/srv/irclogs.ubuntu.com/2011/11/06/#ubuntu-server.txt

=== tortuguito is now known as tortu[banhu
potatoeCan you recommend a tool that will brute force a given FTP server at least 20-30 times before crashing ? preferably in under 5 minutes, it has to trigger fail2ban01:59
potatoeapparently running ftp from the command line multiple times is not fast enough02:00
ropetinTHC Hydra?02:01
potatoeI think my fail2ban is incorrectly setup, I did at least 20 logins in 2 minutes, that should of triggered it, I'll keep looking02:02
=== esquilinho is now known as o_ultimo_do_moic
qman__while true; do ftp somehost &; done02:50
qman__could crash your system02:50
SpamapSqman__: yes, nie fork bomb02:59
=== o_ultimo_do_moic is now known as tortux
ropetinNot sure it would trigger fail2ban either, depending I guess on the regex used03:07
=== jason is now known as Guest38057
=== Guest38057 is now known as jasef
ZanzacarHi everyone, I wanted to setup a static IP address for my home server.04:35
Zanzacarhttp://www.howtogeek.com/howto/ubuntu/change-ubuntu-server-from-dhcp-to-a-static-ip-address/04:35
ZanzacarThat is the site I was following but I had a few quick questions for anyone that is willing to help.04:35
jasefI'll help if I can, shoot04:35
Zanzacar1. What is the netmask I should use? 255.255.255.0 seems normal from what I have seen but was not sure.04:36
jasefUse whatever netmask your home network uses. Probably 255.255.255.0,04:36
Zanzacar2. network is refering to the actual router it is connecting to?04:36
jasefAre you on 192.168.x.9?04:36
jasef.x.0*04:36
Zanzacar192.168.0.xx04:36
jasefand no, network is the 'network address' which is the first address, which is unusable04:36
jasefSo for you, you want 192.168.0.0 as the network04:37
Zanzacarok so what about broadcast? and gateway?04:37
jasefbroadcast should be 192.168.0.25504:37
jasefAnd gateway is the IP of your router04:37
jasefWhich is probably 192.168.0.104:37
Zanzacarcorrect04:37
Zanzacarwellt hen I guess I will try out everything on that site and if it doesnt work I will have to pull out the monitor04:38
Zanzacarand keyboard to reset everything haha04:38
jasefLol. It's always dangerous to try that :P04:38
Zanzacarto try and setup a static IP?04:38
jasefBut as long as you have everything from the guide (double check for typos!) it should be fine04:38
ZanzacarI wish I could just do it with my network04:38
jasefNo, to set new settings that can screw up your networking :P04:38
Zanzacaro very true haha04:39
jasefCan't your router give out DHCP reservations?04:39
ZanzacarI meant router not network04:39
ZanzacarI dont think so I poked around but count find anything04:39
Zanzacarcouldnt*04:39
jasefEh. Some router's don't do it, but that's okay. That config should work. Just make sure you have the auth eth0 line there too or it won't even try to come up04:40
Zanzacarya the router is an older linksys router with limited features.04:41
jasefWhat IP are you trying to assign it?04:41
Zanzacarwell just something static04:41
jasefI'd recommend something that the router's DHCP won't normally assign, so that it doesn't conflict with anything in the future.04:42
Zanzacarit was at 192.168.0.14 for a long time but I was thinking about doing something higher like 68.111.168.226004:42
jasefNoooo.04:42
Zanzacarip start at .10 and go up from there04:42
jasefIt has to be 192.168.0.x04:42
jasefLike my network is 192.168.1.0, router gives out .100+, so my server is just .204:43
jasefBut it MUST match the first 3 groups of numbers (also called octets)04:43
Zanzacari see, my ip start at 68.111.168.226, so if I went with something liek .5 then it would work04:43
jasef... but... you only have one public IP.04:43
jasefYou have to give it an internal IP address04:43
jasefUnless you've bought more from your ISP...04:44
jasefAnd even then, you would use an internal with NAT to forward the ports, I'd assume.04:44
jasefSorry, this laptop kills channels if I accidentally lave it pointed at them04:44
jasefs/lave/leave/04:44
ZanzacarI had it set to 192.168.0.14, i forwarded the port so I could SSH in04:44
Zanzacari reset the router and then it reset the ip04:45
Zanzacarso now it is 68.111.168.22604:45
jasefYour router's external IP is that, right?04:45
jasefif you type ifconfig on the command line04:45
Zanzacarwhich is annoying because now I need to change my router setting, my auto ssh etc etc etc04:45
jasefWhat's the IP that shows up?04:45
Zanzacar68.111.168.22604:45
jasefUhm... what... that shouldn't be possible....04:46
Zanzacarwhy is that?04:46
Zanzacarmy router is 192.168.0.104:46
jasefYes04:46
Zanzacarip start at 68.111.168.22604:46
