/srv/irclogs.ubuntu.com/2011/07/14/#ubuntu-server.txt

ntoombsHi. I have a problem accessing my LAMP server externally through port 80. I can access it internally using both it's assigned local static ip address and my networks external ip address. I have talked to my ISP multiple times to see if they are blocking port 80 and they confirmed that they are not. Here are some commands I have run on my server to check if the ports are open and my server is connected to the network.01:27
ntoombsnmap -sP 192.168.1.0/24 (http://pastebin.com/wt9JYDJc) nmap 192.168.1.119 -p 1-10000 (http://pastebin.com/KFZswzYg) netstat -an | grep ':80' (http://pastebin.com/0ZrFb5YD)01:27
patdk-laphmm, none of those are public ip's01:28
patdk-lapdo you have any public ip's on your server?01:28
ntoombsi don't know what you mean. my public ip is for my router01:29
patdk-lapand you configured dnat on your *router*01:29
ntoombsif by dnat you mean port forwarding, yes i did that01:30
TheEvilPhoenixntoombs:  then whats the IP to the router01:30
TheEvilPhoenixi.e. if you went to whatismyip.com or something01:30
TheEvilPhoenixwhats that number :P01:30
TheEvilPhoenixdont tell us though :P01:30
ntoombsi know what it is01:30
TheEvilPhoenixdidya try using that for the bind number?  or perhaps just *01:31
patdk-lapheh? that won't work TheEvilPhoenix01:31
TheEvilPhoenixpatdk-lap:  whoops my bad01:31
qman__you can't bind to an IP that the server is not configured with01:31
TheEvilPhoenixbeen a while since i messed with Apache ;)01:31
TheEvilPhoenixignore me then01:31
qman__if it works from LAN, it's most likely the ISP or the router01:32
qman__they might swear up and down but the only way to know for sure is testing an alternate port01:32
patdk-lapmake a new port forwarding rule01:32
ntoombsport 22 works fine for ssh01:33
TheEvilPhoenixis this a residential IP, out of curiosity?01:33
qman__22 is not commonly blocked01:33
patdk-lapthat maps like port 8080 to port 8001:33
TheEvilPhoenixISP*01:33
qman__yeah, in the router, change it to 8080 or 9000 or something, and test01:33
qman__if it works, your ISP is lying01:33
qman__which is far more common than it should be01:33
qman__if not, it's probably the router01:33
patdk-laphmm, it's a dynamic isp address01:34
patdk-lapI can't believe they aren't blocking port 8001:35
ntoombsi've been able to connect on port 80 before with this isp01:35
patdk-lapthings change01:35
qman__commonly blocked ports are 25, 80, 113, 145-149, 443, and 44501:35
patdk-lappeople change01:35
patdk-laprouting changes01:35
patdk-lapdon't forget 135-13901:35
qman__ah, that's what I meant01:36
qman__instead of 145-149, my bad01:36
ntoombsthat was like 2 weeks ago though01:36
qman__it's a pretty simple thing to test if your router is sane01:37
qman__just change the external port that gets forwarded to 80 on your server01:37
serue_kirkland: are you around by chance?01:37
ntoombsqman__: i'm sorry i don't know what you mean01:37
ntoombsi thought 80 was the port i'm forwarding to my server01:38
qman__in most routers, you forward port X to port Y on IP Z01:38
qman__you can leave Y and Z alone, and just change X01:38
TheEvilPhoenix^ that01:38
uvirtbotTheEvilPhoenix: Error: "that" is not a valid command.01:38
qman__then try it from the internet01:38
TheEvilPhoenixstfu bot01:38
ChmEarlko01:39
ntoombsmy router forwards from external ip address > router (checks incoming connection and on what port) > whatever device the router forwarded the connetion01:39
ntoombssorry i'm not very good with networking01:40
TheEvilPhoenixi've worked with forwarding though01:40
TheEvilPhoenixntoombs:  most routers support this:01:40
qman__yes01:40
qman__connections come in on the external IP01:40
qman__when you set up port forwards, you pick a port that the connections come in on01:40
