| zombi- | FunnyLookinHat: Apache2 -V | 00:06 |
|---|---|---|
| rudyv | Hi, I'm trying to cinfugre iptables on my box to provide NAT through eth1 to eth0 (which provides DSL via PPPoE). How do I set up the rules in iptables to do that? | 00:38 |
| jMCg | rudyv: take a look at the ufw wiki, I think it might have something you're looking for. | 00:48 |
| rudyv | I got the basic NAT up with iptables. | 00:48 |
| rewt | rudyv, also make sure to echo 1 >/proc/sys/net/ipv4/ip_forward | 00:49 |
| rudyv | I did that | 00:49 |
| rudyv | and set the appropriate line in sysctl.conf | 00:49 |
| rudyv | :D | 00:49 |
| rudyv | I have the rules set | 00:49 |
| rudyv | Accept if input = eth1 & state = established or related; accept if input = ppp0 | 00:50 |
| rudyv | That works. | 00:50 |
| rewt | eth1 is your lan? | 00:50 |
| rudyv | Yes. | 00:50 |
| rewt | pastebin your iptables rules and i'll can have a look if you want | 00:52 |
| rudyv | Alright | 00:52 |
| rudyv | rewt: I'm using Webmin to configure it | 00:53 |
| rewt | can that give an equivalent of iptables-save ? | 00:54 |
| rudyv | I can get it via SSH | 00:55 |
| rudyv | hm | 00:57 |
| rudyv | pastebin isn't working from here | 00:57 |
| rudyv | lemme try pasteit on the server | 00:58 |
| rewt | try a different pastebin | 00:58 |
| rudyv | oh, pastebinit | 00:58 |
| rudyv | http://pastebin.com/9W9NnnNr | 00:58 |
| rewt | yeah, that's quite a bit off :/ | 01:00 |
| rudyv | oh | 01:01 |
| rudyv | that probably explains why some sites take longer to load on this system | 01:02 |
| rudyv | rewt: What do I need to do to configure it properly? | 01:04 |
| rewt | here's a script that should work after you put in your details in lines 3-5: http://pastebin.com/Nj43cGT1 | 01:05 |
| rudyv | Well, I want to be able to set forwarded ports much like one can on a standalone router | 01:07 |
| rewt | for that, just add pairs of lines like this: http://pastebin.com/Lx5YzW4j | 01:09 |
| rewt | err, that DROP on the end should be ALLOW | 01:09 |
| rewt | ACCEPT | 01:09 |
| rewt | http://pastebin.com/gruhhvA8 | 01:10 |
| rewt | first line redirects it to the lan pc, second one allows it through | 01:10 |
| rudyv | I'm inputting the rules in the script into Webmin. | 01:13 |
| === NG_ is now known as ng_ | ||
| rudyv | Yay! | 01:20 |
| rudyv | I have forwarding up. | 01:20 |
| rudyv | Hm, some Web sites though, like my personal Web site, won't come up | 01:25 |
| rudyv | (nor will any on the same server) | 01:26 |
| jMCg | rudyv: is your personal website in you LAN? | 01:26 |
| rudyv | No | 01:26 |
| rudyv | it's on a VPS | 01:27 |
| rudyv | and I distinctly recall paying for it | 01:27 |
| jMCg | downformeor.... | 01:27 |
| rudyv | "It's just you. rudyvalencia.com is up." | 01:27 |
| rudyv | Finally it's come up, albeit extremely slow. | 01:28 |
| === RudyV is now known as RudyValencai | ||
| === RudyValencai is now known as RudyValencia | ||
| RudyValencia | hey | 01:59 |
| RudyValencia | Why would browsing to some sites be slower than to others if I have my Linux box providing NAT access to my DSL for my LAN? | 02:08 |
| RudyValencia | OK | 02:17 |
| RudyValencia | Why am I having problems with some sites with NAT provided by my Linux system? | 02:19 |
| === ng_ is now known as NG_ | ||
| jmarsden | RudyValencia: Make sure you log everything your packet filtering setup drops, and then read your logs. Sounds like you are blocking some traffic that you want to allow through? | 02:23 |
| RudyValencia | I'm trying to set up IPtables rules to provide NAT on my server | 02:26 |
| jeeves__ | how do I go about setting up SA-LEARN on my Dovecot box with virtual e-mail boxes that are mapped in MySQL? | 02:43 |
| Derptron | Hi, I'm wanting to use oprofile and need an uncompressed vmlinux. Does anyone have any experience doing this? I can't find any documentation on how to acquire/setup one. | 03:27 |
| Derptron | (I'd use --no-vmlinux but the given process is spending 20% of its time in "--no-vmlinux", so I need to better isolate what it's doing. | 03:28 |
| luite | hmm, last time I needed one (for booting with an old xen version), I rebuilt the whole kernel | 03:30 |
| Derptron | I need to somehow do this with minimal to no downtime or performance decrease, as the server has >50 users connected at any given moment. | 03:32 |
| luite | I used another (faster) system to build the kernel and just copied the vmlinux file over :) | 03:33 |
| Derptron | I was hoping ubuntu 10.04 LTS might have a package that already contains debug symbols etc | 03:33 |
| Derptron | hmm, wonder if I could do that | 03:33 |
| luite | I'd be interested in that as well, would save me some time the next time | 03:33 |
| Derptron | luite: We may be able to use these in the future, although they should probably be documented or included in apt. http://ddebs.ubuntu.com/pool/main/l/linux/ | 03:43 |
| luite | hmm, interesting, thanx | 03:45 |
| luite | thanks | 03:45 |
| luite | huge files :) | 03:45 |
| === medberry is now known as med_out | ||
| RefaelAlats | hola, am attempting to do a RFC Bridging for a Actiontec Modem to a WRT54G2 Router, & am in hopes various persons might be able to assist for references to certain things | 06:20 |
| RefaelAlats | the modem gateway is 192.168.0.1 & the Router Gateway is 192.168.1.1, though the Modem displays Address 192.168.0.3 for reasons unknown | 06:21 |
| RefaelAlats | & the hopes are to Bridge the couple devices to enable Port Forwarding from the WRT54G2 | 06:21 |
| === RefaelAlats is now known as FernandoTertiary | ||
| === Refael is now known as FernandoTertiary | ||
| FernandoTertiary | can anybody assist with bridging a modem & a router? | 07:12 |
| FernandoTertiary | online sites do not help, & the manuals do not cover the topic | 07:13 |
| === frewsxcv is now known as creeper | ||
| === creeper is now known as frewsxcv | ||
| === NG_ is now known as ng_ | ||
