[01:59] <vertx> Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks.
[02:02] <jmarsden> vertx: Did you sudo sysctl -p  after editing sysctl.conf?
[02:08] <vertx> Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks.
[02:10] <hads> 15:02:36 < jmarsden> vertx: Did you sudo sysctl -p  after editing sysctl.conf?
[02:13] <jmarsden> vertx: If you ask questions, it is recommended practice to then listen for answers :)
[02:28] <vertx> jmarsden: Sorry for the late reply. I had left my computer for a moment, then the network just went bust on me :(
[02:28] <vertx> hads: I had restarted the server and done what you recommended beforehand. This is the output http://paste.ubuntu.com/78535/
[02:29] <vertx> hads: As you can see, both subnets are private. Should I do a masquerade through iptables?
[02:31] <jmarsden> vertx: Routing doesn't care about private or not IPs, it routes the way you tell it to...
[02:33] <vertx> So, did I do anything wrong with the routing? the subnets are 192.168.0.0/24 and 192.168.1.0/24. What do you suggest I do, for client and server?
[02:36] <jmarsden> The server has eth0 as 192.168.0.1 and eth1 as 192.168.1.1, right?
[02:37] <ball> on two separate ethernets?
[02:40] <jmarsden> vertx: No firewalls of any kind active?  ufw disabled?  No rules visible in sudo /sbin/iptables -L output?
[02:40] <vertx> jmarsden: The server has 192.168.0.2 on eth0 and 192.168.1.1 on eth1. They are physically separate NICs. No iptables rules currently applied
[02:42] <jmarsden> Sure looks like it should be routing packets between those NICs to me.  So at present a client on the 192.168.0.0/24 can ping 182.168.0.2 but not 192.168.1.1 or anything else on that 192.168.1.0/24 subnet?
[02:43] <ball> Do you want it be routing frames between the networks?
[02:44] <ball> (or datagrams?)
[02:44] <jmarsden> ball: I'd say yes... the original q was: "I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 ..."
[02:45] <vertx> jmarsden: at the moment the client (192.168.1.243) can ping 192.168.1.1 and 192.168.0.2, but cannot ping 192.168.0.3 and others :(
[02:45] <ball> Ah okay.  I missed that.
[02:45] <ball> I need to add a NIC or two to this server, but I don't want routing or bridging.
[02:46] <jmarsden> vertx: This is odd.  Anything being logged in /var/log/messages that could be relevant?
[02:46] <L1NUX_1NS1DE> hello
[02:46] <vertx> jmarsden: let me check ...
[02:47] <L1NUX_1NS1DE> does anyone know how to access a hostname that is on a dhcp network
[02:48] <ball> yes
[02:48] <ball> sort of.
[02:48] <ball> L1NUX_1NS1DE: from outside, or from the LAN?
[02:48] <L1NUX_1NS1DE> from a lan
[02:48] <L1NUX_1NS1DE> I setup a computer that I want to access
[02:49] <L1NUX_1NS1DE> I setup eth0 connection to get a dhcp address
[02:49] <ball> L1NUX_1NS1DE: Easiest way may be to tell your DHCP server to give that machine the same IP address every time.  That's what I do.
[02:49] <L1NUX_1NS1DE> hmm.
[02:49] <L1NUX_1NS1DE> oko
[02:49] <L1NUX_1NS1DE> cul
[02:49] <L1NUX_1NS1DE> I'll try it
[02:50] <ball> good luck
[02:50] <L1NUX_1NS1DE> danke
[02:50] <L1NUX_1NS1DE> thanks for the the help
[02:50] <L1NUX_1NS1DE> ;)
[02:50] <ball> bitte.
[02:50] <vertx> jmarsden: there is only some dhcp related messages that i can see :(
[02:51] <jmarsden> It sounds like the kernel really is not forwarding your packets.
[02:51] <ball> I think you should hit it with a hammer
[02:52] <vertx> jmarsden: yes that seems to be the problem. weird huh?
[02:53] <ball> Does Ubuntu Server come with any power management functionality?
[02:53] <vertx> ball: that would be a great idea :)
[02:53] <vertx> Sorry, got to go for a moment. BRB
[02:54] <jmarsden> OK... when you get back try   cat /proc/sys/net/ipv4/ip_forward   and tell us what it says
[02:58] <jmarsden> ball: I'm sure it does... sudo apt-get install powertop is one way to find out how your system is doing in that regard
[02:58] <ball> Thanks
[02:58] <jmarsden> I've not tried that on a Ubuntu Server, only desktop -- but I can't imagine they would have removed all the power mgmt from server kernels...
[02:58] <ball> I'm tinkering and I wanted to take measurements with a Wattmeter in "suspend" and "hibernate"
[02:59] <ball> jmarsden: I can see why they might, but if it's there I don't know how to access it.
[03:00] <nemoego> I'm not sure if this is a client or server problem, but I am trying to run a PXE client with an NFS root and I can get to a login prompt but when I try to login i get the error "nfs: server [ip] not responding, still trying"
[03:00] <jmarsden> nemoego: Can you mount that NFS share from another (non PXE) client machine OK?
[03:02] <nemoego> jmarsden: yeah, and watching syslog, i can see the client mount the share during the init process, but I'm not sure that it's getting mounted properly as / later..
[03:02] <ball> Is there a command-line way to invoke suspend or hibernate?
[03:02] <jmarsden> http://ubuntuforums.org/showthread.php?t=329902
[03:04] <jmarsden> nemoego: Hmm.  I'm not a PXE/thin client kind of person... sounds like you need one...
[03:05] <nemoego> jmarsden: lol, yeah been working on this all day, suprised my FF hasn't crashed with the number of tabs i have open..
[03:06] <jmarsden> nemoego: OK... NFS I'm fairly comfortable with, but not the whole thin client thing.  Not needed it (yet)...
[03:07] <ball> I seem to lack /etc/acpi
[03:08] <jmarsden> ball: Maybe the machine concerned doesn't support ACPI?
[03:08] <ball> jmarsden: that's possible
[03:09] <jmarsden> CAn you play with apmd and maybe find out??  APM is older, ACPI is newer, I think...
[03:09] <hads> sudo aptitude install acpid
[03:10] <ball> Ah, dmesg tells me that ACPI interpreter was disabled due to an error of some sort.
[03:13] <jmarsden> vertx: Are you back here yet?
[03:14] <nomingzi> how can I download all the Ubuntu Server Guide files from (https://help.ubuntu.com/8.10/serverguide/C/index.html) for OFFLINE Viewing ?
