[01:00] <arrrghhh> hey all.  can I route packets based on the service used?  I have OpenVPN being used, but certain services like apache and ssh I would prefer to not tunnel so I can still access those from the WAN
[01:29] <agu10^_> How can I disable all iptables rules? If i run iptables -F, when i reboot, the rules are working again! I just want to remove them forever! Or go back to initial iptables configuration.
[01:32] <Chris_W_> is there a command to see progress when copying/moving a file?
[01:48] <qman__> agu10^_, you need to find what script or software is setting them and disable it
[01:49] <agu10^_> qman__, how do i do that?
[01:50] <qman__> any software which is doing this is something that must have been installed or configured beyond the default
[01:50] <qman__> so get a list of everything you've done and determine which one is setting firewall rules
[01:50] <qman__> you may also be able to guess based on what the rules are
[01:50] <agu10^_> there is no way to find out exactly which one is doing this?
[01:51] <agu10^_> i know it was iredmail, but it installed many components
[01:51] <qman__> there is no deterministic way to determine it in reverse like that
[01:51] <agu10^_> something about a mail spam filter
[01:51] <agu10^_> i'd have to monitor which software is writing to my iptables config files
[01:51] <qman__> rules can be set with scripts, binary programs, or even libraries
[01:52] <agu10^_> yes. can i change the permissions for the config files so that
[01:52] <agu10^_> no malware can modify the files?
[01:53] <agu10^_> i just want to BLOCK the rules so that nobody modifies them
[01:53] <qman__> that is neither the correct way to address the problem nor is it possible in any reasonable fashion
[01:53] <qman__> the only way to do such a thing would be to recompile your kernel without netfilter support
[01:55] <agu10^_> wow that sucks
[01:55] <agu10^_> i think iptables is working properly now
[01:59] <agu10^_> how do i know if my script at /etc/rc.local was run or not? how do i see its output?
[01:59] <qman__> please don't crosspost
[02:00] <agu10^_> oh sorry
[02:00] <qman__> rc.local is executed at the end of the boot sequence and unless otherwise directed prints to the console
[02:00] <qman__> typically tty1
[02:01] <qman__> if rc.local does not exit 0, you won't get a login prompt
[02:03] <agu10^_> qman__, it exists 0
[02:03] <agu10^_> i think the problem i have is in rc.local i do: cd mypath; ./mycommand
[02:04] <agu10^_> and that is not working. am i not supposed to cd?
[02:04] <qman__> well, first of all, you should use an init script instead
[02:04] <qman__> but provided that you still want to use rc.local, you can't do it that way
[02:04] <agu10^_> i was suggested to use rc.local
[02:04] <qman__> it should only call the script and any arguments
[02:04] <agu10^_> is an init script better? and how do i do this
[02:05] <qman__> the script itself should cd to where it needs to be
[02:05] <agu10^_> oh okay
[02:05] <qman__> note also that even though rc.local is called at the end of the boot sequence, it may execute before all services start
[02:05] <qman__> because the way upstart is designed, it fires off many things at once
[02:05] <agu10^_> ohh okay
[02:06] <agu10^_> then what should i do? my script starts a node.js web server.
[02:06] <qman__> you should make an upstart script which depends on the network and other things you need
[02:06] <qman__> if you've got a decent understanding of shell programming, have a look here: http://upstart.ubuntu.com/getting-started.html
[02:07] <qman__> otherwise you may want to search for something to fit your purpose
[02:08] <agu10^_> there is no upstart found
[02:08] <qman__> you can also refer to existing upstart scripts as examples
[02:08] <agu10^_> no upstart command
[02:08] <qman__> no, there is not
[02:08] <agu10^_> then what is the standard way to make scripts run such as apache service?
[02:09] <qman__> upstart scripts are stored in /etc/init, and are called by using 'start [servicename]', 'stop [servicename]', etc
[02:09] <agu10^_> where does apache make it start itself?
[02:15] <agu10^_> "Once you've downloaded and unpacked upstart, you will need to configure the source tree, build and install it. The main question here is deciding whether or not you want to take the plunge and replace sysvinit immediately, or whether you want to test first." Seriously? I just want to start a server script.
