[01:27] <ntoombs> Hi. I have a problem accessing my LAMP server externally through port 80. I can access it internally using both it's assigned local static ip address and my networks external ip address. I have talked to my ISP multiple times to see if they are blocking port 80 and they confirmed that they are not. Here are some commands I have run on my server to check if the ports are open and my server is connected to the network.
[01:27] <ntoombs> nmap -sP 192.168.1.0/24 (http://pastebin.com/wt9JYDJc) nmap 192.168.1.119 -p 1-10000 (http://pastebin.com/KFZswzYg) netstat -an | grep ':80' (http://pastebin.com/0ZrFb5YD)
[01:28] <patdk-lap> hmm, none of those are public ip's
[01:28] <patdk-lap> do you have any public ip's on your server?
[01:29] <ntoombs> i don't know what you mean. my public ip is for my router
[01:29] <patdk-lap> and you configured dnat on your *router*
[01:30] <ntoombs> if by dnat you mean port forwarding, yes i did that
[01:30] <TheEvilPhoenix> ntoombs:  then whats the IP to the router
[01:30] <TheEvilPhoenix> i.e. if you went to whatismyip.com or something
[01:30] <TheEvilPhoenix> whats that number :P
[01:30] <TheEvilPhoenix> dont tell us though :P
[01:30] <ntoombs> i know what it is
[01:31] <TheEvilPhoenix> didya try using that for the bind number?  or perhaps just *
[01:31] <patdk-lap> heh? that won't work TheEvilPhoenix
[01:31] <TheEvilPhoenix> patdk-lap:  whoops my bad
[01:31] <qman__> you can't bind to an IP that the server is not configured with
[01:31] <TheEvilPhoenix> been a while since i messed with Apache ;)
[01:31] <TheEvilPhoenix> ignore me then
[01:32] <qman__> if it works from LAN, it's most likely the ISP or the router
[01:32] <qman__> they might swear up and down but the only way to know for sure is testing an alternate port
[01:32] <patdk-lap> make a new port forwarding rule
[01:33] <ntoombs> port 22 works fine for ssh
[01:33] <TheEvilPhoenix> is this a residential IP, out of curiosity?
[01:33] <qman__> 22 is not commonly blocked
[01:33] <patdk-lap> that maps like port 8080 to port 80
[01:33] <TheEvilPhoenix> ISP*
[01:33] <qman__> yeah, in the router, change it to 8080 or 9000 or something, and test
[01:33] <qman__> if it works, your ISP is lying
[01:33] <qman__> which is far more common than it should be
[01:33] <qman__> if not, it's probably the router
[01:34] <patdk-lap> hmm, it's a dynamic isp address
[01:35] <patdk-lap> I can't believe they aren't blocking port 80
[01:35] <ntoombs> i've been able to connect on port 80 before with this isp
[01:35] <patdk-lap> things change
[01:35] <qman__> commonly blocked ports are 25, 80, 113, 145-149, 443, and 445
[01:35] <patdk-lap> people change
[01:35] <patdk-lap> routing changes
[01:35] <patdk-lap> don't forget 135-139
[01:36] <qman__> ah, that's what I meant
[01:36] <qman__> instead of 145-149, my bad
[01:36] <ntoombs> that was like 2 weeks ago though
[01:37] <qman__> it's a pretty simple thing to test if your router is sane
[01:37] <qman__> just change the external port that gets forwarded to 80 on your server
[01:37] <serue_> kirkland: are you around by chance?
[01:37] <ntoombs> qman__: i'm sorry i don't know what you mean
[01:38] <ntoombs> i thought 80 was the port i'm forwarding to my server
[01:38] <qman__> in most routers, you forward port X to port Y on IP Z
[01:38] <qman__> you can leave Y and Z alone, and just change X
[01:38] <TheEvilPhoenix> ^ that
[01:38] <qman__> then try it from the internet
[01:38] <TheEvilPhoenix> stfu bot
[01:39] <ChmEarl> ko
[01:39] <ntoombs> my router forwards from external ip address > router (checks incoming connection and on what port) > whatever device the router forwarded the connetion
[01:40] <ntoombs> sorry i'm not very good with networking
[01:40] <TheEvilPhoenix> i've worked with forwarding though
[01:40] <TheEvilPhoenix> ntoombs:  most routers support this:
[01:40] <qman__> yes
[01:40] <qman__> connections come in on the external IP
[01:40] <qman__> when you set up port forwards, you pick a port that the connections come in on
[01:40] <qman__> then pick an IP and port to forward said connection to
[01:40] <qman__> you can leave the second half alone, and just change the first one
[01:41] <qman__> so that connections coming in on 8080 go to your server on 80
[01:41] <TheEvilPhoenix> some random port and net connection from external > router > NAT: (<random port> -> InternalMachineIP:<any port>) > InternalMachineIP
[01:41] <TheEvilPhoenix> so for example
[01:41]  * patdk-lap spanks TheEvilPhoenix
[01:41] <TheEvilPhoenix> i could bind the system in such a way that: port 8754 --> System:80
[01:41] <twb> Generic MASQUERADE or SNAT and a specific DNAT.  Film at 11.