[03:14] <ball> Bah, can't ACPI and can't apm.
[03:14] <ball> I'll have to go back to this project on a desktop machine
[03:17] <jmarsden> nomingzi: I think there is a package ubuntu-serverguide ?
[03:17] <nemoego> nomingzi: failing that, you can always use wget
[03:17] <jmarsden> So you can install that: sudo apt-get install ubuntu-serverguide
[03:21] <nomingzi> jmarsden: many thanks, I am newbie
[03:21] <jmarsden> nomingzi: No problem.  After installing that package the files are all under /usr/share/ubuntu-serverguide/
[03:23] <nomingzi> jmarsden: can u assist me how do I share this folder so that I can view it from other Ubuntu-Desktop ?
[03:24] <jmarsden> nomingzi: That's more work... easy way is to just install it on each desktop machine?  Is that workable for you, or are we talking abut hundreds of desktops?
[03:27] <ScottK> If you have openssh-server set up on the machine already and you are accessing it from a user that has shell access to the server, just use sftp.  No more setup needed.
[03:27] <ScottK> At least in Dolphin (the KDE file manager) you can make a persistent link to it so you don't have to remember it.
[03:27] <nomingzi> jmarsden: I m just trying to learn Ubuntu-Server
[03:27] <ScottK> Dunno about Gnome, but I assume you can do something similar.
[03:28] <jmarsden> nomingzi: OK, then go through the guide about networking, and then learn about Samba or NFS for file sharing.
[03:29] <ball> I have to go anyway.
[03:30] <nomingzi> I am newbie, and expecting more CLI (after I switch from Ubuntu-Desktop), may b you can provide me a better start/guide to learn Ubuntu-Server :P thanks
[03:34] <nemoego> jmarsden: do you know the proper fstab entry for a NFS root? I have "/dev/nfs   /  nfs  1  1 " per https://help.ubuntu.com/community/DisklessUbuntuHowto#Creating%20your%20NFS%20installation
[03:36] <jmarsden> nemoego: Looks reasonably sane to me.  But I'm more commonly using NFS for /home or other (non-root) partitions.
[03:39] <jmarsden> nemoego: You left out a column?  /dev/nfs       /               nfs    defaults          1       1
[03:40] <nemoego> ah, forgot to type, it's there
[03:40] <jmarsden> OK.
[03:40] <nemoego> jmarsden: is there a way i can get more verbose log output from nfs-kernel-server ? maybe filenames as they are accessed?
[03:41] <jmarsden> Yow!  Probably... might be as easy to run wireshark and look at the network traffic though?
[03:43] <nemoego> jmarsden: good point.  Just commented out NFS root fstab line, no change.  Either it never mounted or fstab has nothing to do with it...
[03:44] <jmarsden> If you want to try it your way, I think rpcdebug may turn on some extra debugging output from the kernel for you.  But... I've never used it.
[03:45] <jmarsden> nomingzi: For basic command line stuff, try http://tldp.org/LDP/intro-linux/html/intro-linux.html
[03:56] <nemoego> jmarsden: that helped a lot "sudo rpcdebug -m nfsd -s fileop" logs all acessed files to syslog, client seems to have nfs access when i try to log in (access to shadow) but after i type the password there is access to faillog and then nothing. I checked faillog but it is empty. any ideas?
[03:57] <jmarsden> Sounds like an authentication issue... the login is failing?
[03:58] <nemoego> in that case I should get kicked back to a login prompt, yes?
[03:59] <nemoego> i mean, would a bad login attempt break the connection to the NFS server?
[04:00] <jmarsden> Not sure... as root, if there are existing NFS shares mounted as root?  Maybe.  man 5 faillog and mail 8 faillog really suggest the login is failing to me.
[04:09] <nemoego> created new user, same error.  I think I'll try again later using a full install as a base for my nfs root instead of using debootstrap...
[04:09] <nemoego> thanks for the help tho
[04:09] <jmarsden> OK... at least you made some progress...
[04:10] <nemoego> yeah, gotta appriciate what you got
[05:51] <ball> aside from dmesg, is there an easy way to tell whether an Ubuntu server has sound hardware?
[06:05] <jmarsden> ball: Try aplay -l ?
[06:05] <hads> lspci
[08:12] <nomingzi> I am newbie, I use OpenSSH & remote logon to ubuntu-server. HOW DO i use wget to download a folder into my PC ?
[08:13] <Jeeves_> You would need a web/ftp-server to do so
[08:13] <Jeeves_> Then: wget (http|ftp)://URL/FOLDER
[08:21] <nomingzi> Jeeves_: should i install web/ftp service into my remote ubuntu-server ?
[08:22] <hads> Or just use scp
[08:24] <philsf> better to use rsync
[08:25] <hads> Or scp
[08:25] <Jeeves_> nomingzi: scp or rsync will work as well
[08:26] <nomingzi> many thanks Jeeves_ philsf hads
[08:30] <kraut> moin
[08:35] <vertx> jmarsden: Whew, didn't realize that the meeting took hours. Sorry. ﻿FYI, cat /proc/sys/net/ipv4/ip_forward yields a 1.
[09:40] <_ruben> hmm .. apt-listchanges can hook into apt at install time, tho i'd rather generate a changelog-overview for packages that would be install by apt-get (dist-)upgrade, any hints on performing such a task?
[09:41] <_ruben> using the --download-only option to apt-get might do the trick
[10:01] <_ruben> shame, it doenst
[11:54] <ivoks> zul: ping
[12:24]  * \sh needs some advise...php + upload file size + post_max_size == works with sizes <= 2G...everything above the magic 2GB frontier doesn't work (hardy/intrepid + amd64 server)
[12:25] <ivoks> what client are you using?
[12:25] <ivoks> for example, at some point in history, wget couldn't download files bigger than 2GB
[12:26] <\sh> ivoks: it's not a download thing...it's that firefox, ie, safari and opera are uploading the whole 3.5GB file without any problems...but php dies :)
[12:26] <\sh> ivoks: well, not exactly dieing...it just throws the upload away
[12:27] <\sh> ivoks: simple <input type="file"...> form in a html gives you that :)
[12:27] <ivoks> on which filesystem?
[12:28] <\sh> ivoks: choose one...I use ext3 and xfs here :)
[12:28] <\sh> ivoks: and tmp location for tmp upload crap..is big enough...I think 1TB is enough :)
[12:28] <maswan> filesystems on linux haven't been an issue for quite some time. is it apache 2.2?
