[00:07] <AshTray-> I have a problem with dovecot under Ubuntu Server :|
[00:07] <AshTray-> The app wont start :(
[00:07] <AshTray-> root@blt:~# /etc/init.d/dovecot start
[00:07] <AshTray-> root@blt:~#
[00:08] <jtaji> AshTray-: that's normal, try /etc/init.d/dovecot status
[00:08] <AshTray->  * dovecot is running.
[00:08] <AshTray-> root@blt:~# telnet localhost pop3
[00:08] <AshTray-> Trying 127.0.0.1...
[00:08] <AshTray-> telnet: Unable to connect to remote host: Connection refused
[00:08] <AshTray-> Same with imap
[00:09] <Deeps> has it been configured to bind to a particular ip, rather than catchall 0.0.0.0?
[00:10] <Deeps> `netstat -anp` would be useful in this instance to show you what processes are handling what socket connections
[00:11] <AshTray-> unix  2      [ ]         DGRAM                    1217455  16952/dovecot
[00:11] <AshTray-> And .. other.
[00:11] <Deeps> no tcp sockets?
[00:12] <AshTray-> How do you tell if it's a tcp socket ?
[00:12] <AshTray-> unix  3      [ ]         STREAM     CONNECTED     1217499  16952/dovecot
[00:12] <Deeps> first word
[00:12] <Deeps> shows it's a unix socket, rather than a tcp, tcp6, udp or udp6 socket
[00:13] <AshTray-> No. No TCP sockets at all.
[00:13] <Deeps> nothing listening on 110?
[00:14] <AshTray-> http://paste.ubuntu.com/92479/
[00:15] <Deeps> oh, you might need to run as sudo/root
[00:15] <AshTray-> I'm on the root account :)
[00:15] <Deeps> hmm, no, it should still show you anyway
[00:15] <Deeps> thats bizarre
[00:15] <Deeps> what version of ubuntu are you on?
[00:16] <AshTray-> Last version...
[00:16] <Deeps> gutsy? hardy? intrepid?
[00:16] <Deeps> jaunty alpha?
[00:16] <AshTray-> Linux version 2.6.27-7-server (buildd@palmer) (gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu11) ) #1 SMP Tue Nov 4 20:18:35 UTC 2008
[00:16] <Deeps> lsb_release -a
[00:16] <AshTray-> root@blt:~# lsb_release -a
[00:16] <AshTray-> No LSB modules are available.
[00:16] <AshTray-> Distributor ID: Ubuntu
[00:16] <AshTray-> Description:    Ubuntu 8.10
[00:16] <AshTray-> Release:        8.10
[00:16] <AshTray-> Codename:       intrepid
[00:16] <Deeps> intrpid
[00:17] <Deeps> i dunno, maybe they changed the behaviour of netstat in intrepid, thats mighty weird though
[00:18] <Deeps> netstat -tanp give you anything?
[00:18] <AshTray-> Yes :) Enlightement
[00:19] <AshTray-> tcp6       0      0 :::110                  :::*                    LISTEN      16952/dovecot
[00:19] <Deeps> and telnet localhost 110 fails
[00:19] <AshTray-> Yes.
[00:19] <Deeps> you tried specifying numeric 110 instead of service name pop3?
[00:19] <AshTray-> Yes.
[00:20] <Deeps> i'm outta ideas beyond "check the dovecot logs"
[00:25] <AshTray-> Dec 24 23:03:08 blt dovecot: Killed with signal 15
[00:26] <AshTray-> This is the only thing i found
[00:26] <Deeps> to the google machine!
[00:26] <Deeps> gl!
[00:26] <Deeps> nn
[00:26] <AshTray-> nn
[00:27] <AshTray-> Thanks
=== zoradon is now known as belzoradon
[01:25] <arrrghhh> if i setup samba with security = share is that enough to prevent the password prompt?  or is there something else i should be doing?
=== y0315219 is now known as L
=== L is now known as Guest14173
=== Guest14173 is now known as L_Y
[01:53] <Elite> how do I install SWAT for samba?
[01:58] <belzoradon> Elite: have you tried google?
