[01:12] <ziggles1> Anyone know what this error means? libvir: QEMU error : internal error QEMU quit during monitor startup
[01:12] <ziggles1> cant find anything useful in my logs :/
[01:24] <kansan> how do i set the sudo password?
[01:31] <mathiaz> kansan: it's your normal user password.
[01:31] <mathiaz> kansan: there isn't such thing as a sudo password.
[01:34] <kansan> ok
[01:34] <kansan> how do i change a user's password?
[01:35] <mathiaz> kansan: using the passwd command
[01:35] <kansan> say i want to change user 'admin'
[01:36] <kansan> if i'm logged in from 'root'
[01:36] <mathiaz> kansan: passwd admin
[01:37] <kansan> can i make it so that the admin user doesnt need to type a password when doing sudo tasks
[01:37] <kansan> how do i list all user accounts enabled?
[01:38] <jmarsden|work> kansan: users]
[01:38] <kansan> if i log in from a private key... what user will i be
[01:38] <kansan> when i log in?
[01:38] <jmarsden|work> Type   who am i               to find out who you are.
[01:39] <kansan> hahahah
[01:39] <kansan> oh it actually works
[01:39] <jmarsden|work> Of course!
[01:40] <kansan> i thoguth you were jokin
[01:40] <kansan> didnt seem to be a unix command
[01:40] <jmarsden|work> I wouldn't do that to a newcomer to Linux/Unix.
[01:41] <jmarsden|work> You can type    man who   to find out more about the who command
[01:43] <PC_Nerd> Hi,  I dont have an 8.04LTS iso, but I have 8.10 and 7.10.  Can I downgrade/upgrade to 8.04 from those easily.  does 7.10 upgrade defualt to the most recent (8.10) etc, and will 8.10 let me downgrade. ?
[01:43] <storrgie> hey quick question, i have a server setup on a T1 currently using A records for my domain to point to the servers address.... would it be better to figure out
[01:43] <jmarsden|work> kansan: To make the admin user be able to use sudo without every typing a pw you *can* edit /etc/sudoers to do that... but it's probably a bad idea.
[01:47] <jmarsden|work> storrgie: You never really finished your question, I think, or it was truncated?  Last words you posted were "would it be better to figure out" -- were there more?
[01:47] <storrgie> DNS i meant
[01:48] <jmarsden|work> Figure out DNS how?  If you have A records you already have DNS, A records are one kind of DNS record...?
[01:49] <storrgie> well ok I am very new to this idea
[01:49] <storrgie> from what I understand it might be better for me to do a reverse lookup from my server
[01:49] <storrgie> because right now if i tracerout my domain
[01:49] <storrgie> it gets stuck at the reverse dns that my ISP has in place
[01:50] <storrgie> it doesnt go all the way home to my webserver
[01:50] <cjwatson> PC_Nerd: downgrading between releases isn't supported (you can downgrade individual packages if you know what you're doing, but I've been working with Debian-based systems for ten years and I wouldn't attempt a downgrade across releases ...)
[01:50] <storrgie> but since the A-record is set to hit the IP the webserver is on... my website works
[01:50] <cjwatson> PC_Nerd: you can upgrade from 7.10 to 8.04 easily
[01:50] <cjwatson> PC_Nerd: the upgrader should default to 8.04, since it would have to go via that to upgrade to 8.10 anyway
[01:50] <PC_Nerd> ok - and ( Im about to put the 7.10 iso on my usb for booting)   do I have to make any specific changes... ?
[01:51] <PC_Nerd> sorry:  any changes in order to stop it from upgrading to 8.10
[01:51] <PC_Nerd> ?
[01:51] <cjwatson> no
[01:51] <cjwatson> it'll tell you what it's about to upgrade to, anyway
[01:51] <cjwatson> so you can check to make sure
[01:52] <storrgie> jmarsden|work: get what I am saying?
[01:52] <jmarsden|work> storrgie: So your real question is "how can I make traceroute work all the way to my server?"
[01:52] <PC_Nerd> ok fantastic. - thats cleared up that.. jsut in time for me to finally ( and right at the most inopportune time:P)  to find the 8.04 DVD for server edition      :P     thanks!
[01:52] <storrgie> jmarsden|work: yes that would be the question... because right now apache says that it doesnt know its full domain name and just says its listening on 127.0.0.1
[01:53] <jmarsden|work> That may actually be a totally different thing from traceroute...!
[01:53] <storrgie> jmarsden|work: want me to get the exact thing?
[01:55] <jmarsden|work> storrgie: To get the apache warning to go away... you may need to edit /etc/hosts file... can you pastebin that file for me?
[01:55] <storrgie> jmarsden|work: yes I can, one moment. And thank you for the assistance
[01:58] <storrgie> jmarsden|work: one issue, just checked my logs and i am seeing CRITICAL: cannont initialize libpolkit
[01:58] <kansan> jmarsden, how would i i change it so that admin user can do anything without typing passwd?
[01:59] <jmarsden|work> storrgie: That's probably a different issue (are you trying to use selinux?)
[01:59] <storrgie> jmarsden|work: nope, i am not
[01:59] <jmarsden|work> kansan: read the file, the info is in there, also man sudoers
[01:59] <kansan> admin   ALL=(ALL) NOPASSWD: ALL
[02:00] <jmarsden|work> kansan: Looks right; did it work?
[02:01] <storrgie> jmarsden|work: check PM
[02:02] <cjwatson> storrgie: I'd like to see that /etc/hosts as well, since I'm currently working on the bug on that subject
[02:03] <storrgie> cjwatson: sure
[02:03] <cjwatson> and more data wouldn't hurt
[02:03] <jmarsden|work> storrgie: OK, let's get the Apache/ hosts file/DNS thing sorted first and then look at libpolkit.
[02:03] <storrgie> cjwatson: do you have a bug filed in launchpad?
[02:03] <storrgie> jmarsden|work: sure thing
[02:03] <kansan> its frankly ridiculous:  sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... doesnt require a passwd when i do it on the box; but when i use capistrano, it prompts me for a password
[02:03] <cjwatson> storrgie: bug 8980
[02:03] <uvirtbot`> Launchpad bug 8980 in network-manager "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/8980
[02:04] <jmarsden|work> storrgie: I'd suggest you remove lines 3 and 4 from that file, and also it might be good to pick ONE domain name and only have one entry for 192.168.0.4 in there?
[02:04] <cjwatson> so far I've identified a definite bug in network-manager (but not active with current code) and a confusing UI in netcfg that still remain
[02:05] <cjwatson> oh, that /etc/hosts was clearly written by hand?
[02:05] <cjwatson> the installer definitely never writes anything like that
[02:05] <cjwatson> yes, you should only have any given name in one line of /etc/hosts. I agree with jmarsden|work
[02:05] <jmarsden|work> cjwatson: Agreed.  I am glad to see this getting fixed at that level though; I'd given up on the tools long ago and just always edit /etc/hosts!
[02:06] <storrgie> jmarsden|work: i have blacklisted ipv6 so should I also just comment all the ipv6 info out?
[02:06] <cjwatson> jmarsden|work: if you know of anything more than the network-manager bug and the confusing UI in netcfg (i.e. it isn't clear that you can give it a FQDN when it asks for a hostname), I'd like to hear it
[02:06] <cjwatson> storrgie: shouldn't matter
[02:07] <jmarsden|work> storrgie: Not necessary.  See http://pastebin.com/d40a64e4b for my suggested fix
[02:07] <jmarsden|work> cjwatson: I'm not sure exactly how it gets there, but I see the 127.0.1.1 line in there when I have a static IP far too often.  I've not tried to dupliocate the bug, always jsut edited the file and moved on.
[02:08] <cjwatson> jmarsden|work: 127.0.1.1 is intentional and not a bug
[02:08] <cjwatson> oh, but when you have a static IP?
[02:08] <cjwatson> hmm, that is a bit odd
[02:08] <jmarsden|work> Well, it is when you use DHCP, but not for static IP machines... right?
[02:08] <storrgie> jmarsden|work: change anything in apache? or just do a reboot now?
[02:08] <cjwatson> right, sorry, I have a knee-jerk reaction to people complaining about 127.0.1.1 :-)
[02:08] <cjwatson> storrgie: shouldn't need to do anything more than restart apache, at most
[02:08] <jmarsden|work> storrgie: Now just restart apache
[02:09] <kansan> what would: /etc/sudoers.full_access  do?
[02:09] <storrgie> restarted, no issues it seems.
[02:09] <jmarsden|work> storrgie: Good, so that's that taken care of.
[02:09] <cjwatson> jmarsden|work: if you *can* reproduce that, I'd like to get copies of: /etc/hosts /etc/resolv.conf /var/log/installer/syslog /var/log/installer/cdebconf/questions.dat
[02:10] <jmarsden|work> kansan: Nothing unless you move it to /etc/sudoers as far as I know!
[02:10] <storrgie> jmarsden|work: i believe so, thank you and cjwatson. now for my question about the tracert... and there is one more after that :D
[02:10] <jmarsden|work> cjwatson: Ok, I'll let you know if I can reproduce it.
[02:10] <cjwatson> I don't see any way in the current code in which you could get 127.0.1.1 for a static-IP setup, although I believe you when you say you've seen it
[02:11] <jmarsden|work> cjwatson: Is it possible for a machine that was initial DHCP and then changed to static to accidentally keep that entry, maybe??
[02:12] <cjwatson> jmarsden|work: changed when?
[02:12] <jmarsden|work> storrgie: OK, can you pastebin me traceroute output from somewhere else to your server that shows the problem?