jasefWhich means all computers on your network should be 192.168.0.x04:46
Zanzacarthe ip address on my network are04:47
Zanzacar68.111.168.22604:47
Zanzacar192.168.0.1104:47
jasefCan you explain what you mean by 'ip start at 68.111.168.226' ?'04:47
Zanzacar192.168.0.1204:47
Zanzacar192.168.0.1304:47
Zanzacar.1404:47
Zanzacar.1504:47
Zanzacaris that bad?04:48
Zanzacarthats the output I get from nmap, and also ifconfig/ipconfig etc.04:49
jasefIt's just unusual for you to have an IP like '68.111.168.226' on a local computer04:49
jasefUnless it's your router's own external address - then that's fine.04:49
jasefBut if your home server is connected to the router just like all the other computers, it should have a local address, unless it's dialing the PPP connection itself.04:50
jasefCould you please pastebin the output of 'ifconfig' and 'netstat -rn' from the server? I'm just trying to understand what's going on here04:50
jasefhttp://paste.ubuntu.com/ or the pastebinit package works pretty nicely04:51
Zanzacarjasef: Thanks everything worked out perfectly05:04
Zanzacarjasef: I got my IP setup correctly and everything05:05
jasefAwesome :)05:05
Zanzacarwasnt too hard and I didnt have to bust out the monitor and keyboard haha.05:05
ZanzacarI am off to other things though, just wanted to pop in and say thanks.05:05
uvirtbotNew bug: #886757 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/88675708:06
goddardso i go in and try and make it so i can login to my other box via ssh key which was working fine with a password before i changed the config and now all of a sudden it doesn't work i get Read from socket failed: Connection reset by peer09:34
goddardeven trying to connect to the local machine from the same machine results in the same error09:35
goddardssh is started09:35
=== jhelwig is now known as zz_jhelwig
goddardhttp://serverfault.com/questions/265244/ssh-client-problem-connection-reset-by-peer10:08
RoyKheh - Slackware is a free and open source Linux-based operating system. [...] The current stable version is 13.3712:43
=== smw_ is now known as smw
=== jason is now known as jasef
uvirtbotNew bug: #886822 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/88682214:51
=== jaskal_ is now known as jaskal
uvirtbotNew bug: #883813 in php5 (main) "php cronjob high cpu usage" [Undecided,New] https://launchpad.net/bugs/88381315:54
uvirtbotNew bug: #884163 in openldap (main) "OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability" [Medium,Confirmed] https://launchpad.net/bugs/88416316:07
uvirtbotNew bug: #885758 in samba (main) "'ldap passwd sync = yes' and ldap password not updated" [Undecided,New] https://launchpad.net/bugs/88575816:22
uvirtbotNew bug: #885904 in php5 (main) "CVE-2011-1148 Use-after-free vulnerability in the substr_replace function allows context-dependent attackers to cause a denial of service" [Undecided,Invalid] https://launchpad.net/bugs/88590416:22
=== jason is now known as Guest3984
=== Guest3984 is now known as jasef
keithclarkI've installed Apache and it works fine.  I can verify with http://localhost.  I've installed mysql.  I've installed php, but when I test with a simple phpinfo.php script using http://localhost/phpinfo.php I get a download dialog box.  What am I doing wrong?18:37
=== zz_jhelwig is now known as jhelwig
keithclarkI am using this page as a reference:  http://blog.sudobits.com/2011/10/28/how-to-install-lamp-apache-mysql-php-on-ubuntu-11-10/18:39
keithclarkNo worries, I figured it out.18:40
keithclarkCan someone please test my apache setup?  http://http://clarkhome.dyndns-home.com/18:49
ChmEarlkeithclark, its trying here 69.166.23.54, but port 80 is not open18:51
keithclarkhmmmm18:51
keithclarkip address is correct18:52
virusuyfirewall or port forwarding ?18:53
keithclarkmodem to router.  Port forwarded18:53
YompaOr even an ISP often block common server ports.18:55
keithclarki've set it with 'Virtual Servers'.  I also have 'Port Forwarding' option as well18:55
keithclarkCould someone try again please?18:56
ChmEarlclarkhome.com works18:57
keithclarkChmEarl, so it changed from not working to working, correct?18:58
ChmEarlConnecting to www.clarkhome.com|74.125.127.121|:80... connected18:58
keithclarkChmEarl, that is not me18:58
ChmEarlhangs: Connecting to clarkhome.dyndns-home.com|69.166.23.54|:80...18:59
keithclarkhmmmm18:59
keithclarkI have my speedtouch modem forwarding that port to my dir-615 router and the router set to port forward to my computer19:01
keithclarkDoesn't seem to be working.19:01