[02:15] <qman__> again, please don't crosspost
[02:15] <qman__> you don't need to install upstart, it's the default init daemon in ubuntu and is already present
[02:15] <qman__> you need only to create an upstart init script for your application
[02:16] <qman__> which is probably going to be 10 lines, tops
[02:18] <agu10^_> qman__, ohh okay, thanks
[02:18] <qman__> you will want to skip down to the part about "writing jobs"
[02:19] <qman__> and refer to existing scripts in /etc/init as examples
[02:21] <agu10^_> qman__, thanks, it works i think
[02:29] <jestillore> hi everyone .. can anyone of you help me setting up pxe server in ubuntu lucid lynx ?
[02:30] <jestillore> hi everyone .. can anyone of you help me setting up pxe server in ubuntu lucid lynx ?
[02:54] <arrrghhh> hey all.  can I route packets based on the service used?  I have OpenVPN being used, but certain services like apache and ssh I would prefer to not tunnel so I can still access those from the WAN
[03:24] <dassouki> what's going on here http://pastie.org/7756113
[03:25] <qman__> you broke your sources
[03:26] <dassouki> this all happened as i was tryin to do a distroupgrade
[03:27] <qman__> did you use do-release-upgrade?
[03:27] <dassouki> nope
[03:27] <qman__> there's the problem
[03:27] <qman__> the correct and supported way to upgrade ubuntu releases is the do-release-upgrade tool
[03:29] <qman__> if you're lucky it hasn't done much of anything and you can still fix your sources
[03:44] <agu10^_> anybody familiar with amazon ec2?
[03:58] <agu10^_> Hello. I am running bind and it was working fine, but now I cannot dig my own domains even from the same computer. it times out. what could be wrong?
[04:40] <LargePrime> I have a few virtual web sites I am hosting for friends.  does anyone have good ideas on how to give them FTP-ish access to their sites and still keep my server safe?
[04:41] <LargePrime> The problem I am having is Root is the owner, group is www-data, and I dont have any more permisions too assign
[04:41] <LargePrime> I am looking at acls
[04:42] <LargePrime> i am not sure how editing sudo will work out
[04:42] <kevireilly> LargePrime: you can create actual users and then adjust your http entries to point to the document root of for instance /home/username/public_html
[04:42] <kevireilly> i want to say the parameter on adduser was -h to create a home directory, but i cant recall
[04:43] <LargePrime> ok.  sorry i forgot to say, how does that help me?
[04:43] <LargePrime> i forgot to say i am a total noob
[04:43] <kevireilly> because then you can have ftp users that only have access to their subset of files for their site(s)
[04:44] <LargePrime> and i think my fingers hate me
[04:44] <LargePrime> oh, so root wont have to own?
[04:44] <LargePrime> how is that different from makeing a folder in /var/www that they own?
[04:44] <kevireilly> I dont believe so. You can add a user and chown user.user files and test it before getting to deep in making that sort of change
[04:45] <kevireilly> im not sure you can make for instance their default login directory be /var/www/user but you probably can
[04:45] <kevireilly> it is just common to create a user with a home directory and give them a document root in there
[04:45] <LargePrime> IF i can is that not functional equilivant?
[04:46] <kevireilly> sure, that is just commonly the folder for the default site of the server in its entirety where a user's home directory is stuff particular to a user, which matches your goal it seems
[04:46] <kevireilly> another reason is you want to be able to allow users to have non-public files sometimes such as .htpasswd or other various uploads that shouldn't be available
[04:47] <kevireilly> in the /var/www/user scheme that wouldn't be possible
[04:47] <kevireilly> *other various files that shouldn't be available
[04:48] <LargePrime> Kevin that might work well
[04:48] <LargePrime> is there a guide or something?
[04:48] <LargePrime> or a search tearm
[04:48] <kevireilly> one of the methods is the adduser command
[04:48] <kevireilly> there was another one but i cant recall it
[04:49] <kevireilly> oh, useradd haha ;)
[04:49] <kevireilly> LargePrime: this one is decent enough http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/
[04:50] <kevireilly> oh.. adduser and useradd.. thats not confusing at all
[04:50] <LargePrime> I already added users
[04:50] <kevireilly> with a home directory?