| JonathanC | Hello. I'm trying to install a Ubuntu 10.04.2 server for a dev server on a very old laptop (it uses a Xircom Realport card, no built-in port) but though that card loads and works in the installer, it doesn't work in the installed system. | 10:13 |
| JonathanC | How should I troubleshoot this? | 10:13 |
| === skrewler_ is now known as skrewler | ||
| === ng_ is now known as NG_ | ||
| === NG_ is now known as ng_ | ||
| === ng_ is now known as NG_ | ||
| Keatonguy | I need info on how to build a proxy server. I already have an ubuntu server machine running on another network, but I don't know what software to use. | 11:15 |
| Ethos | anyone experienced with setting up PPTPD? Or could recommend something easier to setup? | 11:21 |
| uvirtbot | New bug: #792761 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/792761 | 12:26 |
| RoyK | Keatonguy: apt-get install squid | 12:46 |
| teaforthecat | hello, would someone like to help debug an install? | 12:47 |
| pmatulis | !ask | teaforthecat | 12:49 |
| ubottu | teaforthecat: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) | 12:49 |
| teaforthecat | ok thanks; I swapped out a hard drive from a broken machine; ubuntu 8.04server boots fine; the only issue is no ethernet is picked up. Would there be a way to force ubuntu to see the nic? I put e1000(intel pro nic) in /etc/modules, but no luck. | 12:54 |
| RoyK | teaforthecat: probably interface naming - type 'ifconfig -a' | 12:56 |
| teaforthecat | ifconfig -a gives lo only | 12:56 |
| RoyK | hm... | 12:56 |
| RoyK | not udev, then | 12:56 |
| teaforthecat | ifup eth0 gives: no device found | 12:56 |
| RoyK | what does lshw has to say? | 12:57 |
| RoyK | s/has/have/ | 12:57 |
| teaforthecat | lspci says Ethernet Connection Intel Pro (100/1000) | 12:58 |
| pmatulis | teaforthecat: try 'lspci -vvnn' for more info | 12:58 |
| RoyK | teaforthecat: if it's a new card, it can have a new PCI ID, which the old driver in 8.04 won't recognize | 12:59 |
| RoyK | iirc the only way to fix that, is to fix the driver | 12:59 |
| teaforthecat | do you mean recompile the e1000 module? | 12:59 |
| RoyK | I don't think you can tie a driver to a PCI ID not known by the driver | 12:59 |
| RoyK | yes | 12:59 |
| RoyK | in the source, there are PCI IDs listed | 13:00 |
| RoyK | and as new versions of NICs are released, they are given new PCI IDs | 13:00 |
| exekias | has anyone experienced problems updating from security ppa for lucid? | 13:01 |
| teaforthecat | so on the install of ubuntu on the broken machine was the e1000 module compiled? | 13:02 |
| RoyK | was it the same card? | 13:02 |
| teaforthecat | no | 13:02 |
| RoyK | probably something supported, then | 13:03 |
| RoyK | the first thing I thought about, was udev, ubuntu ties eth0 to the mac address, so when changing a NIC, the old name is left and the new is named eth1 | 13:04 |
| RoyK | etc | 13:04 |
| RoyK | but if ifconfig -a only shows lo, that's not your issue | 13:04 |
| teaforthecat | that is good to know | 13:04 |
| RoyK | ifconfig will only list interfaces that are up - ifconfig -a should list all | 13:05 |
| teaforthecat | could there be a module that is loading before e1000 that is interfering? | 13:05 |
| RoyK | not really | 13:05 |
| RoyK | 13:58 < pmatulis> teaforthecat: try 'lspci -vvnn' for more info | 13:06 |
| RoyK | did you try this? | 13:06 |
| teaforthecat | I'm sorry I'm not at the machine, maybe I will come back later when I am(it is at work) | 13:07 |
| RoyK | k | 13:08 |
| teaforthecat | but, would the module e1000 fail silently? | 13:08 |
| RoyK | you may want to try to boot it up on a lucid cd | 13:08 |
| RoyK | just to see if that can see the nic | 13:08 |
| RoyK | teaforthecat: the e1000 module is loaded when the kernel finds a PCI ID match. if it's a new card, the PCI ID won't be in kernel, and the module isn't loaded | 13:09 |
| teaforthecat | I tried a maverick cd, but I should also try a lucid? | 13:09 |
| RoyK | did maverick see the card? | 13:09 |
| teaforthecat | yes it worked | 13:09 |
| RoyK | ok, then that's the problem | 13:10 |
| RoyK | either upgrade to lucid (if you want to stay on LTS) or get another NIC | 13:10 |
| teaforthecat | that is the answer; that is awesome; so an upgrade from a lucid cd should solve it? | 13:10 |
| RoyK | hm... dunno | 13:11 |
| RoyK | I've never upgraded with a CD | 13:11 |
| RoyK | can't you just get another NIC for the upgrade? | 13:11 |
| RoyK | anyway - to reset the udev stuff, just rm /etc/udev/rules.d/70-persistent-net.rules | 13:12 |
| teaforthecat | oh just install a pci ethernet card? | 13:12 |
| RoyK | you want to do that anyway | 13:12 |
| RoyK | yes | 13:12 |
| pmatulis | teaforthecat: you should really identify your card (PCI id like RoyK referred to). the lspci command you were given twice will give it to you | 13:12 |
| teaforthecat | awesome I will try to reset the rules too | 13:12 |
| RoyK | pmatulis: and as he said, he's not at the office where the machine sits... | 13:13 |
| teaforthecat | but the idea is that I should tie the output of lspci -vnn to a particular module right? | 13:14 |
| teaforthecat | I did verify that e1000 is the module that I'm looking for because it covers all intel nics | 13:16 |
| teaforthecat | Royk: thanks for the help | 13:17 |
| JanC | e1000 is for Intel PCI NICs, Intel PCIE NICs use e1000e... | 13:33 |
| RoyK | JanC: are you sure? | 14:06 |
| JanC | RoyK: that's what I see being loaded for PCIE Intel NICs at least... | 14:15 |
| JanC | I think both drivers share some code though | 14:16 |
| JanC | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/networking/e1000e.txt;h=97b5ba942ebf847781fbd2e0f2526d7b92646135;hb=HEAD --> most PCIE are e1000e, except for some specific models | 14:22 |
| heirenton | I have problem with my new ubuntu vps. I installed ubuntu-server and everthing looks working fine but there is no internet connection... I cant ssh to it or from vnc i cant ping any web adress or ip. I reboot it and restarted network services. eth0 look working correctly. bump... does anyone show me a way to pinpoint the problem? | 14:34 |