[01:58] <Elite> Yes
[01:59] <Elite> Actually you know what I haven't but I'm on dial up so this is faster anyways
[01:59] <belzoradon> what exactly is the problem then? i just found 4 howtos
[02:00] <Elite> Well I have samba installed but I am not sure if swat is installed
[02:01] <belzoradon> have you tried typing swat --help?
[02:05] <Elite> nevermind I got it
[02:06] <arrrghhh> dial up?  seriously?
[02:06] <arrrghhh> my free aol hours ran out years ago...
[02:07] <zicada> dialup ? seriously ?
[02:08] <zicada> 2009 in like, 7 days
[02:08] <arrrghhh> lmao
[02:09] <zicada> http://www.youtube.com/watch?v=c4RY-eJgHHs&eurl=http://www.alandfaraway.org/forums/viewtopic.php?f=4&t=41255&start=15
[02:09] <zicada> max high in headset
[02:09] <zicada> yes yes
[02:09] <zicada> merry xmas :D
[02:09] <zicada> and if i hit da switch, i can make da ass drop
[02:09] <zicada> :D
[02:11] <Elite> od damn linux sucks
[02:12] <arrrghhh> Elite, then use windoze
[02:12] <arrrghhh> we don't care
[02:12] <Elite> Windows sucks too haha
[02:13] <arrrghhh> yes, which is why i use linux
[02:13] <arrrghhh> my ubuntu server has been rock solid
[02:16] <arrrghhh> ah well seems like samba's working now.
[02:16] <arrrghhh> cya'll
=== zoradon is now known as belzoradon
[02:22] <zicada> Elite: troll
[02:22] <zicada> firestarter
[02:22] <zicada> fuck you linux is better
[02:22] <zicada> :D
[02:43] <xp_prg> what is the package I need to install to get mkpasswd?
[02:45] <zicada> type mkpasswd
[02:46] <zicada> magic ubuntu will inform you
[02:46] <xp_prg> just says mkpasswd not found
[02:46] <foxytheold> *sniggers at lst comment and goes off to bed to sleep*
[02:47] <zicada> night
[02:47] <xp_prg> hello?
[02:47] <foxytheold> night everyone merry xmas n happy new year to all
[02:50] <zicada> google knows all
[02:51] <xp_prg> I did google it
[02:54] <zicada> yeah
[02:54] <xp_prg> it returned a perl module that is all
[02:55] <zicada> im telling tim
[02:55] <zicada> :|
[02:55] <zicada> :D
=== luke is now known as lukehasnoname
=== zoradon is now known as belZoradon
[05:13] <Kira> In Intrepid Ibex, which apt package(s) do I need to install so that I can start the GNOME environment when I need it?
[06:01] <Tim__Reichhart> could anybody tell me how to unmount my whole old hard drive and put it onto a new hard drive
[06:33] <Tim__Reichhart> if anybody is looking for cheap server here you go: http://www.tigerdirect.com/applications/searchtools/item-details.asp?EdpNo=4133906&Tab=11&NoMapp=
[06:34] <Anirban1987> What are the basic protection I need to apply on a Ubuntu 8.04 Apache server ?
[06:39] <jmarsden> Anirban1987: Read some tutorials on hardening Apache adn LAMP installations... maybe look at http://www.freesoftwaremagazine.com/articles/hardening_linux and http://www.us.apachecon.com/presentation/materials/42/Hardening_Enterprise_Apache.pptx ?
[06:40] <xp_prg> what is the package for mkpasswd?
[06:41] <Anirban1987> I use APF as firewall . How will you rate it ?
[06:41] <jmarsden> xp_prg: dpkg -S `which mkpasswd`  will tell you ... the answer is whois
[06:43] <jmarsden> Anirban1987: It should be fine if property configured, like any sane iptables-based firewall.  But a firewall is only one part of your overall Linux web server security.
[06:43] <xp_prg> jmarsden that command didn't do anything for me
[06:43] <xp_prg> but your saying the package is whois that has mkpasswd?
[06:44] <jmarsden> xp_prg: Hmm, it worked here.  Yes.