qman__then pick an IP and port to forward said connection to01:40
qman__you can leave the second half alone, and just change the first one01:40
qman__so that connections coming in on 8080 go to your server on 8001:41
TheEvilPhoenixsome random port and net connection from external > router > NAT: (<random port> -> InternalMachineIP:<any port>) > InternalMachineIP01:41
TheEvilPhoenixso for example01:41
* patdk-lap spanks TheEvilPhoenix01:41
TheEvilPhoenixi could bind the system in such a way that: port 8754 --> System:8001:41
twbGeneric MASQUERADE or SNAT and a specific DNAT.  Film at 11.01:41
TheEvilPhoenixor any other combo :P01:41
patdk-laptwb, shouldn't that be, ipv6 killed nat, story at 1101:42
ntoombsqman__: so instead of forwarding the incoming connection to port 80 i forward it to port 8080?01:42
qman__no01:42
TheEvilPhoenixntoombs:  no01:42
ntoombsdang01:42
ntoombsthought i had it :(01:42
qman__connections coming in on 8080, go to port 80 on the server01:42
twbpatdk-lap: yeah, but I doubt the OP knows that yet01:42
TheEvilPhoenixyou forward incoming connections from port 8080 to port 80 on the machine01:43
qman__so that you can leave your server alone, listening on the normal port 8001:43
qman__but work around a possible port block from your ISP01:43
qman__prepositions matter here quite a bit ;)01:44
TheEvilPhoenixindeed01:44
ntoombsok i'll look around in my router how to forward a port to a different port :P01:44
TheEvilPhoenixntoombs:  what router01:45
ntoombsnetgear n300 dgn220001:45
ntoombsmodem/router combo01:45
TheEvilPhoenixah01:46
ntoombsi'm not seeing any option for what you guys are talking about01:46
TheEvilPhoenixntoombs:  screenshot?01:47
ntoombssure01:47
TheEvilPhoenixno i kid01:47
TheEvilPhoenixlemme grab google ;)01:47
TheEvilPhoenixor a screenie works :P01:47
ntoombswhatever you wanna do01:47
ntoombswhich one?01:47
TheEvilPhoenixscreenie01:47
TheEvilPhoenixbecause google is evil01:47
ntoombsk01:48
chowderHas anyone here ever used the xen hypervisor? I want to run it on my laptop with Ubuntu 11.04 as the dom0. I've looked online for a how-to but to no avail. Any ideas?01:48
TheEvilPhoenixchowder:  #ubuntu ?01:49
TheEvilPhoenixchowder:  laptops usually fall under the purview of the standard ubuntu channel01:49
ChmEarlchowder, I do that on oneric since it has the xen aware kernel-3.001:49
chowderTheEvilPhoenix, come one now. Do you really think that in the main channel anyone is going to have any idea? (yes, I tried asking)01:50
TheEvilPhoenix:P01:50
ChmEarlsorry oneiric01:50
chowderChmEarl, sounds like a good idea but I don't really want something unstable for my dom0. Just doesn't seem like a good idea01:50
ChmEarlchowder, you want to build dom0 from source? use konrads git repo01:51
ChmEarlhttp://git.kernel.org/?p=linux/kernel/git/konrad/xen.git01:52
chowderChmEarl, I'm on a fresh 11.04 install. I've got my LVM set up just the way I like and all that. I figure that the last step is to install xen.01:52
ChmEarlchowder, best bet is to build xen and dom0 from sources01:52
chowderChmEarl, http://www.ubuntuupdates.org/packages/show/292562 <--- xen package mentioned here. Why is it better to build from source if its already supported in the kernel?01:53
ChmEarllet me see01:53
TheEvilPhoenixntoombs:  anything?01:53
ntoombscopying the link now :)01:54
TheEvilPhoenix:)01:54
ntoombshttp://i194.photobucket.com/albums/z286/ntoombs19/Screenshot2011-07-13at84932PM.png01:54
ntoombsif you need more just ask01:55
ChmEarlchowder, I tried that setup on oneiric -- it worked with linux-image-3.0-2-sever01:55
TheEvilPhoenixntoombs:  what's in that services dropdown list?01:55
TheEvilPhoenixthe complete list01:55
ntoombsthe services dropdown is where the ports come from and you can add new services in the services link01:55
TheEvilPhoenixi'm aware01:55