| smw | shouldn't the vps come setup with networking and ssh? | 14:36 |
| heirenton | I am new to vps stuff. I use ubuntu all the time for my local server etc. They told me that after installing ubuntu to vps through vnc ssh and networking should work. but it is not working. i wrote a support ticket but in the meantime i am checking if i am making a mistake on my side. | 14:38 |
| RoyK | heirenton: where did you get this vps? | 14:39 |
| RoyK | heirenton: also, is ssh installed? or a webserver? | 14:39 |
| heirenton | RoyK: Host House... Ssh is installed and it is working. I can ssh to localhost on vnc. Do i need web server for ssh or internet access. Because without internet access i cant update of install anything to ubuntu | 14:40 |
| RoyK | no need for webserver for that | 14:41 |
| RoyK | if you can't ssh in, a firewall may be blocking | 14:41 |
| RoyK | ask the provider | 14:41 |
| heirenton | RoyK: I asked already. But as i said i am checking if missing something. I am new to vps stuff. :) Thanks by the way. | 14:42 |
| rewt | did you configure the networking? | 14:42 |
| luite | is the network configured properly? | 14:42 |
| luite | hehe | 14:42 |
| RoyK | have you configured the network correctly? | 14:42 |
| rewt | they should've given you the network settings to configure | 14:42 |
| shauno | I tend to expect a sane working config on a new vps. but finding an issue right off the bat isn't always a bad thing. it's a great chance to find out if they're worth the price before you're too vested in them | 14:44 |
| heirenton | rewt: Uhmm. They didn't give me any network configuration. But in their confirmation mail they said that after installing ubuntu to the server, i could ssh to it. But i can't... When i checked the dns through nslookup i see google dns is configured. I assume they have that configuration inside ubuntu install. | 14:44 |
| heirenton | shauno: I aggree. | 14:44 |
| RoyK | heirenton: you obviously need to configure the network somehow... | 14:45 |
| rewt | heirenton, did you install ubuntu from scratch, or was it pre-installed? | 14:45 |
| rewt | if it wasn't pre-installed, you have to tell it at least the ip & gateway to use | 14:46 |
| RoyK | unless the provider uses static dhcp... | 14:46 |
| rewt | well, yeah | 14:46 |
| RoyK | heirenton: is there an ip returned ifconfig? if so, does this look sane? | 14:46 |
| RoyK | s/returned/returned by/ | 14:47 |
| heirenton | RoyK: yes. | 14:47 |
| RoyK | cna you ping something from the server? | 14:47 |
| heirenton | it gives me the ip of the server | 14:47 |
| heirenton | RoyK: nope. Neither adress nor ip. I cant ping anything | 14:47 |
| JanC | heirenton: how do you get that IP address? | 14:48 |
| RoyK | does netstat -rn show a default gateway? | 14:48 |
| heirenton | JanC: They emailed it to me for ssh to the server. | 14:48 |
| JanC | heirenton: I mean, how does the server got it, DHCP or you set it manually? | 14:49 |
| heirenton | JanC: I think it is dhcp because i didn't set it up. | 14:49 |
| RoyK | heirenton: check netstat -rn | 14:50 |
| heirenton | RoyK: netstat gives two results for eth0. First is 77.74.196.0 to gateway 0.0.0.0 genmask 255.255.255.128 | 14:50 |
| heirenton | second is 0.0.0.0 dest to 77.74.196.1 gateway | 14:51 |
| RoyK | can you ping 77.74.196.1? | 14:51 |
| heirenton | RoyK: Nope. Host unreachable. | 14:51 |
| RoyK | call the provider, then | 14:51 |
| RoyK | ask for correct network config | 14:52 |
| rewt | lol @ ptr for that ip | 14:52 |
| heirenton | RoyK: Ok. :) I thought it wasn't about me but it is better to be sure. Thanks everyone. | 14:53 |
| JanC | rewt: heh, the same (default) PTR for all their clients? | 14:57 |
| rewt | probably | 14:58 |
| FernandoTertiary | hola, am bridging a modem to router, & using transparent bridging. the modem address is 192.168.0.1 & the router address is 192.168.1.1. What should the router address be manually set to initially for Bridge priori Transparent bridge is established? | 16:23 |
| qman__ | FernandoTertiary, when your modem is switched into bridge mode, the device directly connected to it will have your internet IP | 16:25 |
| qman__ | if you have a dynamic address from your ISP, use a DHCP configuration, otherwise it's the static IP your ISP gave you | 16:25 |
| FernandoTertiary | qman__: in other words, the router adopts the modem address? | 16:26 |
| qman__ | basically | 16:27 |
| FernandoTertiary | qman__: does Ubuntu have a bridging tutorial? | 16:27 |
| qman__ | well, unless ubuntu is your modem, you don't want to bridge on ubuntu | 16:27 |
| FernandoTertiary | the modem & router manuals do not cover that infomation | 16:27 |
| qman__ | you want to bridge on the modem | 16:28 |
| qman__ | and then route with the next device, which I am guessing is ubuntu | 16:28 |
| FernandoTertiary | qman__: the page http://www.dslreports.com/forum/remark,14709801 was referenced, though does not display step a step instructions | 16:29 |
| ujjain | Does Ubuntu Cloud allow to make such an environment as Amazon AC2? | 16:38 |
| ujjain | Is the Cloud an effective way to host high-volume sites? | 16:50 |
| pmatulis | ujjain: it's meant to answer the need of increasing and decreasing resources quickly | 16:54 |
| pmatulis | ujjain: like a tap of water | 16:55 |
| ujjain | Yes, seems pretty scalable. | 16:57 |
| ujjain | although it does not provide a raid-like storage, does it? | 16:57 |
| ujjain | if I have 3 servers with 1x1TB raid1. | 16:57 |
| ujjain | for storage, it will not become faster than 90MB per second, will it? | 16:57 |
| === FernandoTertius is now known as FernandoTertiary | ||
| qman__ | clouds are intended for much larger scales than three servers | 17:00 |
| qman__ | you won't see any benefit | 17:00 |
| qman__ | only reason to run one on that small of a scale is as a testing environment, before you load your application on a real cloud | 17:01 |