[01:41] <TheEvilPhoenix> or any other combo :P
[01:42] <patdk-lap> twb, shouldn't that be, ipv6 killed nat, story at 11
[01:42] <ntoombs> qman__: so instead of forwarding the incoming connection to port 80 i forward it to port 8080?
[01:42] <qman__> no
[01:42] <TheEvilPhoenix> ntoombs:  no
[01:42] <ntoombs> dang
[01:42] <ntoombs> thought i had it :(
[01:42] <qman__> connections coming in on 8080, go to port 80 on the server
[01:42] <twb> patdk-lap: yeah, but I doubt the OP knows that yet
[01:43] <TheEvilPhoenix> you forward incoming connections from port 8080 to port 80 on the machine
[01:43] <qman__> so that you can leave your server alone, listening on the normal port 80
[01:43] <qman__> but work around a possible port block from your ISP
[01:44] <qman__> prepositions matter here quite a bit ;)
[01:44] <TheEvilPhoenix> indeed
[01:44] <ntoombs> ok i'll look around in my router how to forward a port to a different port :P
[01:45] <TheEvilPhoenix> ntoombs:  what router
[01:45] <ntoombs> netgear n300 dgn2200
[01:45] <ntoombs> modem/router combo
[01:46] <TheEvilPhoenix> ah
[01:46] <ntoombs> i'm not seeing any option for what you guys are talking about
[01:47] <TheEvilPhoenix> ntoombs:  screenshot?
[01:47] <ntoombs> sure
[01:47] <TheEvilPhoenix> no i kid
[01:47] <TheEvilPhoenix> lemme grab google ;)
[01:47] <TheEvilPhoenix> or a screenie works :P
[01:47] <ntoombs> whatever you wanna do
[01:47] <ntoombs> which one?
[01:47] <TheEvilPhoenix> screenie
[01:47] <TheEvilPhoenix> because google is evil
[01:48] <ntoombs> k
[01:48] <chowder> Has anyone here ever used the xen hypervisor? I want to run it on my laptop with Ubuntu 11.04 as the dom0. I've looked online for a how-to but to no avail. Any ideas?
[01:49] <TheEvilPhoenix> chowder:  #ubuntu ?
[01:49] <TheEvilPhoenix> chowder:  laptops usually fall under the purview of the standard ubuntu channel
[01:49] <ChmEarl> chowder, I do that on oneric since it has the xen aware kernel-3.0
[01:50] <chowder> TheEvilPhoenix, come one now. Do you really think that in the main channel anyone is going to have any idea? (yes, I tried asking)
[01:50] <TheEvilPhoenix> :P
[01:50] <ChmEarl> sorry oneiric
[01:50] <chowder> ChmEarl, sounds like a good idea but I don't really want something unstable for my dom0. Just doesn't seem like a good idea
[01:51] <ChmEarl> chowder, you want to build dom0 from source? use konrads git repo
[01:52] <ChmEarl> http://git.kernel.org/?p=linux/kernel/git/konrad/xen.git
[01:52] <chowder> ChmEarl, I'm on a fresh 11.04 install. I've got my LVM set up just the way I like and all that. I figure that the last step is to install xen.
[01:52] <ChmEarl> chowder, best bet is to build xen and dom0 from sources
[01:53] <chowder> ChmEarl, http://www.ubuntuupdates.org/packages/show/292562 <--- xen package mentioned here. Why is it better to build from source if its already supported in the kernel?
[01:53] <ChmEarl> let me see
[01:53] <TheEvilPhoenix> ntoombs:  anything?
