[00:06] Does anyone have a clue why a stock (VPS) LAMP installation would download my index page when I view the site from the domain with the www prefix, but work fine if I leave the www off? (ex. www.test.com doesn't work, test.com does) [00:08] does www.test.com point to the same ip as test.com ? [00:08] or is it a cname to test.com ? [00:08] cname [00:08] name-based vhost? [00:08] I'm using Dyndns as a host for the domain [00:10] Not sure. I tried adding a ServerName line to the 000-default, but it didn't do anything. Not sure if there's more I need to tinker with or not. [02:18] anyone know some ways to test bandwidth speeds (sites as well)? [02:20] also how do i restore the default firewall settings [02:20] speedtest.net for pure bandwith .. for your site, don't know of any online tools, only commercial product [02:21] i need to test from the command line [02:23] do you have a browser (like lynx) on your server? [02:23] nope [02:23] Delerium_, if you have two servers .. you can use iperf [02:23] sorry - Proz01d [02:24] ;) [02:24] np.. [02:24] The following links seems to analyze your site from the Internet http://www.websiteoptimization.com/services/analyze/ [02:25] i tried wget and the xp sp2 download link from MS [02:25] yea .. thats another method :) wget http://ubuntu/some.iso ;) [02:26] Maybe you can check with your hosting / internet provider to see if they have a FTP speed test available or something like that [02:26] if you have two servers - nothing beats iperf for proving the max BW between the two.. other than that .. wget is usually the best option sadly! [02:27] Didn't knew about iperf thanks Kiall [02:28] yea - its basically a command line speedtest.net .. but without the servers provided for you ;) [02:28] So you need to have iperf installed on both server and then launch it? [02:29] Yea .. One side acts as a client, the other as a server .. [02:29] Cool... I should give this a try [02:30] BTW If its under 50Mb/s your expecting .. I can launch a server for a few mins.. [02:31] Kiall: I'm waiting for my dedicated server to be setup, I'll test with that ;) [02:31] Thanks [02:31] sure... [02:32] [ 3] 0.0-10.1 sec 339 MBytes 283.8 Mbits/sec <-- Disappointing results ;) [02:33] what are you trynig? [02:34] kaill -> was that a wget? [02:35] aha .. thats better :) "[ 3] 0.0-10.0 sec 1.09 GBytes 933 Mbits/sec" [02:35] no - iperf [02:35] WHAT?! [02:35] LAN ;) [02:36] 283.8 Mb/s was internet [02:36] that's still crazy fast [02:36] Its not exactly my home connection ;) [02:36] i'm guessing fiber...not ethernet [02:37] we take it as ethernet, but yea .. pretty much all BW in and out of datacenters is fibre .. [02:37] I should try to run this on our servers ... but not sure they will let me do it ;( [02:38] you guys know how to get the default firewall settings back? [02:38] lol - call it a diagnostic test ;) [02:39] `iptables -F` will empty the rules .. empty might not be your default tho [02:39] Kiall: ;) Management will says it's up to the network guys... they are pretty strict when it comes to do modification on our servers [02:39] Wondering about Proz question, does ubuntu-server use SELinux? [02:40] not by default, it does use apparmor which is somewhat similar [02:41] Ho okay... [02:41] AppArmor is more on the "application level" if I'm not mistaken [02:41] ? [02:42] Yea .. http://paste.ubuntu.com/610893/ [02:42] thats the mysql appa config... [02:43] Thanks Kiall [02:46] New bug: #786040 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786040 [02:49] Kiall, so basically, AppArmor restrict the files that a process can read / write !? [02:50] yea .. when a program has an AA profile, it only has access to what's in the profile, and nothing else.. [02:51] eg mysql's one has "network tcp" but not "network udp" .. so no UDP sockets ... [02:51] k, make sense .. nice to know ... I've been using Linux for a while but never go in deep... [02:52] Don't have much time with work (and we have only 2 olllddd Linux server) [02:52] if I ssh into my server and run a python script, will the script stop when I close the ssh session? [02:52] fastveg, yes .. unless you start it in the background .. [02:52] or will it keep running even though I disconnect [02:52] eg `python bla.py &` [02:52] or `screen -dmS my_app python bla.py` [02:53] ok thanks [02:53] fastveg, ./myscript & [02:53] even better [02:54] if you think you'll want to "reattch" to see how its doing etc ... use screen.. otherwise pop at & at the end and it'll quit when it quits :) [02:54] reattach* [02:54] Having a log file is also a good idea ;) [02:55] yea .. nothing worse than seeing a script die after a few hours of processing without logs ;) [02:55] yup.. It kills! [02:56] I had a 3 week long data import process that couldnt be paused, it had to start again from scratch if it died .. [02:56] 2 weeks in .. bam. [02:56] 3 weeks import!?!?!? Gossshh... that was a DB ? [02:56] suffice to say heads rolled ;) [02:57] lol [02:57] yea - 3 weeks .. data was sourced from an API that was slow a hell .. and there was craploads of it [02:57] slow as* [02:59] Well... there is slow ... and SLLLOWWWWW [03:02] ;) [03:06] just curious...what are you guys using for dns? [03:06] My ISP DNS [03:06] bind + the probind web UI .. [03:06] ho.. . as a DNS server... sorry ;) [03:06] lol np [03:06] bind too [03:07] but I don't personnaly manage our DNS, so I suck at bind ;) [03:08] i'm setting up a vpn and i need to specify a dns... [03:08] so i'm pointing to one externally [03:12] but i'm trying to improve performance so i was wondering if I should use bind instead [03:14] generally (ie unless your ISP's DNS servers are crap) .. you're better using them for recursive resolving... [03:15] (ie for looking up google.com... rather than mydomain.com DNS hosting) .. [03:18] Proz01d: Unless you have measured current performance and are sure from that work that DNS is your bottleneck, switching DNS servers seems unlikely to "improve performance"... are you sure DNS is slowing things down, not something else? [03:24] nope... but right now i'm pushing some dns server ip from the base openvpn isntall (it was commented out originally) [03:27] you probably dont need to be pushing a DNS server with the VPN, not unless you have your own internal DNS setup on the far side of the VPN, and it sounds like you don't :) [03:27] i guess i can try diabling it [03:37] what is the best place to put setkeycodes command? [04:18] hi [04:20] I'm in China where many website are banned, but I have a server abroad on which I installed OpenVPN, from this, can you tell me the main lines on how to open some website using this VPN ? === MTecknology is now known as EvilMTeck [05:00] maxagaz: Sounds like you want to run a proxy on the "abroad" server and the point your local web browser to that proxy. I have used tinyproxy for this sort of thing (well, not from China...!) [05:03] jmarsden, so, basically, what I need is a vpn (like openvpn), a proxy server (probably squid) and some iptables ? [05:04] squid would be very heavyweight for this kind of (single user) use, and since you already have the tunnel working, no real need for iptables changes that I can see... but other than that, yes. [05:05] If the authorities see your VPN tunnel and get suspicious of you, don't blame me :) [05:06] jmarsden, there's nothing wrong in making a tunnel, many companies do it [05:07] OK. If I were trying to prevent people seeing some websites, I'd sure be suspicions of people using VPNs... it's the #1 obvious way to get around the blocking :) Be glad I'm not the Chinese authorities :) :) [05:07] maxagaz, you just need the VPN, so long as it sends a default route [05:07] (and sends a DNS server from outside china) [05:07] Kiall: You can do that, but on a transcontinental link that could be pretty slow... [05:08] a proxy will have the same issue + wont "hide" anything but HTTP (eg DNS ..) [05:09] Kiall, I already have the VPN working, how to redirect the traffic through it ? [05:09] A proxy inside the tunnel is more about bandwidth than hiding, IMO. Better to only move the web traffic for the sites you need to use over the tunnel that way, leave the rest of your traffic out in the open locally. But... theres more than one way to do it. [05:10] maxagaz, if you add `push "redirect-gateway def1"` to the config .. it should move all traffic over then VPN [05:10] Kiall, where to add it ? [05:10] oh I see [05:10] Anywhere in the server config file [05:11] jmarsden, yea being selective