[02:12] <jmarsden|work> cjwatson: By an admin configuring the machine a few hours later?
[02:13] <cjwatson> jmarsden|work: depends how it was done, and would be entirely up to the admin, so certainly possible
[02:13] <jmarsden|work> OK, that might be it.
[02:13] <cjwatson> if they just edited a bunch of files by hand, entirely plausible
[02:13] <cjwatson> I thought you meant it was a machine you'd installed yourself
[02:13] <PC_Nerd> does ubuntu server have a basic graphic output (terminal to a vga screen?)   Im wanting to install it instead of desktop to mirror my VDS setup, but I also want ot be able to sit in front of it and use the terminal instead of ssh through another computer (its a tower server) ?
[02:13] <jmarsden|work> But using the tools it shouldn't happen?  OK.
[02:14] <cjwatson> jmarsden|work: well, we don't provide any server-oriented tools to make that change, as far as I'm aware
[02:15] <cjwatson> on the desktop, goodness knows what gnome-system-tools and/or network-manager do
[02:15] <cjwatson> PC_Nerd: yes, text-only consoles by default
[02:15] <jmarsden|work> cjwatson: Yes... those may have been desktop installs now I think about it.
[02:15] <PC_Nerd> fantastic thanks (didnt want to install just to find i have to do the other :))     thanks!
[02:18] <jmarsden|work> storrgie: Ok, so you would like the last entry to read aether.storrgie.net or something like that?
[02:18] <storrgie> jmarsden|work: yea that would be ideal... instead it just keeps going and going with * *
[02:20] <jmarsden|work> Ah, you didn't show me any of those :)  That is because a router is blocking the traceroute packets, not much you can do to change that unless you are the admin of that router.  So 66.178.250.113 is *not* your server's public IP address?
[02:20] <storrgie> nope, thats the DNS
[02:20] <storrgie> i am admin of the router
[02:20] <PC_Nerd> ok..... unetbootin to create a bootable USB drive with ubuntu 8.04 server.  It wont install because it cant find a CD drive, however the server has no CD drive.  How can I install ubuntu server from a USB?
[02:20] <storrgie> 113 is the DNS
[02:21] <jmarsden|work> You admin the computer/router/box that has IP address 66.178.250.113?  Is it a Ubuntu box?
[02:21] <storrgie> nope the machine that is 113 is the DNS controlled by my ISP... im sure I could request something... what should I be asking for?
[02:22] <storrgie> wait, let me explain
[02:22] <storrgie> 113 is the DNS
[02:22] <storrgie> however, the IP i am using is 114
[02:22] <jmarsden|work> I'm confused... what traceroute command did you type to get the output you pastebinned?
[02:22] <storrgie> tracerout storrgie.net
[02:22] <jmarsden|work> OK, let me try that from here...
[02:22] <storrgie> the A-record is pointing towards 66.178.250.114
[02:22] <storrgie> the router that I control has that IP assigned to it
[02:23] <storrgie> and the webserver, this ubuntu box is behind that router
[02:24] <jmarsden|work> OK.  You would need to ask the admin of 66.178.250.113 to configure it to that traceroute packets for .114 are allowed through it; then you would need to ask whoever manages DNS for 250.178.66.in-addr.arpa. to set the PTR record for .114 to say storrgie.net
[02:25] <jmarsden|work> s/to that/so that/
[02:25] <storrgie> why? 250.178.66.in-addr.arpa.
[02:27] <jmarsden|work> That is now reverse DNS works, basically.  dig -x 1.2.3.4 looks up the PTR record for 4.3.2.1.in-addr.arpa.
[02:28] <storrgie> so how do I make contact there? I can get ahold of my ISP... but the in-addr.arpa i am confused about
[02:28] <jmarsden|work> It is probably your ISP who controls that part of the address space.
[02:30] <storrgie> ok my last question for the night is this, when I ssh into this machine there is a 30-40 second wait until I get the prompt
[02:30] <storrgie> if i ping the address, its like 30-40ms, so its not high latency
[02:31] <jmarsden|work> It is doing some sort of lookup that is failing and timing out.  Possibly a DNS lookup of some sort.
[02:31] <jmarsden|work> What is in /etc/resolv.conf and does whatever is there do the right thing for the hostname of your server?
[02:33] <jmarsden|work> OK, I would change domain and search to have sane values, perhaps both storrgie.net in your case.
[02:33] <jmarsden|work> Then I would check that the DNS servers at 192.168.0.1 and 192.168.1.1 are both reachable and can resolve storrgie.net
[02:34] <storrgie> so like
[02:34] <storrgie> storrgie.net.invalid
[02:35] <jmarsden|work> No, just domain storrgie.net   and search storrgie.net
[02:35] <storrgie> ok, doing a reboot after all the settings
[02:35] <jmarsden|work> No need.
[02:35] <jmarsden|work> Reboots are for Windows :)
[02:36] <storrgie> jmarsden|work: :D i know, its just such old habit
[02:36] <storrgie> jmarsden|work: ever use webmin?
[02:36] <jmarsden|work> Yes... amd I now going to another whole set of questions? :)
[02:37] <kansan> why in the world does: sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... via capistrano prompt me for a password when its simply not needed?  /etc/sudoers file:  admin   ALL=(ALL) NOPASSWD: ALL
[02:37] <storrgie> just one
[02:37] <jmarsden|work> But webmin on Ubuntu is officially not recommended any more.
[02:37] <jmarsden|work> OK.
[02:37] <storrgie> jmarsden|work: would u suggest anything else?
[02:38] <jmarsden|work> The official Ubuntu equivalent is ebox but I have not used that.  I use webmin/virtualmin on some non-Ubuntu servers.
[02:38] <storrgie> question: i noticed when i was doing a netstat -tlup that the port my webmin was running on was taking a long time to check. So i went into the webmin interface and told it not to listen to UDB 10000 anymore.... and now as you can guess I have no webmin
[02:39] <jmarsden|work> Yes, port 10000 is where it runs the admin UI by default.
[02:40] <storrgie> yeppers, i just didnt want it to be on UDP anymore so i set it to listen on tcp 192.168.0.4
[02:40] <storrgie> however, that would be the box its running on... so i was wondering if there is a config file some place i can fix
[02:40] <jmarsden|work> UDP?  It shouldn't be listening on a UDP port, as far as I know...
[02:40] <storrgie> i could rip it out and try ebox
[02:40] <jmarsden|work> There is, let me check on a RHEL server I have that runs webmin...
[02:41] <storrgie> i have ben cat'ing files for about 10 minutes with no luck
[02:41] <jmarsden|work> Try /etc/webmin/miniserv.conf
[02:41] <jmarsden|work> First line in mine is port=10000
[02:42] <storrgie> whats the bind parameter set to?
[02:43] <storrgie> ok its back up, thanks!
[02:44] <jmarsden|work> I don't see a bind param, I probably just listen on all interfaces. ... Good!  No problem.
[02:44] <storrgie> should I try ebox?
[02:45] <jmarsden|work> Sure, if you are in a position to switch now (when the server is new) is a good time to do so.  You'll find more Ubuntu folks who can help with ebox than with webmin.
[02:46] <jmarsden|work> Did the ssh delay issue go away too?
[02:48] <storrgie> yes it did, which is great
[02:48] <rdw200169> storrgie, if you really want webmin, you can still install it from the sources on their website
[02:49] <storrgie> i have been using it, i dont mind it.... i just would like to see if ebox is nicer
[02:49] <rdw200169> storrgie, personally, i dislike ebox, it does too much to the inner workings of a system, but that's just me, i like control ;)
[02:49] <jmarsden|work> storrgie: OK, well I think we've answered all your questions... I'm going home to eat :)
[02:50] <storrgie> jmarsden|work: thanks bud, I will start sticking around here and helping people out too
[02:50] <rdw200169> storrgie, just keep in mind that even if you uninstall it, there's still a little left: it doesn't quite get rid of all the changes it makes, i.e. there's cruft left in the ifup / ifdown scripts (grr...)
[02:50] <storrgie> rdw200169: talking about ebox?
[02:50] <rdw200169> yes
[02:50] <storrgie> rdw200169: i wouldnt mind it really, as long as things work OK
[02:50] <storrgie> webmin is fine
[02:51] <storrgie> i really only use webmin for apache stuff anyway
[02:51] <rdw200169> it is very good at setting up the virtual servers!
[02:52] <storrgie> rdw200169: should i try it? im kinda scared... haha
[02:52] <rdw200169> ebox or webmin?
[02:52] <storrgie> im runnng webmin now
[02:52] <storrgie> i was talking about trying ebox
[02:52] <storrgie> im not sure how i installed webmin
[02:53] <storrgie> it was a month or so ago
[02:53] <rdw200169> well, it should't cause any major issues
[02:53] <storrgie> does it do apache well
[02:53] <rdw200169> but it's been a while since i tried it
[02:53] <rdw200169> i don'
[02:53] <rdw200169> 't think so
[02:53] <rdw200169> my initial impression of it was: "this does everything i want it to do, if i don't want to do anything my way"
[02:54] <rdw200169> but that's just *my* impression ;)
[02:54] <storrgie> so maybe stick with webmin
[02:54] <rdw200169> you can check out ebox-platform.com to learn more about it
[02:54] <PC_Nerd> Hi,  attempted to use unbootin to create a bootable usb for server 8.04.  but it refuses to run without a CD drive (and pressumably the CD).  the server doesnt have an optical drive.  Ive also tried the "create bootable usb" from teh system adminstration menu on desktop 8.10 (using the 8.04 server iso).   any ideas on installing ubuntu server via usb without an optical drive?
