/srv/irclogs.ubuntu.com/2011/08/04/#ubuntu-us-ar.txt

zillahhey all01:05
krakrjakhey what's up?01:22
zillahtrying to fix my ubuntu server lol01:31
zillahi'm having issues with iptables and can't figure out what i'm doing wrong01:34
krakrjakpastebin it up02:18
krakrjaksorry got distracted by iscsi again.02:18
zillahi'm not sure what to paste02:22
zillahi think i may have it if i can figure out how to paste into vi on ubuntu from putty on windows that i'm logged into from a Mac02:26
zillahhaha, i got it02:27
zillahwell, i was able to paste...i still haven't fixed my problem...i can't ssh into the server from outside the network02:30
zillahi added:02:30
zillah/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT02:30
zillahto /etc/rc.local02:30
zillahand ran both from a shell, but i still get a time-out when i try to connect02:30
krakrjakwhat's the other one?02:39
krakrjakI see the harmless rule.02:39
krakrjakyou've stumped me.  have any console access?02:41
krakrjakok...  so can you see port 22 filtered on the host using nmap -P0 -p 22 <host>?02:43
zillahi can get in by using terminal services to a Windows server then putty from there02:43
krakrjakright, but from outside the network can you see the host at all?02:44
krakrjakjust no ssh after using -A INPUT?02:44
krakrjakyou might want the rule higher in the list.02:44
zillahyeah i'm not sure what nmap says though...i don't have any boxes with it here02:44
zillahi think i can put it on the mac real quick02:45
krakrjakok so check the iptables -L INPUT and see if there's a block all before the specific ACCEPT02:45
zillahok02:47
zillahhere is my /etc/rc.local02:47
zillahhttp://pastebin.com/kH9X9a3X02:47
zillahall of the port forwards work02:47
zillahyeah, they are at the bottom02:50
krakrjakhrm..  I think the OUTPUT rule is bad.  I think I'd just set -P OUTPUT ACCEPT at the top.02:50
krakrjakI don't know why this isn't working though...  seems like it should.02:50
zillahACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh02:52
zillahoops, didn't mean to paste that02:52
krakrjakhttp://pastebin.com/QBTXpbCN02:52
zillahhttp://pastebin.com/4cu1A3MN02:53
krakrjakYeah that looks good.02:53
zillahthere is the INPUT chain02:53
krakrjakok let's see here.02:53
krakrjakOUTPUT have any hints...  I think 23 should be higher.  I don't think anything makes it past #1402:55
zillahhttp://pastebin.com/1GgCYe2b02:57
krakrjak#17 and #18 are not needed.02:58
krakrjakWhat is managing your firewall besides rc.local?02:58
krakrjakThere's a lot of rules in there for the small bit of iptables in the rc.local.  Like the DROP policy on INPUT for example.02:59
zillahthat's what i was wondering02:59
krakrjakufs?02:59
krakrjakufw?02:59
zillahmaybe these don't need to go in rc.local02:59
krakrjakI think you can leave the forwards there if you want :)03:00
zillahroot@ubuntu:/home/mitchell# service ufw status03:00
krakrjakjust need to find the other program fiddling with the firewall.03:00
krakrjak11.04?03:01
zillahno older...i can't remember what to cat to find it03:03
krakrjakhrm...  what's in /etc/init.d03:03
krakrjakany of those sound like firewall programs?03:04
zillahnot any that i recognize03:05
zillahufw is in there but says it isn't running03:06
zillahoh...firestarter is in there03:06
krakrjakhrm...  that sounds likely03:06
zillahit's running03:06
zillahisn't firestarter a GUI tool?03:07
krakrjakyeah, but I guess you can use it from the command line...03:07
krakrjakit can be used as a daemon and just managed as files from the ubuntu page I found.03:08
krakrjakhttps://help.ubuntu.com/community/Firestarter03:09
krakrjakYou can try just turning it off invoke-rc.d firestarter stop and see what the new rules look like then run your rc.local again.03:09
krakrjakif you're fixed just uninstall firestarter03:09
zillahi'm gonna try it03:10
zillahyay!!!!03:11
zillahit works!03:11
zillahthat is soooo much better03:13
zillahhaha, now my eggdrop is open to the outside, not sure i like that03:15
zillahbut now I now how to fix it  :)03:15
zillahthanks for the help03:16
krakrjakanytime03:24
zillahlol now i can't get irssi to compile on it or install via apt03:36
krakrjakack!03:36
zillahi need to upgrade this box, but when i do it breaks vmware03:36
zillahDISTRIB_DESCRIPTION="Ubuntu 9.04"03:38
zillahDISTRIB_DESCRIPTION="Ubuntu 9.04"03:38
krakrjakdang, going way back in Ubuntu terms.03:46
krakrjakit's only one Debian back though :)03:46
zillahlol this box is just a little over two years old03:46
krakrjakthis box is much older, but the OS is newer.03:47
zillahi've resisted upgrade/reinstall because of vmware...i have a free license for vmware infrastructure and it seems like you can't get that anymore03:49
zillahand if i re-install vmware it will have to reactivate the license or whatever03:49
zillahand the virtual machine on it is my PDC for my Windows domain03:50
zillahhey TommyT03:59
TommyThowdy03:59
zillahhow are you tonight?>03:59
TommyTdoing OK... trying to do six things at once, though. I forgot I had irc open on this netbook04:00