[06:44] <xp_prg> ok cool I have it now!
[06:46] <xp_prg> how do I make sure my ubuntu-server has security updates?
[06:48] <jmarsden> xp_prg: Read the Ubuntu Server Guide, but as a quick check, do sudo apt-get update && sudo apt-get upgrade
[06:50] <Anirban1987> I have a problem . I am running Parallel Plesk 9.0.0 on Ubuntu 8.04 x64. If I try to upgrade it to 8.10 will there be any compatibility problem with Plesk ?
[06:50] <jmarsden> xp_prg: See https://help.ubuntu.com/8.10/serverguide/C/automatic-updates.html (but read the whole guide it is well worth the time)
[06:51] <turuburu> merry christmas!
[06:54] <jmarsden> Anirban1987: It's probably safest to ask Plesk support about that
[06:55] <Anirban1987> But as I am using the demo version (which allows only 1 domain :( ) . So they just don't care.
[06:57] <jmarsden> Then maybe you should switch to a free software alternative?  ebox?  webmin/virtmin?  Anything reasonable that you have full source code for and the ability to enhance or fix when it breaks?
[06:58] <Anirban1987> They are not as glossy as Plesk or CPanel
[06:58] <jmarsden> OK, then pay for the glossiness and get full support, or hack them to add the desired glossiness :)
[07:01] <JDStone> what should I set the chunk size to for a RAID 5 array with 3 1TB drives
[07:01] <JDStone> ??
[07:02] <Anirban1987> Do u know how to hack it ?
[07:04] <jmarsden> Anirban1987: I've made a few minor mods to virtualmin for my own purposes... but adding glossiness (beyond choosing a nice looking theme) was not a major goal for me.
[07:05] <jmarsden> JDStone: There are no hard and fast rules for that, as far as I know... maybe 256K ?
[07:06] <JDStone> jmarsden: well, the default is 64, right?
[07:06] <JDStone> what's the advantage/disadvantage of using 256K vs. the default 64K
[07:07] <jmarsden> Yes, but for a 2TB array that's probably too small.  Those defalts were created a whiel ago, ebfore 1TB drives were common.
[07:07] <Anirban1987> Then I how can I shift from Plesk to Virtualmin seamlessly without any downtime ?
[07:08] <JDStone> jmarsden: well, actually, it'd be a 1.5TB array. okay, then I'll take your advice, 256K it is
[07:08] <jmarsden> JDStone: It's all about performance on different workloads...  and no, RAID 5 across 3 1Tb drives should get you a 2TB array.  One drive for paritym the otehrs for data.
[07:09] <jmarsden> Anirban1987: I have no idea.  But you can't upgrade to 8.10 with no downtime either.
[07:09] <JDStone> okay, alright. cool.  thanks.  i'm doing 256K then, cool.  thanks again
[07:09] <jmarsden> JDStone: No problem.
[07:10] <Anirban1987> Can u gurantee proper running of Plesk then ? The Plesk site says it supports upto 8.04.
[07:11] <jmarsden> Plesk is proprietary software, I have not used it.  I can't guarantee anything about it :)  Sounds like maybe you should stick to 8.04 until Plesk say they support 8.10
[07:13] <JDStone> jmarsden: did I miss something?  I did "sudo mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 -c256 /dev/sdb1 /dev/sdc1 /dev/sdd1"
[07:13] <JDStone> and I got:
[07:13] <JDStone> "[ 6961.505394] raid5: raid level 5 set md0 active with 2 out of 3 devices, algorithm 2"
[07:14] <JDStone> isn't it supposed to use all 3 drive?
[07:14] <JDStone> *drives
[07:15] <jmarsden> JDStone: I'm not sure at all, but I think that is an OK result, since if you only had 2 devices you could not have RAID5 at all, by definition.
[07:15] <JDStone> what are you talking about
[07:15] <JDStone> I have 3 devices
[07:15] <JDStone> 3 hard drives
[07:15] <JDStone> that's what RIAD5 requires
[07:16] <jmarsden> Right.  So the log message probably means "using 2 of 3 for data, 1 for parity?"  I'm guessing.  It *can't* mean "using two devices total for RAID5", because that is a logical impossibility.