[01:54] <ntoombs> copying the link now :)
[01:54] <TheEvilPhoenix> :)
[01:54] <ntoombs> http://i194.photobucket.com/albums/z286/ntoombs19/Screenshot2011-07-13at84932PM.png
[01:55] <ntoombs> if you need more just ask
[01:55] <ChmEarl> chowder, I tried that setup on oneiric -- it worked with linux-image-3.0-2-sever
[01:55] <TheEvilPhoenix> ntoombs:  what's in that services dropdown list?
[01:55] <TheEvilPhoenix> the complete list
[01:55] <ntoombs> the services dropdown is where the ports come from and you can add new services in the services link
[01:55] <TheEvilPhoenix> i'm aware
[01:55] <TheEvilPhoenix> add a new service
[01:55] <chowder> ChmEarl, well my question is where do I go from here? I've got a fresh install ready to go
[01:55] <TheEvilPhoenix> named HTTP-alt, port 8080
[01:56] <TheEvilPhoenix> oh wait
[01:56] <TheEvilPhoenix> that wont work
[01:56] <TheEvilPhoenix> darn, its one of THOSE routers

[01:56] <ChmEarl> chowder, do apt-cache search linux-image-generic  <-- what's the highest version available for 11.04?
[01:56] <TheEvilPhoenix> i mean theoretically...
[01:57] <chowder> ChmEarl, one moment, please
[01:57] <TheEvilPhoenix> you can use 8080 forwarded to your system, then use an iptables forward or something to reroute it to port 80 at the box
[01:57] <twb> ChmEarl: rmadison knows
[01:57] <TheEvilPhoenix> but i'm not sure of the method for that
[01:57] <ntoombs> TheEvilPhoenix: There is not an 8080 service but i could easily make one
[01:57] <chowder> ChmEarl, it doesn't say which version it is
[01:57] <ChmEarl> sorry apt-cache show
[01:57] <ntoombs> i was hoping to make this a public webserver so i don't want everyone to have to go through port 8080 to get to it
[01:58] <TheEvilPhoenix> ntoombs:  can i /query ya for a sec?
[01:58] <ntoombs> yea
[01:59] <chowder> ChmEarl, 2.6.38.10.25
[01:59] <ChmEarl> chowder, not ready for xen dom0 -- you will have no support for domU
[01:59] <chowder> ChmEarl, so I need a later kernel?
[02:00] <ChmEarl> chowder, later or a build from source known to support xen
[02:00] <chowder> hmmm...this sucks.
[02:00] <ChmEarl> chowder, but as you said earlier, natty does have xen and xen-tools in repo, but no kernel yet
[02:01] <ChmEarl> sorry, not tools, xen-utils-4.1
[02:01] <chowder> recompiling the kernel takes 100 years...especially to go through all of those options
[02:02] <chowder> I'd rather just reinstall debian testing or something and save myself the headache
[02:02] <ChmEarl> chowder, do you know `kevin on ##xen? he has a solution in his ~/kernel tree
[02:03] <chowder> ChmEarl, never heard of him but I can contact him, I guess
[02:03] <ChmEarl> ask for the 2.6.38 dom0 kernel archive
[02:04] <chowder> I really don't care about the Dom0 too much. I just need it to be stable. After all, it will be managing my other vms
[02:07] <kirkland> serue_: hi, here now
[02:07] <serue_> kirkland: was just wondering whether you wanted the latest changes in lp:ecryptfs rolled into an oneiric release or not.
[02:08] <kirkland> serue_: yeah, definitely
[02:08] <kirkland> serue_: sooner the better, too
[02:08] <kirkland> serue_: poke me tomorrow and we'll walk through the release procedure
[02:08] <serue_> kirkland: d'oh, i'm out tomorrow and friday
[02:08] <kirkland> serue_: heh
[02:08] <kirkland> serue_: okay, Monday?
[02:08] <serue_> cool
[02:08] <serue_> thanks
[02:09] <serue_> kirkland: talk to you then
[02:47] <serue_> SpamapS: lxc?
[03:44] <SubSolar> Question, I was looking at an Ubuntu 9 machine yesterday that was being used as a file server for Windows clients.  But it looked like a stock/default smb.conf.  Can it be using a different config file located somewhere else?