[04:50] <kevireilly> ls /home
[04:50] <LargePrime> and i game them ownership of /var/www/userdomain
[04:50] <LargePrime> but this is giving them headaches
[04:51] <LargePrime> then i make them owners of the dirs
[04:51] <LargePrime> also headaches
[04:52] <LargePrime> I finaly had to do 777 to make the headaches go away
[04:52] <kevireilly> that is not a good idea
[04:52] <LargePrime> i think i know it is not a good idea.  so i come here to say " this not good , right?"
[04:53] <LargePrime> but if i can move them to /home
[04:53] <LargePrime> and chroot or chjail them
[04:53] <LargePrime> if that is what that is called
[04:54] <kevireilly> ftp is relatively safe outside of what can potentially be uploaded with it, ssh is where it can get sticky
[04:54] <kevireilly> do you have home directories for each user?
[04:55] <LargePrime> so i should just make FTP users
[04:55] <LargePrime> nope
[04:55] <LargePrime> currently I am using ssh keya
[04:55] <kevireilly> ah i see, and then you have them use sftp?
[04:55] <LargePrime> ya
[04:56] <LargePrime> mostly winscp
[04:56] <kevireilly> they essentially have ssh access though
[04:56] <LargePrime> yes
[04:56]  * LargePrime is nervouse
[04:56] <LargePrime> so i was reading about jailing them
[04:57] <LargePrime> to the hom dir
[04:57] <kevireilly> create a test user maybe real quick, like you created the others without a home directory
[04:57] <LargePrime> but i did not know if sites available will reroute to hom dirs
[04:57] <kevireilly> and then try -- usermod -d /home/username username
[04:57] <kevireilly> yeah im pretty sure it will
[04:58] <ScottK> Don't use ftp.  Use sftp or scp instead.  http://mywiki.wooledge.org/FtpMustDie
[04:58] <kevireilly> ScottK: can use sftp and not allow ssh access at the same time?
[04:59] <ScottK> Yes.
[04:59] <LargePrime> ya you can
[04:59] <kevireilly> sahweet
[04:59] <LargePrime> there is a settng in .... something
[05:00] <LargePrime> so may plan was to distribute private keys
[05:00] <LargePrime> but sftp is screwing with me
[05:00] <LargePrime> when it comes to people being able to do stuff on thier servers
[05:02] <LargePrime> which is prolly me trying to keep root as owner
[06:57] <Joel_re> hey, I'm unable to figure this out
[06:57] <Joel_re> postgresql-9.1 installs and sets up the db with the SQL_ASCII encoding
[06:57] <Joel_re> does anyone know what can fix this
[07:03] <sazawal> I have a python script which authenticates me and connects to the internet. When I press Ctrl-C it logs me off successfully. I want to end this script (log off) automatically when I shut down/reboot my computer. How can I do it?
[07:14] <rbasak> sazawal: you could add a script to /etc/rc0.d called S01killsazawalsscript which finds and sends your Python script a SIGINT if I understand your question correctly.
[07:14] <rbasak> (pressing Ctrl-C is the equivalent of sending SIGINT to the process)
[07:14] <rbasak> See kill, signal(7), pkill, killall
[07:17] <sazawal> rbasak, yes that is what I need to do. Sending an interrupt signal to the python script would do it. Let me see the file /etc/rc0.d for a minute
[07:29] <rbasak> sazawal: note that if you're running the script in a terminal window in a graphical login session, then the session might kill the terminal window which may kill the Python script with a TERM first, so I'm not sure it'll work in all cases.
[07:33] <sazawal> rbasak, yes I am running it in terminal window. Let me check if it works
[07:35] <sazawal> rbasak, great its working. I used kill -SIGINT <PID>
[07:36] <sazawal> now I must write a script in /etc/rc0.d. So all the scripts in this directory are executed when system is shutdown/rebooted?
[07:37] <rbasak> All the Sxx scripts, in order.
[07:37] <rbasak> But that might happen after your terminal window is killed by your graphical session exiting. You might be able to avoid that by running your terminal window in a screen.