[07:17] <JDStone> oh, okay
[07:19] <JDStone> alright, thanks dude
[07:19] <jmarsden> You can probably do something like sudo cat /proc/mdstat to see what is happening with your software RAID?
[07:19] <jmarsden> No problem
[07:20] <JDStone> yep, that's what I'm looking at now, /proc/mdstat/, thanks
[07:27] <JDStone> jmarsden: when I examine the raid device, it says spares=1
[07:29] <JDStone> it says 3 devices, 1 spare
[07:29] <JDStone> active devices: 2
[07:29] <JDStone> working devices: 3
[07:29] <JDStone> failed devices: 0
[07:29] <JDStone> spare devices: 1
[07:29] <JDStone> i'll wait 'til it's done building
[07:29] <JDStone> or whatever
[07:29] <JDStone> and then see what it says
[07:30] <JDStone> and then I'll ask for help then, if needed
[07:30] <JDStone> sorry to bother you
[07:30] <JDStone> thanks
[07:30] <JDStone> :)
[07:30] <jmarsden> I don't have a software RAID5 machine I can look at to compare with, unfortunately... but that doesn't sound right.  Sounds like you may have build a RAID1 device with a hot spare?
[07:41] <JDStone> yeah, i know, it doesn't sound right
[07:41] <JDStone> but I specified --level=5
[07:43] <JDStone> weird
[07:43] <JDStone> i guess we'll see
[07:44] <jmarsden> Yes, you'll see by the size of the resulting array, I suppose.  What does grep md0 /proc/mdstat say?
[07:47] <JDStone> md0: active raid5 sdd1[3] sdc1[1] sdb1[0]
[07:47] <JDStone> unused devices: <none>
[07:47] <JDStone> 256k chunk, algorithm 2 [3/2] [UU_]
[07:47] <JDStone> and it's recovering
[07:48] <jmarsden> That looks fine.  Perhaps the 3rd drive will show normally once the device build completes.
[07:48] <JDStone> yeah, that's what I'm thinking...
[07:48] <JDStone> we'll see...
[08:14] <jmarsden> JDStone: OK, I found a way to create a software RAID5 device on a single HD on this desktop PC I'm using... and the array created (I made a really small one) with the command you posted looks fine (and looks to be RAID5) once the build completes.
[08:36] <JDStone> alright, cool. thanks for all the help jmarsden
[08:36] <JDStone> goodnight
[08:36] <jmarsden> No problem.  Goodnight.
[10:26] <ghaleb> hello, I'm trying to use LDAP for authentication,  I get results from ldapsearch -x,   libnss-ldap.conf , ldap.conf and  nsswitch.conf configured this way:   http://rafb.net/p/m0iGQZ77.html
[12:52] <AshTray-> Merry Christmas !!
[16:54] <WoLf_Loonie> Hello everyone, and merry christmas =)
[16:54] <WoLf_Loonie> I have an issue (possibly with my router?).. when I check my Apache2 logs, every incoming connection from the WAN side, is recorded as coming from 10.0.0.1 (my router's ip) instead of the normal ip address like it used to do with a different setup.. iptables on the router looks fine, and I've tried to blank out iptables on the server, but I can't find a way to fix this issue..
[16:55] <jmarsden> WoLf_Loonie: Merry Christmas, and did this used to work correctly... and if so, what did you change?
[16:56] <WoLf_Loonie> Hello jmarsden, and, I've changed Computer and router =P
[16:57] <jmarsden> That's... a significant change alright!  I'd suspect the router; can you put the "old" router back in place as a test?
[16:58] <WoLf_Loonie> sure thing. I'll be back in about 2 minutes, have to physically switch it and come back =)
=== WoLf is now known as WoLf_Loonie
[17:02] <WoLf_Loonie> Alright, with the old router, it works as expected.
[17:03] <WoLf_Loonie> (had to switch back to the new one, missing WiFi on the old)
[17:03] <jmarsden> OK, cool, so that has reduced the places to look for the problem by 50% :)
[17:04] <jmarsden> Is the new router a Linux box?  WHat software is it running?