| RoyK | ujjain: the cloud is, imho, a good way to host servers if you don't have infrastructure yourself. If you do, however, it'll probably be cheaper in the long run | 17:09 |
| RoyK | ujjain: servers are cheap these days, and with Amazon's pricing, you can probably setup a rather nice and redundant system for less money, at least if the system is cpu/network intensive | 17:10 |
| qman__ | could is a good technology, but it's also very niche | 17:11 |
| ujjain | RoyK: I run VMWare ESXi | 17:12 |
| qman__ | I know it has the current solve everything buzzword effect, but you have to have a specific need to make use of it | 17:12 |
| RoyK | ujjain: then why bother with the "could"? | 17:14 |
| RoyK | or "cloud" | 17:14 |
| qman__ | lol, whoops | 17:14 |
| RoyK | "servers in the fog" | 17:15 |
| FernandoTertius | qman__: maneuvered a modem to router bridge, though now the modem page 192.168.0.1 is no more visible | 17:21 |
| FernandoTertius | it is configured for Transparent Bridging | 17:21 |
| qman__ | FernandoTertius, precisely | 17:21 |
| qman__ | now the next device in line is directly connected to the internet | 17:21 |
| FernandoTertius | ah, & there is no way to enter that modem config utility any more? | 17:22 |
| qman__ | there is, but it typically only works if the modem is offline | 17:22 |
| FernandoTertius | ahh | 17:22 |
| FernandoTertius | qman__: gracias amigo | 17:22 |
| qman__ | the modem doesn't have any influence anymore, it just connects the two lines and that's it | 17:22 |
| FernandoTertius | qman__: does Filter Internet NAT Redirection enable NAT? or disable NAT? | 17:24 |
| FernandoTertius | it does not specifically suggest "Enable" or "Disable" | 17:24 |
| qman__ | couldn't tell you, you'd have to look up your device in specific | 17:25 |
| qman__ | to see what that actually does on it | 17:25 |
| FernandoTertius | qman__: forgive the questions, though does Filter Internet NAT Redirection This feature uses | 17:28 |
| FernandoTertius | port forwarding to block access to local servers from | 17:28 |
| FernandoTertius | local networked computers. Select Filter Internet NAT | 17:28 |
| FernandoTertius | Redirection to filter Internet NAT redirection. This feature | 17:28 |
| FernandoTertius | is not selected by default" mean turn it on or no? | 17:28 |
| RoyK | FernandoTertius: the way your router works, isn't really related to ubuntu | 17:29 |
| === FernandoTertius is now known as FernandoTertiary | ||
| === rizzuh_laptop_ is now known as rizzuh | ||
| teaforthecat | :RoyK the module rebuild worked, the new machine is online with the hard drive from the old machine, thanks for the suggestion | 18:15 |
| RoyK | :) | 18:15 |
| qman__ | I ran into the same thing on my file server, bought a new NIC to replace the burned out one and it wouldn't work. I ended up upgrading to lucid | 18:19 |
| * RoyK listens to Rammstein - LOAD | 18:19 | |
| iceflatline | Rammstein!? Perfect. | 18:25 |
| RoyK | Rammstein ist gut... | 18:26 |
| FernandoTertius | qman__: when a router is bridged to a modem & the router is the gateway, is each machine within the network then a Router? | 18:32 |
| === FernandoTertius is now known as FernandoTertiary | ||
| sw0rdfish | grrrr! why can't I send my sysadmin a letter! | 18:42 |
| sw0rdfish | maybe i should use "mail" instead of alpine | 18:43 |
| FernandoTertiary | hola, am curious if a bridged router should be set to Router or Gateway | 18:51 |
| qman__ | FernandoTertiary, the router is not bridged, the modem is | 19:03 |
| qman__ | and, all computers are always routers, that's just basic internet protocol | 19:04 |
| FernandoTertiary | ok, does that mean the router is the gateway? | 19:04 |
| FernandoTertiary | or can the router still be set to router mode? | 19:05 |
| qman__ | yes | 19:06 |
| luite | FernandoTertiary: if it's a bridge, then you don't need any IP configuration for it, use the gateway that you'd use at the other side | 19:07 |
| luite | linux computers can perfectly be configured as bridge by the way | 19:08 |
| FernandoTertiary | luite: am attempting to prove open tcp/udp ports with port forwarding, though when attempting to access the specific page with port, it gives error 404 | 19:10 |
| FernandoTertiary | though the dyndns page displays open | 19:10 |
| qman__ | most residential ISPs block common ports | 19:11 |
| luite | FernandoTertiary: hmm, a 404 error means that at least the connection is coming through. Is it really a 404 error, served by your web server? | 19:11 |
| qman__ | such as 25, 80, and 443 | 19:11 |
| FernandoTertiary | luite: not certain what you mean, though the address http://refael.dyndns-work.com displays "It Works!", though with ":9000" it gives "knomes" page, not certain the reason | 19:12 |
| qman__ | most routers which have that mode option, 'gateway' mode is for being a gateway to the internet, 'router' mode is when you have it connected to other routers for a more complex network structure | 19:13 |
| FernandoTertiary | am attempting to prove http://refael.dyndns-work.com:9000 with a "It Works!" page | 19:13 |
| luite | FernandoTertiary: doen't work from here at the moment, have you turned off the server? | 19:13 |
| FernandoTertiary | luite: forgive, ufw was inactive | 19:15 |
| FernandoTertiary | attempt to connect a second time if you would por favor | 19:15 |
| luite | doesn't work... is the url correct? | 19:17 |
| FernandoTertiary | luite: are you suggesting neither work? | 19:17 |
| luite | yeah... can't connect to either of them | 19:18 |
| FernandoTertiary | tcp/udp are open | 19:18 |
| FernandoTertiary | permit time to prove nmap displays open | 19:18 |
| luite | this is your ip address? refael.dyndns-work.com has address 76.242.183.172 | 19:18 |
| FernandoTertiary | no, that is not the address | 19:19 |
| luite | oh fix that first :p | 19:20 |
| FernandoTertiary | & nmap shows open|filtered | 19:20 |
