[00:10] <tunabread> hi
[00:11] <tunabread> someone got a minute to help a poor noob with network troubles ?
[00:11] <stlsaint> tunabread: we can try, just ask the question
[00:11] <tunabread> its ... complicated
[00:12] <stlsaint> tunabread: first off did you try google
[00:12] <tunabread> i have a 10.04 LTS server installation on a vserver
[00:12] <tunabread> yes, i tried google
[00:12] <stlsaint> ok
[00:12] <tunabread> i cant get any network connection in or out from the machine
[00:12] <tunabread> i have VNC access, so i can access the shell
[00:13] <stlsaint> does host have net access?
[00:13] <tunabread> the only thing i did, was change the sshd_config file, and flush iptables
[00:13] <tunabread> well my ISP management console says, yes.
[00:13] <stlsaint> tunabread: what did you change wihtin the sshd
[00:14] <tunabread> i enabled protocol 1
[00:14] <tunabread> so i changed the line "protocol 2" to "protcol 2,1"
[00:14] <stlsaint> have you tried removing that?
[00:14] <tunabread> i already changed it back
[00:14] <tunabread> yes, had no effect
[00:14] <stlsaint> tunabread: what iptables did you flush?
[00:14] <tunabread> i reloaded the SSH, too
[00:14] <tunabread> well i used "iptables -F"
[00:14] <tunabread> so it should flush all rules ?
[00:15] <tunabread> i used that before on another machine, do disable iptables, for testing
[00:15] <tunabread> then reloaded the rules, worked.
[00:16] <tunabread> can you give me a hint what i should check ?
[00:16] <tunabread> i tried ping, textmode browser, nothing works
[00:16] <stlsaint> well what rules did you remove
[00:16] <tunabread> i might mention, it worked before :)
[00:17] <stlsaint> iptabels -F just flushes the rules, not technically "disabling" them
[00:17] <stlsaint> tunabread: what do you get when you ping say google?
[00:18] <tunabread> unknown host
[00:18] <tunabread> if i try to ping DNS servers, network is unreachable
[00:19] <stlsaint> tunabread: what is the ipaddress?
[00:19] <tunabread> 176.31.159.85
[00:20] <tunabread> i guess the problem might be in iptables
[00:20] <tunabread> i'm not that experienced with iptables, a friend of mine set it up and defined the rules
[00:21] <tunabread> if you know what file you need to see, just tell me
[00:21] <stlsaint> if he did it right than he should have saved them in a .rules
[00:21] <stlsaint> hopefull in /etc
[00:21] <stlsaint> look for something like /etc/iptables.rules
[00:21] <tunabread> yes, there is a file
[00:22] <stlsaint> can you paste them here: paste.ubuntu.com
[00:23] <stlsaint> the rules
[00:24] <tunabread> i only have VNC, so i can only take a screenshot or type them down manually
[00:24] <tunabread> http://web219.server-drome.info/web/iptables.png
[00:24] <tunabread> just say if i shall type them for you
[00:26] <stlsaint> tunabread: well i couldnt see that screen so do you want to re-enable those rules?
[00:27] <tunabread> first, i would like to gain network access again
[00:27] <tunabread> like, at all
[00:29] <stlsaint> tunabread: did you have access when you had the rules up?
[00:29] <tunabread> yes.
[00:30] <tunabread> i changed the sshd config, and reloaded sshd
[00:30] <stlsaint> well then we should probably put them back. have you tried that yet, re-enabling rules?
[00:30] <tunabread> no
[00:30] <stlsaint> tunabread: what is the name of that .rules file?
[00:31] <tunabread> iptables.rules
[00:31] <stlsaint> iptables-restore << /etc/iptables.rules
[00:33] <stlsaint> tunabread: it work?
[00:34] <tunabread> the VNC is using a very strange keyboard layout, i'm struggeling to find the <<
[00:39] <stlsaint> tunabread: if you can find the keys you can just re-enter the rules manually
[00:40] <tunabread> i found a way, ALT+60 on keypad
[00:40] <stlsaint> kk, check the rules with iptables -L
[00:42] <tunabread> iptables seems to hang up when i enter your command
[00:43] <stlsaint> take away one of the <
[00:43] <stlsaint> iptables-restore < /etc/iptables.rules
[00:45] <tunabread> iptables-restore v1.4.4: no command specified
[00:45] <tunabread> Error occured at line: 16
[00:46] <tunabread> Try 'iptables-restore -h' or 'iptables-restore --help' for more information.
[00:47] <stlsaint> did you enter entire command?