[12:29] <\sh> maswan: more php itself...really...
[12:29] <\sh> maswan: and yes..apache2.2 + php5
[12:29] <maswan> \sh: Ok. Well, php is crap, don't use it? ;)
[12:29] <\sh> maswan: grmpf..can't development needs it :)
[12:31] <maswan> \sh: Well, you better get started at fixing php then. :)
[12:33] <\sh> maswan: looks like :)
[12:33] <\sh> maswan: btw..what about your visit to Karlsruhe? any news? :)
[12:34]  * \sh needs to plan his birthday party ,)
[12:37] <maswan> Oh, right. Let me see when that ended up.
[12:40] <maswan> January 14/15 2009
[12:40] <\sh> maswan: that's wed + thu after the 11th ... are you in .de before that? :) well, actually those days are also quite ok...for having a beer or two in the evening :)
[12:44] <lukehasnoname> PHP isn't THAT bad, is it? I have some qualms with it, but meh... I guess Python is the hot new web scripting platform
[13:03] <zul> yarp yarp
[13:05] <\sh> maswan / ivoks: http://bugs.php.net/bug.php?id=44522 <- there it is :) yay
[13:10] <\sh> and reading the php source, both variables who could be the cause are already "long" ... which means the bug is somewhere else
[13:11] <stefg> Hi, i'm trying to get the ebox platform running on top of a Jeos 8.04.1 install in virtualbox in oder to set up a virtual fileserver. Unfortunately the ebox network module doesn't seem to like jeos , the network module won't run. google doesn't turn up anything useful, can anyone point me to some specialized support forum or irc channel?
[13:14] <ivoks> \sh: oh, nice :D
[13:14] <\sh> ivoks: looks like I found the real bugger in rfc1867.c
[13:15] <\sh> I'll try to proof my guess and rebuild with a patch which should fix it...and then...let's see :)
[13:27] <zul> \sh: er...what?
[13:27] <\sh> zul: http://bugs.php.net/bug.php?id=44522
[13:27] <zul> ah ok
[13:28] <\sh> zul: if you set post_max_size and max_upload_filesize to >2GB it doesn't work in php5 ... but sourcewise: post_max_size and max_upload_filesize are already defined as long...but not max_file_size in rfc1867.c which helds later on the max_upload_filesize ;-)
[13:29] <zul> sounds like fun
[13:29] <\sh> zul: but to be sure, I'm rebuilding hardy php5 with a "guessed" fix and test it if I'm right
[13:29] <zul> k
[13:30] <\sh> zul: if I'm right, I'll file a bug on LP...with debdiffs and fixes...for hardy, intrepid and jaunty...hopefully someone can sponsor at least for jaunty...and for {hardy,intrepid}-proposed
[13:34] <zul> \sh: yep no problem just remember to add the test case for the SRU
[13:34] <\sh> zul: hmm...can I upload >2GB files to LP? ,-)
[13:35] <zul> well no just how to reproduce it :)
[13:38] <ivoks> \sh: so, find a big p0rn movie for test case :)
[13:48] <jevangelo> hi, how would i be able to get a date that is exactly 6 weeks in the past, using the date command
[13:49] <zul> check google
[13:50] <jevangelo> oh, i just got it
[13:50] <jevangelo> date -d "6 weeks ago"
[13:56] <Koon> zul: the fix for bug 286828 is marked "Fix committed", but i couldn't find it in the Changelog... do you know in which update we can expect to find it ?
[13:57] <zul> Koon: thats the kernel bug isnt it?
[13:57] <zul> the nodfs one
[13:57] <Koon> zul: yes, should i ping rtg about it ?
[13:57] <zul> gimme a sec..
[13:58] <zul> yeah
[13:58] <zul> bug him
[14:01] <nijaba> bug who?
[14:01] <nijaba> poor rtg, he's too nice
[14:02] <zul> Koon: its sitting in the git tree though maybe there is an update coming soonish
[14:02] <Koon> zul: yeah, I'm just trying to calm down the "where is the fix that is due to us" lousy MAS owners.
[14:03] <Koon> NAS
[14:03] <ivoks> take care guys
[14:03] <zul> yeah I saw
[14:03] <Koon> Steve's reposnse was obviously a little too complicated for them.
[14:04] <zul> meh..
[14:04] <Koon> I simplified it: "your stuff is broken, but since we are extremely nice, we'll help you"
[14:05] <Koon> now I'm trying to counter the "when?" answer
[14:06] <ivoks> what's the problem?
[14:08] <Koon> ivoks: the fix is marked 'Fix committed' and a few impatient guys are apt-get-updating every minute to see if there is a new kernel coming up with the fix.
[14:09] <ivoks> :)
[14:10] <ivoks> someone should tell then that it's easy to git clone kernel tree and build kernel
[14:44] <zul> Koon: ping where you doing any merges today so we dont duplicate the work?
[14:45] <Koon> zul: nope
[14:45] <Koon> I just pushed a sync this morning (syslog-ng)
[14:46] <zul> Koon: cool beans Im just doing the samba merge now
[15:25] <mathiaz> soren: did you get a chance to review the open-iscsi package?
[15:41] <L1NUX_1NS1DE> hello
[15:42] <L1NUX_1NS1DE> Does anyone know how to setup ssh between a server and client computer
[15:42] <ScottK> L1NUX_1NS1DE: Lots of us do.  Please ask your specific question.
[15:43] <ScottK> L1NUX_1NS1DE: It'd also be nice if you could manage a nick that wasn't all caps.
[15:45] <jmedina> and less l33t :D
[15:45] <Ahmuck> *shurgs* ... i always see nicks as personal names.  do you really want to change your personal name for someone else's perference?
[15:46] <jmedina> L1NUX_1NS1DE: install and run openssh
[15:48] <L1NUX_1NS1DE> I'll do some googling on the matter
[15:48] <L1NUX_1NS1DE> if I run into some trouble I'll know who to ask
[15:48] <L1NUX_1NS1DE> I'l just idle
[15:48] <jmedina> L1NUX_1NS1DE: why not read the officlal ubuntu documentation about the topic?
[15:49] <L1NUX_1NS1DE> I'm reading a tutorial on setting up shared keys
[15:49] <L1NUX_1NS1DE> but I'll try that to
[15:49] <L1NUX_1NS1DE> thanks
[15:49] <jmedina> L1NUX_1NS1DE: that is another topic than your first question
[15:50] <L1NUX_1NS1DE> hmmm....