Yompakeithclark, if you are on a residential ISP connection, try a different port like 8080 or 8888 forwarded to your local server port 80. Some ISPs have firewalls blocking common server ports.19:04
keithclarkYompa, I'm checking on that now.  I've submitted a support ticket.19:05
ChmEarlkeithclark,  port 22 is closed too19:06
ChmEarlor nothing listening19:06
keithclarkChmEarl, I now19:06
keithclarkChmEarl, how about 21?19:06
ChmEarlits a total blackout19:07
keithclarkI would be surprised if it was my ISP.  It is a small, local company.  No limits and very liberal.  I'm thinking it is my router.19:07
keithclark(talk about secure though!)19:08
pukekomorning all...  i have several VMs that will be running various web-servers, i want to stick an accelerator in the mix to forward requests to certain machines based on FQL , i need some advise on what to use, is squid overkill ? how about Varnish ?19:08
ChmEarlkeithclark, some technical sites provide a port scanner19:09
ChmEarlI have port 8080 forward inside my LAN to a Xen guest... imagine how long that took to setup19:09
keithclarkFunny, on Primus it was no issue at all.  I was sure they would have blocks on the common ports but it worked out just fine.19:11
ChmEarlkeithclark, here is one: http://www.subnetonline.com/pages/network-tools/online-port-scanner.php19:14
ChmEarlcheck the ToS box first19:15
virusuydork: ping19:18
keithclarkthanks ChmEarl19:18
keithclarkOk, port 80 is not blocked by my isp20:19
keithclarkBut still the port is closed20:21
keithclarkI just cannot get through20:25
keithclarkAny ideas?20:27
qman__are you connected to here through said internet connection?20:29
keithclarkYup20:29
qman__well, it's not answering connections on 80 or 21, they time out20:32
keithclarkYup....not sure why20:32
qman__if they were making it to your server, they'd be refused or accepted unless otherwise configured in the firewall20:33
qman__so they have to not be getting there at all, which means either router config or ISP20:33
keithclarkYup.  ISP assures me no blocking of any ports20:33
keithclarkModem is forwarding all 80 and 21 ports to the router.20:33
keithclarkRouter is forwarding 80 and 21 to this machines ip address20:34
qman__try forwarding a nonstandard port just to test20:34
qman__above 102420:34
keithclarkI tried 5222, still nothing20:35
qman__then I'm going to have to say router20:37
keithclarkYeah, throw it out an get another?20:37
qman__could be, a lot of them really overcomplicate things and bury settings20:37
qman__if you can't find any substantial information on it, I'd get something else20:38
keithclarkI've been through 3 of these routers!20:38
qman__trying to do this, or they just failed?20:39
keithclarkYup, same issue.20:39
qman__also, same ones/brand, or different20:39
keithclarkdifferent brands20:39
keithclarkI'm thinking Ubuntu20:39
qman__if ifconfig returns the address you expect, try browsing from a different computer20:40
keithclarkbrowsing?  I have 2 other machines that browse find plus my ps320:41
keithclark*fine20:41
qman__browsing to your ubuntu server20:41
qman__e.g. http://192.168.1.12320:41
keithclarkI will try that20:41
qman__the thing is, if you're getting to ubuntu but it's misconfigured, you'd get a connection refused, not a time out20:44
qman__so it has to be something with the networking20:44
keithclarkhmmm20:44
qman__maybe it doesn't have the IP you think it does, or something is wrong with the NIC/cable/switch/etc20:44
qman__all of which you can troubleshoot by attempting to get to it from the LAN20:45
qman__by default ubuntu has an accept all firewall policy20:46
pukekoany recommendations for a "load balancer/forwarder" to use for a couple of VMs hosting web applications ? i have only one public Ip available20:46
keithclarklocal access works20:47
keithclarkI can get to this machine from another on my LAN20:49
qman__ok, can the ubuntu box get to the internet? default gateway and nameservers working20:50
keithclarkYes, I'm typing from it20:50
qman__then it has to be the router config20:50
qman__ubuntu knows how to get to the internet and accept connections from your network20:51
qman__double check the IP on your ubuntu with ifconfig20:51
qman__and make sure it's right in the router20:52
keithclarkChecked many times.  Just did it again and all is fine.20:52
qman__also, try the DMZ setting if it has one20:52
keithclarkYup, only one router20:52
qman__and turn off any SPI firewalls on the router20:52
qman__accept wan ping, no filtering20:53
keithclarkdmz did not work20:53
keithclarkspi off20:54
qman__pings are not getting through to you20:54
keithclarkMost secure system on the web today!20:54