TheEvilPhoenixadd a new service01:55
chowderChmEarl, well my question is where do I go from here? I've got a fresh install ready to go01:55
TheEvilPhoenixnamed HTTP-alt, port 808001:55
TheEvilPhoenixoh wait01:56
TheEvilPhoenixthat wont work01:56
TheEvilPhoenixdarn, its one of THOSE routers01:56
TheEvilPhoenix</rage>01:56
ChmEarlchowder, do apt-cache search linux-image-generic  <-- what's the highest version available for 11.04?01:56
TheEvilPhoenixi mean theoretically...01:56
chowderChmEarl, one moment, please01:57
TheEvilPhoenixyou can use 8080 forwarded to your system, then use an iptables forward or something to reroute it to port 80 at the box01:57
twbChmEarl: rmadison knows01:57
TheEvilPhoenixbut i'm not sure of the method for that01:57
ntoombsTheEvilPhoenix: There is not an 8080 service but i could easily make one01:57
chowderChmEarl, it doesn't say which version it is01:57
ChmEarlsorry apt-cache show01:57
ntoombsi was hoping to make this a public webserver so i don't want everyone to have to go through port 8080 to get to it01:57
TheEvilPhoenixntoombs:  can i /query ya for a sec?01:58
ntoombsyea01:58
chowderChmEarl, 2.6.38.10.2501:59
ChmEarlchowder, not ready for xen dom0 -- you will have no support for domU01:59
chowderChmEarl, so I need a later kernel?01:59
ChmEarlchowder, later or a build from source known to support xen02:00
chowderhmmm...this sucks.02:00
ChmEarlchowder, but as you said earlier, natty does have xen and xen-tools in repo, but no kernel yet02:00
ChmEarlsorry, not tools, xen-utils-4.102:01
chowderrecompiling the kernel takes 100 years...especially to go through all of those options02:01
chowderI'd rather just reinstall debian testing or something and save myself the headache02:02
ChmEarlchowder, do you know `kevin on ##xen? he has a solution in his ~/kernel tree02:02
chowderChmEarl, never heard of him but I can contact him, I guess02:03
ChmEarlask for the 2.6.38 dom0 kernel archive02:03
chowderI really don't care about the Dom0 too much. I just need it to be stable. After all, it will be managing my other vms02:04
kirklandserue_: hi, here now02:07
serue_kirkland: was just wondering whether you wanted the latest changes in lp:ecryptfs rolled into an oneiric release or not.02:07
kirklandserue_: yeah, definitely02:08
kirklandserue_: sooner the better, too02:08
kirklandserue_: poke me tomorrow and we'll walk through the release procedure02:08
serue_kirkland: d'oh, i'm out tomorrow and friday02:08
kirklandserue_: heh02:08
kirklandserue_: okay, Monday?02:08
serue_cool02:08
serue_thanks02:08
serue_kirkland: talk to you then02:09
serue_SpamapS: lxc?02:47
=== jimbaker` is now known as jimbaker
SubSolarQuestion, I was looking at an Ubuntu 9 machine yesterday that was being used as a file server for Windows clients.  But it looked like a stock/default smb.conf.  Can it be using a different config file located somewhere else?03:44
qman__first, there is no 'Ubuntu 9', there is 9.04 and 9.10; second, it's possible but it would have to have modified init scripts or be started in a different way03:47
qman__the 'homes' configuration is included but commented in the default file03:48
qman__it's likely they simply uncommented it03:48
SubSolarHmm, it was /share03:48
SubSolarAlso, I'm not sure if it's 9.04 or 9.10.  If I wanted to upgrade to the latest 11, can I do it straight or do I have to go from 9 to 10 to 11?03:49
qman__ubuntu version numbers don't work that way03:49
qman__I guess I wasn't clear on that03:49
qman__9.04 would have to be first upgraded to 9.10, then 10.04, then 10.10, then 11.0403:50
SubSolarOh, damn.03:50
qman__ubuntu version numbers are release dates03:50
qman__9.04 is april 2009, etc03:50
SubSolarIt may just be easier to format and install the latest ubuntu...03:51
qman__probably03:51