[15:50] <jmedina> you never ask about setting up key autentication beween client and server
[15:50] <jmedina> by default you atenticate againts the ssh server using a user and password
[15:51] <L1NUX_1NS1DE> yes
[15:51] <L1NUX_1NS1DE> well I was able to ssh to  the server
[15:51] <L1NUX_1NS1DE> but I did not have the correct password
[15:52] <L1NUX_1NS1DE> I'm reading this:
[15:52] <L1NUX_1NS1DE> http://inside.mines.edu/~gmurray/HowTo/sshNotes.html
[15:53] <jmedina> https://help.ubuntu.com/community/SSHHowto
[16:14] <L1NUX_1NS1DE> haha!
[16:14] <L1NUX_1NS1DE> it works!
[16:14] <L1NUX_1NS1DE> I setup a paired key ssh login
[16:16] <cumulus007> does te host file support ports?
[16:16] <cumulus007> like localhost:1234
[16:16] <L1NUX_1NS1DE> ports
[16:16] <L1NUX_1NS1DE> I'm not sure
[16:17] <L1NUX_1NS1DE> I just used the default user@servername.org
[16:17] <cumulus007> that's a very useful answer
[16:17] <L1NUX_1NS1DE> well I'm sort of a noob with servers
[16:18] <jmedina> cumulus007: which host file?
[16:18] <cumulus007> jmedina: /etc/hosts
[16:19] <L1NUX_1NS1DE> I don't know...
[16:20] <jmedina> cumulus007: that is, that file it is useful to resolve host names not ports
[16:20] <jmedina> cumulus007: why you want to do that?
[16:20] <L1NUX_1NS1DE> thanks jmedina
[16:20] <cumulus007> jmedina: I want to configure my PC so: when I go to localhost:portnumber, a web page on a server opens
[16:20] <L1NUX_1NS1DE> oh
[16:21] <L1NUX_1NS1DE> I think you'll have to configure the web server
[16:21] <jmedina> you mean with a browser?
[16:21] <L1NUX_1NS1DE> no the webserver
[16:21] <L1NUX_1NS1DE> you'll have to configure the port that apache listens to
[16:21] <L1NUX_1NS1DE> I think the default is 8080
[16:21] <cumulus007> jmedina: yes
[16:23] <cumulus007> never mind, I have already ficed it.
[16:27] <L1NUX_1NS1DE> what is a good ftp server to use
[16:27] <L1NUX_1NS1DE> ?
[16:31] <jmedina> I like pure-ftpd
[16:32] <L1NUX_1NS1DE> pure-ftpd
[16:32] <L1NUX_1NS1DE> hmm..
[16:33] <L1NUX_1NS1DE> right now I'm using vsftd
[16:41] <ScottK> mathiaz: Are we having a server team meeting tomorrow?
[16:41] <mathiaz> ScottK: AFICT yes
[16:41] <ScottK> mathiaz: OK.  I'll upate the agenda then (just added an item).
[16:55] <katakaio> Hey everyone, I just joined the team and I'm still finding my way around
[16:56] <katakaio> Could you tell me where the agenda is located? Is it on the team wiki?
[16:58] <katakaio> Nevermind - I got it on a lucky guess
[17:38] <kizer> hello again
[17:38] <kizer> I was wondering what actions I should take to secure a server
[17:39] <kizer> What port I should turn of
[17:39] <kizer> or change
[17:39] <kizer> which firewall to use
[17:39] <kizer> etc..
[17:40] <ScottK> kizer: What Ubuntu version are you running?
[17:41] <kizer> I guess it's not the smartest thing to do but I'm running 810
[17:41] <kizer> why
[17:42] <kizer> just how hacked can a linux server get?
[17:42] <kizer> and could it compromise an entire network
[17:42] <kizer> ?>
[17:44] <kizer> currently I'm running web, torrentflux and pure-ftp (with username/password login) on my server
[17:44] <kizer> *webmin
[17:45] <Faust-C> kizer, heh 'hacked'
[17:45] <ScottK> Well 8.10 is fine to be running.  Webmin, not so much.
[17:45] <Faust-C> a system is only as secure as the person who administers it
[17:46] <ScottK> kizer: 8.10 comes with ufw (stands for uncomplicated firewall) installed already, you just need to configure it.
[17:46] <ScottK> Ubuntu Server by default does not have any ports open, so nothing to close.  Additional stuff you've added will change that, of course.
[17:47] <Faust-C> kizer, and linux has only one fw that i know of
[17:49] <kizer> ok
[17:50] <kizer> that's a relief
[17:51] <ScottK> kizer: I have no idea what webmin opened up though.  You've installed that from a 3rd party repository, so we know nothing about what that package does.
[17:51] <kizer> so would it be good practice to change password ever month or so
[17:51] <kizer> with webmin I changed to default port
[17:51] <ScottK> Faust-C: That's true, but for someone just starting, writing iptables rules themselves by hand is probably not the best idea.
[17:52] <Faust-C> ScottK, i was gonna refer to ufw which is just a frontend to iptabes
[17:52] <Faust-C> from what i read ufw's syntax is similar to pf
[17:52] <kizer> webmin comes with a webgui interface for changing ip rule conveniently enough
[17:52] <Faust-C> i like that
[17:52] <ScottK> Faust-C: yes, I already mentioned ufw to him.
[17:52] <Faust-C> kizer, imo i wouldnt get to comfy w/ webmin
[17:54] <kizer> well it's certainly a handy way of admin'ing a server
[17:54] <kizer> well I'll see what I could do with ufw
[17:54] <kizer> oh
[17:55] <kizer> what are some useful commands for seeing open ports on and proccesses that or running on certain ip's or ports?
[17:56] <ScottK> kizer: see man ufw.
[17:56] <erik78se> kizer: netstat -pant
[17:56] <kizer> thanks
[17:57] <erik78se> kizer: Shows you open TCP sockets, ans their application names. Use "sudo" with that as the -p switch is restricted.... "sudo netstat -pant"
[17:58] <kizer> yeah that command is really helpfull
[17:58] <kizer> it shows that I'm connected via ssh to the server
[17:58] <kizer> but, there's another port that's open
[17:59] <erik78se> you can also do "sudo netstat -panu" (shows UDP ports)
[17:59] <kizer> I don't know what service is running from there
[17:59] <kizer> thanks
[17:59] <erik78se> Whats the port ?
[18:00] <kizer> for tcp it's 139
[18:00] <erik78se> Open services are usually in the "LISTEN" state, and the address will give you a hint of what interface is allocated to it. 0.0.0.0 means "all" interfaces.
