/srv/irclogs.ubuntu.com/2012/07/07/#ubuntu-beginners.txt

tunabreadhi00:10
tunabreadsomeone got a minute to help a poor noob with network troubles ?00:11
stlsainttunabread: we can try, just ask the question00:11
tunabreadits ... complicated00:11
stlsainttunabread: first off did you try google00:12
tunabreadi have a 10.04 LTS server installation on a vserver00:12
tunabreadyes, i tried google00:12
stlsaintok00:12
tunabreadi cant get any network connection in or out from the machine00:12
tunabreadi have VNC access, so i can access the shell00:12
stlsaintdoes host have net access?00:13
tunabreadthe only thing i did, was change the sshd_config file, and flush iptables00:13
tunabreadwell my ISP management console says, yes.00:13
stlsainttunabread: what did you change wihtin the sshd00:13
tunabreadi enabled protocol 100:14
tunabreadso i changed the line "protocol 2" to "protcol 2,1"00:14
stlsainthave you tried removing that?00:14
tunabreadi already changed it back00:14
tunabreadyes, had no effect00:14
stlsainttunabread: what iptables did you flush?00:14
tunabreadi reloaded the SSH, too00:14
tunabreadwell i used "iptables -F"00:14
tunabreadso it should flush all rules ?00:14
tunabreadi used that before on another machine, do disable iptables, for testing00:15
tunabreadthen reloaded the rules, worked.00:15
tunabreadcan you give me a hint what i should check ?00:16
tunabreadi tried ping, textmode browser, nothing works00:16
stlsaintwell what rules did you remove00:16
tunabreadi might mention, it worked before :)00:16
stlsaintiptabels -F just flushes the rules, not technically "disabling" them00:17
stlsainttunabread: what do you get when you ping say google?00:17
tunabreadunknown host00:18
tunabreadif i try to ping DNS servers, network is unreachable00:18
stlsainttunabread: what is the ipaddress?00:19
tunabread176.31.159.8500:19
tunabreadi guess the problem might be in iptables00:20
tunabreadi'm not that experienced with iptables, a friend of mine set it up and defined the rules00:20
tunabreadif you know what file you need to see, just tell me00:21
stlsaintif he did it right than he should have saved them in a .rules00:21
stlsainthopefull in /etc00:21
stlsaintlook for something like /etc/iptables.rules00:21
tunabreadyes, there is a file00:21
stlsaintcan you paste them here: paste.ubuntu.com00:22
stlsaintthe rules00:23
tunabreadi only have VNC, so i can only take a screenshot or type them down manually00:24
tunabreadhttp://web219.server-drome.info/web/iptables.png00:24
tunabreadjust say if i shall type them for you00:24
stlsainttunabread: well i couldnt see that screen so do you want to re-enable those rules?00:26
tunabreadfirst, i would like to gain network access again00:27
tunabreadlike, at all00:27
stlsainttunabread: did you have access when you had the rules up?00:29
tunabreadyes.00:29
tunabreadi changed the sshd config, and reloaded sshd00:30
stlsaintwell then we should probably put them back. have you tried that yet, re-enabling rules?00:30
tunabreadno00:30
stlsainttunabread: what is the name of that .rules file?00:30
tunabreadiptables.rules00:31
stlsaintiptables-restore << /etc/iptables.rules00:31
stlsainttunabread: it work?00:33
tunabreadthe VNC is using a very strange keyboard layout, i'm struggeling to find the <<00:34
stlsainttunabread: if you can find the keys you can just re-enter the rules manually00:39
tunabreadi found a way, ALT+60 on keypad00:40
stlsaintkk, check the rules with iptables -L00:40
tunabreadiptables seems to hang up when i enter your command00:42
stlsainttake away one of the <00:43
stlsaintiptables-restore < /etc/iptables.rules00:43
tunabreadiptables-restore v1.4.4: no command specified00:45
tunabreadError occured at line: 1600:45
tunabreadTry 'iptables-restore -h' or 'iptables-restore --help' for more information.00:46
stlsaintdid you enter entire command?00:47