SubSolarsince 9 is no longer getting updates03:51
qman__but I would suggest using 10.04 instead03:51
qman__because it will require less upgrades, as it will be able to upgrade directly to 12.04 when that comes out03:52
qman__otherwise you'll run into the exact same thing when 11.04 is out of date03:52
e_t_It usually is easier to do a clean install. For me, at least, it is also a good opportunity to de-cruft.03:52
qman__10.04 still has a little under four years left on it03:53
qman__for server03:53
rurufufussso I have this line in a bash script: convert "$i" -scale "12.5%"04:46
rurufufussit takes in $i from for in in 'ls blah'04:46
rurufufusshow do I make that handle filenames that have spaces in the middel?04:46
rurufufusswhoops, only discovered that #bash exists04:49
twbrurufufuss: by not using ls04:49
twbBut yeah, #bash is the place to ask04:50
=== koolhead17| is now known as koolhead17
=== mcahornsirup_ is now known as mcahornsirup
=== RudyValencia- is now known as RudyValencia
Tommy_hi08:52
Tommy_how to correct very small fonts in ubuntu server version?08:52
Tommy_on CLI screen, I found only small fonts08:53
Tommy_I wish somebody could help me as it is burning issues nobody can solve08:53
Tommy_hello08:58
Tommy_hello , can you hear me ? is it late there on the line ? is it bed time ?08:59
e_t_For me, it's nearly 2AM.09:00
e_t_Also, consider that everyone here is a volunteer. If no one knows the answer to your question (as I do not), no one will respond.09:01
Tommy_oh09:07
Tommy_so what do you think I should do?09:07
twbTommy_: dpkg-reconfigure console-setup09:07
Tommy_:(09:07
twbTommy_: if that doesn't work, blacklist the framebuffer driver that's being loaded09:07
twbhttp://paste.debian.net/122845/09:08
e_t_You can connect to the server via SSH and use a graphical terminal program with adjustable font sizes.09:08
twbIn the latter case, you'll need to run "update-initramfs -u -k all"09:08
twbe_t_: assuming he's silly enough to run a graphical system on his desktop :-P09:09
Tommy_How can I know if I use frame buffer or not09:10
Tommy_?09:10
twbTommy_: lsmod | grep fb09:15
=== airtonix_ is now known as airtonix
airtonixtwb: oh you09:40
Tommy_what?09:41
Tommy_i tried update-initramfs -u -k all. and rebooted. not ok yet09:42
twbairtonix:09:43
twbSorry09:43
twbTommy_: is it still loading a framebuffer driver?09:43
Tommy_i do not know how to to check if it is still loading framebuffer09:46
Tommy_but fonts is still small09:46
twbTommy_: lsmod | grep fb09:47
Tommy_ok i will try09:49
Tommy_what should I read for you ?09:56
twbpastebin the output of that command09:56
twbOk, that's odd.09:57
twbI jsut checked on my sid .38 system, and it has no fbcon module loaded09:57
twbBut it *does* have i915 and drm_kms_helper09:57
Tommy_http://pastebin.ubuntu.com/643950/10:00
uvirtbotNew bug: #810397 in autofs5 (main) "can't mount non IPv6 NFS shares" [Undecided,New] https://launchpad.net/bugs/81039711:12
=== _ruben_ is now known as _ruben
FidelixHello, can someone help me with this? Jul 14 08:47:56 fidelix sshd[14040]: reverse mapping checking getaddrinfo for 18740105196.user.veloxzone.com.br [187.40.105.196] failed - POSSIBLE BREAK-IN ATTEMPT!11:48
FidelixI can't make a passwordless login on my server, and this appears in the server's /var/log/auth.log when I try to ssh11:49
patdk-wkit's just a warning, ignore it12:05
patdk-wkthere isn't anything you can do about it, unless you bitch to your isp for a few months, they might fix it12:05
_rubennothing you can do about the warning that is, passwordless logins oughta be a possibility still12:12
FidelixI was only able to do a passwordless login after I set UseDNS no on sshd_config12:15
uvirtbotNew bug: #810270 in cups (main) "AppArmor profiles need updates for /var/run → /run and /var/lock → /run/lock" [High,Fix committed] https://launchpad.net/bugs/81027012:22