[03:47] <qman__> first, there is no 'Ubuntu 9', there is 9.04 and 9.10; second, it's possible but it would have to have modified init scripts or be started in a different way
[03:48] <qman__> the 'homes' configuration is included but commented in the default file
[03:48] <qman__> it's likely they simply uncommented it
[03:48] <SubSolar> Hmm, it was /share
[03:49] <SubSolar> Also, I'm not sure if it's 9.04 or 9.10.  If I wanted to upgrade to the latest 11, can I do it straight or do I have to go from 9 to 10 to 11?
[03:49] <qman__> ubuntu version numbers don't work that way
[03:49] <qman__> I guess I wasn't clear on that
[03:50] <qman__> 9.04 would have to be first upgraded to 9.10, then 10.04, then 10.10, then 11.04
[03:50] <SubSolar> Oh, damn.
[03:50] <qman__> ubuntu version numbers are release dates
[03:50] <qman__> 9.04 is april 2009, etc
[03:51] <SubSolar> It may just be easier to format and install the latest ubuntu...
[03:51] <qman__> probably
[03:51] <SubSolar> since 9 is no longer getting updates
[03:51] <qman__> but I would suggest using 10.04 instead
[03:52] <qman__> because it will require less upgrades, as it will be able to upgrade directly to 12.04 when that comes out
[03:52] <qman__> otherwise you'll run into the exact same thing when 11.04 is out of date
[03:52] <e_t_> It usually is easier to do a clean install. For me, at least, it is also a good opportunity to de-cruft.
[03:53] <qman__> 10.04 still has a little under four years left on it
[03:53] <qman__> for server
[04:46] <rurufufuss> so I have this line in a bash script: convert "$i" -scale "12.5%"
[04:46] <rurufufuss> it takes in $i from for in in 'ls blah'
[04:46] <rurufufuss> how do I make that handle filenames that have spaces in the middel?
[04:49] <rurufufuss> whoops, only discovered that #bash exists
[04:49] <twb> rurufufuss: by not using ls
[04:50] <twb> But yeah, #bash is the place to ask
[08:52] <Tommy_> hi
[08:52] <Tommy_> how to correct very small fonts in ubuntu server version?
[08:53] <Tommy_> on CLI screen, I found only small fonts
[08:53] <Tommy_> I wish somebody could help me as it is burning issues nobody can solve
[08:58] <Tommy_> hello
[08:59] <Tommy_> hello , can you hear me ? is it late there on the line ? is it bed time ?
[09:00] <e_t_> For me, it's nearly 2AM.
[09:01] <e_t_> Also, consider that everyone here is a volunteer. If no one knows the answer to your question (as I do not), no one will respond.
[09:07] <Tommy_> oh
[09:07] <Tommy_> so what do you think I should do?
[09:07] <twb> Tommy_: dpkg-reconfigure console-setup
[09:07] <Tommy_> :(
[09:07] <twb> Tommy_: if that doesn't work, blacklist the framebuffer driver that's being loaded
[09:08] <twb> http://paste.debian.net/122845/
[09:08] <e_t_> You can connect to the server via SSH and use a graphical terminal program with adjustable font sizes.
[09:08] <twb> In the latter case, you'll need to run "update-initramfs -u -k all"
[09:09] <twb> e_t_: assuming he's silly enough to run a graphical system on his desktop :-P
[09:10] <Tommy_> How can I know if I use frame buffer or not
[09:10] <Tommy_> ?
[09:15] <twb> Tommy_: lsmod | grep fb
[09:40] <airtonix> twb: oh you
[09:41] <Tommy_> what?
[09:42] <Tommy_> i tried update-initramfs -u -k all. and rebooted. not ok yet
[09:43] <twb> airtonix:
[09:43] <twb> Sorry
[09:43] <twb> Tommy_: is it still loading a framebuffer driver?
[09:46] <Tommy_> i do not know how to to check if it is still loading framebuffer
[09:46] <Tommy_> but fonts is still small
[09:47] <twb> Tommy_: lsmod | grep fb
[09:49] <Tommy_> ok i will try
[09:56] <Tommy_> what should I read for you ?
[09:56] <twb> pastebin the output of that command
[09:57] <twb> Ok, that's odd.
[09:57] <twb> I jsut checked on my sid .38 system, and it has no fbcon module loaded
[09:57] <twb> But it *does* have i915 and drm_kms_helper
[10:00] <Tommy_> http://pastebin.ubuntu.com/643950/
[11:48] <Fidelix> Hello, can someone help me with this? Jul 14 08:47:56 fidelix sshd[14040]: reverse mapping checking getaddrinfo for 18740105196.user.veloxzone.com.br [187.40.105.196] failed - POSSIBLE BREAK-IN ATTEMPT!
