15] <trashguy> Kapli, have him do a lspci
[19:15] <trashguy> see if he sees any ethernet controller
[19:15] <Kapli> is that a command?
[19:16] <trashguy> lspci
[19:17] <Kapli> omg he wrote "if config" now he doesnt know where he is
[19:17] <trashguy> u can do it anywhere
[19:17] <trashguy> lspci
[19:17] <trashguy> hit enter a few time space out the prompts
[19:22] <Kapli> it says command not found he says :S
[19:22] <trashguy> lspci
[19:22] <trashguy> What ver are you running?
[19:23] <Kapli> ubuntu server
[19:23] <Kapli> the latest
[19:23] <trashguy> hrm
[19:23] <Kapli> however he says lsusb worked
[19:24] <trashguy> might help if ur ethernert controller was usb :/
[19:24] <Kapli> its not :/
[19:24] <Kapli> well how come  lspci is giving command not found :S
[19:25] <trashguy> i have no idea
[19:26] <trashguy> maybe your path is fucked?
[19:26] <trashguy> try /bin/lspci
[19:26] <trashguy> lol
[19:26] <trashguy> but that would make no sense
[19:27] <Kapli> no such file or directory
[19:27] <trashguy> lol
[19:28] <trashguy> /usr/bin/lspci
[19:29] <Kapli> same error
[19:29] <Kapli> :S
[19:29] <trashguy> i dunno what to say man
[19:29] <trashguy> did the server not boot up correctly?
[19:30] <Kapli> i dont know
[19:30] <Kapli> how can i know if it starts up correctly or not
[19:30] <Kapli> look for errors in the startup?
[19:30] <trashguy> lokoa orund in /var/log
[19:31] <Kapli> too difficult i think
[19:31] <Kapli> since im on phone and i cant see it and stuff and my dads english = shit
[19:32] <trashguy> couldalso look at dmesg
[19:33] <trashguy> see if you see anything for your nic
[19:35] <Kapli> what do u mean by my nic
[19:35] <trashguy> network interface card
[19:38] <Kapli> he cant find anything with network in there, i think my network card name is SiS something.. but he cant find anything by it
[19:39] <trashguy> maybe go in tot he bios and see if it got disabled or something :/
[19:39] <Kapli> how
[19:39] <Kapli> i dont understand how a reboot made all this trouble :S
[19:40] <Kapli> but considering that ifconfig
[19:40] <Kapli> doesnt return anything
[19:40] <Kapli> at all
[19:40] <Kapli> what does it indicate
[19:40] <trashguy> something is wrong lol
[19:40] <Kapli> but what is wrong
[19:40] <Kapli> or wrong with what
[19:40] <Kapli> the network card?
[19:40] <trashguy> is it an onboard?
[19:41] <Kapli> i think so yes
[19:41] <trashguy> go in to bios and see if its enabled
[19:41] <Kapli> oh i see
[19:41] <Kapli> hm he says that behind the computer
[19:41] <Kapli> where the network cable is plugged in
[19:41] <Kapli> the light is yellow
[19:41] <Kapli> isnt it usually green
[19:41] <Kapli> or no maybe its supposed to be yellow i dont know
[19:43] <trashguy> i dunno
[19:49] <jdstrand> Fenix|work: can you try:
[19:49] <jdstrand> http_proxy="http://proxy:80" elinks -dump http://www.google.com
[19:51] <jdstrand> Fenix|work: basically, I took a stock ufw installation running only ssh, and did:
[19:52] <jdstrand> *nat
[19:52] <jdstrand> :PREROUTING ACCEPT [0:0]
[19:52] <jdstrand> -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 22
[19:52] <jdstrand> COMMIT
[19:52] <jdstrand> in /etc/ufw/before.rules, then did 'ufw default allow; ufw disable ; ufw enable'
[19:52] <jdstrand> and could then successfully 'ssh -p 80 host'
[19:53] <jdstrand> where 'host' is my virtual machine
[19:53] <jdstrand> Fenix|work: yes, the logging still shows 'UFW BLOCK INPUT', which is because of the TODO item I mentioned earlier (I'll file a bug btw)
[19:53] <jdstrand> but it all actually works
[19:56] <Fenix|work> I've been doing some testing as well, and yes it all works
[19:56] <Fenix|work> now my only problem is squid handling windows update requests
[19:57] <Fenix|work> which I think I just fixed
[19:58] <Kapli> trashguy he says theres some weird errors or sometihng on startup it says something eth0 then rs packet error something
[19:58] <Kapli> something loads of weird stuff
[19:58] <Kapli> think it might be something?