[07:37] <rbasak> Speaking of which, if you're using a terminal window and this is a graphical system, then it's not really an #ubuntu-server problem.
[07:41] <sazawal> rbasak, Well my terminal window was not killed when I did kill -SIGINT <PID>. I am using Guake terminal by the way.
[08:28] <agu10^^> How do I make my second IP address in linux respond to ping?
[08:28] <Joel_re> ?
[08:28] <Joel_re> ping it?
[08:33] <agu10^^> Joel_re, it doesn't answer
[08:34] <Joel_re> traceroute?
[08:34] <Joel_re> if its in the same broadcast domain arping
[08:35] <agu10^^> how do i set up eth1 after i already have eth0 ?
[08:36] <jamespage> agu10^^, you need to add an entry into /etc/network/interfaces
[08:38] <agu10^^> jamespage, should i add: auto eth1, iface eth1 inet dhcp ?
[08:38] <agu10^^> i already have that for eth0
[08:39] <jamespage> agu10^^, if you have dhcp running on the network; then yes that should work
[08:40] <jamespage> agu10^^, this is helpful - https://help.ubuntu.com/12.04/serverguide/network-configuration.html#ip-addressing
[08:53] <sazawal> rbasak, The killscript is working but when I shut down the system, it doesn't. I think the guake terminal is killed before the python script. What to do now?
[09:03] <Fudge> hi does anyone know how to get a root prompt up live on an ubuntu server image please?
[09:04] <riz0n> I have Ubuntu Server with bind DNS. From my understanding, any time the "db" files for a zone are updated, bind9 has to be restarted. Is this completely neccessary? Is there an easier way to have bind9 automatically reload database files?
[09:16] <rbasak> sazawal: try #ubuntu. Not sure how much help you're going to get here as this is a server channel.
[09:17] <rbasak> riz0n: bind doesn't need to be restarted; it just has to be told to reload.
[09:18] <sazawal> rbasak, ok I will ask the question in #ubuntu channel. Thank you.
[09:18] <riz0n> rbasak: so let's say I have "john" on my host who has a domain.. john has created domain.com.db in his home directory and likewise I have included it in the bind configuration files. I do not want john to have sudo access to my host... what would be the appropriate way for john to tell bind to reload
[09:20] <rbasak> riz0n: you could give john access to run sudo to reload bind ONLY. But I don't think it's safe to give users access to write their own zone files at will.
[09:21] <riz0n> I trust him with his zone, in fact I created the zone file from a template and got it working for him. but his IP may change and he needs to be able to update it in the zone file accordingly so that he doesn't call me to do it.
[09:21] <riz0n> so what would i need to do to set up john to be able to reload bind in sudo only
[09:21] <rbasak> I don't recall. See the sudoers manpage - I think it has some examples at the bottom
[09:24] <riz0n> Thanks, as some point maybe john can learn enough linux where I can trust him with full sudo access to my host (as I've known john for many years) but for now he just needs to be able to reload bind.. I'll check it out! Thanks for the info.
[09:25] <rbasak> riz0n: security concerns are things like, for example, what if john includes "$INCLUDE /etc/shadow" in his zone file? Then he might be able to read out your root password over DNS, for example. Unlikely because I assume bind doesn't run as root and /etc/shadow won't be valid zone file syntax, but hopefully you can see the kind of area where security holes might exist. It isn't realistically possible to consider every single combination, so the only r
[09:26] <riz0n> john knows I would be at his house with a baseball bat to give him a severe beating since he lives across town
[09:26] <riz0n> What would be a better way of john being able to manage his dns records on my server?
[09:27] <rbasak> riz0n: ah - but if you trust john, then you're OK. Just understand what you're potentially giving him access to. Also, consider that if his access is compromised in some way, then others could use the exploit as a crack to open wider. I've seen that kind of thing happen before - an innocent person had more access that he needed, and that was exploited.
[09:28] <riz0n> Absolutely. john has password which meets complexity requirements.