[18:00] <Deeps> grep 139/tcp /etc/services?
[18:00] <kizer> ohh....
[18:00] <Deeps> probably linked to samba
[18:01] <kizer> hmm...
[18:01] <kizer> there are at least ten ports that are listening
[18:01] <erik78se> In some cases you can use "telnet <address> <port>" to investigate the nature of the service running on a certain port. try it with some web-server and you'll see.... just type "GET" once connected to a port 80...
[18:01] <Deeps> s/telnet/nc/
[18:01] <kizer> k
[18:02]  * jmedina also likes to use lsof to check for open ports
[18:02] <jmedina> lsof -i
[18:03] <kizer> oh
[18:03] <kizer> ok all these port make sense
[18:04] <erik78se> Simply using "netstat" wont show you firewalls, since the firewall is "above" the OS service layer. That means that even if you can see the open ports in a LISTEN state - the firewall might block those ports. Test that by trying to connect to the ports with - for example - telnet.
[18:04] <kizer> I recognize the port afiliated with there services
[18:04] <ball> nmap?
[18:04] <kizer> I should change ssh from it's default port
[18:04] <kizer> rich?
[18:04] <kizer> right?
[18:05] <erik78se> No need.
[18:05] <kizer> it's ok the way it is
[18:05] <kizer> ?
[18:05] <erik78se> Yes.
[18:05] <kizer> thanks ball nmap is the right tool for the job
[18:06] <ball> I use it every day.  It's a handy thing.
[18:06] <erik78se> kizer: By changing ports for the ssh-service, you will not achieve much security wise. A determined hacker will be able to detect a running ssh-service regarless of port-mapping.
[18:06] <kizer> right...
[18:06] <kizer> ok
[18:07] <erik78se> ... however, ssh is rather secure if you keep it at a good patch-level.
[18:07] <kizer> noted!
[18:07]  * ball tends to describe ssh as "less insecure than Telnet" ;-)
[18:08] <kizer> well I think I'm just about ready to deploy my server for ready use
[18:08] <ball> kizer: what are you using it for?
[18:08] <kizer> ftp server and remote torrent box
[18:08] <erik78se> If you are really anal about networking security, you could change it to a really high port, lets say, 63040. I don't know why you would do that tho and how much it would add to security.
[18:08] <kizer> hmmm...
[18:09] <Deeps> would protect you against generic scans
[18:09] <Deeps> casual hackers looking for easily exploitable machines
[18:09] <Nafallo> port knocking? ;-)
[18:09] <ball> rtorrent?
[18:09] <erik78se> Deeps: yes. but the scan itself is nothing to worry about.
[18:09] <kizer> well unless my server burst into flames I guess I'll be ok with the security for now
[18:09] <Deeps> disabling root logins also helps (stupid that it's enabled by default)
[18:09] <ScottK> kizer: If you care about security, pick something other than ftp.
[18:09] <kizer> nafallo: torrentflux!
[18:10] <Nafallo> what about it?
[18:10] <ball> sftp
[18:10] <kizer> torrent flux has a webgui
[18:10] <Nafallo> been there, contributed code, gone back
[18:10] <ball> I would like some alternative to nfs that was less insecure.
[18:10] <kizer> and it's quit usable
[18:11] <Deeps> ball: nfs over vpn? ;)
[18:11] <erik78se> kizer: disable root-login, keep a good patchlevel, use passwords that has no real words in it and use a rudimentary firewall and your server will be mega-hard to "hack/break".
[18:11] <Deeps> ..via ssh
[18:11] <kizer> sweet
[18:11] <erik78se> ... via a network.
[18:11] <kizer> thanks for all you help guys!
[18:11] <ball> Deeps: Yeah, I suppose that could work at a push.
[18:11] <Deeps> if you're running any other internet visible services that aren't firewalled off, they're also exploitable
[18:11] <Nafallo> kizer: it's not as usable as the fork, tf-b4rt.
[18:12] <Nafallo> kizer: also, I don't think tflux ever committed my patches for IPv6 support.
[18:12] <kizer> k
[18:12] <jmedina> ball: nfs is insecure, do you want something really secure, you can use AFS :D
[18:12]  * ball suspects jmedina is joking
[18:12] <erik78se> Deeps: yeah, however a simple DROP default rule in the firewall will provide all the security needed.
[18:12] <kizer> so I should just set firewall rules to restict access to those services to a select pool of Ip's
[18:13] <kizer> with the ftp
[18:13] <jmedina> http://www.openafs.org/
[18:13] <kizer> I have user name and pasword login enabled
[18:13] <jmedina> ball: http://www.openafs.org/
[18:13] <erik78se> kizer: you configure your firewall with ALLOW for only those services you want to expose. Lets say SSH. ALL other protocols are DROP.
[18:13] <kizer> ok
[18:13] <Deeps> erik78se: i know that, and you know that, not everyone in here may know that though ;)
[18:14] <erik78se> Deeps: cheers =)
[18:14] <kizer> but I could still access the services via the local network?
[18:14] <kizer> just not through the internet gateway?
[18:14] <erik78se> kizer: Thats in total 2 rules.  <1> from * allow SSH <2> from * deny *
[18:14] <ball> back shortly
[18:15] <ball> I saw afs and thought it was part of AppleTalk btw.
[18:15] <kizer> ok
[18:15] <erik78se> Then you can refine those rules...
[18:15] <kizer> so I won't be able to access the ssh?
 from internal_network allow SSH <2> from * deny *
[18:15] <kizer> I'm a bit confused
[18:16] <kizer> where would I edit this setting
[18:16] <Deeps> !ufw | kizer
[18:16] <kizer> through ufw
[18:16] <Deeps> ubottu: fail
[18:16] <kizer> k
[18:16] <Deeps> lies
[18:16] <erik78se> kizer: Yes. The first rule tells you "who" can access ssh. The second rule say "nobody can access anything". The rules are allied from top to bottom....
[18:16] <kizer> thanks erik
[18:17] <kizer> oh ohh oh
[18:17] <kizer> sorry you had to explain that
[18:17] <kizer> I understand now
[18:17] <erik78se> kizer: good, happy to help.
[18:19] <erik78se> iptables is really easy to configure, once you understand that the rules are "applied" from top to bottom and that in the bottom you should ALWAYS have "from * drop *" (the syntax is different ofc). From there, you can create super-safe firewalls.
[18:20] <erik78se> You can "practice" iptables by trying out "fwbuilder" and try create a simple firewall.