[11:49] <Fidelix> I can't make a passwordless login on my server, and this appears in the server's /var/log/auth.log when I try to ssh
[12:05] <patdk-wk> it's just a warning, ignore it
[12:05] <patdk-wk> there isn't anything you can do about it, unless you bitch to your isp for a few months, they might fix it
[12:12] <_ruben> nothing you can do about the warning that is, passwordless logins oughta be a possibility still
[12:15] <Fidelix> I was only able to do a passwordless login after I set UseDNS no on sshd_config
[14:34] <zul> lovely mysql explicity depends on a gcc version now
[14:40] <Daviey> :o
[14:40] <skaet> yuk.
[14:40]  * skaet hopes its not an old version, and its a dependency on a specific bug implementation.... :P
[14:42] <hggdh> smoser: we need to test the new -proposed kernel for Hardy
[14:44] <hggdh> smoser: on EC2, forgot to mention, sorry
[14:48] <smoser> hggdh, what do you need (anything?) from me?
[14:49] <hggdh> smoser: I though we could run the Hardy with a --kernel= pointing to the lucid AKI
[14:50] <hggdh> darn! If I run on us-east1, I should provide an AKI from us-east1...
[15:13] <utlemming> smoser, hggdh: anything I can help with on testing the EC2 hardy kernel?
[15:14] <smoser> hggdh, wait...
[15:14] <smoser> if you wan tot test the -proposed kernel in hardy
[15:14] <smoser> then you boot the hardy image with the pv-grub kernel
[15:14] <smoser> and apt-get dist upgrade
[15:14] <smoser> and reboot
[15:15] <hggdh> smoser: yes -- with the --kernel pointing to the lucid pv-grub aki, correct?
[15:15] <smoser> yeah.
[15:15] <smoser> you confused me when you said "lucid AKI"
[15:15] <smoser> its not really a lucid AKI, but a generic (amazon owned) aki
[15:16] <hggdh> utlemming: I have it running now, thanks
[15:16] <hggdh> smoser: heh -- you published it in an email talking about Lucid, so I ass-u-med it was Lucid
[16:20] <patrickmw> jamespage: how's the jenkins ppa coming along?
[16:20] <jamespage> 7 packages to go
[16:20] <patrickmw> nice!
[16:20] <jamespage> currently unblocking something upstream in Debian
[16:21] <jamespage> (oh and thats oneiric archive - not PPA :-))
[16:21] <patrickmw> aww
[16:38] <semiosis> is there any way to have old versions preserved in a PPA?  currently whenever i upload a new version of a package the old version gets deleted.  can it keep them?
[16:41] <SpamapS> semiosis: when thats needed, its best to either have two PPA's, or add the version to the source package name.
[16:42] <semiosis> SpamapS: thanks thats what i was afraid of
[17:39] <foughala> hello
[17:39] <foughala> i want some help, please
[17:39] <foughala> about Wired Connection
[17:40] <foughala> i have two PCs
[17:40] <foughala> &  a switch
[17:40] <foughala> one PC with XP sp2
[17:40] <foughala> and this one with Ubuntu 11.04
[20:00] <xibalba_> good afternoon folks
[20:00] <xibalba_> i need a little help getting ubuntu 10.04 LTS installed ona Super Micro box with RAID 1
[20:01] <xibalba_> i went through the install once, and it completed successfully.
[20:01] <xibalba_> upon reboot i was dropped into a command prompt "grub rescue>"
[20:01] <xibalba_> i'm re-running the ubuntu install right now, thinking i messed up the grub settings somewhere. I wantd to know if anyone had any advice or input on this install type
[20:04] <lucidl> what's the safest way to upgrade to a newer release of a application that is in a newer release of ubuntu, into a older release
[20:07] <lucidl> I want to  install nut 2.6 branch instead of the 2.4.3 that is in lucid server
[20:08] <xibalba_> looks like i should go the fakeraid router maybe
[20:08] <xibalba_> i thought the intel stuff would be supported, it's an ich10r
[20:21] <pythonirc101> I've a ubuntu server that is connected on the web using dhcp. What is the easiest way to configure it so that I can access it from outside? (from anywhere -- the dhcp is a 192.xxx ip)
[20:24] <e_t_> pythonirc101: set up port forwarding on your Internet-facing router to forward port 80 traffic to the server.