stlsaintas it should show:00:47
tunabreadyes.00:47
stlsaintwell you entered something wrong00:47
stlsainttunabread: what is the location of that iptables.rules file?00:47
tunabread/etc/00:47
tunabreadwhen i cd into /etc/ and enter "cat iptables.rules" i get the right output00:49
tunabreadi entered: sudo iptables-restore < /etc/iptables.rules00:49
stlsaintwell since your already in the /etc directory just do: iptables-restore < iptables.rules00:50
tunabreadi tried, same output00:50
tunabreadwhat does error line 16 mean ? doesnt it try to parse the file already ?00:50
stlsainti would need to see the content of the file00:51
tunabreadyes00:51
stlsaintthere is an error at line 16 of the rules00:51
tunabreadi just finished typing00:51
tunabreadhttp://pastebin.com/9tYX1qkV00:51
tunabreadthe -ΓΌ in line 10 is a typo, it does not exist in the real file. sorry00:52
tunabreadhttp://pastebin.com/rcJxUV0q00:54
tunabreadtwo typos corrected00:54
tunabreadi am pretty sure that these rules were used before00:55
tunabreadsince he noted that in the install-log00:55
tunabreadwe have a log were we both write down everything we change00:55
stlsainttunabread: remove that space underneath the last rules listing in the file00:56
tunabreadhe also noted the name and location of the file (iptables.rules)00:56
stlsainttunabread: also the naming is wrong00:57
stlsaintor else you typed it wrong when you typed cat iptabls.rules on the paste00:57
stlsainttunabread: but remove that space under line00:57
tunabreadyes, i typed it wrong. sorry00:57
tunabreadwhat space under line ?00:57
tunabreadline 17 ?00:58
stlsaintno00:58
stlsaintyou are counting wrong, line 16 is the space, 15 is the rule, according to your paste00:58
tunabreadthere is a blank line, and i shall delete that ?00:59
tunabreadthe line after -A INPUT -j DROP ?00:59
stlsaintyes01:00
tunabreadok01:01
tunabreadit worked, no error, and iptables -L shows all the rules01:02
stlsaintcheck net01:02
tunabreadnetwork is unreachable01:03
tunabreaddo the rules make sense to you ?01:03
stlsainthonestly i didn't really look, just looked at the error line01:03
tunabreaddo you know an acceptable picture hosting service ?01:04
stlsaintso youve changed the ssh back and readded the rules01:04
tunabreadyes01:04
stlsaintstill no net01:04
tunabreadyes01:04
tunabreadwhat would you check ?01:04
stlsainttunabread: what does ifconfig show01:05
tunabreadhttp://imageshack.us/photo/my-images/259/ifconfig.png/01:06
tunabreadi hope thats acceptable01:06
tunabreadhttp://imageshack.us/photo/my-images/208/iptables.png/01:06
stlsaintyour not pulling an ipaddress01:07
tunabreadoh01:07
tunabreadit is possible that my ISP screwed something up. at least, i would not be suprised by that.01:08
tunabreadjust mentioning01:08
stlsainthow does the vserver work?01:08
stlsainthost?01:08
tunabreadthey say KVM01:08
tunabreadwhat details do you need ?01:09
stlsaintso you have a host server providing a kvm virtual machine which you are trying now?01:10
tunabreadthey call it "full kvm", it behaves like a root01:10
tunabreadi can insert any iso to boot from, and install01:10
tunabreadi can even install windows, os/2, whatever01:10
tunabreadits not a shared kernel01:10
stlsaintright01:10
stlsaintok01:10
tunabreadit behaves like a dedicated root01:10
tunabreadbut the hardware is emulated, i think by QEMU01:11
tunabreadif you can read german, you can look it up here01:11
tunabreadhttps://www.filemedia.de/vserver/lightbox01:11
tunabreaddoesnt give that much details, tho01:11
sandydanyone here ask about kvm?01:12
stlsainttunabread: one sec01:12
tunabread:D01:12
stlsaintsandyd: hey01:12
stlsaintsandyd: so here is quick brief:01:13
stlsaintop: tunabread , is using a kvm vm but lost net access01:13
stlsaintsandyd: he deleted his iptables and changed sshd_config protocol setting01:13