[19:59] <trashguy> yes
[20:01] <Kapli> im afraid what us aid at the beginning might be right
[20:01] <Kapli> i restarted it and the network card or the pc or whatever some of the hardware is malfunctioning
[20:02] <Kapli> i guess ill have to buy a new server
[20:02] <slicslak__> i need to add a second ip address.  i'm assuming editing /etc/network/interfaces and restarting networking is still the way to go?
[20:02] <Kapli> the one i use is just my old computer its like 6 years old
[20:03] <trashguy> consumer hardware is known to fail
[20:03] <trashguy> you might be able to get by adding a pci ethernet controller
[20:03] <Kapli> i will try
[20:03] <Kapli> with another network card
[20:03] <Kapli> but how do i go forward with that
[20:03] <Kapli> add it and what to do
[20:03] <trashguy> id disable
[20:03] <trashguy> the onbaord in the bios
[20:03] <Kapli> like how to install drivers and stuff
[20:04] <trashguy> typically the autodetect
[20:04] <trashguy> especially if its an intel
[20:04] <Kapli> its asus
[20:05] <trashguy> https://wiki.ubuntu.com/HardwareSupportComponentsWiredNetworkCards
[20:07] <Kapli> asus isnt there :/
[20:07] <trashguy> prob dif chipset?
[20:08] <trashguy> just liek asus makes
[20:08] <trashguy> nvidia stuff
[20:08] <Kapli> i dont know
[20:09] <Kapli> its a ASUS Wireless PCI Card 11b/g Retail (WL-138g V2) i have that i can try on it
[20:09] <trashguy> ...
[20:09] <trashguy> oh
[20:09] <trashguy> wireless
[20:09] <Kapli> well i dont need to use the wireless do i
[20:10] <trashguy> https://help.ubuntu.com/community/WifiDocs/WirelessCardsSupported
[20:10] <Kapli> haha, my card is actually there
[20:10] <Kapli> well whatever im so confused at the moment
[20:11] <Kapli> ill postpone it until i go there myself and can look into it myself
[20:11] <trashguy> i dont generally use wireless for anything but laptops and smart devices
[20:11] <Kapli> thanks for all the help
[20:11] <trashguy> np
[20:11] <Kapli> i will be back when im there :D
[20:11] <Kapli> have been thinking about buying a proper server from like dell or something anyway
[20:11] <Kapli> only thing is that ill have to do all the install and config and shit again :(
[20:12] <Kapli> anyways bye bye :)
[20:12] <trashguy> i dont think he knew what nic ment
[20:17] <Fenix|work> jdstrand, ftp doesn't seem to be working
[20:18] <jdstrand> Fenix|work: ftp will likely be problematic due to how it uses ports
[20:18] <jdstrand> Fenix|work: I don't have the fix for it, but imagine passive connections are the way to go
[20:18] <Fenix|work> jdstrand, understandable... but if the firewall should be blocking nothing.
[20:19] <jdstrand> Fenix|work: check the squid docs for transparent ftp (I'm not totally sure it's possible)
[20:19] <Fenix|work> I'm avoiding squid and FTP
[20:19] <Fenix|work> not really worth the effor
[20:19] <Fenix|work> t
[20:20] <jdstrand> Fenix|work: you had 21 redirected in one of your earlier pastes
[20:20] <Fenix|work> D'oh
[20:20] <Fenix|work> how can I use ufw to find out which ports are disabled?