[00:47] <stlsaint> as it should show:
[00:47] <tunabread> yes.
[00:47] <stlsaint> well you entered something wrong
[00:47] <stlsaint> tunabread: what is the location of that iptables.rules file?
[00:47] <tunabread> /etc/
[00:49] <tunabread> when i cd into /etc/ and enter "cat iptables.rules" i get the right output
[00:49] <tunabread> i entered: sudo iptables-restore < /etc/iptables.rules
[00:50] <stlsaint> well since your already in the /etc directory just do: iptables-restore < iptables.rules
[00:50] <tunabread> i tried, same output
[00:50] <tunabread> what does error line 16 mean ? doesnt it try to parse the file already ?
[00:51] <stlsaint> i would need to see the content of the file
[00:51] <tunabread> yes
[00:51] <stlsaint> there is an error at line 16 of the rules
[00:51] <tunabread> i just finished typing
[00:51] <tunabread> http://pastebin.com/9tYX1qkV
[00:52] <tunabread> the -ü in line 10 is a typo, it does not exist in the real file. sorry
[00:54] <tunabread> http://pastebin.com/rcJxUV0q
[00:54] <tunabread> two typos corrected
[00:55] <tunabread> i am pretty sure that these rules were used before
[00:55] <tunabread> since he noted that in the install-log
[00:55] <tunabread> we have a log were we both write down everything we change
[00:56] <stlsaint> tunabread: remove that space underneath the last rules listing in the file
[00:56] <tunabread> he also noted the name and location of the file (iptables.rules)
[00:57] <stlsaint> tunabread: also the naming is wrong
[00:57] <stlsaint> or else you typed it wrong when you typed cat iptabls.rules on the paste
[00:57] <stlsaint> tunabread: but remove that space under line
[00:57] <tunabread> yes, i typed it wrong. sorry
[00:57] <tunabread> what space under line ?
[00:58] <tunabread> line 17 ?
[00:58] <stlsaint> no
[00:58] <stlsaint> you are counting wrong, line 16 is the space, 15 is the rule, according to your paste
[00:59] <tunabread> there is a blank line, and i shall delete that ?
[00:59] <tunabread> the line after -A INPUT -j DROP ?
[01:00] <stlsaint> yes
[01:01] <tunabread> ok
[01:02] <tunabread> it worked, no error, and iptables -L shows all the rules
[01:02] <stlsaint> check net
[01:03] <tunabread> network is unreachable
[01:03] <tunabread> do the rules make sense to you ?
[01:03] <stlsaint> honestly i didn't really look, just looked at the error line
[01:04] <tunabread> do you know an acceptable picture hosting service ?
[01:04] <stlsaint> so youve changed the ssh back and readded the rules
[01:04] <tunabread> yes
[01:04] <stlsaint> still no net
[01:04] <tunabread> yes
[01:04] <tunabread> what would you check ?
[01:05] <stlsaint> tunabread: what does ifconfig show
[01:06] <tunabread> http://imageshack.us/photo/my-images/259/ifconfig.png/
[01:06] <tunabread> i hope thats acceptable
[01:06] <tunabread> http://imageshack.us/photo/my-images/208/iptables.png/
[01:07] <stlsaint> your not pulling an ipaddress
[01:07] <tunabread> oh
[01:08] <tunabread> it is possible that my ISP screwed something up. at least, i would not be suprised by that.
[01:08] <tunabread> just mentioning
[01:08] <stlsaint> how does the vserver work?
[01:08] <stlsaint> host?
[01:08] <tunabread> they say KVM
[01:09] <tunabread> what details do you need ?
[01:10] <stlsaint> so you have a host server providing a kvm virtual machine which you are trying now?
[01:10] <tunabread> they call it "full kvm", it behaves like a root
[01:10] <tunabread> i can insert any iso to boot from, and install
[01:10] <tunabread> i can even install windows, os/2, whatever
[01:10] <tunabread> its not a shared kernel
[01:10] <stlsaint> right
[01:10] <stlsaint> ok
[01:10] <tunabread> it behaves like a dedicated root
[01:11] <tunabread> but the hardware is emulated, i think by QEMU
[01:11] <tunabread> if you can read german, you can look it up here
[01:11] <tunabread> https://www.filemedia.de/vserver/lightbox
[01:11] <tunabread> doesnt give that much details, tho
[01:12] <sandyd> anyone here ask about kvm?