[20:56] <jamespage> smoser: python-boto 2.0 \o/
[20:56] <smoser> :)
[20:56] <smoser> let the fallout begin
[20:56] <jamespage> hehe
[21:06] <Daviey> smoser: eeeek
[21:06] <pythonirc101> e_t_: I would like to do ssh and http or anything else from outside so that i can forward the packets to this machine using a name or static ip perhaps.
[21:06] <Daviey> you've busted everything
[21:06] <Daviey> jamespage: ygm
[21:07] <jamespage> Daviey: ygm to
[21:07] <Daviey> so i have!
[21:10] <e_t_> pythonirc101: The static IP will be on your router. You can buy a domain name from any of the registrars and assign that name to your static IP. After that, you still need port forwarding because a server with a 192... address cannot be reached from the Internet. You can forward all the ports you desire, though you should only forward those for services you're actually using.
[21:12] <pythonirc101> e_t_: I dont have a static ip
[21:12] <pythonirc101> my network administrator gives me only a dhcp connection
[21:12] <pythonirc101> which is good for browsing and such but not running servers
[21:13] <e_t_> pythonirc101: dyndns.org
[21:13] <pythonirc101> e_t_: exactly. Now, can i use commandline from ubuntu server to configure dyndns?
[21:14] <e_t_> pythonirc101: sudo apt-get install dyndns gets you the update client.
[21:16] <pythonirc101> thanks
[21:16] <pythonirc101> e_t_: how do i get a name?
[21:16] <pythonirc101> can it be done from the commandline?
[21:18] <pythonirc101> e_t_: perhaps this will work : http://en.kioskea.net/faq/718-installing-a-dyndns-client ?
[21:18] <e_t_> pythonirc101: No. You'll need to visit the dyndns website and set up an account. I think you can get a subdomain (i.e. pythonirc.dyndns.org) for free. After that, you configure the client program according to the instructions you posted.
[21:19] <pythonirc101> e_t_: if i have 20 such machines to run, then this doesnt sound like a good solution :(
[21:19] <utlemming> smoser: ping
[21:19] <pythonirc101> hence i wanted a commandline solution
[21:20] <smoser> here
[21:20] <smoser> but not for long utlemming
[21:20] <e_t_> pythonirc101: Perhaps you should describe your setup in more detail. There might be alternate solutions.
[21:20] <utlemming> smoser: k
[21:20] <utlemming> do you want to sync up tomorrow morning then on the training thingy for Monday?
[21:21] <smoser> yes
[21:21] <utlemming> kees, I'll ping you around 10:30ish (GMT-0:600)
[21:22] <utlemming> Interesting...apparently my IRC client replaces k\, with kees
[21:23] <kees> heh :)
[21:23] <utlemming> lol
[21:23] <utlemming> smoser: I'll ping you around 10:30ish (GMT-06:00) if that works for you
[21:23] <smoser> good deal
[21:54] <zul> kees: i need to bug you tomorrow about a couple of openstack things
[22:03] <CrazyGir> hello! forgive me if this is not the best place this question, but I'm not sure who else to direct this to, and I'm using kvm/libvirt & ubuntu-server, which it seems like a fair number of folks here are skilled with :)
[22:05] <e_t_> !ask | CrazyGir
[22:05] <CrazyGir> I have inherited responsibility over a set of VM servers and their VMs. I did not setup the servers themselves or the networking setup (which is a little complicated). These servers were originally going to be in a 2-node active-active cluster, but we ran into so many issues with that, the admin working on the systems separated them and they are now standalone (the networking config was left as is though)
[22:06] <CrazyGir> I'm getting there, sorry, a lot to sort through and figure out what to say
[22:06] <CrazyGir> I have been creating VMs on one of these systems, and am having a difficult time figuring out what I need to do to get network connections from the external interface to the VMs themselves
[22:07] <e_t_> What you have to do is set up the VM host as a router. I can walk you through it.
[22:08] <CrazyGir> that might already be done
[22:09] <e_t_> Then you set up some iptables rules to do Network Address Translation, from the VMs to the outside.
[22:09] <alamar> .o(eh.. what vm technology are we talking about?)