[20:20] <jdstrand> Fenix|work: which ports are disabled?
[20:21] <Fenix|work> how do I find out which ones are disabled
[20:21] <Fenix|work> besides ufw allow 21
[20:21] <Fenix|work> etc
[20:21] <jdstrand> ufw status
[20:21] <jdstrand> 'man ufw'
[20:21] <Fenix|work> Firewall loaded
[20:21] <jdstrand> Fenix|work: but that only works for ufw managed ports
[20:21] <jdstrand> Fenix|work: right now, you'll have to do iptables -L -n...
[20:22] <jdstrand> to see all the stuff you added in before.rules
[20:22] <jdstrand> (this is also documented in the man page)
[20:56] <Fenix|work> jdstrand, ugh... I've fubar'ed this. :(
[20:57] <Fenix|work> ufw isn't working as a gateway
[20:57] <Fenix|work> I removed everything and now have a stock ufw and it isn't working
[20:58] <Fenix|work> I'm reading the ufw serverguide ... makes the assumption that it's multi-nic
[21:09] <frith> why is it now the default not to send the hostname in dhclient?
[22:11] <kirkland> mathiaz: jdstrand: I see both of you commented on https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/219326
[22:11] <uvirtbot`> Launchpad bug 219326 in kvm "a reboot issued from the guest shutdowns the guest instead of rebooting it" [Undecided,Confirmed]
[22:11] <kirkland> mathiaz: jdstrand: can either of you reproduce this?
[22:11] <kirkland> mathiaz: jdstrand: I'm doing some kvm housecleaning of bugs, and I suspect this one has been fixed
[22:25] <mathiaz> kirkland: looking at it
[22:26] <mathiaz> kirkland: FYI I still have a hardy host
[22:26] <kirkland> mathiaz: cool!  i'm copying over my image to a hardy machine i have now
[22:39] <mathiaz> kirkland: you have to systems - one running intrepid as a kvm host and one running hardy as a kvm host ?
[22:39] <nxvl> mathiaz: to or two?
[22:39] <kirkland> mathiaz: i've tested hardy-guest on intrepid-host, reboot works fine
[22:40] <kirkland> mathiaz: i'm now scp'ing the hardy.img guest over to my hardy-host
[22:40] <mathiaz> kirkland: nxvl: 2
[22:40] <kirkland> mathiaz: as soon as that scp completes, i'll test there too
[22:40] <kirkland> mathiaz: if that works, i'm going to close the bug with 'Fix Released', unless someone else can reproduce the problem
[22:44] <mathiaz> kirkland: hmm - I cannot reproduce it for now.
[22:44] <kirkland> mathiaz: you booted what kind of guest in a hardy host?
[22:44] <mathiaz> kirkland: however my current setup is slightly different as I'm not using a bridged network
[22:44] <mathiaz> kirkland: hardy guest on a hardy host
[22:45] <kirkland> mathiaz: i can't imagine bridged network would cause reboot to shutdown
[22:45] <mathiaz> kirkland: using a logical volume with an ide bus
[22:45] <mathiaz> kirkland: well - IIRC it was the kvm process that was crashing on the host
[22:45] <kirkland> mathiaz: ah
[22:45] <mathiaz> kirkland: so anything could trigger this crash.
[22:45] <kirkland> mathiaz: okay
[22:46] <mathiaz> kirkland: OTOH a couple of things have changed since then - a new hardy kernel
[22:46] <kirkland> yeah
[22:46] <mathiaz> kirkland: the kernel guest may not be crashing the kvm host process anymore
[22:47] <kirkland> mathiaz: right.  it seems that's worthy of re-testing
[22:50] <mathiaz> kirkland: hm - I wasn't able to reproduce that bug.
[22:50] <mathiaz> kirkland: you can mark it Fix Released AFAICT
[22:51] <kirkland> mathiaz: cool, thanks.
[22:51] <kirkland> mathiaz: i couldn't reproduce it on hardy either