[09:29] <riz0n> john just has no dns for his domain, and likewise i am assisting him with setting it up. I am hoping its a relationship where riz0n can get some "backup dns" off john's server for the favor :)
[09:29] <rbasak> riz0n: if it's just one IP address, then have John store that in a file in some common place that the bind user can read. Then write a script that checks that opens the file, checks that the opened file is one that john owns and is a regular file, and parse out the IP, permitting only the exact form of an IP, and writes out his zone file from a template with that IP replaced, and then reloads bind. Then give john access to sudo run that script as the
[09:30] <rbasak> That's a reasonably secure way to do it. But of course security depends on writing that script securely.
[09:30] <rbasak> (and that in itself is a risk; of course running a server is a risk. It's wherever you consider the appropriate trade-off to be)
[09:30] <riz0n> yeah, and taking the time to write the actual script too..
[09:31] <riz0n> I have no doubts that john would really do anything to compromise the host, being that it really doesn't host anything of any value (it is really more for educational use anyways)
[09:33] <riz0n> but i do understand the security concerns.. i have fingered users i created and discovered they were SSH'ing in ... come to find out they have passwords like "test123" or something simple. The compromised accounts were dealt with accordingly, mostly by deletion. So all passwords must now meet complexity requirements to exist on this host from now on :)
[09:33] <rbasak> If possible, I'd go further and require key only authentication
[09:33] <rbasak> I understand that's not always possible. But even Windows clients can use keys.
[09:34] <riz0n> Well I use PuTTY
[09:34] <riz0n> And WinSCP.. that's the only ways I manage the server
[09:34] <rbasak> PuTTY does support it. There's Pageant (?) that it integrates with.
[09:35] <riz0n> I may have to check into that. It is something I have thought of.. and store said key in a safe place.
[09:35] <riz0n> Push comes to shove I always have the console I can login to. :)
[09:35] <rbasak> Keys are randomly generated, so they can't really be guessed (if they're big enough). Only compromised. That's still a big step.
[09:35] <rbasak> I'm looking forward to *proper* 2-factor auth. Upstream openssh have it in their repo. Not sure if they've released it yet.
[09:37] <riz0n> This Linux server has really been a great learning tool. Especially learning how to maintain apache, write php, and manage a mysql database.. it has been online since 8.04 in 2008 :)
[09:37]  * rbasak should retire his 8.04 server at some point :-/
[09:37] <riz0n> I have kept it up to date :)
[09:37] <riz0n> I am running latest LTS
[09:38] <riz0n> but yes it really needs retiring
[09:38] <riz0n> I've replaced the actual "server" a couple of times with upgraded hardware but kept the same disk... same disk running 24/7 for 5 years... yep time for a replacement
[09:39] <riz0n> i'm thinking... AMD 8-core/8-GB w/ 3 500GB SATA RAID5... I get Microsoft R2 through Software Alliance. I really want to dive into virtualizing this Linux server for long-term use
[09:41] <riz0n> Let me clarify.. Windows 2008 Datacenter R2
[09:41] <riz0n> Guess you can say that's one benefit of going to college. :)
[09:41] <mardraum> hyper v is free, man
[09:42] <riz0n> Yeah I know hyperv is free, but there are other plans in place for the R2... want to be able to run both virtually, along with Windows 7 in a virtual machine as a "cloud computer" ... all under one roof
[09:43] <riz0n> We use it in class, and the more I can do / accomplish at home from a "lab component" side of things.. the less I have to travel to campus to use their crap computers :)
[09:45] <riz0n> plus 'john' and i are discussing setting up exact configurations, with a VPN tunnel connecting servers together, to allow our web servers to have immediate replication... to test disaster recovery scenarios
[09:47] <riz0n> but it will be a while before we can do the tunnels and stuff... we are waiting for the telco/cable provider to finish their upgrades so we can get Fiber
[09:55] <riz0n> we also have 'jack' in denver... who will also upgrade to the necessary telco line when appropriate, who will also be in on this project.. the plan is to have a data contingency/disaster recovery plan in place where all the servers are replicating all data (so if john updates a file on his web site in his home folder, it automatically goes everywhere) or if jack gets email.. all servers
[09:55] <riz0n> have a copy.. The plan is to be able to simulate an earthquake scenario (or some other major disaster) which would render Server A inoperable, but all other servers are online and can pick up the load. Conceptually it sounds good on paper and we can sit and read about it in class all day long... but unless we can implement it and have it working, concepts are useless.