[17:04] <WoLf_Loonie> yes, it is, but I'm not sure how to say what kind it is. can get to the busybox tho, if needed
[17:05] <jmarsden> OK, so it is a commercial embedded device, running... dd-wrt or something like that?
[17:05] <WoLf_Loonie> it's a TP-Link TD-W8920GB
[17:05] <jmarsden> Not one I have heard of, but OK.  Can you pastebin the current iptables ruleset it is using?
[17:05] <WoLf_Loonie> sure, in a sec
[17:07] <jmarsden> Meanwhile I am downloading its PDF manual...
[17:07] <WoLf_Loonie> http://pastebin.com/d42b7cf3b
[17:13] <jmarsden> Looks more or less sane.  A couple of odd ports open, but I assume that is deliberate... but it does not seem to be doing NAT??
[17:14] <WoLf_Loonie> it forwards the port correctly, but any server receiving them, states the connection comes from 10.0.0.1 instead of, let's say, 123.123.123.123
[17:15] <WoLf_Loonie> and yes, the four ports open are deliberate, and used from my servers.
[17:16] <WoLf_Loonie> five, forgot ssl irc =P
[17:18] <jmarsden> OK... there are no NAT related rules in that output... maybe adding something like   iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
[17:19] <jmarsden>  woudl do the trick, but it is very puzzling as to why the router doesn't do some POSTROUTING stuff already.
[17:20] <jmarsden> It is almost as though your router is configured as a pure router, not as a NAT firewall.  Is there some checkbox in its user interface for NAT that was forgotten somehow?
[17:21] <WoLf_Loonie> it should be checked, will double check in a second
[17:21] <WoLf_Loonie> .. for some reason I can't add that line to iptables.
[17:22] <WoLf_Loonie> doesn't list any change in iptables -L after adding it.
[17:24] <jmarsden> OK... well, that's narrowed the area of the probelm down significantly.  I can't tell exactly what your router is doing, but if you can get it to create a suitable POSTROUTING rule, I am pretty sure all will then be fine.
[17:25] <jmarsden> Ideally get it to create one itself from its GUI, of course, but if that fails, try by hand as above.  Hmmm, you might need to manually create a NAT ruleset so that the -t nat above works?
[17:26] <WoLf_Loonie> the only checkbox under the nat section in the web configuration is about "ALG: Sip enabled"
[17:26] <WoLf_Loonie> it's on currently.
[17:26] <WoLf_Loonie> elsewhere, can't find any other option that could be related
[17:27] <WoLf_Loonie> (the firmware in this router is really lacking a lot.)
[17:27] <jmarsden> Strange.  Is there updated firmware for the router you can download, maybe??
[17:27] <WoLf_Loonie> already running the latest one, I tried that too
[17:28] <WoLf_Loonie> it gave me telnet access and working UPNP, (that was broken with the old firmware), but still the same behaviour with nat
[17:28] <WoLf_Loonie> if I can't find a way to fix that issue, I'm going to chuck it and get a new one. the only reason why I got this model is cause it has a 108M wireless.
[17:29] <WoLf_Loonie> (that is actually working like a wonder, at 150 meters from my home I still get 25% signal >.>)
[17:29] <jmarsden> OK.  Sadly, a different router may be the quickest way ahead here!  Did running iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE  give you any error messages or anything?  It's definitely the "right basic approach"...
[17:30] <jmarsden> Hmmm, can you use both -- use the odl router as a router, and use this oen as an access point behind it?  Best of both worlds?
[17:30] <jmarsden> IF it has an access point mode that could work well for you.
[17:30] <WoLf_Loonie> after entering the iptables line, it just states "hit enter to continue" as it does after every command it runs.
[17:31] <WoLf_Loonie> no errors nor outputs.
[17:31] <jmarsden> Hmm, that's sad.  If you type in junk you get the same thing?
[17:31] <WoLf_Loonie> -> sdfsdf
[17:31] <WoLf_Loonie> sdfsdf: not found
[17:31] <WoLf_Loonie> Hit <enter> to continue
[17:32] <jmarsden> Hmmm, so at least it recognized the iptables command... just apparently did nothing useful with it.