stlsaintsandyd: after readding iptables i helped with and changing the sshd back he still does not have access01:13
stlsaintsandyd: ifconfig does not show an ip but i could be wrong there01:14
stlsaintsandyd: ifconfig output: http://imageshack.us/photo/my-images/259/ifconfig.png/01:14
sandydIf you are using KVM, ifconfig must show an ip01:14
sandydI suspect that the ip is not binding correctly01:14
sandydcat /etc/network/interfaces01:14
stlsaintTHATS what i was thinking of lol01:15
stlsaintdang it01:15
sandyd^^run that and get output01:15
stlsaintflipping interfaces, wanting to see if bridge or anything01:15
stlsainttunabread: take all commands from sandyd from here out01:15
* stlsaint fades into fog.....01:15
tunabreadhttp://imageshack.us/photo/my-images/826/catinterfaces.png/01:16
tunabreadall i got left is crappy VNC, cant copy&paste text since output is pixels ..01:17
sandydalright, tunabread, this is the part I am not sure about01:17
tunabreadthank you for your help stlsaint :)01:17
sandydthat VM is supposed to have a static ip right?01:17
tunabreadyes01:17
tunabreadthe ip was static for ages01:17
sandydwell, you have configured the address as dhcp01:17
tunabreadi can set one in the manager i got.01:17
sandydit will not work like that.01:18
tunabreadi didnt touch that config, and it worked for months01:18
tunabreadok01:18
sandydif you have a static ip, it should say something like01:18
sandydiface eth0 inet static01:18
tunabreadIP Address176.31.159.8501:19
tunabreadGateway176.31.159.8101:19
tunabreadNetmask255.255.255.24001:19
tunabreadNameserver213.186.33.9901:19
tunabreadNameserver134.91.66.5501:19
tunabreadthats what my manager says01:19
tunabreadso, why dont we just configure it correctly ?01:19
sandydpastebining it right now01:19
sandydthere are tabs that can't be created in irc :|01:20
tunabreadok01:20
tunabreadyou know that i have to type it in manually anyway ?01:20
sandydpoint01:21
sandydlet see...01:21
sandydtype this in. AFter the second line, there is a tab for everything01:21
sandydiface eth0 inet static01:21
sandydaddress 176.31.159.8501:21
sandydnetmask 255.255.255.24001:21
tunabreadgot that01:22
sandyddns-nameservers 213.186.33.99 134.91.66.5501:22
sandydI think that is it, becuase you don't have any broadcast/network01:23
tunabreadits nameserver1 and nameserver2, right ?01:23
sandydsudo /etc/init.d/networking restart01:23
sandydyes01:23
sandydyou might lose connection with the last command01:23
sandydso you replace everything under auto eth0 with the stuff I typed above01:23
tunabreadthey do the VNC with some other machine, one level above01:24
sandydadd the pre-up iptables-restore01:24
tunabreadyou can even enter the virtual BIOS over the VNC thingy01:24
tunabreadso, no issue there01:24
sandydat the last line01:24
tunabreaddone01:24
sandydtry restarting the network using the command01:25
tunabreadi did01:25
sandydcheck ifconfig01:25
sandydthe ip should be there01:25
tunabreadit says *reconfiguring network interfaces ...01:25
tunabreaddon't seem to be have all the variables for eth0/inet.01:25
tunabreadfailed to bring up eth001:25
sandydlemme check. might have made a typo01:26
sandydcan you post a screenshot of the new network/interfaces?01:26
tunabreadif you have a VNC client, you could connect to the VNC server and look over my shoulder live ?01:26
tunabreadbut i can do that, too01:26
sandydoops01:26
sandydI forgot the gateway01:26
tunabreadyes.01:27
sandydgateway 76.31.159.801:27
sandydplace that before the pre-up iptables-restore01:27
sandydits configured differently in fedora lol01:27
sandydtry restarting and see if the interface comes back up01:28
tunabreadsame output for network restart01:28
tunabreadsame error01:28
sandydpost the output of cat /etc/network/interfaces01:29
tunabreadhttp://imageshack.us/photo/my-images/694/newinterfaces.png/01:29
sandydyou mispelled address01:30