[02:55] <philsf> I'd like some suggestions on what to use for backing up a live system to a removable  HD
[02:55] <philsf>  I eliminated rsync because I'd like the backups to be encrypted
[02:55] <philsf>           (afraid of HD theft). I'm currently using dar manually, and am in the process of making a
[02:55] <rdw200169> i just didn't care to much for the fact that it uses *so* many services to do it's job...
[02:55] <philsf>           personalized script for automation of differential encrypted backups with dar, but maybe there are
[02:55] <philsf>           similar stuff already done out there
[02:55] <philsf> what are people here using?
[02:56] <storrgie> philsf: i would like to know too, thats something interesting to do
[02:56] <rdw200169> philsf, well, you could try something like etckeeper, or a version control system, like bzr, svn, cvs, etc...
[02:56] <rdw200169> etckeeper is a tool for easily backing up /etc using a version control system, using either mercurial or bzr
[02:57]  * hads uses rdiff-backup
[02:57] <rdw200169> b/c you don't need to back up *everything*, just your configurations, and personal directories, like /var/www
[02:57] <philsf> rdw200169: no, I'm asking for a backup solution of files of a whole system, including user files
[02:57] <hads> If you want it encrypted, encrypt the disk.
[02:57] <rdw200169> philsf, again, a comprehensive svn setup, for example, could make that very easy
[02:58] <rdw200169> philsf, this is what i prefer anyway
[02:58] <rdw200169> philsf, just have the svn repo (for example) exist on the external source, whatever that may be
[02:58] <storrgie> rdw200169: question regarding virtual servers... Do i need to create a virtual server for TEST.net and www.TEST.net
[02:58] <storrgie> if i want them both to resolve to the same place on my machine
[02:59] <hads> Apache?
[02:59] <rdw200169> PC_Nerd, did you make sure your BIOS supports booting via USB
[02:59] <rdw200169> storrgie, well, i'm not *great* with apache, but i use a couple virtual servers, mostly for my 2 domains, randywallace.com and greamin.com which run on the same IP
[03:00] <storrgie> so if i type in randywallace.com
[03:00] <storrgie> it will go there
[03:00] <rdw200169> storrgie, yes
[03:00] <storrgie> but what if i type www.randywallace.com
[03:00] <rdw200169> storrgie, of course
[03:00] <hads> ServerAlias
[03:00] <rdw200169> storrgie, the same,
[03:00] <rdw200169> storrgie, i use a ServerAlias like hads suggests
[03:00] <storrgie> rdw200169: did u have to add a virtual server for both of those names, www.randywallace.com and randywallace.com?
[03:01] <storrgie> hads: hows that work?
[03:01] <rdw200169> storrgie, no, just a Server Aliasw
[03:01] <rdw200169> for example, here's my entry
[03:01] <PC_Nerd> it supports booting usb, goes through detecting keyboard (all from after booting usb in bios.... running the serve rinstallation)   and the next step after keyboard and language is to detect a CD drive.... from there it wont work because of a lack of optical drive :P
[03:01] <rdw200169> DocumentRoot /var/www/randywallace.com
[03:01] <rdw200169> 	ServerName www.randywallace.com
[03:01] <rdw200169> 	ServerAlias randywallace.com
[03:01] <rdw200169> PC_Nerd, oh, i see!
[03:01] <hads> ServerAlias *.example.com
[03:02] <rdw200169> yeah, that'll do it too, i didn't want to do that, so i can have ldap.example.com for other things, etc... etc...
[03:02] <rdw200169> storrgie, if you didn't know, you can use zoneedit.com to manage your DNS, it's really powerful and has ALL the DNS related features you want, for free!@
[03:03] <rdw200169> storrgie, that, and they support 'dynamic dns' for changing the IP address for those out there (like me) that recieve dhcp from their internet provider
[03:03] <storrgie> i have my domains through register.com
[03:03] <storrgie> they have great services
[03:03] <storrgie> what i was wasking about was
[03:03] <storrgie> at register.com
[03:03] <PC_Nerd> rdw200169:  so any suggestions on getting around the "required" optical drive?
[03:03] <rdw200169> just throwing that out there ;) i really like it
[03:03] <storrgie> i setup A-records to point to my servers IP
[03:04] <rdw200169> PC_Nerd, Well, you can try skipping that step, by using debconf in expert mode
[03:04] <storrgie> but my server needs to know what to do with those requests when they come in, thats wuat virtual servers are for right?
[03:04] <philsf>  I was thinking if I encrypted through gpg, I could automate the backup without
[03:04] <rdw200169> PC_Nerd, well, the debian-installer
[03:04] <philsf> entering a password into config files, comments?
[03:04] <hads> Encrypt the disk
[03:05] <rdw200169> PC_Nerd, that, and i don't know if you're aware of this, it's pretty obscure, but when that step presents it self, you can actually switch TTY's to see the actual console output from the installation
[03:05] <rdw200169> PC_Nerd, i think it's tty4 so Ctrl+alt+f4
[03:05] <PC_Nerd> tty's ?
[03:05] <philsf> hads: do you have any personal recommendation on wether to use ecrypt, or encfs (or something else)?
[03:05] <rdw200169> PC_Nerd, the debian installer actually uses several tty's during the installation
[03:05] <philsf> *ecryptfs
[03:05] <rdw200169> PC_Nerd, you can get a console from a couple of them i believe while it's installing.
[03:06] <PC_Nerd> tty's?  Im aware they exist in /dev but I havent a clue on what they do.
[03:06] <storrgie> rdw200169: are you running 5 nics in your server? hahaha awesome
[03:06] <rdw200169> PC_Nerd, i generally switch tty's during the package update to make sure there aren't any timeouts (i've had some very bad internet over the years)
[03:06] <rdw200169> storrgie, actually, 6
[03:06] <storrgie> rdw200169: why so many?
[03:07] <rdw200169> storrgie, they were cheap, 15$ per gig-ethernet card
[03:07] <rdw200169> storrgie, and the application required 4 internet connections
[03:07] <hads> philsf: I've used dm-crypt
[03:07] <storrgie> rdw200169: what is it used for?
[03:07] <rdw200169> storrgie, instead of using a switch, and dealing with that routing problem, i built the server w/several nics so routing would be easy and reliable
[03:08] <rdw200169> storrgie, the situation was: i deployed to iraq about a 2 years ago, and we planned on setting up a ISP using satellite connections
[03:08] <storrgie> oh really
[03:08] <storrgie> wait, your own ISP? through sat cons?
[03:08] <rdw200169> storrgie, we needed to figure out how to provide internet to ONE network using several internet connections
[03:09] <rdw200169> storrgie, yes, HughesNet, it was hell ;)
[03:09] <storrgie> so load balance between several
[03:09] <storrgie> that box sat there and mitigated multiple satelite connections?
[03:09] <rdw200169> storrgie, we decided against that because of the https problem
[03:09] <PC_Nerd> ok.... ive "skipped" the cd part to  "Load debconf preconfiguration file"     "The file needed for preconfiguration could not be retreived from file:///cdrom/pressed/ubuntu-server.seed The installation will procceed in non-automated mode. "  how can i make that select it from the usb drive?
[03:10] <rdw200169> that file doesn't do anything except install the package linux-server, the kernel for the server
[03:10] <storrgie> rdw200169: well i bookmaked your notes, ill check this out... its pretty awesome
[03:10] <rdw200169> so, you may want to just install that post-installation
[03:10] <rdw200169> storrgie, from greamin.com/server, you may want to check the file for the UbuntuGateway project
[03:11] <rdw200169> storrgie, that's where all the routing, firewalling, and traffic shaping took place
[03:11] <storrgie> awesome
[03:11] <cjwatson> PC_Nerd: you could try putting the netboot installer image on a USB stick and booting it
[03:11] <rdw200169> the logfile is most useful, for understanding how i did it
[03:11] <storrgie> rdw200169: what do you use to draw your topology diagrams?
[03:11] <rdw200169> from RichNet?
[03:11] <cjwatson> PC_Nerd: 8.04 didn't have the necessary bits to support the stuff you're trying to do properly, I'm afraid
[03:11] <PC_Nerd> netboot?  is that to boot over a network?
[03:12] <rdw200169> i used inkscape, and i've also used OmniGraffle
[03:12] <rdw200169> i love OmniGraffle, it's the best outliner, but it requires me to use MacOS, which I *rarely* do
[03:12] <storrgie> inkscape for linux?
[03:12] <PC_Nerd> the server bios ( i think its the bios?) has a boot PXE option... and I know the network settings like the back of my hand.... so can I "boot" the server from a live CD or live USB on a laptop on the network? (basic 3 computer network) ?
[03:12] <cjwatson> PC_Nerd: normally, but you can boot the same images by any method you like - the key is that they'll fetch all their bits over the network later rather than relying on local storage like CD or USB
[03:12] <rdw200169> storrgie, yup, it's there
[03:13] <cjwatson> PC_Nerd: you don't need to pxeboot in order to use the netboot images; you just need to be able to tell a bootloader to boot them
[03:13] <rdw200169> PC_Nerd, seriously, there's not a problem skipping the ubuntu.seed file
[03:13] <PC_Nerd> ok.... ill skipp it.
[03:13] <storrgie> was this:http://greamin.com/server/_images/RichNet6.png done in inkscape?