[17:32] <WoLf_Loonie> and giving iptables junk flags, it gives me an iptables error line like expected.
[17:33] <jmarsden> OK.  I'm running out of ideas, in your circumstances I'd be using the old router, and setting up the new one as an access point, I think.
[17:33] <WoLf_Loonie> or buy a very long ethernet cable for the EEE ;P
[17:34] <jmarsden> Well, sure, that's one way to avoid the problem ;)
[17:34] <WoLf_Loonie> hehehe =P
[17:35] <jmarsden> Well, I need to go AFK and help with breakfast here... but at least we now know the cause of the issue.  Sorry we didn't find a working solution.
[17:35] <WoLf_Loonie> to think, I was going crazy to understand why Apache2 was not making any difference with the "deny from all, allow from 10.0.0.0".. till I went to check the logs cause I was running out of ideas.
[17:35] <WoLf_Loonie> alright, thanks a lot for the help anyway =) and have a good breakfast
[17:35] <jmarsden> Thanks.
[17:41] <jtaji> WoLf_Loonie: if you do get a new router get a linksys WRT54GL and load tomato or dd-wrt firmware on it
[17:42] <WoLf_Loonie> I'd like to try a custom firmware for this router too, but I can't find any information on internet about it.
[17:42] <jtaji> what is it?
[17:42] <WoLf_Loonie> sounds like TP-Link is some "second brand" from D-Link, but can't find the relative model
[17:42] <WoLf_Loonie> it's a TP-Link TD-W8920GB
[17:43] <jtaji> basically unless it's a broadcom based one with enough flash that supports linux you are pretty out of luck
[17:43] <WoLf_Loonie> well, it's already running a busybox, so I guess it's only a matter of finding which firmware is compatible =P
[18:06] <jmarsden> WoLf_Loonie: There is an "Enable NAT" checkbox referred to on page 32 of the user manual... might be worth a look?  Figure 5-11
[18:24] <WoLf_Loonie> Sorry jmarsden, was deep into browsing google trying to find anything related to this issue, and I didn't hear the highlight
[18:24] <jmarsden> No problem... I was eating :)
[18:24] <WoLf_Loonie> under which section is the Enable Nat checkbox?
[18:24] <WoLf_Loonie> don't have the manual handy..
[18:26] <WoLf_Loonie> downloading the pdf ;P
[18:34] <WoLf_Loonie> O.o I don't have a figure 5-11 on that manual.. lol. anyway, it may be under the ADSL settings, will try to remake the connection and see what I can find in there.
[18:35] <WoLf_Loonie> I'll ba back (I hope ;P)
[18:35] <WoLf_Loonie> be*
[18:50] <jmarsden> http://www.atel.com.pl/doc/MAN_TD-W8920G.pdf
[19:02] <WoLf_Loonie> nothing, hmm.
[19:02] <WoLf_Loonie> but I noticed something in the logs of the router, going to pastebin it
[19:04] <jmarsden> Did you download the same version of the manual I found?
[19:05] <WoLf_Loonie> http://pastebin.com/d4f9a7153
[19:05] <WoLf_Loonie> dunno, I checked on the one from tp-link own website
[19:06] <WoLf_Loonie> anyway, that's the log of a reboot of the router
[19:06] <WoLf_Loonie> iptables -L still returns the same as before.
[19:08] <jmarsden> Ah, http://www.tp-link.com/english/soft/200862154858.pdf has it as Figure 4-11
[19:10] <WoLf_Loonie> *nods*
[19:10] <jmarsden> Lines 40 and 41 in your output look like actual errors...
=== backenfutter is now known as buddha
[19:11] <WoLf_Loonie> I checked on that, re-created the adsl connection, and triple checked it stated nat enabled.
[19:11] <jmarsden> And the POSTROUTING stuff does seem to be happening at boot, which is interesting.
=== buddha is now known as backenfutter
[19:11] <WoLf_Loonie> *nods* noticed that and the error. I wonder if it's related?