uvirtbotNew bug: #810051 in nova "Copyright/legal issues in Nova (from Debian upstream)" [Low,Confirmed] https://launchpad.net/bugs/81005113:07
=== zz_ng_ is now known as ng_
zullovely mysql explicity depends on a gcc version now14:34
Daviey:o14:40
skaetyuk.14:40
* skaet hopes its not an old version, and its a dependency on a specific bug implementation.... :P14:40
hggdhsmoser: we need to test the new -proposed kernel for Hardy14:42
hggdhsmoser: on EC2, forgot to mention, sorry14:44
smoserhggdh, what do you need (anything?) from me?14:48
hggdhsmoser: I though we could run the Hardy with a --kernel= pointing to the lucid AKI14:49
hggdhdarn! If I run on us-east1, I should provide an AKI from us-east1...14:50
utlemmingsmoser, hggdh: anything I can help with on testing the EC2 hardy kernel?15:13
smoserhggdh, wait...15:14
smoserif you wan tot test the -proposed kernel in hardy15:14
smoserthen you boot the hardy image with the pv-grub kernel15:14
smoserand apt-get dist upgrade15:14
smoserand reboot15:14
hggdhsmoser: yes -- with the --kernel pointing to the lucid pv-grub aki, correct?15:15
smoseryeah.15:15
smoseryou confused me when you said "lucid AKI"15:15
smoserits not really a lucid AKI, but a generic (amazon owned) aki15:15
hggdhutlemming: I have it running now, thanks15:16
hggdhsmoser: heh -- you published it in an email talking about Lucid, so I ass-u-med it was Lucid15:16
=== ng_ is now known as zz_ng_
=== koolhead17 is now known as koolhead17|afk
patrickmwjamespage: how's the jenkins ppa coming along?16:20
jamespage7 packages to go16:20
patrickmwnice!16:20
jamespagecurrently unblocking something upstream in Debian16:20
jamespage(oh and thats oneiric archive - not PPA :-))16:21
patrickmwaww16:21
=== twister004_ is now known as twister004
semiosisis there any way to have old versions preserved in a PPA?  currently whenever i upload a new version of a package the old version gets deleted.  can it keep them?16:38
SpamapSsemiosis: when thats needed, its best to either have two PPA's, or add the version to the source package name.16:41
=== cloakable_ is now known as cloakable
uvirtbotNew bug: #810580 in mysql-5.1 (main) "mknod /run/mysqld/mysqld.sock is blocked by apparmor" [Undecided,New] https://launchpad.net/bugs/81058016:41
semiosisSpamapS: thanks thats what i was afraid of16:42
=== mquin_ is now known as mquin
foughalahello17:39
foughalai want some help, please17:39
foughalaabout Wired Connection17:39
foughalai have two PCs17:40
foughala&  a switch17:40
foughalaone PC with XP sp217:40
foughalaand this one with Ubuntu 11.0417:40
=== mendel__ is now known as mendel_
=== cerber0s is now known as cerberos
xibalba_good afternoon folks20:00
xibalba_i need a little help getting ubuntu 10.04 LTS installed ona Super Micro box with RAID 120:00
xibalba_i went through the install once, and it completed successfully.20:01
xibalba_upon reboot i was dropped into a command prompt "grub rescue>"20:01
xibalba_i'm re-running the ubuntu install right now, thinking i messed up the grub settings somewhere. I wantd to know if anyone had any advice or input on this install type20:01
lucidlwhat's the safest way to upgrade to a newer release of a application that is in a newer release of ubuntu, into a older release20:04
lucidlI want to  install nut 2.6 branch instead of the 2.4.3 that is in lucid server20:07
xibalba_looks like i should go the fakeraid router maybe20:08
xibalba_i thought the intel stuff would be supported, it's an ich10r20:08
pythonirc101I've a ubuntu server that is connected on the web using dhcp. What is the easiest way to configure it so that I can access it from outside? (from anywhere -- the dhcp is a 192.xxx ip)20:21
e_t_pythonirc101: set up port forwarding on your Internet-facing router to forward port 80 traffic to the server.20:24