[09:57] <riz0n> The plan is to have servers purchased at end of September, operational mid-october, ready to demonstrate by end of semester at the end of November. But till then, john and jack have a lot of linux learning to do before they play russian roulette with riz0n's server :P
[10:05] <riz0n> We will be simulating a corporation in production environment, where there will be an Intranet site, on both Windows 2008 and Ubuntu respectively, both interfacing with MS-SQL and MySQL. We also will learn about Exchange, and mail sevices in Linux (which I am already familiar with).. Need to be able to do Remote Desktop Services and allow the "production computers" to run software from
[10:05] <riz0n> the R2 server, mainly Outlook. I think we can get most the software we need to do this project through the Software Alliance and open-source. But we also will be using the resources to serve our personal needs, like hosting personal web pages and each of us having a virtualized Windows 7 desktop environment we can work from. Right now we are just waiting on the financial grants to go in
[10:05] <riz0n> the bank. We're all excited about this project. At least I know I am! I just wish I had the funding to get a head start on having my end of things ready.
[12:09] <Daviey> jamespage: Hey, I think we want to keep blueprint assignees as ~ubuntu-server, but set the Drafter as the person on point for the blueprint.. no?
[12:11] <jamespage> Daviey, probably  :-)
[12:14] <Daviey> jamespage: We used the assignee field as way of tracking all of them previously.
[12:48] <sander^work> Do anyone know common rasons  lsyncd have delays when transfering files?
[12:49] <sander^work> I read default sync time is 15 seconds, but its taking way longer than that.
[13:04] <jamespage> Daviey, I re-jigged that blueprint in terms of ownership
[13:30] <zul> jamespage/yolanda: https://code.launchpad.net/~zulcss/swift/saucy-fix/+merge/162352
[13:39] <jamespage> zul, lgtm
[13:44] <zul> jamespage:  thanks
[14:24] <resno> can someone tell me running ubuntu server 7.10 is bad. bad enough i should build a new server in its place. i just need to hear someone agree with my thoughts.
[14:26] <genii-around> resno: It's past End-Of-Life and not even a Long Term Support version.
[14:27] <resno> genii-around: my thoughts exactly. it was just handed to me to add to my server, and i shriked when i saw it
[14:27] <jacobw> It's pretty gutsy to still be running 7.10 on a server
[14:27] <resno> gutsy is putting it lightly
[14:27] <resno> imo
[14:27] <resno> i was just curious if i was the crazy one
[14:27] <jacobw> See what I did there?
[14:27] <genii-around> jacobw: You punster you.
[14:28] <jacobw> :)
[14:29] <resno> heh
[14:29] <arrrghhh> resno, upgrading that box will not be easy.
[14:29] <arrrghhh> i would definitely do a clean install
[14:30] <resno> im only doing a clean install
[14:30] <resno> the upgrade path would be not worth the hassle
[14:30] <arrrghhh> good :)
[14:31] <arrrghhh> no.  and it would probably break terribly.
[14:31] <resno> i just want people to tell me, i am a sane person
[14:31] <resno> for wanting to blast it away
[14:32] <genii-around> !badident > trapni
[14:32] <arrrghhh> nice there's a quick message for that haha
[14:33] <arrrghhh> so anyone around can help with my openvpn issue?  I run openvpn as a client on my server, so I have eth0 and tun0.  Some services, like apache or ssh I would rather not tunnel... Now I assume I will need to do some trickery with route and iptables, but can someone poke me in the right direction?
[14:37] <genii-around> trapni: Apologies, I sent the wrong factoid.
[14:37] <genii-around> !doublejoin
[14:38] <genii-around> The one above was the intended.