[03:13] <cjwatson> rdw200169: sure, but it isn't going to get much further if it doesn't have /cdrom
[03:13] <PC_Nerd> hang on ill continue on.
[03:13] <rdw200169> storrgie, yes
[03:13] <cjwatson> it'll just fail again
[03:13] <storrgie> rdw200169: awsome,
[03:13] <rdw200169> cjwatson, i don't know, i've never tried...
[03:13] <cjwatson> rdw200169: I know
[03:14] <rdw200169> cjwatson, seems like that's a major problem with the installer!
[03:14] <cjwatson> what, that the CD installer needs a CD?
[03:14] <cjwatson> hardly.
[03:14] <rdw200169> cjwatson, if only they would enable serial access *by default*
[03:14] <rdw200169> cjwatson, i find it *so* irritating having to rebuild the CD just for Serial Access
[03:14] <rdw200169> cjwatson, for headless setups
[03:15] <rdw200169> cjwatson, that, or build and ISO for usb
[03:15] <rdw200169> cjwatson, *an
[03:15] <cjwatson> err, surely you just need to pass the right console= for serial access?
[03:15] <storrgie> rdw200169: quick question, how do u draw out the switches hubs etc... did u have to go get those images or are they in the software?
[03:15] <cjwatson> rdw200169: yes, that's improved in 8.10, but in the meantime he can use the netboot images
[03:15] <PC_Nerd> ok.... so i need to look up a netboot tutorial then... ok
[03:16] <rdw200169> cjwatson, yes, change the special line in the grub file to add serial access, then there's the
[03:16] <rdw200169> cjwatson, upstart file that also needs to start the serial tty
[03:16] <cjwatson> the installer ought to do that already
[03:16] <rdw200169> cjwatson, nope
[03:16] <cjwatson> I definitely remember writing a deal of code for that
[03:17] <rdw200169> cjwatson, in 8.10, which i've recently rebuilt, does not do serial, at all, post installation
[03:17] <cjwatson> my changelog says April 2007
[03:17] <PC_Nerd> urgh :P why does it have to be so complicated. lol    ill look up a tutorial/discussion online.  bbs
[03:17] <cjwatson> rdw200169: I would like you to file a bug report about that with full details and logs. It's meant to work.
[03:17] <rdw200169> cjwatson, i also have had to change the bootloader for the cd to allow serial access
[03:17] <cjwatson> That would be a lot more helpful than quietly rebuilding the CD for yourself!
[03:17] <rdw200169> cjwatson, here, i've got what i did here: http://greamin.com/server/server_guide.html
[03:17] <cjwatson> also, the CD bootloader is supposed to fall back to something serial-friendly on serial console. If that isn't working, I need a bug report.
[03:18] <cjwatson> bug report, please
[03:18] <cjwatson> it's 3:20am here, I'm not going to remember something you tell me on IRC
[03:18] <rdw200169> cjwatson, i posted a bug report on upstart not having a serial access, but i don't think anything has come about from it
[03:18] <storrgie> rdw200169: where did u get the images for these diagrams?
[03:18] <cjwatson> finish-install has had code to deal with upstart's event files for nearly two years
[03:19] <rdw200169> cjwatson, it's not that big of a deal for me, i do a lot of other stuff from rebuilding too, like installing a bunch of packages post-install
[03:19] <cjwatson> rdw200169: please. file a bug. I need to know.;
[03:19] <cjwatson> don't just quietly sit and suffer (even if it isn't that big a deal)
[03:19] <rdw200169> cjwatson, for what? upstart?
[03:19] <cjwatson> debian-installer
[03:19] <cjwatson> launchpad.net/ubuntu/+source/debian-installer, that is
[03:19] <rdw200169> cjwatson, ah, but the problem is 4-fold
[03:20] <cjwatson> then file four bugs
[03:20] <rdw200169> cjwatson, well, 1/4 !
[03:20] <cjwatson> I'll send them off to the right places as appropriate
[03:20] <cjwatson> the only bug I can find about serial console handling not working right now is ia64-specific
[03:21] <rdw200169> cjwatson, i'm talking about adding it to isolinux.txt, so it will boot headless
[03:21] <rdw200169> cjwatson, debian-installer never had a problem running serial, it's getting isolinux to do it from the start
[03:22] <cjwatson> you made comments above about e.g. grub/upstart configuration that are supposed to be handled by debian-installer. If those aren't working out of the box then they're d-i bugs.
[03:22] <cjwatson> isolinux configuration is obviously trickier since it needs to work headful as well
[03:23] <rdw200169> cjwatson, exactly
[03:23] <rdw200169> the debian-installer things can be fixed post-installation, but isolinux, obviously, cannot
[03:23] <cjwatson> I'm not so worried about that (there's always the netboot option), but I *do* need and want to know about the d-i bugs. I maintain d-i in Ubuntu.
[03:23] <rdw200169> cjwatson, OH!
[03:24] <cjwatson> why did you think I was repeatedly asking for bug reports? :-)
[03:24] <rdw200169> cjwatson, is there any way you can also add an option for SSH post boot?, i.e. after a timeout?
[03:24] <cjwatson> ok, so not attempting to think about feature requests at 3:25am ;-)
[03:25] <rdw200169> i'm just curious... would that be a launchpad blueprint?
[03:25] <cjwatson> wishlist bug
[03:25] <rdw200169> cjwatson, ah, ok, i will do these things you suggest
[03:25] <cjwatson> blueprints are heavyweight things and are design documents to be created by developers only
[03:25] <rdw200169> i can't write one?
[03:25] <cjwatson> you generally shouldn't
[03:26] <rdw200169> hence, the 'wishlist but'
[03:26] <cjwatson> you *can* - but it is unlikely to be more helpful than filing a wishlist bug
[03:26] <rdw200169> right.
[03:26] <cjwatson> the point of blueprints is to be software design documents, and those need to be written by software designers
[03:26] <rdw200169> sounds good, thank you for the help!
[03:27] <cjwatson> no problem, it'll be worth it to get it working better out of the box
[03:27] <cjwatson> even though it's thoroughly weird that it doesn't already
[03:27] <cjwatson> ('apt-get source finish-install' and poke around there and you'll see the code)
[03:28] <cjwatson> I'm not sure what an option for SSH post-boot would be. Surely that's just installing the openssh-server package, having configured a user?
[03:29] <rdw200169> cjwatson, it's an obscure debian-installer feature i found from some obscure place in the debian dungeon
[03:29] <cjwatson> I know what you're talking about before the first reboot (network-console)
[03:29] <storrgie> rdw200169: hey, where did u get those images for your diagrams?
[03:29] <cjwatson> but I interpreted "post boot" to mean "after the first reboot, once the installer is done"
[03:30] <rdw200169> cjwatson, it was really difficult to get right, but i was pretty proud when i did
[03:30] <cjwatson> you know it's documented in the Ubuntu installation guide?
[03:30] <rdw200169> cjwatson, what it does, is start a ssh server really early in the debian-installer, so you can continue installation over ssh
[03:30] <rdw200169> cjwatson, this works really well for headless setup
[03:30] <cjwatson> yes, I know about it and have contributed to it
[03:31] <rdw200169> ppend file=/cdrom/preseed/ssh.seed initrd=/install/initrd.gz
[03:31] <rdw200169>     console=tty0 console=ttyS0,38400n1 priority=critical quiet -- console-setup/ask-detect=false console-setup/layoutcode=en_US.UTF-8 auto-install/enable=true
[03:31] <cjwatson> auto-install is not supported on Ubuntu
[03:31] <cjwatson> by that I mean the auto-install/enable bit, not automatic installation in general
[03:32] <rdw200169> but it requires something like this, in isolinux.txt
[03:32] <rdw200169> then the seed file sets up some really basic things, including netcfg, then anna sets up network-console
[03:32] <rdw200169> and gives it a password,
[03:33] <rdw200169> cjwatson, well, it's always worked for me, incl. 8.10
[03:33] <cjwatson> you just aren't in fact using auto-install :-P
[03:33] <rdw200169> yes, i am!
[03:33] <cjwatson> it's in universe, it can't possibly be used by the installer
[03:33] <cjwatson> I don't believe you, unless you're rebuilding the installer initrd
[03:33] <rdw200169> nope, it works
[03:33] <cjwatson> auto-install is not even in our installer initrds
[03:33] <rdw200169> i've tested it about 1000 times in virtual box
[03:34] <rdw200169> i stopped unpacking init.rd when i figured out how to do preseed/late_command for all the other crazy stuff, like adding ttyS0 to upstart
[03:35] <cjwatson> auto-install/enable does have some effect on localechooser and possibly other components, but the guts of it are not present and I will not deal with bug reports from people attempting to use the half-broken bits that exist
[03:36] <cjwatson> I tried to make sure to rip out all the documentation of it from the Ubuntu installation guide until such time as we support it properly
[03:36] <rdw200169> cjwatson, that's understandable
[03:36] <cjwatson> (which involves figuring out how to make it work properly with console-setup and the like - I'm not just being capricious here)
[03:36] <rdw200169> oh no, i understand completely
[03:37] <rdw200169> *for me* it works, i use all the defaults for console-setup, so i never run into issues
[03:37] <cjwatson> therefore, I recommend *removing* auto-install/enable=true and finding out whether your problems with serial console access are still reproducible without it
[03:37] <cjwatson> because other people have told me that that stuff works
[03:37] <cjwatson> (I don't own the relevant hardware myself)
[03:37] <rdw200169> auto-install is only for SSH installation
[03:37] <cjwatson> false
[03:38] <cjwatson> anna/choose_modules=network-console is the key thing to enable SSH installation
[03:38] <rdw200169> it get's past all the locale stuff, so it will run the ssh server for debian-installer *without user intervention over serial*
[03:38] <cjwatson> yes, I am aware of that, but that doesn't make it only for SSH installation
[03:38] <rdw200169> that option, still necessary, does not get you past the locale stuff
[03:38] <cjwatson> you could just preseed the locale stuff
[03:38] <cjwatson> you don't need auto-install to do that
[03:39] <rdw200169> i tried that desperately, but i could never get it right
[03:39] <cjwatson> I am happy to help with that, as it is not hard
[03:39] <rdw200169> the installer was stubborn about asking those questions no matter what
[03:39] <cjwatson> your console-setup/layoutcode is wrong above, to start with
[03:39] <rdw200169> and documentation on writing preseed files is...