[18:21] <erik78se> Start by doing that "from * drop *". That will effectively shut out everything. Then add one rule at the time until your firewall works as you intend.
[18:22] <erik78se> Helpful to debug is to do : "from * drop * log" .... that will show you what is acctually dropped by the firewall.
[18:24] <kizer> I changed to default app policy to "DENY"
[18:46] <kizer> hello again
[18:46] <kizer> has anyone had any experience with setting up wakeup-on-lan
[18:47] <kizer> I reading some documentation on it but it seems abit complicated
[18:50] <ball> yes
[18:50] <ball> it works for me
[18:50] <ball> (at least, to an extent)
[18:57] <ball> kizer: what are you trying to do?
[19:05] <kizer> I'm trying to setup server to wakeup on LAN
[19:05] <kizer> So I could turn the computer on from anywhere
[19:06] <ball> kizer: I was going to try that, but couldn't get my Ubuntu Server box to suspend or hibernate.
[19:06] <ball> Realistically servers are usually on 24/7 anyway, but I have to test these things.
[19:08] <kizer> yeah but I'm sorta on a budget as far as power consumption and wouldn't mind shutting do the system when I know it's not going to be used
[19:08] <ball> kizer: that's fair enough.
[19:08] <kizer> yup green is good
[19:09] <ball> make sure you wake it up in time to do its cron jobs though
[19:09] <kizer> I'm reading a tutorial on how to set it up
[19:09] <ball> (backup etc.)
[19:09] <kizer> here
[19:09] <kizer> http://ubuntuforums.org/showthread.php?t=234588
[19:09] <kizer> cron can also wake up the machine?
[19:09] <ball> That said, my current Ubuntu Server box is burning 33W.
[19:10] <kizer> that's pretty decent
[19:10] <ball> kizer: cron on another machine might be able to wake your server.  I've never tried the rtc alarm clock thing, but that might be another option.
[19:10] <kizer> right
[19:11] <kizer> but I would just want to have the server to be able to wakeup on LAN regardless of the computer that's waking it up
[19:11] <kizer> All I have to do is know the mac address of the NIC
[19:11] <ball> Usually I have the server up 24/7 and the users switch off their workstations when they're done.
[19:11] <ball> I can turn those on from the server
[19:12] <ball> (via ssh)
[19:12] <kizer> nice...
[19:12] <ball> ...do some remote admin, then turn them back off
[19:12] <ball> That works if they Hibernate too, but not if they "suspend".
[19:12] <kizer> but if a how can you turn them on... remotely
[19:12] <ball> I suspect shoddy firmware.
[19:12] <kizer> oh oh
[19:13] <ball> kizer: I run "wakeup" on the server.
[19:13] <kizer> ok
[19:13] <tadeu_> guys, how can i edit the boot runlevel ?
[19:13] <kizer> while there in suspend mode
[19:13] <kizer> ?
[19:14] <ball> kizer: while they're switched off, or in hibernate.
[19:14] <ball> If it's just suspended, I can't revive it.
[19:14] <ball> (pet peeve)
[19:14] <tadeu_> it isn't a easy thing in ubuntu...
[19:14] <kizer> oh
[19:15] <ball> Hmm... I need to fix my Ubuntu Server box.  Perhaps its CMOS setting for WoL is wrong.
[19:16] <kizer> so is there an alternate way of setting up a server to boot remotely even if it's turned off
[19:16] <kizer> besided WOL
[19:16] <kizer> or is WOL the only way to go
[19:16] <ball> short of a hardware solution, WoL seems the most likely candidate.
[19:17] <kizer> ok then WOL it is
[19:17] <ball> of course, then you need some way to connect to a workstation or VPN in.
[19:17] <kizer> could you explain how WOL could be setup
[19:17] <kizer> I've been reading some things on the net
[19:18] <ball> kizer: on the machine to be woken, I go in and make sure the CMOS setup program ("BIOS") is configured to allow WoL.
[19:18] <kizer> yes, I believe I did that
[19:18] <ball> ...then on the machine that's doing the waking, I make sure I have the wakeup program.
[19:18] <kizer> I'll check to repos
[19:18] <kizer> ok
[19:18] <ball> In practice I have a shell script on the server
[19:18] <ball> I just type "wake"
[19:18] <ball> ...and the workstations all wake up
[19:18] <kizer> nice, nice
[19:19] <kizer> I have to make a script eventually as well
[19:19] <ball> my script is incredibly simple
[19:19] <kizer> yeah I  made a script to easy the long command I use for logging into the server via ssh
[19:20] <kizer> ok
[19:20] <ball> each machine has two lines: the first is just a comment with the machine's name, the second is "wakeup {macaddr}"
[19:20] <kizer> ok
[19:20] <ball> e.g. "wakeup 00:02:a5:97:88:b2"
[19:20] <ball> (without the quotes ;-)
[19:20] <kizer> and you just input that to the prog to wake up the remote system
[19:21] <kizer> ok
[19:21] <kizer> I think I understand the setup now
[19:21] <kizer> I'll get started on it
[19:21] <ball> kizer: well, just having that line in the shellscript calls wakeup (which is the WoL program) and provides it with a MAC address to wake up.
[19:21] <kizer> thanks for your help
[19:22] <ball> No problem.  I hope it works for you.  I see too many offices filled with machines left on all night.
[19:22] <ball> With screensavers that don't.
[19:22] <kizer> yeah let's save some coal
[19:22] <ball> ...and the monitors left switched on and DPMS turned off.
[19:22] <ball> :-(
[19:25] <ball> Wish I could fix that Suspend issue though
[19:25] <ball> Standby, whatever
[19:27] <kizer> what program did you use to execute remote wakeup
[19:29] <kizer> I found this program called etherwake
[19:30] <ball> kizer: it may be the same program, let me check
[19:31] <kizer> most likely...
[19:37] <ball> kizer: all it does is generate the "magic packet" anyway.
[19:38] <kizer> ball: did you have to install anything on the remote machines you wanted woken up or just set the BIOS to have WOL enabled
[19:38] <ball> just set the BIOS
[19:38] <ball> (and perhaps the O.S. ...depends what you're running)
[19:39] <kizer> the OS?
[19:39]  * ball nods
[19:40] <kizer> how so?
[19:40] <kizer> what needs to be set for the OS
[19:40] <kizer> FYI I'm running ubuntu
[19:40] <ball> Ah okay.  I imagine that will "just work" then.
[19:41] <kizer> sweet
[19:41] <ball> I know last time I tried it I got similar results: Off and Hibernate will WoL.  Suspend won't.