[22:09] <alamar> ah
[22:09] <alamar> i c, didnt scroll up enough
[22:10] <CrazyGir> e_t_: how can I review/look at the current config there
[22:11] <CrazyGir> I'm not as skilled in ubuntu/linux as I am in BSD
[22:11] <CrazyGir> right now I have a bridge interface setup with an external IP
[22:11] <e_t_> iptables -L or iptables -t nat -L will show any current iptables rules.
[22:11] <CrazyGir> then a virtual bridge setup for the VM subnet
[22:13] <CrazyGir> wow that cmd is slooooow
[22:13] <e_t_> For me it's nearly instantaneous.
[22:13] <CrazyGir> hrm
[22:13] <CrazyGir> not here
[22:14] <sparc> maybe add a -n
[22:14] <sparc> to avoid dns resolution
[22:14] <CrazyGir> this makes me miss pf
[22:14] <CrazyGir> so I see this, which is related to the vm subnet: MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
[22:14] <CrazyGir> and two others, one ecah for TCP/UDP
[22:15] <CrazyGir> that's outbound? source is .122.x and destination is anything else, am I understanding that correctly?
[22:15] <e_t_> OK. That looks like it was set up with virt-manager. If you've got that program, you can handle the networks graphically.
[22:16] <CrazyGir> virt-manager would run on the server?
[22:16] <CrazyGir> e_t_: could the DRDB Management Console potentially have done thi?
[22:16] <CrazyGir> that
[22:16] <CrazyGir> *that
[22:16] <e_t_> virt-manager is kind of cool in that it can connect to a remote kvm, but it can be run locally.
[22:17] <e_t_> I have no knowledge of DRDB.
[22:17] <CrazyGir> hmm.. I could probably get that setup in my xubuntu (local) vm
[22:20] <pltmnky> I'm having trouble getting a qlogic IBA7322 HCA card recognized. The libraries are installed, the udev rules are in place, however the device is never populated.
[22:20] <pltmnky> running ubuntu server 10.04
[22:20] <pltmnky> it is an infiniband card
[22:24] <e_t_> CrazyGir: You could also ask in #virt (OFTC).
[22:25] <CrazyGir> for what? the network config?
[22:25] <e_t_> For anything libvirt related.
[22:26] <CrazyGir> hah
[22:26] <CrazyGir> ok, well how should I go about working with / configuring these bridges to get from ext --> VM?
[22:27] <CrazyGir> the virt-manager isn't able to connect, so if I can do this on the cli, that is fine
[22:27] <e_t_> You want services running on the VMs to be accessible from outside?
[22:27] <CrazyGir> yep, HTTP/etc
[22:28] <e_t_> OK. That's port forwarding (it seems like that's the topic du jour).
[22:28] <sarkis> what are these services in here /usr/share/dbus-1/services
[22:28] <sarkis> used for?
[22:29] <sarkis> how can i restart a certain service from that folder?
[22:29] <CrazyGir> e_t_: for the immediate moment, port forwarding would be fine
[22:29] <CrazyGir> in the future I would want to give some VMs ext IPs
[22:31] <CrazyGir> e_t_: so iptables is what I should use to setup port forwarding?
[22:31] <e_t_> CrazyGir: Yes. Here's a guide http://www.debian-administration.org/articles/73
[22:32] <CrazyGir> thanks for the direction here :)
[22:33] <CrazyGir> e_t_: are iptables commands entered via the cli, or is there a set of files you edit?
[22:34] <e_t_> Command line. However, they are wiped out on reboot, so you'll want to enter anything you want to keep into a script to be run at boot.
[22:34] <CrazyGir> hah!
[22:35] <CrazyGir> oh what joy :)
[22:35] <CrazyGir> is there anything in ubuntu that exists already as the "standard" script to add such iptables commands?
[22:36] <e_t_> Not that I know of. You can add the commands to /etc/rc.local, or make a separate script and call it from rc.local.
[22:36] <CrazyGir> oies
[22:36] <CrazyGir> *okies
[22:40] <CrazyGir> ok, so I have those rules in place, forwarding 8000 on the ext IP to 8000 on one specific VM
[22:40] <CrazyGir> nothing gets through (browser times out, and http on the VM doesn't see anything) so is there a way I can confirm the TCP packets are even getting through to the VM?