[03:39] <cjwatson> in the Ubuntu installation guide
[03:40] <rdw200169> when i started all this, it was with 7.10
[03:40] <cjwatson> you probably just need 'locale=en_US console-setup/layoutcode=us' on the kernel command line
[03:40] <cjwatson> the 7.10 installation guide documented preseeding too
[03:40] <rdw200169> i've tried that, and it still insisted on asking those question
[03:41] <cjwatson> perhaps you would be better off starting from what the d-i maintainer in Ubuntu tells you is right and debugging from there, rather than starting from somewhere else, though? ;-)
[03:41] <rdw200169> it was *very* frustrating
[03:41] <rdw200169> well, i'll try it again
[03:41] <cjwatson> note that you MUST put this on the kernel command line
[03:42] <cjwatson> in your web page, you recommend putting locale/keyboard configuration in a preseed file on the CD, which is totally useless
[03:42] <rdw200169> that may have been where i failed ;)
[03:42] <cjwatson> the preseed file is read from the CD well after locale/keyboard configuration takes place in the installer
[03:42] <rdw200169> yeah...
[03:42] <cjwatson> the installation guide documents this problem
[03:42] <rdw200169> hey, it works, right? (yes! amazing!)
[03:43] <rdw200169> i'm still very proud that I even got it to work!
[03:43] <cjwatson> you've managed to make a number of mistakes cancel each other out somewhat ;-)
[03:43] <cjwatson> however, it's still better to do it properly
[03:44] <rdw200169> of couse
[03:44] <rdw200169> *course
[03:44] <cjwatson> documentation of preseed ordering> https://help.ubuntu.com/8.04/installation-guide/i386/preseed-contents.html
[03:44] <cjwatson> (to be read in context of the rest of that chapter)
[03:45] <storrgie> later guys, thanks for the help tonight
[03:45] <cjwatson> given proper preseeding, auto-install isn't necessary; the thing that auto-install is good for is deferring questions until after ssh is up, but if you didn't want the questions asked in the first place then that's kind of the long way round
[03:46] <cjwatson> well, one thing that auto-install is good for, anyway
[03:46] <cjwatson> it's actually a much more complex autoinstallation system
[03:47] <cjwatson> and its behaviour with respect to ssh is really just a side-effect of the way it handles configuration in general
[03:47] <rdw200169> cjwatson, yes, i much preferred having the questions asked later!
[03:48] <cjwatson> noted, but there is a good reason those come first
[03:48] <cjwatson> we ask for locale first so that we can display questions the user will understand; we ask for keyboard after that so that the user can type responses that the installer will understand
[03:48] <rdw200169> cjwatson, yes, for international setup, i wonder how you could do that with SSH...
[03:50] <rdw200169> cjwatson, personally, i find this to an incredibly useful feature, considering the applications of a server in a headless environment; for me, the people i help run linux server(s) don't have monitors (they're deployed overseas)
[03:50] <cjwatson> network-console should pick up the locale from previous configuration, although of course keyboard interpretation is handled at the far end
[03:50] <cjwatson> oh, certainly, it's great. but it really isn't that hard to set up with the default images :)
[03:51] <cjwatson> locale=en_US console-setup/layoutcode=us anna/choose_modules=network-console and you should be set, possibly with a bit of network preseeding thrown in there
[03:51] <cjwatson> anyway, well past bedtime
[03:51] <rdw200169> alright, goodnight my friend, and thank you for the help!
[03:51] <cjwatson> thanks in advance for the bug reports :)
[03:52] <rdw200169> you have NO IDEA how much I've wanted to actually communicate with someone who knows *something* about debian-installer!
[03:53] <cjwatson> #ubuntu-installer is happy to take queries
[03:56] <PC_Nerd> im trying to install the server edition via netboot....  I get to custom DHCP details, and it says "bad archive mirror".  im running apache2 from my computer, can access it via the same details.  the iso was unzipped to that directory.   any suggestions on getting netboot working?
[03:57] <kansan> how do i run mkfs.xfs on ubuntu hardy server?
[04:15] <sommer> kansan: do you have the xfsprogs package installed?  it should be part of that package
[04:21] <scunizi> I just loaded 8.10 server into a vm in vbox.. on boot it says that the kernel is wrong and needs pae.. or something like that.. It won't boot into recovery mode either.. Any suggested solutions?
[04:25] <rdw200169> scunizi, well, virtualbox won't boot the server build of the kernel, i.e. linux-server
[04:26] <rdw200169> scunizi, reluctantly, it requires a really pain-in-the-butt method of post-install linux-generic
[04:26] <rdw200169> scunizi, *before* restart
[04:26] <rdw200169> scunizi, so, post install, before restart, go to the option to open a shell in the debian-installer menu; then, in the shell, chroot to the /target directory
[04:27] <rdw200169> scunizi, then, you have to *readd* the ubuntu-server cd, i.e. apt-cdrom add
[04:27] <rdw200169> scunizi, then, if there isn't internet access, you have to comment the internet related lines in /etc/apt/sources.list so you can perform *another* apt-get update
[04:28] <rdw200169> scunizi, then, you can apt-get install linux-generic
[04:28] <rdw200169> scunizi, that, or you can just mount the cd, copy the .deb from the cd to the /target directory somewhere, then dpkg -i after you chroot
[04:30] <scunizi> rdw200169, wow.. first thing.. how do I get to the option to open a shell in the debian installer menu?  and by chroot you mean to change directories to /target which would be ??
[04:30] <rdw200169> scunizi, well, in the installer, you have the main menu, right, for example, the options are 'Partition disks' etc...
[04:31] <rdw200169> scunizi, there's an option on the very bottom, related to openning a shell
[04:31] <rdw200169> scunizi, really close to the bottom anyway, *after* Finish the installation
[04:31] <scunizi> ah.. in the actual installer.. I had missed tha.
[04:31] <scunizi> *that
[04:31] <scunizi> so.. can I get there without reinstalling?
[04:33] <scunizi> rdw200169, perhaps via "Rescue a broken system?"
[04:33] <rdw200169> try it
[04:34] <rdw200169> scunizi, if i remember correctly, that gives the option to open a shell
[04:34] <scunizi> rdw200169, haven't seen it yet but I'll go through the options and look.. thanks for the tips..
[04:35] <rdw200169> scunizi, you may have to change the debconf priority to a higher level, i can't remember
[04:35] <scunizi> rdw200169, that's beyond my level of expertise.. not sure what a debconf priority level is..
[04:36] <rdw200169> scunizi, there's an option to change it in the menu
[04:38] <scunizi> rdw200169, I'm at a place to choose "Execute a shell in /dev/sda1" (my choice for root) or "Execute a shell in the installer environment".. shall I throw a dart or pick #1
[04:38] <rdw200169> yes! the first one
[04:39] <scunizi> rdw200169, should I be able to initiate apt from here?  it's giving me root access
[04:39] <rdw200169> yes, after a 'chroot /target'
[04:40] <scunizi> rdw200169, so I want linux-generic?
[04:41] <rdw200169> yes, do you have internet access already?
[04:41] <scunizi> yes
[04:41] <scunizi> used apt-cache search kernel
[04:41] <rdw200169> scunizi, yes, then apt-get install linux-generic
[04:41] <scunizi> cool.
[04:42] <scunizi> should the other kernel be uninstalled?
[04:43] <rdw200169> scunizi, it already is
[04:43] <scunizi> ah
[04:43] <rdw200169> scunizi, linux-server is the default, and it's the one that causes the problems
[04:44] <scunizi> rdw200169, you'd think that there would be an option on install to let the installer know that it's going into a vm.. :/
[04:44] <rdw200169> scunizi, it's more of a virtualbox problem than a linux problem
[04:45] <scunizi> rdw200169, I wonder if they are only peripherally aware of it..
[04:45] <rdw200169> scunizi, i don't know
[04:59] <dieselz> hello all - I am trying to figure out why i am getting loads of iptables tracking: any idea of what a call from sport=51879 to dport=22 from my computer to my server is?
[04:59] <dieselz> i've done a search on google, cant find much of anything
[05:00] <dieselz> i have an ssh connection up if that helps
[05:01] <ScottK> Is if from your IP address?
[05:01] <dieselz> yes
[05:01] <ScottK> That's your ssh connection.
[05:02] <ScottK> If it's a modern kernel it uses source port randomization.  That's what sport is.
[05:02] <dieselz> if i have a log entry as the first entry in iptables' INPUT, will that log everything, whether its blocked or not?
[05:03] <ScottK> It's way too late at night here for me to be thinking about iptables rules.
[05:03] <dieselz> haha sorry
[05:03] <dieselz> i think i'm just an idiot and I am logging everything instead of just dropped packets
[05:03] <dieselz> N00bling things
[05:03] <rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
[05:03] <rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
[05:03] <rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
[05:03] <ScottK> No problem.