zillahlol i know how that goes04:00
TommyTwere you in on the Google+ meeting last night?04:01
zillahyeah, i'm Mitchell04:01
TommyTAh... I don't know everyone. Maybe I will learn names better if I use the Google+ thing04:02
TommyTI did get my sound going04:02
zillahwhat did you have to do?04:02
TommyTThe workaround for this model on 11.04 is run pavucontrol then run the LEFT mic volume to zero04:02
TommyTI don't know why04:03
TommyTThis is an Acer Aspire D26004:03
TommyTWal-mart special04:03
zillahheh, well at least it works04:03
TommyTThe stock control re-locks the volume controls together04:03
TommyTIf I was smart enough to understand what was going on there's probably a config file to fix it for good04:04
zillahoh, you have to change it after every re-boot?04:05
TommyTthe place I read it says it pops back easily, but so far it has persisted04:07
TommyTI think various applications mess with it and make it stop working04:08
TommyTSkype is one that was mentioned04:08
TommyTI'm getting the "time for bed" message from the other room...04:09
zillahah04:09
zillahlol04:09
TommyTI'll try to have proper hardware for the next Google+ thing04:09
zillahi'm hoping to be on linux instead of mac next time04:09
TommyTwhatever works... I may have to move to the Mac if I can't get things working otherwise. This netbook is ALMOST too underpowered04:10
TommyTWe have a Mac Mini that can probably handle it though04:10
TommyTBut we don't keep a camera on it04:10
zillahI miss my Mini, i sold it when i got my macbook pro04:10
zillahi got an iSight but the audio wouldn't work on Snow Leopard, but it would on older MacOS04:11
TommyTTHat's weird. Is it the old old firewire iSight?04:12
TommyTI have a generic Logitech that works fine04:12
zillahyeah, it was the old old firewire i think04:13
TommyTif it says Plug & Play in Windows XP, it will generally work on linux, and many Mac apps work fine with them too.04:13
zillahyeah, i had a logitech working using Macam04:13
zillahframerate was horrible though04:14
TommyTI don't do video much... but the Google+ was impressive especially for a "free" service04:14
TommyTI was shopping around for a conference service awhile back and that did fine04:15
zillahyeah, same here.  I've  played with FaceTime a little, but hasn't been that useful yet04:15
zillahi was impressed with Google+04:15
TommyTSo as the article they linked to said, I think for Google+ the hangouts (is that what it's called?) will be the killer app04:15
TommyTI haven't done the circle stuff much yet04:15
zillahyeah04:16
zillahyou mean as far as making new circles, or just putting people into them?04:16
TommyTputting people in...somewhere here I had an article with the 15 people you should follow with Google+ so I added some "celebrity" stuff04:16
TommyTBUT04:16
TommyTthe article listed Newt Gingrich as someone worth following... but he got called out for having like 80+% fake followers on twitter04:17
zillahlol04:18
TommyTI have used FaceBook for awhile but so far few people I have known for a long time are on Google+04:18
TommyTIt wouldn't even let ME in until Tony sent me the invite04:18
TommyTand _I_ thought Google loved me04:18
TommyTthey even sent me a shirt04:18
zillahLOL04:19
TommyT(I was a paid Blogger user and they sent a nice shirt to people when they made it free)04:19
TommyTbut what have I done for them lately?04:19
zillahi'm not sure how i got signed up04:19
zillahi think i just logged into gmail one day and it was there04:20
TommyTThat's what _I_ expected to happen... that's how lots of stuff has been with them for me04:20
TommyTsites, voice, etc.04:20
TommyTI have the phone number, several sites, even domains they manage04:20
TommyThost, I mean04:21
TommyTBut I guess I'm not social enough or something04:21
zillaheverything i have i had somewhere else before google bought it04:21
zillahlike grandcentral and picasa04:21
zillahlol04:21
TommyTOH and I have an Android phone. Surely that counts for something. Yeah I had GrandCentral.04:22
zillahi'm thinking about switching to Android04:22
TommyTI used Flickr instead of Picasa, though04:22
TommyTAndroid has been OK but it has amazingly rough edges04:22
TommyTI have a Verizon Motorola Droid2, and the stuff you have to do to make it acceptable is a pain04:23
zillahi have a chinese tablet running 2.204:23
zillahit's ok for what it is, but i can only use the amazon market04:23
TommyTThat's odd... I tried the Amazon market and it didn't manage the apps as well as the Android one04:24
TommyTBut maybe I didn't give it a chance04:24
TommyTI noticed everything I wanted was in both places and sometimes cheaper (free) on Android04:25
zillahyeah thats what i've heard04:25
TommyTwell maybe that is the signal to go to bed. the trackpad just put me into Facebook chat04:26
TommyTand I sent a message to an old friend of mine who is offline04:26
TommyTso I told her "oops"04:27
zillahlol04:27
zillahtake care man04:27
zillahttyl04:27
TommyTbye04:27
zillahyay, i finally got irsii compiled04:46

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!