sandydthere is an extra d01:30
sandydor maybe i did01:30
sandydnah. just add the d in, remove the 1 from the nameserver01:31
sandydin fact, remove both lines01:31
tunabreadmy fault01:31
sandydit should just be01:31
sandyddns-nameservers 213.186.33.99 134.91.66.5501:31
tunabreadoh. ok01:31
tunabreadSIOCADDRT: No such process01:32
tunabreadFailed to bring up eth0.01:32
tunabread(help) :C01:32
sandydadd a 1 in front of the gateway01:33
sandydi mean in front of the 7 where it says gateway01:33
sandydso that its 17601:33
sandyd.***01:33
sandydand restart01:33
tunabreadhttp://imageshack.us/photo/my-images/96/siocaddrt.png/01:33
tunabreadsame output.01:34
tunabreadha !01:34
tunabreadi found it01:34
tunabreadthe gateway's last byte is 8101:35
tunabreadnot 801:35
tunabreadreconfig says OK01:35
sandydlol. more of my typos.01:35
sandydtypical me01:35
stlsainthehe01:35
tunabreadi'm incredible tired.01:35
sandydworking now?01:35
sandydcheck the ping, tracert, .etc .etc01:35
tunabreadwas too busy celebrating01:35
tunabreadyay !01:36
sandydstlsaint, these are typos that usually lead people astray in the UF01:36
tunabreadping to google DNS works01:36
sandydexcelent :)01:36
sandydgood to see that it works01:36
tunabreadi thank you very, very much01:36
sandydI advise you to back the file up01:36
tunabreadyes01:37
sandydyour welcome :)01:37
tunabreadany idea how it got lost in the first place ?01:37
stlsaintsandyd: thank01:37
tunabreadthank you too, stlsaint :)01:37
stlsainttunabread: stop changing stuff ;)01:37
tunabreadbut :C01:37
sandydnope. There is nothing much that will change something from static to dhcp mysteriously01:37
sandydlol01:37
tunabreadi didnt touch network config01:38
sandydmaybe someone else touched it?01:38
tunabreadno01:38
sandydmost servers (if configured properly) have security logs01:38
tunabreadthere are only two people with root access, me and a very, very good friend. who is on vacation in the wildness of norway without even cellphone.01:38
tunabreadi checked the logs01:38
sandydor rather, mine does. If you edit the interfaces, the warnings immediatlye sound01:39
tunabreadthere is very, very few software running on this server01:39
sandydnot sure what could cause that. ive never seen that before01:39
tunabreadwe got another server, and my friend set up the logging so that the log is written to that server, too01:40
tunabreadand there is munin monitoring installed, and it showed nothing special01:40
tunabreadi restarted the server ?01:40
tunabreadand my ISP tends to do random changes to everything for no reason01:40
tunabreadmaybe it was on dhcp first, but worked magically ?01:40
stlsainttunabread: naw, i think something reverted it back to dhcp from static01:41
tunabreadwell the reason i started changeing stuff in the first place: i need someone to connect to the server via SSH with an encryption of less than 128 bit01:41
tunabreadhe lives in france, and encryption above 128bit is illegal there01:42
tunabreadso i thought, i give him a restricted user account and allow ssh protocol 1 for his account01:42
tunabreadnot sure if thats a good idea01:42
stlsainttunabread: simple temp password probably would not have sufficed?01:42
escotttunabread, for all that is holy. WHO CARES. if he really wants to obey the law just email his password to the government01:43
sandydgen a ssh key at 64bit01:43
sandydsend it over, and let him have fun01:43
tunabreadits still illegal, he isnt even allowed to download an SSH client capable of protocol 2 as far as i understood01:43
tunabreadhow do i do that ?01:43
escotttunabread, telnet?01:43
tunabreadhum01:44
escotttunabread, i would not reduce security for all your other users just because the french are morons01:44
tunabreadhe does not need root, he does only need access to his home dir01:44
tunabreadis there any _save_ way to do that ?01:44