[05:03] <rdw200169>                                                                                                                                                                                                                                                                                                                                                                                                                                                  
[05:04] <rdw200169>                                                                                                                                                                                                                                                                                                                             
[05:04] <rdw200169> whoops, dieselz i can help
[05:04] <dieselz> bueno
[05:04] <scunizi> rdw200169, worked like a champ .. thanks for the advice.. :)
[05:04] <dieselz> got this: LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
[05:04] <rdw200169> scunizi, hey, no problem
[05:04] <dieselz> i feel like i shouldn't
[05:04] <dieselz> i want to only track dropped packets
[05:05] <rdw200169> dieselz, then, right before your DROP target, put the LOG target
[05:05] <rdw200169> dieselz, that's the way most firewalls do it, namely firestarter
[05:05] <dieselz> what about -j LOGDROP ?
[05:06] <rdw200169> dieselz, yeah, you can do that too i suppose, i prefer the basic targets to prevent me any crazy iptables problems, i used to run into a lot of them when i would add features not in the ubuntu version ;)
[05:06] <dieselz> hmm, so if i just move that line down to before my DROP line, that'll have the same effect?
[05:06] <dieselz> (sorry)
[05:07] <rdw200169> dieselz, yes, if the packet is routed to another chain before the LOG target, it won't get logged
[05:07] <rdw200169> dieselz, iptables runs step by step, and leaves any particular chain once the packet is matched
[05:08] <rdw200169> dieselz, if its matched before reaching the LOG target, it won't get logged
[05:08] <dieselz> ah, great explanation - thanks.
[05:08] <rdw200169> dieselz, there's a great chart out there of how iptables works, i've got a copy here:
[05:09] <rdw200169> ftp://greamin.com/Documents/Linux%20Networking/Firewalling/ipTables%20and%20EbTables%20Packet%20Flow%20in%20Linux.png
[05:10] <rdw200169> dieselz, this helps make the 'packet flow' make a *LOT* more sense, you kinda have to stare at it for a while, but if you really think about it, it makes brilliant sense
[05:10] <rdw200169> dieselz, and clears up a lot of confusion about the tables and chains
[05:10] <dieselz> great - its taking a bit to download, but ill look it over
[05:10] <dieselz> another question (i'm just getting into server security btw) =>
[05:10] <rdw200169> shot
[05:11] <dieselz> i have iptables dropping all except what i need, i have chkrootkit running once daily
[05:11] <dieselz> and i am trying to setup AIDE
[05:11] <dieselz> anything im missing without going nuts on security?
[05:11] <rdw200169> AIDE?
[05:11] <dieselz> Advanced Intrusion Detection Environment
[05:11] <rdw200169> ah, yes, i was gonna suggest snort
[05:12] <dieselz> its not an NSA server, but I do collect Credit Cards, so I don't wanna be an easy target
[05:12] <rdw200169> i see, its good that you're being careful then!
[05:12] <dieselz> snort as a replacement to AIDE/chkrootkit? or in addition?
[05:12] <rdw200169> it's another IDS
[05:13] <dieselz> okay, i see it is also rule based
[05:13] <rdw200169> snort.org
[05:13] <rdw200169> ah, you also found it ;)
[05:13] <dieselz> reading now, looks like i have some hw to do
[05:13] <rdw200169> i assume, then, that you're also using https with a real certificate, etc...
[05:13] <dieselz> btw, check it out: mtooter.com
[05:15] <rdw200169> how are you managing account information, for your credit card people?
[05:15] <dieselz> i dont store it at all, it goes through paypal
[05:15] <rdw200169> oh, nevermind then!
[05:16] <rdw200169> then, you're not storing credit information at all?
[05:16] <dieselz> right, just going right through
[05:16] <dieselz> but if someone were to gain access to my php script, then they could send the data
[05:17] <dieselz> my server sees the CC info, my hard drive does not
[05:17] <rdw200169> but isn't paypal a full https redirection?
[05:17] <dieselz> not paypal pro
[05:17] <dieselz> https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/general/PaymentSolutions-outside
[05:18] <rdw200169> you've baffled me then, you just said you only use paypal!
[05:18] <rdw200169> oh, i see
[05:18] <dieselz> paypal processes the CCs, but i take the information on my website
[05:18] <rdw200169> i didn't know that
[05:18] <dieselz> yea, its a nice, clean way to do it
[05:18] <dieselz> more risky, but much more professional
[05:19] <rdw200169> so, you're storing this information for your clients?
[05:19] <dieselz> no, i dont store anything =>
[05:20] <dieselz> user inputs CC info => server send CURL request to Paypal server => paypal server responds YAY or NAY => server shows user success or error message
[05:20] <rdw200169> well, i suggest that the best way to protect yourself, is by making sure there's not a ssh server (or telnet for that matter) to the outside world
[05:20] <rdw200169> https only would be the best
[05:21] <rdw200169> then, make absolute sure that your Apache configuration is rock-solid
[05:21] <dieselz> i agree, but i need to access my server through ssh
[05:21] <dieselz> know of any resources on hardening apache?
[05:21] <rdw200169> dieselz, alright, then make sure there's no root accounts
[05:22] <rdw200169> dieselz, and that your password is HUGE
[05:22] <hads> Nothing wrong with having ssh access open
[05:22] <rdw200169> hads, there is if the password is weak ;)
[05:22] <rdw200169> hads, on a root account...
[05:22] <hads> So, don't enable root and have a decent password.
[05:23] <rdw200169> yes
[05:23] <rdw200169> which is what i just said ;)
[05:23] <hads> That's just standard practice.
[05:23] <rdw200169> thanks for telling me i'm not blowing smoke out my hindquarter ;)
[05:25] <rdw200169> dieselz, most of that information requires buying a book, for the best explanations, regardless, i did find this: http://xianshield.org/guides/apache2.0guide.html
[05:26] <rdw200169> dieselz, as far as i know, apache2 is pretty touch on ubuntu already, but you may want to read the section from that link on the configuration
[05:27] <dieselz> hmmm... looks like it comes down to disabled all unused mods
[05:27] <rdw200169> that's a good idea
[05:28] <dieselz> should be fun
[05:28] <rdw200169> dieselz, there's also some new security features, like selinux
[05:29] <rdw200169> dieselz, http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=https%3A%2F%2Fwiki.ubuntu.com%2FSELinux&ei=k1V5SdDsKIH8tgerr_SgDg&usg=AFQjCNEcCgFO0Qa8x5_35mMmLWhRrTae3w&sig2=q53vj7VOgySrljwYGxwUsA
[05:29] <rdw200169> dieselz, whoops
[05:29] <rdw200169> dieselz, https://wiki.ubuntu.com/SELinux
[05:29] <dieselz> reading the NSA page.... very interesting
[05:29] <dieselz> i wonder if obama's blackberry will have that on it
[05:30] <dieselz> im willing to go far, but im stickin with ubuntu for now
[05:30] <rdw200169> dieselz, i think 8.10 has it
[05:30] <rdw200169> dieselz, i can't remember
[05:31] <rdw200169> dieselz, there's also PolicyKit
[05:31] <dieselz> gee
[05:31] <dieselz> z
[05:31] <dieselz> lots of stuff to checkout
[05:32] <rdw200169> dieselz, but i think that requires a GUI
[05:33] <dieselz> good stuff
[05:33] <rdw200169> dieselz, regardless, a strong firewall with https/ssh will rectify most of your fears ;)
[05:34] <dieselz> yea, im not too worried, i just want to learn slowly so that I really understand whats going on as opposed to just through a mote around my back door with my front door unlocked
[05:34] <rdw200169> dieselz, from there, it's all apache2 vulnerabilities
[05:34] <dieselz> is lighttpd more secure?
[05:38] <p_quarles> no, it is not
[05:39] <p_quarles> and the idea that software X is innately more secure than software Y is an attitude that creates security risks; avoid it
[05:39] <dieselz> windows vs linux?
[05:39] <dieselz> :)
[05:41] <dieselz> okay - well im off, thats for the help all
[05:42] <p_quarles> lulz
[08:14] <PC_Nerd> for some reason after I added an iptables restore script to /etc/network/if-pre-up.d/ I can no longer get a DHCP IP address from my router.....  etho0 (correct) 255.255.255.255 (the subnet should be 255.255.255.0) port 67 (thats correct isnt it)
[08:14] <PC_Nerd> any ideas on how to get it working again?
[08:23] <PC_Nerd> nothing?
[08:43] <jmarsden> PC_Nerd: Check /var/log/messages to see what the iptables stuff is blocking that is relevant, and adjust your iptables ruleset accordingly?
[09:22] <kraut> moin
[09:32] <dnperfors> kraut: moin
[09:32] <kraut> aloha dnperfors
[09:34] <dnperfors> You are from a german speaking country?
[11:30] <PC_Nerd> any ideas?
[13:37] <slestak> hey guys, I have a 8.04.1 server install that I am trying to setup for our web developers.  initially i had apache2 + mod-jk + tomcat5.5 installed (all from repos) and it was 80% functional for them
[13:38] <slestak> to try to get back to basics, i was asked to remove apache and mod-jk and just serve up jsp with tomcat (using the internal coyote server)
[13:39] <slestak> that has been done, used aptitude to purge apache and tomcat5.5.  reinstalled tomcat5.5, started service, but I cannot see anything listening on 8180 with netstat
[13:39] <slestak> ps shows tomcat running
[13:40] <spiekey> hey zul :) you there?