qman__what does your network layout look like? systems - router - modem - internet? or combo router/modem20:55
keithclarkspeedtouch on 192.168.1.254 to dlink dir-615 router20:56
qman__if you have the former, but your modem is actually a router/modem, that could be the problem20:56
qman__the modem would then need to DMZ your router20:56
keithclarkFirewall on the speedtouch is disabled20:57
keithclarkI have the very same modem on Primus at another location with another router and it works fine20:58
qman__well, your IP is not answering ping or any TCP connections on common ports20:58
keithclarkI know20:59
qman__so something is blocking them, the modem is first in line and therefore first to check20:59
qman__read: even if port forwarding doesn't work, it should be answering ping21:00
keithclarkyup, I understand21:01
keithclarkLIke I said, the most secure connection on the planet21:01
keithclarkWell, I'm at a loss here.  Not sure what to try next, if anything.21:10
qman__well, we've established it's not an ubuntu problem21:13
qman__if your modem is ISP provided, call them21:13
keithclarkI already have21:13
keithclark"Port 80 is not blocked"21:14
qman__yes, but tell them your modem won't respond to ping and you can't forward any ports21:14
qman__if it's routing, it should do both of those things21:15
qman__if it's bridging, your router is responsible for doing those things21:15
qman__don't take this the wrong way, but it's not magic, it's a pretty straightforward setup21:15
qman__one of the two is currently holding your internet IP, and is responsible for pings and forwarding21:16
qman__if it's not doing those things, it's either misconfigured or defective21:16
keithclarkI will do, thanks21:17
qman__if the modem is routing, it needs to DMZ your router, which then port forwards to your LAN21:17
qman__otherwise your router should be holding your internet IP on its WAN interface21:18
keithclarkI've emailed my isp concerning this.  I've never heard of a bad modem though21:20
qman__having such a specific problem with no other issues is rare, but it does happen21:21
keithclarkWell, we shall see.21:21
qman__configuration is far more likely, but in either case, you need to establish which device is responsible for answering pings21:21
qman__and find out why it isn't21:21
qman__once that's solved, you can move on to port forwarding if it still doesn't work21:22
pukekowhat speedtouch modem is it ?21:22
keithclarkST516 is what shows on the webpage21:23
qman__I have charter, but most of the customers I deal with at work have comcast with SMC modems21:24
qman__and they can fail quite spectacularly21:24
keithclarkLet's see how my ISP responds.  They are pretty friendly.21:27
keithclarkThe only other difference in my two setups is that this machine runs 11.10.21:28
keithclarkI hope that is not the problem21:28
qman__it has nothing to do with the problem21:29
qman__problem is that traffic isn't getting there in the first place21:29
qman__that's not to say it couldn't cause some other problems, but you'll have to get this working before you'd ever see them21:29
keithclarkOk, I'll wait to hear from my ISP21:43
savidIs there a place in ubuntu to store a global ssh known_hosts file?23:16
savidI tried /etc/ssh/ssh_known_hosts, but that doesn't seem to work.23:19
savidI tried even copying my ~/.ssh/known_hosts to /etc/ssh/ssh_known_hosts, but that doesn't work either.   Any ideas?23:28
RoyKimho that shouldn't be global23:30
uvirtbotNew bug: #886953 in samba (main) "smbstatus does not reliably detect that a samba connection is in use." [Undecided,New] https://launchpad.net/bugs/88695323:31
savidRoyK, I need it to be23:32
RoyKwhy?23:32
savidRoyK,  I'm using puppet to manage server configurations.  Servers need to be able to do git checkouts from various git servers.  I don't want to have to manage a "known_hosts" in the ssh directory of every user that needs it.23:33
savidRoyK, at any rate, what's wrong with the global ssh_known_hosts?   It's owned by root, and is mode 60023:33
savidSo security-wise it's no different than any other user's known_hosts23:34
RoyKif you're using puppet from the root user, it's not an issue23:34
RoyKjust update that file23:34
savidOh, hmm..  that's why I'm getting errors, because it's not the root user doing the checkout.23:35
savidguess I need to figure something else out23:36
savidI guess I assumed that the global ssh_known_hosts file would apply to all users.  But that would make it less secure, I guess23:36
savidAlthough, what's the point of /etc/ssh/ssh_known_hosts if only root can read it?23:38

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!