[22:44] <e_t_> ping or traceroute
[22:47] <CrazyGir> oh nice! tcpdump to the rescure
[22:47] <CrazyGir> *rescue
[22:48] <CrazyGir> ok, I can confirm the packets getting through the server and off to the vm
[22:48] <e_t_> But not coming back?
[22:48] <CrazyGir> not getting to the VM
[22:49] <CrazyGir> tcpdump run on the VM sees nothing
[22:50] <CrazyGir> no iptables rules are setup on the VM
[22:51] <CrazyGir> so I don't quite understand what is getting in the way
[22:54] <CrazyGir> any thoughts / suggestions, not sure what to dig into next here
[22:54] <e_t_> There shouldn't be an iptables on the VM itself.
[22:54] <CrazyGir> there aren't
[22:54] <CrazyGir> I'm able to SSH to the VM from the VM server
[22:55] <CrazyGir> so I know the VM is setup correctly in that sense
[22:55] <e_t_> Can you pastebin the output of ifconfig on the VM server?
[22:56] <CrazyGir> sure
[22:56] <CrazyGir> it's long, cause of all the VLAN/etc config for the original setup that is nolonger
[22:59] <CrazyGir> 22:48:39.259017 IP ppp-x-x-x-x.XXX.net.44372 > 192.168.122.218.8001: Flags [S], seq 1399355578, win 8192, options [mss 1442,nop,nop,sackOK], length 0
[22:59] <CrazyGir> e_t_: this is from tcpdump, does this confirm the packet was SENT to the .218 IP?
[23:00] <CrazyGir> or just that it is destined for the IP
[23:00] <e_t_> That just says it was sent.
[23:01] <e_t_> You might also paste /etc/network/interfaces
[23:03] <CrazyGir> there's a lot here i need to santize out :(
[23:03] <CrazyGir> well, not a whole lot, but some
[23:06] <CrazyGir> e_t_: http://dpaste.com/568852/
[23:06] <CrazyGir> there's more in ifconfig
[23:06] <pltmnky> ignore my question, qlogic cards use a mellanox chipset, had to install the mellanox drivers
[23:07] <CrazyGir> that is good to know
[23:09] <CrazyGir> e_t_: thoughts?
[23:10] <e_t_> CrazyGir: It looks to me as though a lot of things a jumbled together in there, though that may be a result of sanitization.
[23:10] <e_t_> s/a/are
[23:14] <e_t_> This is a single VM server? If so, I would set it up to have one external IP (maybe bonded NICs, but one IP). There should be only one bridge interface, bound to eth0, and then all the VMs connected to that bridge interface.
[23:14] <mfdl> Anyone have some time to work me through an installation issue?
[23:15] <CrazyGir> e_t_: I believe that is exactly how it is setup, but with some other cruft (eg from drdb link between the two servers in the original cluster, etc)
[23:18] <e_t_> CrazyGir: Well, I saw two bridges, an eth1, and an eth0.7 (0.0 - 0.6?). If there's a lot of networking cruft, it may be causing hidden routing errors.
[23:21] <CrazyGir> hmmm
[23:21] <CrazyGir> I know!
[23:21] <CrazyGir> nginx to the rescue
[23:21] <CrazyGir> for now I'll use nginx on the vm server :)
[23:22]  * e_t_ has no idea how that will help.
[23:22] <CrazyGir> it will help me get the immediate need resolved while making time for me to sort out these more complicated issues
[23:22] <CrazyGir> the VM server can hit the VM network just fine, so I can use nginx as a reverse proxy
[23:36] <CrazyGir> e_t_: how can I remove iptables rules?
[23:37] <CrazyGir> err... remove _only_ those that I had added before
[23:43] <e_t_> That's a little more difficult. iptables --flush will wipe everything.
[23:43] <CrazyGir> yea
[23:43] <e_t_> Which commands did you enter before?
[23:43] <CrazyGir> I guess I could reboot, provided that the existing stuff is all in iptables
[23:43] <e_t_> Rebooting would fix it.
[23:44] <CrazyGir> from http://www.debian-administration.org/articles/73
[23:44] <CrazyGir> it actually looks like ufw was used to configure this vm server
[23:44] <CrazyGir> I imagine ufw has a way of persisting rules
[23:45] <e_t_> it does
[23:47] <CrazyGir> so a reboot will fix this
[23:47] <e_t_> It should.
[23:47] <CrazyGir> okies, thanks for your help! I'm going to take a break on this and come back with a fresh mind laters ;)