[13:40] <Koon> slestak: anything in the logs ? I think it might log to syslog
[13:40] <slestak> nothing in /var/log/tomcat5.5, let me sheck syslog
[13:41] <spiekey> zul: i have some non-trivial question related to xen :)
[13:41] <ScottK> Now you've made him hide.
[13:42] <zul> spiekey: yep im here
[13:43] <slestak> Koon: interesting, just service stop and startup messages as I restarted tomcat, but do see sth interesting in netstat now, lemm pastebin it
[13:44] <slestak> Koon: check out http://pastebin.com/m42d39a50
[13:45] <slestak> Koon: the ports 8009 and 8180  are listening to what looks liek "null" addresses
[13:45] <Koon> slestak: those are ipv6 localhost addresses
[13:46] <Koon> slestak: did you try accessing it using a browser ?
[13:46] <slestak> duh, i see the tcp6 now
[13:46] <slestak> yes, and I get a 404 trying to get to context /manager
[13:46] <slestak> nothing is logged when I try to go to /manager
[13:46] <Koon> sounds better :)
[13:47] <spiekey> zul: i am trying to build xen frm source with the 2.6.27-xen.hg image: http://pastebin.com/d4378b3cb
[13:47] <spiekey> any idea why it fails?
[13:47] <Koon> slestak: anything in syslog now ?
[13:48] <spiekey> line 98 seems to be intresting :)
[13:48] <slestak> Koon: just tomcat startup messages from 10 minutes ago.  nothing new on the failed access
[13:48] <zul> spiekey: no idea
[13:48] <Koon> and nothing in /var/log/tomcat5.5 ?
[13:49] <spiekey>  i wonder why i get: select-linux-arch: x86, since i have 64Bit
[13:49] <slestak> Koon: same thing in syslog is repeated in catalina-01-23*
[13:50] <slestak> maybe change the logging level to highher than INFO
[13:50] <slestak> checked firewall, its not blocking ports, the machine is inside our lan
[13:51] <Koon> slestak: (stupid question) is the manager webapp installed ?
[13:51] <Koon> (you need to install tomcat5.5-admin separately)
[13:52] <slestak> i will double and triple check
[13:53] <slestak> yeah, http://pastebin.com/d5f38d23c
[13:54] <slestak> i will reinstall -admin
[13:55] <Koon> or maybe...
[13:55] <slestak> after reinstall -admin, still no listener on 8180 for tcpv4
[13:55]  * Koon fires up a hardy VM to check something
[13:56] <slestak> i setup the tomcat users so someone has the manager role
[13:57] <Koon> slestak: what JVM are you using ?
[13:57] <slestak> sun jdk 1.6.0_07
[13:57] <slestak> i had all of this almost working with apache2 mod-jk, all of it
[13:58] <slestak> thee devs just couldnt get their webapp to run,
[13:58] <slestak> javac -version finds the jdk
[13:58] <slestak> let me check /etc/defaults
[13:59] <Koon> I'm installing in parallel
[13:59] <slestak> i have JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.07
[13:59] <Koon> what URL are you trying to access exactly ? /manager ?
[13:59] <slestak> yes, fqdn:8180/manager
[14:00] <slestak> i do not have X on this machine, so I have been accessing it from my desktop
[14:01] <Koon> just a sec
[14:01] <slestak> i did not uninstall-reinstall libtomcat5.5-java,
[14:01] <slestak> that package is still from the original attempt
[14:01] <slestak> i also have tomcat5.5-webapps installed just to get the hello world stuff
[14:02] <Koon> you might need to call a slightly different url, sth like /manager/html, I'm installing to tell you exactly what
[14:02] <slestak> good point
[14:02] <slestak> looking at ps, I see the /usr/bin/jsvc processes are being run as root.  that is surprising
[14:03] <Koon> slestak: try http://fqdn:8180/manager/html
[14:03] <Koon> there is also http://fqdn:8180/admin/ but it seems to suck
[14:04] <slestak> ok, i see the manager page, whew
[14:04] <Koon> slestak: tomcat support improved in intrepid, with support for tomcat6
[14:04] <slestak> i dont understand why netstat -an doesnt show a listener on 8180
[14:05] <Koon> it does. you get a ipv6 *:8180 there afaict
[14:06] <slestak> the ipv6 handles ipv4 as well?
[14:06] <slestak> i am still ramping up ipv6 facts
[14:06] <Koon> yes, look at the :::22 line, it's the same for ssh
[14:06] <slestak> ok, last question, promise :)
[14:07] <slestak> tomcat5.5 webapps is installed, but they are not listed in teh Applications
[14:07] <Koon> in the manager ? you don't have a "examples" or something ?
[14:08] <slestak> nope, I have three webapps for our product, admin and manager
[14:08] <slestak> i am going to look for where they are installed and just deploy that context by directory url
[14:08] <Koon> might need reinstallation to deploy the contexts, yes
[14:08] <Koon> sleepingyoyo: good luck ;)
[14:09] <Koon> slestak, even
[14:09] <slestak> reinstall of the webapps?
[14:09] <slestak> i have already done that more than once
[14:09] <Koon> then no ;)
[14:10] <Koon> got to go, sorry
[14:10] <slestak> tyvm for your help
[14:10] <Koon> np
[14:16] <Hellsheep> Hello, i have been trying to set up my Ubuntu server, i have installed everything fine, during the install i pulled the network cable as it kept on hanging on Configuring APT, once i did that, it didn't set up DHCP obviously. Now when i am running ubuntu server, it cannot connect to the net, when i run sudo lshw -C Network it shows: *-Network DISABLED
[14:17] <Hellsheep> How do i configure my network to connect to the internet now?
[14:18] <Hellsheep> Or more correctly, how do i configure Ubuntu to connect to my network?
[14:19] <soren> the configuration file is /etc/network/interfaces
[14:20] <soren> It's documented in the interfaces(5) man page.
[14:20] <Hellsheep> Thank you, i found it in: http://tinyurl.com/65jzxw
[14:20] <Hellsheep> It seems all i need to add is this: auto eth0
[14:20] <Hellsheep> iface eth0 inet dhcp
[14:21] <soren> If you want dhcp on eth0, then yes.
[14:21] <Davedan> can anyone recommend a VPS hosting for ubuntu?
[14:22] <Hellsheep> soren, how do i open the file?
[14:22] <soren> Hellsheep: With your favourite editor?
[14:23] <Hellsheep> I am not familiar how to open files using Ubuntu server
[14:23] <Hellsheep> First time setting up a server
[14:23] <Hellsheep> Especially a Linux one
[14:23] <henkjan> Davedan: slicehost.com, ghandi.net. xlshosting.nl
[14:24] <Davedan> henkjan: thanks, I'll have a look at thouse
[14:24] <soren> Heh... I don't know what the suggested editor for beginners is.
[14:25] <cjwatson> just say 'editor' and it'll use the default
[14:25] <soren> Good point.
[14:25] <soren> Hellsheep: sudo editor /etc/network/interfaces
[14:26] <erichammond> Davedan: Amazon EC2 :)
[14:26] <Hellsheep> i just used pico /etc/network/interfaces
[14:26] <cjwatson> nano replaces pico and is (a) free (b) better
[14:26] <Hellsheep> ah kk
[14:27] <cjwatson> (free as in free software; pico wasn't quite for various reasons)
[14:27] <cjwatson> actually, when you run pico on Ubuntu you get nano. But still.
[14:28] <Hellsheep> I used nano instead
[14:28] <DogWater> when you use debmirror to create a mirror do you have to use archive.ubuntu ? it seems really slow
[14:28] <Hellsheep> How do i save the file?
[14:30] <soren> DogWater: You can use any mirror.
[14:30] <soren> DogWater: archive.ubuntu.com should be quite fast this time of year, though.
[14:32] <Hellsheep> cjwatson, how do i save a file in nano?
[14:32] <Davedan> erichammond: I'm using EC2 for customers but need a small one for demo. 74$ is too much
[14:33] <soren> Hellsheep: There's some help at the bottom of the screen.
[14:33] <soren> ^ means CTRL.
[14:33] <uvirtbot`> soren: Error: "means" is not a valid command.
[14:34] <soren> uvirtbot`: nick uvirtbot
[14:38] <Hellsheep> I figured it out.
[14:39] <Hellsheep> Although i still have a problem
[14:39] <Hellsheep> When i do sudo lshw -C Network
[14:39] <Hellsheep> It still says *-Network DISABLED
[14:39] <Hellsheep> How do i fix that?
[14:43] <soren> Not sure what that means. Maybe you just need to set up the interface? "sudo ifup eth0"
[14:44] <orudie> instead of using chown , can i use a command to add another owner instead of changing it ?
[14:45] <Hellsheep> soren, that fixed it. Thank you.
[14:46] <dnperfors> orudie: no, unless you add the new owner to the same group
[14:47] <cjwatson> orudie: it is actually possible to have multiple owner-like rights, but it gets complicated; you can use setfacl to do it
[14:47] <cjwatson> orudie: you're better off using groups if you can, since they're simpler; however they may be fiddly if you have lots of special cases
[14:47] <dnperfors> hmm, didn't know that :P
[14:47] <orudie> thanx
[15:37] <fauxhawk> [C
[15:49] <heath|work> how do I view user info like current home dir
[15:51] <cjwatson> heath|work: 'getent passwd USERNAME'
[15:52] <heath|work> cjwatson, thanks
[15:56] <Max007> Hi
[15:56] <Max007> Can someone help me with resizing a software raid partition ?