| FernandoTertiary | actually, not certain why, though the WAN is altering frequently | 19:22 |
| FernandoTertiary | though nmap still displays filtered tcp & open|filtered udp | 19:23 |
| luite | can't you give the ip address instead? if you can connect to the ip address then you know at least that your network setup is ok | 19:25 |
| FernandoTertiary | luite: should VPN Pass through be enabled? | 19:25 |
| luite | probably not | 19:25 |
| FernandoTertiary | http://192.168.1.125 | 19:26 |
| luite | that can't be correct :) | 19:26 |
| virusuy | hi all, grettings from Uruguay in South America | 19:26 |
| luite | since that's a private ip address | 19:27 |
| FernandoTertiary | http://76.242.183.172 is the WAN | 19:27 |
| luite | FernandoTertiary: oh ok, so the dyndns was correct | 19:30 |
| FernandoTertiary | yes | 19:30 |
| FernandoTertiary | it pertains the nmap WAN not proving open tcp/udp ports | 19:31 |
| luite | FernandoTertiary: but what's your network configuration? you have a modem and a bridge? | 19:31 |
| FernandoTertiary | the actiontec modem is has Transparent Bridge to Linksys WRT54G2 | 19:31 |
| luite | oh I think I see now. so your Linksys has the public IP address on its WAN port right? | 19:32 |
| FernandoTertiary | luite: that is what the Status page displays, yes | 19:34 |
| FernandoTertiary | luite: though local network displays address 0.0.0.0 | 19:35 |
| luite | hmm, that's a bit strange. all your computers are connected to the LAN ports on the Linksys? | 19:35 |
| FernandoTertiary | it is just a single machine connected | 19:36 |
| Duvrazh | Can someone help me troubleshoot a read-only problem with my Samba when the read only option is set to false? | 19:36 |
| FernandoTertiary | though the gateway is displaying 76.242.183.254 | 19:37 |
| FernandoTertiary | luite: is that typical for loopback configuration? | 19:37 |
| luite | FernandoTertiary: I'd expect a gateway for route 0.0.0.0, can you post a screenshot of the network configuration page? | 19:38 |
| luite | or maybe some page with a configuration overview, or current status. the one with the most info :) | 19:39 |
| FernandoTertiary | luite: there is a local status, & a router status | 19:45 |
| qman__ | Duvrazh, samba uses 'yes' and 'no', not 'true' and 'false' | 19:45 |
| Duvrazh | correction: it's set to no | 19:45 |
| qman__ | also, check the filesystem permissions on said files and directories, as the user that they authenticate with must have write permission there too | 19:45 |
| Duvrazh | would I need to chmod the directory to 777? it's on my private network so security is not a concern | 19:46 |
| qman__ | no, you would need to make the user or group that they authenticate with have permission | 19:46 |
| FernandoTertiary | http://imagebin.org/156761 | 19:46 |
| qman__ | 777 is rarely if ever the right solution | 19:46 |
| Duvrazh | qman: a moment to post the setup, I would like your recommendation on how to go about this | 19:47 |
| Duvrazh | Server running samba on my entire raid, the samba is JUST to allow my Windows machine to place files there. These files will be access through Twonky and streamed out to an Apple Tv, a PS3, and a WD TV Live | 19:47 |
| Duvrazh | and I have little to no exp in this area... | 19:48 |
| qman__ | are you authenticating successfully? as in, you can read existing files? | 19:48 |
| FernandoTertiary | luite: the imagebin page reflects Router Status | 19:48 |
| qman__ | just not create new ones? | 19:48 |
| Duvrazh | I can read/write to my home folder, but the raid array is readonly for some reason | 19:48 |
| Duvrazh | yes | 19:48 |
| luite | FernandoTertiary: wich page? | 19:49 |
| qman__ | ok | 19:49 |
| qman__ | the best solution here | 19:49 |
| qman__ | is to chown or chgrp the share you want to write to, to your user | 19:49 |
| qman__ | if you're the only user | 19:49 |
| FernandoTertiary | luite: http://imagebin.org/156761 is Router Status screenshot | 19:49 |
| Duvrazh | my share is /media/raid | 19:49 |
| luite | FernandoTertiary: oh sorry missed it :) | 19:49 |
| Duvrazh | I'm the only user yes | 19:49 |
| qman__ | otherwise, create a group, chgrp to that group, and add all users to that group | 19:49 |
| qman__ | then, chmod u+w (or g+w) the share | 19:50 |
| Duvrazh | chown, what will that do? | 19:50 |
| qman__ | 777 doesn't just mean all human users, it means everyone, including system daemons, which is high risk even for accidental things | 19:50 |
| luite | FernandoTertiary: wan config looks ok, and I can ping the address | 19:50 |
| qman__ | chown changes the owner, chgrp changes the group-owner | 19:50 |
| FernandoTertiary | luite: what address specifically? | 19:51 |
| luite | 76.242.183.172 | 19:51 |
| qman__ | you also probably want the -R option, to recursively apply the changes | 19:51 |
| qman__ | since you have files already | 19:51 |
| qman__ | ls -l shows the current permissions and owners | 19:52 |
| luite | FernandoTertiary: can you shwo the "Local Network" status page? | 19:52 |
| FernandoTertiary | luite: am unable to connect to http://76.242.183.172 from local connection | 19:52 |
| luite | FernandoTertiary: that's ok | 19:52 |
| luite | FernandoTertiary: at least, it's expected :) | 19:53 |
| FernandoTertiary | luite: http://imagebin.org/156762 is the LocalNetStatus page | 19:54 |
| Duvrazh | i'll take a couple minutes to try your suggestions, thank you | 19:54 |
| qman__ | Duvrazh, if you need a more detailed explanation of how permissions and ownership work, try the man pages for chown and chmod | 19:54 |
| Duvrazh | ls -l of my array's folder drwx------ 2 root root 16384 2011-06-04 16:15 lost+found | 19:55 |
| Duvrazh | lost+found being the only folder in there (just installed the server a few hours ago) | 19:55 |
| qman__ | you actually want ls -l /media | 19:56 |
| qman__ | that will tell you the permissions of the parent | 19:56 |
| Duvrazh | drwxr-xr-x 2 root root 4096 2011-06-04 16:19 cdrom drwxr-xr-x 3 root root 4096 2011-06-04 16:15 raid | 19:56 |