[01:12] <stlsaint> tunabread: one sec
[01:12] <tunabread> :D
[01:12] <stlsaint> sandyd: hey
[01:13] <stlsaint> sandyd: so here is quick brief:
[01:13] <stlsaint> op: tunabread , is using a kvm vm but lost net access
[01:13] <stlsaint> sandyd: he deleted his iptables and changed sshd_config protocol setting
[01:13] <stlsaint> sandyd: after readding iptables i helped with and changing the sshd back he still does not have access
[01:14] <stlsaint> sandyd: ifconfig does not show an ip but i could be wrong there
[01:14] <stlsaint> sandyd: ifconfig output: http://imageshack.us/photo/my-images/259/ifconfig.png/
[01:14] <sandyd> If you are using KVM, ifconfig must show an ip
[01:14] <sandyd> I suspect that the ip is not binding correctly
[01:14] <sandyd> cat /etc/network/interfaces
[01:15] <stlsaint> THATS what i was thinking of lol
[01:15] <stlsaint> dang it
[01:15] <sandyd> ^^run that and get output
[01:15] <stlsaint> flipping interfaces, wanting to see if bridge or anything
[01:15] <stlsaint> tunabread: take all commands from sandyd from here out
[01:15]  * stlsaint fades into fog.....
[01:16] <tunabread> http://imageshack.us/photo/my-images/826/catinterfaces.png/
[01:17] <tunabread> all i got left is crappy VNC, cant copy&paste text since output is pixels ..
[01:17] <sandyd> alright, tunabread, this is the part I am not sure about
[01:17] <tunabread> thank you for your help stlsaint :)
[01:17] <sandyd> that VM is supposed to have a static ip right?
[01:17] <tunabread> yes
[01:17] <tunabread> the ip was static for ages
[01:17] <sandyd> well, you have configured the address as dhcp
[01:17] <tunabread> i can set one in the manager i got.
[01:18] <sandyd> it will not work like that.
[01:18] <tunabread> i didnt touch that config, and it worked for months
[01:18] <tunabread> ok
[01:18] <sandyd> if you have a static ip, it should say something like
[01:18] <sandyd> iface eth0 inet static
[01:19] <tunabread> IP Address	176.31.159.85
[01:19] <tunabread> Gateway	176.31.159.81
[01:19] <tunabread> Netmask	255.255.255.240
[01:19] <tunabread> Nameserver	213.186.33.99
[01:19] <tunabread> Nameserver	134.91.66.55
[01:19] <tunabread> thats what my manager says
[01:19] <tunabread> so, why dont we just configure it correctly ?
[01:19] <sandyd> pastebining it right now
[01:20] <sandyd> there are tabs that can't be created in irc :|
[01:20] <tunabread> ok
[01:20] <tunabread> you know that i have to type it in manually anyway ?
[01:21] <sandyd> point
[01:21] <sandyd> let see...
[01:21] <sandyd> type this in. AFter the second line, there is a tab for everything
[01:21] <sandyd> iface eth0 inet static
[01:21] <sandyd> address 176.31.159.85
[01:21] <sandyd> netmask 255.255.255.240
[01:22] <tunabread> got that
[01:22] <sandyd> dns-nameservers 213.186.33.99 134.91.66.55
[01:23] <sandyd> I think that is it, becuase you don't have any broadcast/network
[01:23] <tunabread> its nameserver1 and nameserver2, right ?
[01:23] <sandyd> sudo /etc/init.d/networking restart
[01:23] <sandyd> yes
[01:23] <sandyd> you might lose connection with the last command
[01:23] <sandyd> so you replace everything under auto eth0 with the stuff I typed above
[01:24] <tunabread> they do the VNC with some other machine, one level above
[01:24] <sandyd> add the pre-up iptables-restore
[01:24] <tunabread> you can even enter the virtual BIOS over the VNC thingy
[01:24] <tunabread> so, no issue there
[01:24] <sandyd> at the last line
[01:24] <tunabread> done
[01:25] <sandyd> try restarting the network using the command
[01:25] <tunabread> i did
[01:25] <sandyd> check ifconfig
[01:25] <sandyd> the ip should be there
[01:25] <tunabread> it says *reconfiguring network interfaces ...
[01:25] <tunabread> don't seem to be have all the variables for eth0/inet.
[01:25] <tunabread> failed to bring up eth0
[01:26] <sandyd> lemme check. might have made a typo
[01:26] <sandyd> can you post a screenshot of the new network/interfaces?
[01:26] <tunabread> if you have a VNC client, you could connect to the VNC server and look over my shoulder live ?
[01:26] <tunabread> but i can do that, too
[01:26] <sandyd> oops
[01:26] <sandyd> I forgot the gateway
[01:27] <tunabread> yes.