[16:01] <jmedina> Max007: what is the problem?
[16:02] <jmedina> Max007: what kind of raid?
[16:17] <MadChopr> i have 4 320GB SATA drives configured with the intel raid bios as one raid0+1 partition that's around 570GB; i think dmraid sees it as two seperate partitions that are 640GB each, can someone help me to get the dmraid to see what the BIOS software raid is trying to do?  i'm on ubuntu 8.10
[16:18] <MadChopr> my boot drive is an 80gb drive that has nothing tod o with the raid arraym, but it's on the same sata contrller
[16:18] <jmedina> MadChopr: and why are you using dmraid, when raid is already done?
[16:22] <MadChopr> jmedina: yea, it's very confusing to me
[16:22] <MadChopr> jmedina: i was reading that i have fakeraid or software raid... even though it's through the BIOS
[16:22] <jmedina> MadChopr: you did the raid in the bios, right? then you dont need to use dmraid
[16:22] <jmedina> just format the device
[16:23] <MadChopr> well, i've read differently on several places... one was even in the ubuntu wiki
[16:23] <jmedina> well, probably, there are some fakeraid chipsets
[16:23] <MadChopr> https://help.ubuntu.com/community/FakeRaidHowto
[16:23] <jmedina> its been years since I had those problems
[16:23] <jmedina> but you need to verify you have one o thoses chipsets
[16:27] <MadChopr> i have ICH7 this FAQ says it's software raid --> http://linux-ata.org/faq-sata-raid.html
[16:48] <Max007> how can i choose apt mirror from the console ?
[17:08] <maxb> Max007: Besides "vim /etc/apt/sources.list" ?
[17:14] <andol> Max007: It will work even better if you use Emacs :-)
[18:24] <Max007> maxb: yeah I know that but I don't know all mirrors
[18:24] <maxb> https://launchpad.net/ubuntu/+archivemirrors
[19:59] <crackintosh> Hello, A web application hosted on my ubuntu machine requires me to run a cron job. It doesnt seem to work all the time.
[20:00] <crackintosh> Is it possible that it is not executing properly because it is not run by www-data
[20:01] <crackintosh> here is the cron job: * * * * * cd /var/www/sugarcrm; php -f cron.php > /dev/null 2>&1 being run by root
[20:08] <GreenCult> hi all
[20:09] <GreenCult> somebody here speak spanish??
[20:12] <jmarsden|work> GreenCult: Try #ubuntu-es
[21:24] <nurmi> yep, this is indeed Dan from eucalyptus-land
[21:41] <kansan> um i'm about to deploy a LAMP stack over ubuntu + ec2.... we develop on 32 bit ubuntu at work... should i select a 64/32bit ubuntu ami from http://alestic.com/ as my base?
[21:51] <erichammond> kansan: I build the AMIs listed on http://alestic.com and many folks (including my company) use them in production servers on EC2.
[21:51] <kansan> what about the 32/64 bit question?
[21:52] <erichammond> kansan: There are also some official Ubuntu AMIs which are currently in beta. You can join the beta program here: http://ubuntu.com/ec2
[21:52] <erichammond> kansan: It depends what type of EC2 instance you want to run (32-bit or 64-bit)
[21:53] <erichammond> kansan: I would also encourage you to join the Ubuntu on EC2 community: http://ec2ubuntu-group.notlong.com
[21:53] <kansan> anyone know how to solve this:  Client.InvalidKeyPair.NotFound: The key pair '/home/david/.ec2/id_rsa-gsg-keypair' does not exist
[21:53] <kansan> it does though!
[21:53] <erichammond> Other channels which might be more appropriate for asking EC2 questions: #ubuntu-ec2 ##aws
[21:54] <kansan> ah cool!
[21:54] <erichammond> #ubuntu-ec2 has the folks who build the official Ubuntu beta images.  ##aws has more general EC2 experts (like the Q you just asked)
[21:56] <kansan> thanks
[21:56] <erichammond> kansan: answering over on ##aws
[21:56] <kansan> mk thx!
[22:29] <kaje> is there a way to tell ufw to ignore all broadcast packets and do NOT log them? I have a printer server at work that is cluttering up my logs with its broadcast traffic...
[22:30] <jdstrand> kaje: just explictly DENY them. 'sudo ufw deny 631'
[22:31] <jdstrand> kaje: or give the broadcast address: 'sudo ufw deny to <broadcast address> 631'
[22:31] <jdstrand> oops
[22:31] <jdstrand> sudo ufw deny to <broadcast address> port 631
[22:32] <kaje> and that will keep them out of the log?
[22:33] <jdstrand> kaje: yes. logging is not enabled on a per rule basis (yet), so adding a deny or allow rules means they won't get logged. if you don't like this solution, you may update /etc/ufw/after*.rules
[22:36] <kaje> no, that solution is fine with me
[22:38] <ziggles1> hi guys, is it possible to do something similar to NAT port forwarding but based on the hostname?
[22:46] <andol> ziggles1: In most cases no. The hostname isn't really used on a network level. The only time you can do magic based on hostname is if you use a protocol which sends and listens to the hostname. If I'm not totaly misstaken http is the only one of the major protocolls which handles hostnames.
[22:47] <kansan> is there a way of searching which packages are avaialble on 8.04 LTS server?
[22:48] <andol> kansan: http://packages.ubuntu.com/
[22:48] <andol> kansan: or do you want to know how to do the search on an 8.04?
[22:49] <kansan> i guess i already have an ec2 instance up
[22:49] <kansan> running 8.04 lts server
[22:49] <kansan> so i can just search via it
[22:49] <andol> kansan: I usually use "apt-cache search foo"
[22:50] <andol> kansan: Another option might be to start "aptitude"
[23:28] <ziggles1> andol:  that is what i was thinking
[23:29] <ziggles1> andol: so does this mean that most commonly webservers should be assigned an external facing IP?  ie dont do nat before?
[23:29] <ziggles1> or i should say, not behind nat
[23:30] <andol> ziggles1: Well, somewhere along the line there has to be a public facing IP if nothing else. Still, that can be a router, which forwards all http(s) trafik to an internal ip.
[23:30] <andol> ziggles1: The actual web server can be behind the NAT.
[23:31] <ziggles1> andol: could you possbily have two webservers behind the nat?
[23:31] <andol> andol: Kind of
[23:31] <andol> ziggles1: Kind of
[23:31] <ziggles1> andol: seems impossible to have 2 unless you have them running on diff ports and forward the ports?
[23:31] <Nafallo> depends on how configurable the NAT device is.
[23:32] <andol> ziggles1: You can have a frontend webbserver on the public IP, then you can have it proxy to the other webbservers in the NAT, based on hostname for example
[23:32] <ziggles1> Nafallo: what do you mean?
[23:32] <ziggles1> andol: ah that's interesting!
[23:32] <Nafallo> some could probably send it to the correct internal server based on destination URL.
[23:33] <Nafallo> another variant would be anycasting, in case both serves the same material.
[23:33] <andol> ziggles1: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
[23:33] <Nafallo> but yea... I should sleep rather than trying to act clever :-)
[23:33] <andol> ziggles1: reverse proxy
[23:33] <andol> Nafallo: don't worry, I have the acting clever all covered :)
[23:34] <ziggles1> Nafallo: thanks for offering your advice man.
[23:34] <ziggles1> sleeep! :)
[23:34] <Nafallo> no worries :-)
[23:35] <ziggles1> hmmm so the issue is that i have 2 VMs setup as webservers
[23:35] <Nafallo> actually pack bag, shower, sleep 1h 30mins, run around to catch buses so I won't miss the plane :-(
[23:35] <Nafallo> but thanks ziggles1 :-)
[23:35] <ziggles1> lol sounds horrible man
[23:36] <ziggles1> with these two webservers we are trying to figure out how to route traffic to them via one nic... and not expose the whole box
[23:36] <ziggles1> but i suppose that a webserver should pretty much be exposed..
[23:38] <genii> ziggles1: You could also create an alias to hae 2 IP running on same adapter
[23:45] <ziggles1> genii: an alias? like a bridge?
[23:47] <genii> ziggles1: N o, adapters can have as many IP addresses as you want. Then you bring them up with ifup or ifconfig with names like eth0:0 eth0:1   and so on, each with it's own settings,IP, etc. Then if a name resolves to a specific IP it goes there still
[23:48] <genii> ziggles1: The thing is you can use the aliased adapters in a vm as well
[23:48] <jmedina> or, you can simple add for IP address to a single interface without having more alias interfaces like eth0:1
[23:49] <jmedina> I prefer this way
[23:50] <jmedina> if you want to do filtering or routing, you only specify the interface with a destination address
[23:50] <Deeps> aliasing is deprecated
[23:52] <genii> Deeps: Ah, was not aware. Been a while since I used it
[23:52] <Deeps> i learnt today that even ifconfig can add multiple addresses to an interface
[23:52] <jmedina> :D
[23:52] <Deeps> ifconfig <dev> add <ip>
[23:53] <genii> Can you add even if on different ranges/segments with different gateways, etc?
[23:53] <jmedina> genii: yeap
[23:53] <genii> Cool
[23:54] <jmedina> it is only a address to a interface, there is no routing, classing involved
[23:54] <jmedina> after that, routing is your job :D
[23:54] <ziggles1> thats pretty cool
[23:55] <jmedina> for example, there is people running one interface connected to two different WAN (ISPs)
[23:55] <jmedina> with differente classes, different gateways, and so on