| qman__ | yep | 19:56 |
| luite | FernandoTertiary: ok looks ok as well. looks like the only things you need to add are port forwards for port 80 to 192.168.1.125 port 80, and port 9000 to 192.168.1.125 port 9000 | 19:56 |
| qman__ | root's the only one allowed to write there | 19:57 |
| Duvrazh | so the array is owned by root | 19:57 |
| Duvrazh | so chown to my user account? | 19:57 |
| qman__ | so chown or chgrp to you | 19:57 |
| Duvrazh | okay | 19:57 |
| qman__ | then ensure you have write | 19:57 |
| Duvrazh | drwxr-xr-x 3 duvrazh root 4096 2011-06-04 16:15 raid | 19:57 |
| FernandoTertiary | luite: why port 80? | 19:58 |
| qman__ | yep, should be able to create files now | 19:58 |
| Duvrazh | is it necessary to restart samba | 19:58 |
| qman__ | not in this case | 19:58 |
| Duvrazh | hey it worked great | 19:58 |
| luite | FernandoTertiary: oh unless you don't want http://refael.dyndns-work.com/ to work | 19:58 |
| qman__ | filesystem level permissions take effect immedately | 19:58 |
| Duvrazh | Thanks qman, two thumbs up | 19:59 |
| FernandoTertiary | luite: ok, that is accomplished | 20:00 |
| FernandoTertiary | luite: the Linksys already has a Dyndns configuration intrinsic to the configuration | 20:02 |
| luite | FernandoTertiary: still doesn't work here :( | 20:03 |
| FernandoTertiary | could it be a result from the firewall? | 20:03 |
| luite | FernandoTertiary: yes | 20:03 |
| Duvrazh | what's the mdadm command that will show you what the progress of building array in percent? | 20:03 |
| luite | FernandoTertiary: try to disable firewalls on 192.168.1.125 first | 20:03 |
| FernandoTertiary | ufw is configured to prove the ports open, though it displays "filtered" au lieu | 20:04 |
| luite | try ufw disable just to test | 20:04 |
| FernandoTertiary | luite: ok, accomplished | 20:04 |
| luite | still nothing | 20:05 |
| luite | you can reach http://192.168.1.125:9000/ on your local network right? | 20:06 |
| FernandoTertiary | nmap for LAN displays 9000/tcp open, though 9000/udp open|filtered | 20:07 |
| luite | you only need tcp for http | 20:08 |
| FernandoTertiary | priori it displayed 9000 tcp/udp just open | 20:08 |
| qman__ | Duvrazh, actually not an mdadm command, cat /proc/mdstat | 20:08 |
| FernandoTertiary | & a loopback | 20:08 |
| qman__ | you can also watch /proc/mdstat if you want auto refresh | 20:08 |
| Duvrazh | naw just needed a one time | 20:08 |
| Duvrazh | found a good one though, mdadm --detail /dev/md0 (needed to see the rebuild %) | 20:09 |
| Duvrazh | Thank you qman | 20:09 |
| FernandoTertiary | the WAN displays 9000/tcp filtered | 20:09 |
| FernandoTertiary | luite: | 20:09 |
| FernandoTertiary | luite: is port triggering necessary? | 20:10 |
| luite | FernandoTertiary: no | 20:10 |
| luite | just forwarding | 20:10 |
| FernandoTertiary | ok, disabled port triggering | 20:11 |
| FernandoTertiary | though the direct to port does not display still | 20:11 |
| luite | can you show the page where you made the port forwarding settings? | 20:12 |
| FernandoTertiary | luite: http://imagebin.org/156765 | 20:13 |
| luite | FernandoTertiary: you just need TCP, but other than that, it looks ok | 20:15 |
| FernandoTertiary | actually, need udp as well, because it is for a loopback configuration to connect to a server | 20:15 |
| luite | hmm? HTTP doesn't use UDP at all | 20:16 |
| FernandoTertiary | does HTTPS? | 20:17 |
| luite | no, still TCP, but a different port (443 is the default port) | 20:17 |
| FernandoTertiary | what uses UDP? | 20:17 |
| luite | lots of other things, DNS, some streaming media stuff, online games | 20:18 |
| FernandoTertiary | luite: it is for a OpenSim Server | 20:25 |
| robos | hello: does anyone know how to disable the update manager? | 20:25 |
| robos | i see connections it's trying to make but the firewall is dropping it | 20:25 |
| robos | so i'd like to disable it | 20:25 |
| FernandoTertiary | luite: & the WAN tcp port displays "Filtered" status | 20:25 |
| luite | FernandoTertiary: but if you go to http://192.168.1.125/ in your browser, does it work? | 20:27 |
| FernandoTertiary | luite: yes, it works | 20:28 |
| luite | FernandoTertiary: if you've disabled ufw, and you still have those port forwards, I'd check the other pages for security options in the linksys config | 20:30 |
| FernandoTertiary | luite: the single feature in Security is "Block WAN Requests" and all are enabled | 20:32 |
| luite | dunno what it means, but try disabling it :p | 20:33 |
| FernandoTertiary | luite: feature is already disabled | 20:34 |
| FernandoTertiary | luite: look at the ifconfig http://pastebin.com/BntdkJHt | 20:39 |
| luite | FernandoTertiary: that looks ok | 20:40 |
| FernandoTertiary | luite: anything else that would perhaps be an assistance to observe? | 20:40 |
| luite | FernandoTertiary: you could add route -n, but that's probably ok if you can access the internet from that machine | 20:40 |
| FernandoTertiary | luite: ifconfig -n? | 20:41 |
| FernandoTertiary | -n: Unknown host | 20:42 |
| FernandoTertiary | luite: that -n: Unknown host is potentially a problem and should be corrected | 20:42 |
| luite | FernandoTertiary: route -n | 20:44 |
| FernandoTertiary | luite: yes, did ifconfig route -n & it returned -n: Unknown host | 20:45 |
| luite | FernandoTertiary: just route -n, no ifconfig, it's a different program | 20:45 |
| FernandoTertiary | ah, ok | 20:46 |
| FernandoTertiary | luite: http://pastebin.com/fG9rCHCm displays the results | 20:49 |
| luite | yeah that's ok... otherwise you wouldn't be able to access the internet from that machine anyway... | 20:51 |
| luite | FernandoTertiary: can you access http://76.242.183.172/ now by the way? | 20:51 |
| FernandoTertiary | luite: no | 20:53 |
| FernandoTertiary | luite: would you suggest the problems with the config pertain the DHCP settings being disabled? | 20:53 |