=== mendel__ is now known as mendel_
jamespagesmoser: python-boto 2.0 \o/20:56
smoser:)20:56
smoserlet the fallout begin20:56
jamespagehehe20:56
uvirtbotNew bug: #810736 in samba (main) "logrotate script needs to notify all samba processes when logs are rotated" [Undecided,New] https://launchpad.net/bugs/81073620:56
Davieysmoser: eeeek21:06
pythonirc101e_t_: I would like to do ssh and http or anything else from outside so that i can forward the packets to this machine using a name or static ip perhaps.21:06
Davieyyou've busted everything21:06
Davieyjamespage: ygm21:06
jamespageDaviey: ygm to21:07
Davieyso i have!21:07
e_t_pythonirc101: The static IP will be on your router. You can buy a domain name from any of the registrars and assign that name to your static IP. After that, you still need port forwarding because a server with a 192... address cannot be reached from the Internet. You can forward all the ports you desire, though you should only forward those for services you're actually using.21:10
pythonirc101e_t_: I dont have a static ip21:12
pythonirc101my network administrator gives me only a dhcp connection21:12
pythonirc101which is good for browsing and such but not running servers21:12
e_t_pythonirc101: dyndns.org21:13
pythonirc101e_t_: exactly. Now, can i use commandline from ubuntu server to configure dyndns?21:13
e_t_pythonirc101: sudo apt-get install dyndns gets you the update client.21:14
pythonirc101thanks21:16
pythonirc101e_t_: how do i get a name?21:16
pythonirc101can it be done from the commandline?21:16
pythonirc101e_t_: perhaps this will work : http://en.kioskea.net/faq/718-installing-a-dyndns-client ?21:18
e_t_pythonirc101: No. You'll need to visit the dyndns website and set up an account. I think you can get a subdomain (i.e. pythonirc.dyndns.org) for free. After that, you configure the client program according to the instructions you posted.21:18
pythonirc101e_t_: if i have 20 such machines to run, then this doesnt sound like a good solution :(21:19
utlemmingsmoser: ping21:19
pythonirc101hence i wanted a commandline solution21:19
smoserhere21:20
smoserbut not for long utlemming21:20
e_t_pythonirc101: Perhaps you should describe your setup in more detail. There might be alternate solutions.21:20
utlemmingsmoser: k21:20
utlemmingdo you want to sync up tomorrow morning then on the training thingy for Monday?21:20
smoseryes21:21
utlemmingkees, I'll ping you around 10:30ish (GMT-0:600)21:21
utlemmingInteresting...apparently my IRC client replaces k\, with kees21:22
keesheh :)21:23
utlemminglol21:23
utlemmingsmoser: I'll ping you around 10:30ish (GMT-06:00) if that works for you21:23
smosergood deal21:23
zulkees: i need to bug you tomorrow about a couple of openstack things21:54
CrazyGirhello! forgive me if this is not the best place this question, but I'm not sure who else to direct this to, and I'm using kvm/libvirt & ubuntu-server, which it seems like a fair number of folks here are skilled with :)22:03
=== kentb is now known as kentb-out
e_t_!ask | CrazyGir22:05
ubottuCrazyGir: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)22:05
CrazyGirI have inherited responsibility over a set of VM servers and their VMs. I did not setup the servers themselves or the networking setup (which is a little complicated). These servers were originally going to be in a 2-node active-active cluster, but we ran into so many issues with that, the admin working on the systems separated them and they are now standalone (the networking config was left as is though)22:05
CrazyGirI'm getting there, sorry, a lot to sort through and figure out what to say22:06
CrazyGirI have been creating VMs on one of these systems, and am having a difficult time figuring out what I need to do to get network connections from the external interface to the VMs themselves22:06