[19:41] <ball> I suspect the firmware is at fault.
[19:42] <kizer> hmm... can help you there
[19:42] <kizer> have to tried google your issue
[19:43] <yann2> hello folks... I want to enable root account on my servers... but to allow people to connect from ttys *only* - ie no su - root from ssh
[19:43] <yann2> I tried many many things... got nothing to work.. any suggestion?
[19:44] <yann2> I tried /etc/security/access.conf... /etc/securetty... /etc/login.defs... enabling it in pam... it seems to be possible to restrict this in 10 different ways but none works :(
[19:51] <stefg> I've spend the day trying to get ebox working inside a virtualbox virtual machine (hardy host & guest). Neither a jeos install nor a virtual install of the ebox-installer iso gave me a working result. i'm using ubuntu hardy as host and guest. I'm able to login to the virtual ebox-machine but if i try to access the network configuration or the system module all i get is "Page not found" or...
[19:51] <stefg> ..."Really nasty bug..." Is ebox currently broken?
[19:57] <LoveGuru> stefg: hay may i know "ebox" what for? what is the purpose to using ebox/
[19:58] <ScottK> !ebox | LoveGuru
[19:58] <LoveGuru> ScottK: thx.
[19:59] <zoopster> stefg:  ebox works fine on hardy...have not run it in a vm. Do you receive anything in syslog or messages?
[19:59] <LoveGuru> ahh "warning" for 8.10
[20:00] <zoopster> stefg: other than your 404 error
[20:02] <stefg> zoopster, LoveGuru : nothing particular. I started doing a jeos install, then adding the ppa-repo for the latest stabel ebox packages and installed ebox-samba ... didn't work, could not enable the firewall & network module, thus NO SAMBA
[20:03] <stefg> tehn i thought: ok, jeos might be a bit too stripped down and tried the ebox installer (hardy-server with post installation script)... same result. At the moment i'm not even sure wether i'm looking at an ebox- or a virtualbox problem
[20:04] <kizer> wow that was automagical!
[20:05] <kizer> I used etherboot and the server started up!Q
[20:05] <kizer> awsome
[20:05] <stefg> there is a (debian-based) live CD which i could run in virtualbox... that one worked, so i guess is an ebox problem and some package might be missing
[20:05] <kizer> it's just wonderful when something just works
[20:06] <stefg> kizer: in turn it's just frustrating if something does not, and you don't get a clue why
[20:06]  * ball returns, avec hot chocolate.
[20:09] <zoopster> stefg: assume you have ebox-firewall and ebox-network installed, correct?
[20:10] <zoopster> seeing as samba requires them..you must have
[20:10] <stefg> zoopster: right... plain server/jeos install and a simple apt-get install ebox-samba (trusting that the dependencies will pull in everything that's needed)
[20:11] <stefg> so this is actually a straight forward thing... and i have ebox running on real hardware, so i know it works there. But inside a VM i can't get it to work
[20:13] <stefg> i tried ther -server and -virtual kernel, tried the stock hardy version of ebox (0.11.something) and the ppa-repo version (0.12.3) ... doesn't make any difference
[20:16] <stefg> ATM i'm not even considering a bug report, because that 'doesn't work' type of reposrts don't help anybody
[20:21] <stefg> so let me ask the other way 'round: did anyone in here succed in getting ubuntu-server with ebox on top to run inside a virtualbox vm?
[20:53] <LoveGuru> stefg: i never tried "ebox" well will try it. inside the VMware
[20:57] <stefg> LoveGuru: would be nice... i suspect that the virtual network adapters in vm's confuse the ebox network conf module. If vmware works, but virtualbox doesn't  we found something out ...
[21:01] <didrocks> jdstrand: I thing this merge is still pending for ufw: https://code.edge.launchpad.net/~didrocks/ufw/case-insensitive-app/+merges :)
[21:01] <jdstrand> didrocks: yes it still is :(
[21:01] <jdstrand> didrocks: however, I have not broken my promise to you-- it will be the first thing I do when I get back to ufw
[21:02] <jdstrand> didrocks: I hope to get back to it soonish
[21:02] <didrocks> jdstrand: no problem. It was just a reminder to not break the merge ;)
[21:03] <didrocks> jdstrand: take your time. You have an UDS to prepare :D
[21:03] <jdstrand> :)
[21:05] <\sh> opennms + ejabberd + mail + opennms dashboard on ubuntu ==> rock hard management compatible tool
[21:06] <\sh> especially when the dashboard is displayed on a very big, very full hd flat screen
[21:18] <AlexC_> morning all
[21:19] <AlexC_> I'm getting some weird entries in my /var/log/mail.log regarding Dovecot: Dec  1 19:00:11 foobar dovecot: pop3-login: Disconnected: user=<shop>, method=PLAIN, rip=200.219.227.216, lip=72.14.177.56
[21:19] <\sh> hmm...what is the best way to see the filecache memory on the CLI?
[21:19] <AlexC_> I have at least 100 of those entries, all with different usernames. Is this someone just trying to connect - or have they actually connected, and disconnected (it's the wording' disconnected' that is worrying me!)
[21:37] <jmarsden|work> AlexC_: Sounds like someone is trying a small scale dictionary attack.  if you see entries with "dovecot: pop3-login: Login: user=<someuser>" from that same remote IP, then you should be worried -- it means they guessed a password correctly.
[21:38] <jmarsden|work> If you see all the "unwanted" login attempts are from the same IP or same subnet, you can block them with an iptables rule or similar filtering.
[21:40] <AlexC_> jmarsden|work, awesome, at least they are not successful logins then
[21:40] <jmarsden|work> Correct.
[21:41] <jmarsden|work> You can verify you manually connecting (telnet servername 110) and doing user foo and then pass bar and then quit... and look at your resulting log entries.
[21:41] <AlexC_> thanks =)
[21:41] <AlexC_> jmarsden|work, ah, good idea
[21:41] <Deeps> s/telnet/nc/ !
[21:41] <Deeps> netcat, not telnet!
[21:42] <jmarsden|work> Deeps: Both work equally well :)
[21:42] <Deeps> untrue, telnet process can block and not allow you to ^C exit in some cases
[21:43] <jmarsden|work> Deeps: Give me a way to duplicate that.  when connecting to a POP3 server...
[21:43] <jmarsden|work> BTW you would usually ctrl-] close in telnet, not ctrl-c...