| FernandoTertiary | with congruence to the modem bridge & the router? | 20:54 |
| luite | FernandoTertiary: nah, a static IP for your server should be ok | 20:55 |
| FernandoTertiary | luite: what about host & domain name for Router Status? | 20:58 |
| luite | FernandoTertiary: nah it's probably some problem with the forwarding in the linksys, or a firewall issue with the server. if your linksys allows requests to your wan address to be forwarded back to your lan, then you should be able to view http://76.22.183.172/ from your own network | 21:00 |
| FernandoTertiary | luite: because the dsl is default DHCP & the Static is coded, does the Host & Domain need to be configured? | 21:00 |
| luite | nah you should make it work for the IP address first, that should work without a hostname | 21:02 |
| uvirtbot | New bug: #792837 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1" [Undecided,New] https://launchpad.net/bugs/792837 | 21:06 |
| FernandoTertiary | luite: are you able to see http://192.168.1.125/ | 21:06 |
| luite | FernandoTertiary: no, that's an address that only exists in your local network | 21:07 |
| FernandoTertiary | luite: what about http://76.242.183.172 | 21:07 |
| FernandoTertiary | ? | 21:07 |
| luite | nope, stil doesn't work | 21:08 |
| FernandoTertiary | luite: what about http://refael.dyndns-work.com/ ? | 21:09 |
| luite | no that still resolves to the same address, so that doesn't work either | 21:10 |
| FernandoTertiary | it works locally | 21:10 |
| luite | what does # host rafael.dyndns-work.com say? | 21:10 |
| FernandoTertiary | que? | 21:11 |
| luite | if you run that in your terminal | 21:11 |
| FernandoTertiary | refael.dyndns-work.com has address 76.242.183.172 ;; connection timed out; no servers could be reached ;; connection timed out; no servers could be reached | 21:12 |
| luite | FernandoTertiary: hmm, strange... so you say http://refael.dyndns-work.com/ works, but http://76.242.183.172/ doesn't, from your own network? | 21:15 |
| luite | FernandoTertiary: what doesn't work by the way, do you get an error page from apache? | 21:16 |
| luite | or a message from the browser saying that it could not connect | 21:16 |
| FernandoTertiary | luite: perhaps it pertains Dyndns settings within the router, because the refael.dyndns-work.com works, though the direct Address does not | 21:20 |
| luite | FernandoTertiary: what's the type of error you get? | 21:22 |
| FernandoTertiary | luite: the connection continues to attempt for a time, then displays "Page not found" | 21:24 |
| virusuy | but can you access using LAN ip server?¡ | 21:24 |
| luite | FernandoTertiary: is that literally waht it says? can you post a screenshot? | 21:25 |
| luite | FernandoTertiary: amd check that the WAN IP hasn't changed in the meantime | 21:28 |
| virusuy | wich port are you using FernandoTertiary ? | 21:28 |
| luite | 80 and 9000 | 21:28 |
| virusuy | 9000 for wich service? | 21:28 |
| ReshAyin_ | luite: forgive, though enabled DHCP to test, then disabled it, so the address proves different posteri alteration | 21:29 |
| virusuy | FernandoTertius: wich specific problem do you have? | 21:29 |
| luite | ReshAyin_: that's only your local address probably | 21:29 |
| luite | ReshAyin_: a static ip address for your server should really work fin | 21:29 |
| luite | e | 21:30 |
| === ReshAyin_ is now known as FernandoTertiary | ||
| FernandoTertiary | am still in chat | 21:31 |
| luite | yes | 21:31 |
| FernandoTertiary | not certain why it gave "quit" message | 21:31 |
| FernandoTertiary | luite: should static routing be configured then? | 21:37 |
| luite | FernandoTertiary: you don't need extra static routes | 21:40 |
| FernandoTertiary | Dynamic Routing enables the Router to automatically adjust to physical changes in the network layout and exchange routing tables with other routers. | 21:40 |
| FernandoTertiary | Dynamic Routing should be enabled & configured for connectivity? | 21:40 |
| luite | no | 21:40 |
| FernandoTertiary | what about configuring Static Routing? | 21:40 |
| luite | the routes you already have should be enough | 21:40 |
| luite | FernandoTertiary: what you can to is go to Applications & Gaming, then choose DMZ, and set the DMZ address to 192.168.1.125 | 21:41 |
| FernandoTertiary | http://imagebin.org/156783 | 21:44 |
| FernandoTertiary | luite: look to that pastebin | 21:44 |
| luite | you don't need extra routes | 21:44 |
| luite | if you can access the internet from your server, then the routes are ok | 21:45 |
| FernandoTertiary | luite: The Port Forwarding feature is more secure because it only opens the ports you want to have opened, while DMZ hosting opens all the ports of one computer, exposing the computer so the Internet can see it. | 21:45 |
| luite | FernandoTertiary: I know | 21:47 |
| FernandoTertiary | luite: then do not wish to open DMZ | 21:52 |
| luite | but I thought it might be best to make it work first, and then secure :p | 21:52 |
| lwizardl | hello | 21:54 |
| virusuy | FernandoTertiary: just open 80 and 9000 doing a port forwarding to your local Server | 21:54 |
| virusuy | lwizardl: hi | 21:54 |
| lwizardl | anyone here know much about cpanel ? I am using it on my ubuntu server and need some serious help | 21:54 |
| FernandoTertiary | luite: the local address & the router address won't permit the connection | 22:01 |
| FernandoTertiary | the router address can't align with the local | 22:02 |
| FernandoTertiary | is that not correct? | 22:02 |
| luite | no idea what you mean by that | 22:02 |
| FernandoTertiary | the attempt is to connect to the WAN, though that pertains the router address, & the port forwards pertain the local address | 22:03 |
| FernandoTertiary | thus advanced routing needs to be configured to align the router & the local addresses | 22:03 |
| luite | uh no, that shouldn't be necessary | 22:03 |
| virusuy | FernandoTertiary: if you port forward to your local apache server, when you point to your WAN IP will forward the request to your local server | 22:04 |