[01:27] <sandyd> gateway 76.31.159.8
[01:27] <sandyd> place that before the pre-up iptables-restore
[01:27] <sandyd> its configured differently in fedora lol
[01:28] <sandyd> try restarting and see if the interface comes back up
[01:28] <tunabread> same output for network restart
[01:28] <tunabread> same error
[01:29] <sandyd> post the output of cat /etc/network/interfaces
[01:29] <tunabread> http://imageshack.us/photo/my-images/694/newinterfaces.png/
[01:30] <sandyd> you mispelled address
[01:30] <sandyd> there is an extra d
[01:30] <sandyd> or maybe i did
[01:31] <sandyd> nah. just add the d in, remove the 1 from the nameserver
[01:31] <sandyd> in fact, remove both lines
[01:31] <tunabread> my fault
[01:31] <sandyd> it should just be
[01:31] <sandyd> dns-nameservers 213.186.33.99 134.91.66.55
[01:31] <tunabread> oh. ok
[01:32] <tunabread> SIOCADDRT: No such process
[01:32] <tunabread> Failed to bring up eth0.
[01:32] <tunabread> (help) :C
[01:33] <sandyd> add a 1 in front of the gateway
[01:33] <sandyd> i mean in front of the 7 where it says gateway
[01:33] <sandyd> so that its 176
[01:33] <sandyd> .***
[01:33] <sandyd> and restart
[01:33] <tunabread> http://imageshack.us/photo/my-images/96/siocaddrt.png/
[01:34] <tunabread> same output.
[01:34] <tunabread> ha !
[01:34] <tunabread> i found it
[01:35] <tunabread> the gateway's last byte is 81
[01:35] <tunabread> not 8
[01:35] <tunabread> reconfig says OK
[01:35] <sandyd> lol. more of my typos.
[01:35] <sandyd> typical me
[01:35] <stlsaint> hehe
[01:35] <tunabread> i'm incredible tired.
[01:35] <sandyd> working now?
[01:35] <sandyd> check the ping, tracert, .etc .etc
[01:35] <tunabread> was too busy celebrating
[01:36] <tunabread> yay !
[01:36] <sandyd> stlsaint, these are typos that usually lead people astray in the UF
[01:36] <tunabread> ping to google DNS works
[01:36] <sandyd> excelent :)
[01:36] <sandyd> good to see that it works
[01:36] <tunabread> i thank you very, very much
[01:36] <sandyd> I advise you to back the file up
[01:37] <tunabread> yes
[01:37] <sandyd> your welcome :)
[01:37] <tunabread> any idea how it got lost in the first place ?
[01:37] <stlsaint> sandyd: thank
[01:37] <tunabread> thank you too, stlsaint :)
[01:37] <stlsaint> tunabread: stop changing stuff ;)
[01:37] <tunabread> but :C
[01:37] <sandyd> nope. There is nothing much that will change something from static to dhcp mysteriously
[01:37] <sandyd> lol
[01:38] <tunabread> i didnt touch network config
[01:38] <sandyd> maybe someone else touched it?
[01:38] <tunabread> no
[01:38] <sandyd> most servers (if configured properly) have security logs
[01:38] <tunabread> there are only two people with root access, me and a very, very good friend. who is on vacation in the wildness of norway without even cellphone.
[01:38] <tunabread> i checked the logs
[01:39] <sandyd> or rather, mine does. If you edit the interfaces, the warnings immediatlye sound
[01:39] <tunabread> there is very, very few software running on this server
[01:39] <sandyd> not sure what could cause that. ive never seen that before
[01:40] <tunabread> we got another server, and my friend set up the logging so that the log is written to that server, too
[01:40] <tunabread> and there is munin monitoring installed, and it showed nothing special
[01:40] <tunabread> i restarted the server ?
[01:40] <tunabread> and my ISP tends to do random changes to everything for no reason
[01:40] <tunabread> maybe it was on dhcp first, but worked magically ?
[01:41] <stlsaint> tunabread: naw, i think something reverted it back to dhcp from static
[01:41] <tunabread> well the reason i started changeing stuff in the first place: i need someone to connect to the server via SSH with an encryption of less than 128 bit
[01:42] <tunabread> he lives in france, and encryption above 128bit is illegal there
[01:42] <tunabread> so i thought, i give him a restricted user account and allow ssh protocol 1 for his account
[01:42] <tunabread> not sure if thats a good idea
[01:42] <stlsaint> tunabread: simple temp password probably would not have sufficed?