e_t_What you have to do is set up the VM host as a router. I can walk you through it.22:07
CrazyGirthat might already be done22:08
e_t_Then you set up some iptables rules to do Network Address Translation, from the VMs to the outside.22:09
alamar.o(eh.. what vm technology are we talking about?)22:09
alamarah22:09
alamari c, didnt scroll up enough22:09
CrazyGire_t_: how can I review/look at the current config there22:10
CrazyGirI'm not as skilled in ubuntu/linux as I am in BSD22:11
CrazyGirright now I have a bridge interface setup with an external IP22:11
e_t_iptables -L or iptables -t nat -L will show any current iptables rules.22:11
CrazyGirthen a virtual bridge setup for the VM subnet22:11
CrazyGirwow that cmd is slooooow22:13
e_t_For me it's nearly instantaneous.22:13
CrazyGirhrm22:13
CrazyGirnot here22:13
sparcmaybe add a -n22:14
sparcto avoid dns resolution22:14
CrazyGirthis makes me miss pf22:14
CrazyGirso I see this, which is related to the vm subnet: MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/2422:14
CrazyGirand two others, one ecah for TCP/UDP22:14
CrazyGirthat's outbound? source is .122.x and destination is anything else, am I understanding that correctly?22:15
e_t_OK. That looks like it was set up with virt-manager. If you've got that program, you can handle the networks graphically.22:15
CrazyGirvirt-manager would run on the server?22:16
CrazyGire_t_: could the DRDB Management Console potentially have done thi?22:16
CrazyGirthat22:16
CrazyGir*that22:16
e_t_virt-manager is kind of cool in that it can connect to a remote kvm, but it can be run locally.22:16
e_t_I have no knowledge of DRDB.22:17
CrazyGirhmm.. I could probably get that setup in my xubuntu (local) vm22:17
pltmnkyI'm having trouble getting a qlogic IBA7322 HCA card recognized. The libraries are installed, the udev rules are in place, however the device is never populated.22:20
pltmnkyrunning ubuntu server 10.0422:20
pltmnkyit is an infiniband card22:20
e_t_CrazyGir: You could also ask in #virt (OFTC).22:24
CrazyGirfor what? the network config?22:25
e_t_For anything libvirt related.22:25
CrazyGirhah22:26
CrazyGirok, well how should I go about working with / configuring these bridges to get from ext --> VM?22:26
CrazyGirthe virt-manager isn't able to connect, so if I can do this on the cli, that is fine22:27
e_t_You want services running on the VMs to be accessible from outside?22:27
CrazyGiryep, HTTP/etc22:27
e_t_OK. That's port forwarding (it seems like that's the topic du jour).22:28
sarkiswhat are these services in here /usr/share/dbus-1/services22:28
sarkisused for?22:28
sarkishow can i restart a certain service from that folder?22:29
CrazyGire_t_: for the immediate moment, port forwarding would be fine22:29
CrazyGirin the future I would want to give some VMs ext IPs22:29
CrazyGire_t_: so iptables is what I should use to setup port forwarding?22:31
e_t_CrazyGir: Yes. Here's a guide http://www.debian-administration.org/articles/7322:31
CrazyGirthanks for the direction here :)22:32
CrazyGire_t_: are iptables commands entered via the cli, or is there a set of files you edit?22:33
e_t_Command line. However, they are wiped out on reboot, so you'll want to enter anything you want to keep into a script to be run at boot.22:34
CrazyGirhah!22:34
CrazyGiroh what joy :)22:35
CrazyGiris there anything in ubuntu that exists already as the "standard" script to add such iptables commands?22:35
e_t_Not that I know of. You can add the commands to /etc/rc.local, or make a separate script and call it from rc.local.22:36
CrazyGiroies22:36
CrazyGir*okies22:36
CrazyGirok, so I have those rules in place, forwarding 8000 on the ext IP to 8000 on one specific VM22:40