about what you tunnel will obv make it faster.. but leaves you wide open to making a mistake :) [05:11] Kiall, but then all the traffic would be redirected, I just want the forbidden addresses to be redirected [05:12] thats a tad harder to do - since your browser doesn't let you say "use proxy X for bla.com and bla2.com" .. [05:12] maxagaz: Use proxying and set your browser to selectively proxy ... firefox has addings like foxyproxy for that [05:12] Kiall: It does, with foxyproxy :) [05:12] jmarsden, ah nice :) [05:13] that sounds a good idea [05:13] actually I hope it still does, not sure I have used that addon in Firefox 4.0 yet :) [05:14] anyway - as jmarsden said, a proxy is better for selective traffic .. bear in mind that DNS may be blocked so try google's DNS servers (8.8.8.8 and 8.8.4.4) .. if "they" prevent you using 3rd party DNS, you have to push DNS over the VPN aswell [05:14] I can change it manually to my resolv.conf [05:15] Kiall: Now that could get interesting... I wonder if you could set up a local DNS server and use bind views to do selective DNS forwarding :) [05:15] sure - but they can catch all port 53 (DNS) traffic, and hijack it :) [05:15] jmarsden, yea .. thats certainly possible [05:16] you could do the same with a hosts file aswell tho :) [05:17] Kiall: well, harder to add every host *.microsoft.com to your hosts file than to tell a view to forward dns for *.microsoft.com through the VPN, I would think :) [05:17] or *.facebook.com, or *.google.com ... [05:18] yup - I didn't think of that! [05:23] how to allow my vpn to make redirections ? [05:27] in foxyproxy, I have put the address of my vpn, but which port should I set ? [05:30] The port that your proxy is listening on :) [05:30] jmarsden, ah, so I still have to install a proxy [05:31] If you want to do this the "selective" way, then I think so. [05:31] foxyproxy is for using proxies... hence its name :) [05:32] jmarsden, and how to link the proxy to the vpn ? [05:32] jmarsden, else, anybody could use my server as a proxy... [05:33] Hmmm? Run the proxy server on the remote server at the 'abroad' end of the VPN tunnel. You can configure proxies to only accept request from specific IPs, etc... read the docs that come with whatever proxy server software you choose. [05:33] jmarsden, ok, I see [05:33] You may be able to only bind the proxy listener to the vpn tunnel interface on that server, so it is invisible to anyone else, too. [05:36] * Kiall would still just go the "want to visit something restricted? start VPN, all traffic goes via it.. done? disconnect" route.. much simplier :) [05:37] Kiall, how would you do that ? [05:38] with the default route .. then you can just start and stop the VPN as you want to use it .. [05:39] pretty much the same enabling disabling the proxy .. and safter/easier than creating a list of hosts for foxyproxy to selectively route over the VPN+Proxy combo [05:39] Kiall, you mean, by doing route del default gw, route add default gw my_vpn_ip ? [05:40] no - with `push "redirect-gateway def1"` in the VPN servers config, and then you start/stop the VPN as you need to use it [05:41] Kiall, okay [05:41] Its defiantly easier to manage that way :) [05:43] Kiall, okay, I'll try it right now [05:48] Kiall, do I also need a 'push "route..." ' ? [05:49] nope - just the gateway [05:49] maybe a `push "dhcp-option DNS 8.8.8.8"` line aswell [06:34] Kiall, it didn't work [06:35] humm what happened? [06:35] Kiall, when i restart the vpn client, i can't ping anything [06:35] Kiall, and even lost this chat room [06:36] did you setup NAT on the server? [06:36] Kiall, no [06:36] Kiall, perhaps there are some default rules... [06:37] Kiall, i only have fail2ban in my iptables [06:37] aha :) I thought that was mentioned earlier .. whoops .. [06:38] Kiall, ah... :) [06:38] `iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE` - assuming eth0 is the servers internet connection [06:38] BUT [06:38] be careful with this part! [06:38] (you have console access to the server? or the ability to reboot it?) [06:38] why ? [06:38] Kiall, yes [06:38] then no worries :) [06:39] Kiall, perhaps I sould just try it fo a few seconds [06:39] Make a mistake with the rule and you could loose SSH access until you