[19:12] <WoLf_Loonie> cause iptables then doesn't state anything about it. shouldn't it have a line for that?
[19:12] <jmarsden> Does    iptables -t nat -n -L   show you anything?
[19:15] <WoLf_Loonie> http://pastebin.com/d5ed441c5
[19:16] <WoLf_Loonie> 79.* is my current WAN ip.
[19:17] <jmarsden> OK.  Well, looks from that as though it really is doing NAT after all.
[19:19] <jmarsden> I'm not entirely convinced all the SNAT rules are really desirable... if you want to experiment, try deleting them?  Esp line 20, the one for port 80?
[19:20] <WoLf_Loonie> removing the forwarding?
[19:20] <Elite> Hey, how do I find out what version of ubuntu server I am running?
[19:21] <jmarsden> Elite: cat /etc/lsb-release
[19:22] <Elite> Nice thanks
[19:22] <jmarsden> WoLf_Loonie: the redirect of line 8 (DNAT) should still get the packets to your server...
[19:22] <jmarsden> BUt maybe will avoid rewriting the source address if you cn remove the line 20 SNAT
[19:23] <jmarsden> Elite: No problem.
[19:24] <WoLf_Loonie> sure thing, how can I do that? on the web interface I can only add or remove the forwarding, and I'm not that close friend with iptables advanced stuff =)
[19:26] <jmarsden> FInd the rule number from  iptables -t nat -n -L -v and then use iptables -t nat -D POSTROUTING X   # where X is the number of the rule
[19:26] <jmarsden> BTW, man iptables is your friend for this kind of thing :)
[19:27] <WoLf_Loonie> =)
[19:30] <WoLf_Loonie> *bounces around*
[19:31] <WoLf_Loonie> 72.14.193.67 - - [25/Dec/2008:20:29:51 +0100] "GET / HTTP/1.1" 403 226 "-" "Mozilla/5.0 (Wi
[19:31] <WoLf_Loonie> that was it
[19:31] <jmarsden> That worked?  Cool.
[19:31] <jmarsden> How to keep that from coming back when you reboot is beyond me, but at least you now have a sort-of solution!
[19:31] <WoLf_Loonie> so I guess I should remove every snat entry?
[19:31] <jmarsden> Yes, I think so.
[19:32] <WoLf_Loonie> hmm, the other rules all state 0 as first number O.o
[19:33] <WoLf_Loonie> where the port 80 one was listing 4 (and I used 4 to remove it) .. if that was just luck, I'm gonna laugh ;P
[19:33] <jmarsden> Hmmm.  Pastebin iptables -t nat -n -L -v   output for me?
[19:34] <WoLf_Loonie> http://pastebin.com/d4911c448
[19:36] <jmarsden> Oh... yes, you can laugh... that was the number of packets not the rule number :)  Just use   iptables -t nat -D POSTROUTING 2   several times and you should be all set
[19:36] <WoLf_Loonie> hahahaha =P
[19:37] <WoLf_Loonie> yeah I figured there was something wrong afterward =P but hey, it worked =P it's christmas, after all =P
[19:37] <WoLf_Loonie> lol
[19:38] <WoLf_Loonie> Basically, everytime I reboot the router I'll have to remove the snat entries.
[19:38] <WoLf_Loonie> well, cheaper than having to buy a new one =P
[19:38] <WoLf_Loonie> hehe
[19:39] <WoLf_Loonie> Thanks really a lot.
[19:40] <jmarsden> No problem.  BTW to see the rule numbers you use the --line-numbers option to iptables (I just read man iptables some more)
[19:41] <WoLf_Loonie> =) will study it, maybe I'll find how to get it to work correctly in first place =)
[19:42] <jmarsden> OK, I'm going AFK for a bit, almost time to carve a turkey...
[19:42] <WoLf_Loonie> Have a good turkey! =)
[19:42] <WoLf_Loonie> hehe
[20:07] <JDStone> jmarsden: yep, everything looks good now.
[20:09] <WoLf_Loonie> whee, netsplit.
[20:11] <LoveGuru> ;\
=== piti_1 is now known as piti
=== `WoLf is now known as WoLf_Loonie