sandydhttp://www.guyrutenberg.com/2007/10/05/ssh-keygen-tutorial-generating-rsa-and-dsa-keys/01:45
sandyduse DSA keys01:45
tunabreadok01:45
tunabreadwell it CAN be 128bit01:45
tunabreadjust not above01:45
sandydthen use dsa at 128bit01:45
sandydor use openvpn at 128bit01:45
tunabreadsee, i'm not really experienced01:46
tunabreadso i try to keep the stuff on the server limited01:46
tunabreadi now know how to configure SSH and i know the bascis because i read thru them, and i think i did it safe01:46
tunabreadif its not installed, it cant cause problems01:47
sandydso use the ssh tutorial above01:47
tunabreadyes01:47
tunabreadthank you, i will try that01:47
sandydreplace RSA with DSA, and you can generate under 102401:47
tunabreadwould that encryption still need serious time to crack ?01:47
sandydnot as secure. mind you, but it would be fine01:47
escotttunabread, the problem is that even if your key is 128bit your stream cipher would probably be illegal01:47
tunabreadhum01:48
tunabreadi guess the proper way would be, not grant him access at all01:48
tunabreadi think i know what you mean, escott01:49
tunabreaddoes anyone have experience how it is handled in france ? not in theory, practically ?01:50
sandydyou want the direct papers?01:51
tunabread?01:51
tunabreadi dont get that01:56
tunabreadssh working again01:58
tunabreadactually, everything working again01:58
escotttunabread, if your client already has the 256bit encryption libraries i would think he is already in breach of the law, and i dont see how you could get in trouble for letting his programs do the default thing01:58
escottassuming you are not in france01:58
tunabreadi'm in germany01:59
tunabreadi have no troubles, but my friend in france has01:59
tunabreadi think its no big issue, too, but01:59
escotttunabread, so check out the louve and the eiffel tower now, just in case you arent allowed to enter the country, but i really doubt they care. its not like they seize laptops at the border?02:00
tunabreadhaha02:00
tunabreadwell, he LIVES in france02:00
escotttunabread, which means that every tourist visiting paris is violating the law every time they check facebook02:00
tunabreadisnt SSL 128 bit ?02:01
tunabreadi thought about that, too02:01
tunabreadmany programs use encryption02:01
tunabreadwithout people even noticeing02:01
tunabread*sigh*02:01
escotttunabread, i cant imagine they have any ability to enforce this. its probably just something they throw at people who have already been arrested for some other computer crime02:02
tunabreadyeah i dont think they scan the french internet for encrypted data streams02:02
escotttunabread, most ssl uses 128bit RC4 for the stream, but the key is going to be at least a 1024 bit public key02:04
tunabread:@ i'm among crypto experts02:07
tunabreadyou are all from NSA, arent you02:07
escotttunabread, im just looking at what the web browser tells me02:08
escotttunabread, this seems to be accurate http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#fr02:13
escotttunabread, which would suggest that as long as you keep your server out of france you should be in the clear02:14
tunabreadoh, nice02:15
tunabreadthank you very much02:15
primeg1im trying to set up irc on empathy but cant join the group.  do you use the hash infront of ubuntu?04:38
Unit193To join the channel, yes so it would be #ubuntu (or whatever else you'd want, say a local groupd  as well)04:39
primeg1ok thanks04:42
=== yofel_ is now known as yofel
=== SkippersBoss_ is now known as skippersboss
luzilhi, just set up 12.04, while installing jedit editor in software center I saw download size is 40 Mb compared to 4 Mb .deb file on the home page, same with many other programs, why are they so large on ubuntu? Even when i install jedit fresh on windows its never 40 Mb22:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!