reboot / remove it (and that could be wrong .. its late!) [06:39] once its added, it either works, or you need to reboot / remove the rule via the server [06:40] Kiall, I'll do it and pray [06:40] ;) [06:40] also `iptables -t filter -A FORWARD -i vtun0 -o eth0 -j ACCEPT` [06:40] oh, i need both... [06:40] (assuming vtun0 == vpn interface, and eth0 == servers internet) [06:40] that was okay for the first one :) [06:41] it's just tun0 for me [06:41] yea - tun0 instead of vtun0 then [06:42] okay, now let's restart the client to see if it works... [06:42] I might lose the chat again... [06:42] you most likely will as it connects [06:42] it should connect right back again tho - if it wored ;) [06:42] worked* [06:51] I was disconnected [06:51] Kiall, those to rules were for the server, right ? [06:51] yea [06:52] ok [06:52] any idea what part failed? [06:53] This might be worth a read :) http://alestic.com/2009/05/openvpn-ec2 [06:53] Skip the ec2 parts and see if there is anything in there you havent already done [06:54] Kiall, with the two open vpn settings you gave me, I should get 8.8.8.8 in my resolv.conf and some changes in my routes, right ? [06:54] 8.8.8.8 resolv.conf doesnt always work (depends on the client settings...) .. but the default route should have swapped [06:55] Kiall, it didn't swap... [06:56] see anything in that link you've missed? [06:56] firefox is still trying to open it [06:56] I hope this website isn't banned [06:56] so many websites are banned here [06:57] i'll have to use proxy4free to open it... [06:58] or http://i.imgur.com/WvKFN.png [06:58] that one works :) [06:59] thanks a lot :) [06:59] anyway - gotta run .. good luck [07:00] I have to go out to eat too, i'll try again once back, thanks a lot for your help [08:19] hi [08:20] Could someone help me get ddclient working? [08:20] or any DNS updater that will update multiple DNS servers with the dynamic IP? [08:20] What I've tried to work out isn't working [08:20] I would like it to update every 15 minutes === nickmoeck_ is now known as nickmoeck === NG_ is now known as ng_ [11:55] hello to all. i have very big problems with web server session handling. for some strange reason session data disapear when i go from one page to other inside my site. i have tryed last 24 hours all what i can think off but nothing helped till yet. need really help with this problem. === ng_ is now known as NG_ === NG_ is now known as ng_ [13:22] i'm trying to access a samba smb share from a mac, i'm trying to use force user & guest so anyone can write & delete files on this share, but i can only seem to create folders, not files === ng_ is now known as NG_ === NG_ is now known as ng_ [15:26] New bug: #786188 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: le sous-processus nouveau script pre-installation a retourné une erreur de sortie d'état 1" [Undecided,New] https://launchpad.net/bugs/786188 === ng_ is now known as NG_ [16:07] New bug: #777855 in glibc "resolver failures without even sending queries, break Postfix" [High,Confirmed] https://launchpad.net/bugs/777855 [16:28] hello... what is the ubuntu equivalent of chkconfig under red hat? [16:41] anyone that can see wtf is wrong with this regex? it's meant to mach a mac address, but fails /[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}/ [17:06] how do I know if I need tcp tuning? http://fasterdata.es.net/fasterdata/host-tuning/linux/ [17:06] will I see errors? [17:17] bluethundr_: sudo service --status-all # for a basic status list. For run level details, you can try installing and using sysv-rc-conf [17:49] royk: did you get it qworking?\ [17:49] where are you trying to run this? [19:02] New bug: #786250 in backuppc (main) "Remove dependency on perl-suid for Perl 5.12" [Undecided,New] https://launchpad.net/bugs/786250 [19:14] i am using ubuntu 10.04 ,how do i update my kvm to latest version [19:16] Is qemu-kvm | 0.12.3+noroms-0ubuntu9.6 | lucid-updates | source, amd64, i386 recent enough for your needs? That is in lucid-updates. [19:41] Proz01d: yeah [20:47] anyone know the current state of kolab with ubuntu server? There is a wiki page talking about it being included with 10.10 server, but not sure if it's working, don't see any release news? [20:54] anyone?