[21:44] <Deeps> non-standard approach, most programs will respond to ctrl+c, like netcat ;)
[21:44]  * jmarsden|work has been telnetting to POP3 and SMTP servers for testing since at least 1994.  Read the telnet man page.
[21:44] <Deeps> telnet pop3.telefonica.net 110
[21:44] <Deeps> +OK POP3 PROXY server ready (7.2.078)
[21:45] <Deeps> at which point ctrl+c fails, ctrl+] works fine mind
[21:45] <jmarsden|work> why would you ctrl-c at that point, you can type quit ... you just need to know the POP3 commands...
[21:46] <Deeps> well you're specifying to pop3 servers now, i was generalising when i recommended nc over telnet
[21:46] <jmarsden|work> No.you were responding to a specific suggestion to telnet to a POP3 server.
[21:46] <jmarsden|work> Oh well.
[21:46] <Deeps> although if there are 2 solutions to a problem, one uses a more commonly used approach, the other uses a special syntax and requires knowledge of the protocol + man page reading to get right, which would be the preferred approach for newbies? ;)
[21:47] <AlexC_> jmarsden|work, tailing the logs, and doing what you said - I see no such message when an auth fails
[21:48] <AlexC_> I get '-ERR Authentication failed.' within telnet, though nothing in the logs
[21:48] <jmarsden|work> AlexC_: Hmm, and when you then quit the telnet session... still no disconnect??
[21:48] <AlexC_> jmarsden|work, ah, when quiting I get: pop3-login: Aborted login (1 authentication attempts): user=<lolcake>, method=PLAIN,
[21:49] <jmarsden|work> AlexC_: Well, that's close... I suspect you didn't exit the session cleanly or something, to get that.
[21:49] <AlexC_> jmarsden|work, I typed 'quit'
[21:50] <AlexC_> is there another way of closing it?
[21:53] <jmarsden|work> AlexC_: OK, go it... it is the other way around...  telnet servername 110 then user foo pass bar, then ctrl- and then ctrl-c and you'll get the "disconnected" message.
[21:53] <jmarsden|work> So whoever is trying passwords is not typing the quit command, apparently.
[21:54] <AlexC_> ctrl- ? Missing a letter out there?
[21:54] <jmarsden|work> * should have been "then ctrl-] and then ctrl-c ..." above
[21:55] <AlexC_> jmarsden|work, ahh I see. Awesome, also just closing the terminal gets the same
[21:55] <jmarsden|work> OK.  Anyway, that confirms the diagnosis.
[21:55] <AlexC_> Is there anyway I can up the log even, so it actually says failed attempt (so I can get Fail2Ban picking it up and blocking them)
[21:56] <jmarsden|work> I don't know.  I have a daily script that greps through my maillogs and uses sort and uniq to show me any probably offenders doing this, then I block them by hand... there's probably a way to automate that further.
[21:57] <AlexC_> ok, well I'll look into it later on - at least I know what these messages are now =) Thanks for all the help, put my mind at rest!
[21:57] <jmarsden|work> No problem.
[22:04] <dana_good> i'm trying to set up ndoutils-nagios2-mysql, but it keeps on getting stalled saying "dbconfig-common: flushing administrative password"
[22:18] <axisys> i have a sun x4100 which supports 64 bit
[22:18] <axisys> should I install 64-bit ubuntu server 8.10 ?
[22:19] <axisys> if there are lots of issue with pkgs I rather not
[23:05] <dana_good> axisys: what application are you running?
[23:12] <axisys> dana_good: it will be mainly lamp
[23:12] <dana_good> should work fine 64bit
[23:13] <axisys> also I have two disks in this x4100 amd opteron server.. how do I install in using mirror raid ?
[23:13] <yann2> soft or hard? which version of ubuntu?
[23:15] <axisys> yann2: soft
[23:15] <axisys> yann2: intrepid
[23:15] <yann2> you can get hard raid with x4100 , why use a soft raid?
[23:16] <axisys> yann2: ofcourse still deciding if I sh'd go with 64 bit or 32 bit and alternate or regular server iso
[23:16] <yann2> why not use 64bits? its a 64bits server :)
[23:16] <axisys> yann2: so get the 64bit alternate iso ?
[23:16] <dana_good> axisys: if you're using SAS drives do HW raid
[23:16] <yann2> yeah
[23:17] <yann2> how many disks do you have?
[23:17] <yann2> dana_good > I had a bug using soft + hard raid on a x4100 not longer than a week ago, very annoying
[23:18] <axisys> ok how do I do it w/ hard raid? i have two SAS disks
[23:18] <dana_good> yann2: i have very little experience with those sort of issues. 99% of my linux boxes are vms.
[23:18] <yann2> how many disks do you have?
[23:19] <axisys> yann2: 2
[23:19] <yann2> it was quite specific to my install.. maybe you won't run into it
[23:19] <yann2> right so you won't :) my bug was with 4 disks, 2 raid 1, grub was installing on the wrong virtual disk
[23:19] <axisys> do I get the alternate iso or regular server iso?
[23:20] <yann2> i didnt know there was a server alternate :)
[23:20] <yann2> but go for hardware raid
[23:20] <yann2> where did you get that x4100? :P
[23:20] <axisys> yann2: ok how do I do the hardware raid ?
[23:20] <axisys> yann2: work
[23:20] <yann2> during the boot, it will tell you "to configure blah press ctrl+key"
[23:20] <yann2> ctrl-a or ctrl-q
[23:20] <yann2> not sure
[23:21] <yann2> boot it it tells you at some point :)
[23:21] <axisys> yann2: tnx
[23:22] <axisys> yann2: i am solaris guy.. thsi will be my first ubuntu 64bit server
[23:22] <yann2> good luck... I had a hard time getting my hands on solaris 10 on my t1000 :)
[23:22] <axisys> i have been using ubuntu since 5.04
[23:23] <axisys> yann2: solaris is joke for me
[23:23] <axisys> yann2: but hopefully this will be fun too
[23:23] <axisys> in my laptop i am using ubuntu
[23:23] <yann2> you can't run vms on x4100 you know that :)
[23:24] <axisys> yann2: not planning to
[23:29] <axisys> yann2: should I be able to install it from console?
[23:29] <axisys> yann2: i dont have any gui
[23:29] <axisys> yann2: connected to it thru SP
[23:31] <yann2> yes
[23:31] <yann2> normal debian-installer
[23:31] <yann2> SP should be fine
[23:32] <yann2> but there is a VGA port :)
[23:33] <axisys> yann2: i know.. but i am doing the installtion remotely