[01:43] <escott> tunabread, for all that is holy. WHO CARES. if he really wants to obey the law just email his password to the government
[01:43] <sandyd> gen a ssh key at 64bit
[01:43] <sandyd> send it over, and let him have fun
[01:43] <tunabread> its still illegal, he isnt even allowed to download an SSH client capable of protocol 2 as far as i understood
[01:43] <tunabread> how do i do that ?
[01:43] <escott> tunabread, telnet?
[01:44] <tunabread> hum
[01:44] <escott> tunabread, i would not reduce security for all your other users just because the french are morons
[01:44] <tunabread> he does not need root, he does only need access to his home dir
[01:44] <tunabread> is there any _save_ way to do that ?
[01:45] <sandyd> http://www.guyrutenberg.com/2007/10/05/ssh-keygen-tutorial-generating-rsa-and-dsa-keys/
[01:45] <sandyd> use DSA keys
[01:45] <tunabread> ok
[01:45] <tunabread> well it CAN be 128bit
[01:45] <tunabread> just not above
[01:45] <sandyd> then use dsa at 128bit
[01:45] <sandyd> or use openvpn at 128bit
[01:46] <tunabread> see, i'm not really experienced
[01:46] <tunabread> so i try to keep the stuff on the server limited
[01:46] <tunabread> i now know how to configure SSH and i know the bascis because i read thru them, and i think i did it safe
[01:47] <tunabread> if its not installed, it cant cause problems
[01:47] <sandyd> so use the ssh tutorial above
[01:47] <tunabread> yes
[01:47] <tunabread> thank you, i will try that
[01:47] <sandyd> replace RSA with DSA, and you can generate under 1024
[01:47] <tunabread> would that encryption still need serious time to crack ?
[01:47] <sandyd> not as secure. mind you, but it would be fine
[01:47] <escott> tunabread, the problem is that even if your key is 128bit your stream cipher would probably be illegal
[01:48] <tunabread> hum
[01:48] <tunabread> i guess the proper way would be, not grant him access at all
[01:49] <tunabread> i think i know what you mean, escott
[01:50] <tunabread> does anyone have experience how it is handled in france ? not in theory, practically ?
[01:51] <sandyd> you want the direct papers?
[01:51] <tunabread> ?
[01:56] <tunabread> i dont get that
[01:58] <tunabread> ssh working again
[01:58] <tunabread> actually, everything working again
[01:58] <escott> tunabread, if your client already has the 256bit encryption libraries i would think he is already in breach of the law, and i dont see how you could get in trouble for letting his programs do the default thing
[01:58] <escott> assuming you are not in france
[01:59] <tunabread> i'm in germany
[01:59] <tunabread> i have no troubles, but my friend in france has
[01:59] <tunabread> i think its no big issue, too, but
[02:00] <escott> tunabread, so check out the louve and the eiffel tower now, just in case you arent allowed to enter the country, but i really doubt they care. its not like they seize laptops at the border?
[02:00] <tunabread> haha
[02:00] <tunabread> well, he LIVES in france
[02:00] <escott> tunabread, which means that every tourist visiting paris is violating the law every time they check facebook
[02:01] <tunabread> isnt SSL 128 bit ?
[02:01] <tunabread> i thought about that, too
[02:01] <tunabread> many programs use encryption
[02:01] <tunabread> without people even noticeing
[02:01] <tunabread> *sigh*
[02:02] <escott> tunabread, i cant imagine they have any ability to enforce this. its probably just something they throw at people who have already been arrested for some other computer crime
[02:02] <tunabread> yeah i dont think they scan the french internet for encrypted data streams
[02:04] <escott> tunabread, most ssl uses 128bit RC4 for the stream, but the key is going to be at least a 1024 bit public key
[02:07] <tunabread> :@ i'm among crypto experts
[02:07] <tunabread> you are all from NSA, arent you
[02:08] <escott> tunabread, im just looking at what the web browser tells me
[02:13] <escott> tunabread, this seems to be accurate http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#fr
[02:14] <escott> tunabread, which would suggest that as long as you keep your server out of france you should be in the clear
[02:15] <tunabread> oh, nice
[02:15] <tunabread> thank you very much
[04:38] <primeg1> im trying to set up irc on empathy but cant join the group.  do you use the hash infront of ubuntu?
[04:39] <Unit193> To join the channel, yes so it would be #ubuntu (or whatever else you'd want, say a local groupd  as well)
[04:42] <primeg1> ok thanks
[22:20] <luzil> hi, just set up 12.04, while installing jedit editor in software center I saw download size is 40 Mb compared to 4 Mb .deb file on the home page, same with many other programs, why are they so large on ubuntu? Even when i install jedit fresh on windows its never 40 Mb