CrazyGirnothing gets through (browser times out, and http on the VM doesn't see anything) so is there a way I can confirm the TCP packets are even getting through to the VM?22:40
e_t_ping or traceroute22:44
CrazyGiroh nice! tcpdump to the rescure22:47
CrazyGir*rescue22:47
CrazyGirok, I can confirm the packets getting through the server and off to the vm22:48
e_t_But not coming back?22:48
CrazyGirnot getting to the VM22:48
CrazyGirtcpdump run on the VM sees nothing22:49
CrazyGirno iptables rules are setup on the VM22:50
CrazyGirso I don't quite understand what is getting in the way22:51
CrazyGirany thoughts / suggestions, not sure what to dig into next here22:54
e_t_There shouldn't be an iptables on the VM itself.22:54
CrazyGirthere aren't22:54
CrazyGirI'm able to SSH to the VM from the VM server22:54
CrazyGirso I know the VM is setup correctly in that sense22:55
e_t_Can you pastebin the output of ifconfig on the VM server?22:55
CrazyGirsure22:56
CrazyGirit's long, cause of all the VLAN/etc config for the original setup that is nolonger22:56
CrazyGir22:48:39.259017 IP ppp-x-x-x-x.XXX.net.44372 > 192.168.122.218.8001: Flags [S], seq 1399355578, win 8192, options [mss 1442,nop,nop,sackOK], length 022:59
CrazyGire_t_: this is from tcpdump, does this confirm the packet was SENT to the .218 IP?22:59
CrazyGiror just that it is destined for the IP23:00
e_t_That just says it was sent.23:00
e_t_You might also paste /etc/network/interfaces23:01
CrazyGirthere's a lot here i need to santize out :(23:03
CrazyGirwell, not a whole lot, but some23:03
CrazyGire_t_: http://dpaste.com/568852/23:06
CrazyGirthere's more in ifconfig23:06
pltmnkyignore my question, qlogic cards use a mellanox chipset, had to install the mellanox drivers23:06
CrazyGirthat is good to know23:07
CrazyGire_t_: thoughts?23:09
e_t_CrazyGir: It looks to me as though a lot of things a jumbled together in there, though that may be a result of sanitization.23:10
e_t_s/a/are23:10
e_t_This is a single VM server? If so, I would set it up to have one external IP (maybe bonded NICs, but one IP). There should be only one bridge interface, bound to eth0, and then all the VMs connected to that bridge interface.23:14
mfdlAnyone have some time to work me through an installation issue?23:14
CrazyGire_t_: I believe that is exactly how it is setup, but with some other cruft (eg from drdb link between the two servers in the original cluster, etc)23:15
=== mendel__ is now known as mendel_
e_t_CrazyGir: Well, I saw two bridges, an eth1, and an eth0.7 (0.0 - 0.6?). If there's a lot of networking cruft, it may be causing hidden routing errors.23:18
CrazyGirhmmm23:21
CrazyGirI know!23:21
CrazyGirnginx to the rescue23:21
CrazyGirfor now I'll use nginx on the vm server :)23:21
* e_t_ has no idea how that will help.23:22
CrazyGirit will help me get the immediate need resolved while making time for me to sort out these more complicated issues23:22
CrazyGirthe VM server can hit the VM network just fine, so I can use nginx as a reverse proxy23:22
CrazyGire_t_: how can I remove iptables rules?23:36
CrazyGirerr... remove _only_ those that I had added before23:37
e_t_That's a little more difficult. iptables --flush will wipe everything.23:43
CrazyGiryea23:43
e_t_Which commands did you enter before?23:43
CrazyGirI guess I could reboot, provided that the existing stuff is all in iptables23:43
e_t_Rebooting would fix it.23:43
CrazyGirfrom http://www.debian-administration.org/articles/7323:44
CrazyGirit actually looks like ufw was used to configure this vm server23:44
CrazyGirI imagine ufw has a way of persisting rules23:44
e_t_it does23:45
CrazyGirso a reboot will fix this23:47
e_t_It should.23:47
CrazyGirokies, thanks for your help! I'm going to take a break on this and come back with a fresh mind laters ;)23:47

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!