| luite | FernandoTertiary: advanced routing is for adding static routes that the router must know about, for example if you had another 192.168.2.x network | 22:04 |
| FernandoTertiary | though such is a static route that the router should comprehend, since it is not configured within the router | 22:05 |
| luite | FernandoTertiary: but in your situation, with only the 192.168.1.x network that the router already knows about, you don't need to add extra routes | 22:05 |
| FernandoTertiary | luite: then why is start & end addresses 0.0.0.0? | 22:06 |
| FernandoTertiary | on the local status map | 22:06 |
| luite | FernandoTertiary: that's because DHCP is disabled | 22:08 |
| luite | if you had enabled DHCP there, those would be the lowest and highest IP address that the DHCP server could assign | 22:08 |
| qwebirc106043 | Can someone please help me with ubuntu - Postfix? My SMTP server is not working. It's like its no longer connecting to my ISP's relay host | 22:43 |
| lwizardl | I need some serious help with a server issue lately. I own a server that is running Cpanel 11.28.87 and having the WHM enabled on my account. I was nice enough to host a site for someone and made them a separate login to cpanel and now I need to get into that account to backup content to turn over to the owner. Does anyone here know how as the WHM admin can I gain access to the filesystem account to backup both the DB and file s | 22:45 |
| lwizardl | ystem? I am the reseller, and the other account is under me | 22:45 |
| cocoa117 | anyone know how to make xen-pci frontend driver for Ubuntu lucid ? | 22:50 |
| JanC | lwizardl: that sounds more like a question to ask to the cpanel support people, you're paying them after all... | 22:52 |
| lwizardl | JanC, i have tried to contact my host and no luck for 2 weeks | 22:53 |
| lwizardl | so now its my time to find out for myself | 22:54 |
| JanC | eh | 22:54 |
| lwizardl | i know i can suspend the account but not wanting to do that really | 22:54 |
| lwizardl | and yes i am looking for a new host asap | 22:55 |
| JanC | is this a dedicated server or VPS? | 22:56 |
| lwizardl | shared i think | 22:56 |
| JanC | do you have ssh access? | 22:56 |
| lwizardl | from in my cpanel yes | 22:57 |
| JanC | eh? | 22:57 |
| JanC | no normal ssh access? | 22:57 |
| lwizardl | no i think the host blocks direct access to that and mysql | 22:58 |
| JanC | well, I have no idea how cpanel works... | 22:58 |
| JanC | can't your client make a backup him/herself? | 23:00 |
| lwizardl | i think the person has been ignoring all calls and emails. so I am going to backup content to a cdr and then notify them once more and if no response i will kill that account | 23:01 |
| qwebirc106043 | I need help with my postfix server. SMTP no longer works. | 23:05 |
| lwizardl | nope just tested ssh direct access is blocked | 23:08 |
| JanC | lwizardl: so how do you upload content ? | 23:14 |
| JanC | qwebirc106043: did you check the logs? | 23:14 |
| lwizardl | sftp | 23:14 |
| qwebirc106043 | JanC: Sorry i was AFK. Can you give me the locations of the logs? I'm not good at finding log files for SMTP/Postfix | 23:19 |
| JanC | lwizardl: sftp goes over ssh? | 23:20 |
| JanC | although maybe they limit ssh to sftp | 23:20 |
| lwizardl | yes it does but when i use putty to try and login the server never responds | 23:20 |
| JanC | qwebirc106043: /var/log/mail* | 23:20 |
| JanC | lwizardl: doesn't respond, or you can't get a shell? | 23:21 |
| lwizardl | says connecting to x.x.x.x and stays there for an hour last time i tried | 23:21 |
| JanC | eh | 23:21 |
| lwizardl | x's i used to hide the ip for the server from irc view | 23:22 |
| JanC | lwizardl: anyway, can't you get to his data using sftp or so? | 23:22 |
| lwizardl | i think i should be but i can not find that directory when i log into my account | 23:23 |
| qwebirc106043 | i'm getting a huge list in mail.err, no SASL Authentication... | 23:23 |
| qwebirc106043 | My ISP is blocking port 25. How can i change the port that postfix uses? | 23:43 |
| JanC | submission 587/tcp # Submission [RFC4409] | 23:46 |
| JanC | to submit mail, you should probably use port 587 (with secure authentication, of course) | 23:47 |
| qwebirc106043 | JanC, How can i make postfix use that port though | 23:47 |
| qwebirc106043 | Oh, 587 is blocked by my ISP also | 23:48 |
| JanC | huh? | 23:48 |
| JanC | port 587 outgoing is blocked by your ISP? | 23:49 |
| JanC | or did you want to recieve mail at your home IP? | 23:49 |
| JanC | (that's most likely a bad idea) | 23:49 |
| qwebirc106043 | I want to receive and send mail from my server. | 23:49 |
| JanC | server at home or in a DC ? | 23:50 |
| qwebirc106043 | Now, how can i change the outgoing port | 23:50 |
| qwebirc106043 | home | 23:50 |
| JanC | most mailservers block SMTP connections from consumer IP ranges | 23:50 |
| JanC | so sending mail from your home server will require using the relay from your ISP | 23:51 |
| === NG_ is now known as ng_ | ||
| qwebirc106043 | I've been using a relay from my ISP for the past 3 weeks and its worked fine. Now, SMTP isn't working. I reinstalled postfix and everything. I just need to change the port postfix uses to something other than 587 or 25 | 23:53 |
| qwebirc106043 | I can send mail to localhost just fine. JanC, Can you please tell me how to configure postfix to use a unblocked port? | 23:56 |
| JanC | basically, you edit master.cf | 23:56 |
| JanC | but for incoming mail you need port 25... | 23:57 |
| qwebirc106043 | Incoming works for some reason. But outgoing fails | 23:57 |
| JanC | like I said, you'll have to use your ISP's relay for outgoing mail | 23:58 |
| JanC | IIR one of the debconf preconfigs for postfix allows you to set that up | 23:59 |
| JanC | IIRC * | 23:59 |
| qwebirc106043 | Its setup to use my ISP's mail relay host | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!