[14:39] <jacobw> arrrghhh: route only the network the VPN provides through the tunnel
[14:40] <arrrghhh> jacobw, yes, I would like to know how to achieve this :)
[14:41] <arrrghhh> I'd like to route based on service or port, but I'm not sure this is possible
[14:44] <Nafallo> arrrghhh: not without a bunch of fiddling on the console ;-)
[14:44] <Nafallo> nothing is impossible :-)
[14:44] <jacobw> arrrghhh: ip r add default via NOTVPNGATEWAY dev eth0; ip r add 192.168.0.0/24 dev tap0
[14:49] <jacobw> arrrghhh: Where 192.168.0.0/24 is the network the VPN provides
[14:51] <arrrghhh> jacobw, how does this enable me to route based on port/service tho?  Sorry, I'm not sure what to do with your commands.
[14:51] <jacobw> arrrghhh: You can't route based on UDP/TCP port because routing is a function of IP, but you can NAT based on port and route from your NAT'd addresses differently to your not NAT'd addresses
[14:51] <arrrghhh> ah, by marking packets?
[14:52] <arrrghhh> I think I was reading about this, I probably need to do some more... still over my head
[14:53] <jacobw> arrrghhh: You don't need to MARK, you can handle it all with NAT, but, you could MARK and it might make your rules more readable.
[14:55] <arrrghhh> hm.  do you have some stuff you suggest I read to learn more?
[15:03] <jacobw> arrrghhh: http://www.karlrupp.net/en/computer/nat_tutorial
[15:04] <arrrghhh> sweet, thank you!
[15:29] <Youssefk> Hello, does anyone of you guys know if the reboot problem in juju has been fixed or not?
[15:30] <rbasak> Youssefk: I'm not sure what you're referring to. But if you can't get an answer here, try #juju.
[15:32] <Youssefk> When you set up an environment using juju, for example wordpress and mysql, when you reboot your system the environment refuses to start again and you have to do everything again
[15:32] <Youssefk> okay I'm gonna check #juju
[15:52] <Heavenstorm> I am using wpa_supplicant to establish a wireless connection on bootup. After it boots up it won't connect but all I have to do is enter dhclient wlan0 and it works. Does anyone know how to fix that?
[15:52] <Heavenstorm> (entering into the command line)
[15:53] <GrueMaster> Heavenstorm: You can probably add a line in /etc/network/interfaces to set wlan0 to auto dhcp.
[15:54] <hallyn> how are you starting wpasupplciant?  with a pre-up line in interfaces(5), or an upstart job?
[15:54] <Heavenstorm> I have done that. I changed it to static to see if that would fix it.
[15:54] <Heavenstorm> I have a pre-up line script
[15:55] <Heavenstorm> So I've tried it both ways
[15:56] <hallyn> hm.  dunno.  (i do it by hand, ahven't tried with interfaces(5))
[15:57] <hallyn> might pastebin your interfaces file, someone might see something
[15:58] <kantlivelong> is there a way i can upgrade 10.04 to 12.04?
[15:58] <Heavenstorm> Thanks for your input on this. I'm not sure what interfaces(5) is. Is that the same thing as the /etc/network/interfaces file?
[15:59] <sarnold> kantlivelong: look into do-release-upgrade(8)
[15:59] <Heavenstorm> (Or the thing that parses the file)
[15:59] <Heavenstorm> ?
[15:59] <GrueMaster> Heavenstorm: That is the man page for interfaces.  "man interfaces".  Also, google found http://wiki.debian.org/WiFi/HowToUse
[15:59] <kantlivelong> sarnold: oh haha i just noticed the LTS option durr
[15:59] <GrueMaster> Might help
[16:00] <markthomas> kantlivelong: make a good backup first :)  If you use LVM, do an LVM snapshot.
[16:00] <Heavenstorm> Okay thanks again
[16:00] <kantlivelong> markthomas: yup :)
[16:02] <Heavenstorm> Here's a question (being new to linux) I see things like ifup(8), the command "ifup" usually isn't entered with the "(8)". What does that number mean?
[16:02] <sarnold> Heavenstorm: that tells you which manual section contains documentation for that command or file
[16:03] <sarnold> Heavenstorm: man man describes the different sections; 1 for user commands, 8 for admin commands, 2 for system calls, 3 for library calls..
[16:04] <Heavenstorm> Thanks for pointing that out. I'm reading man man now
[16:04] <sarnold> Heavenstorm: you can get different commands or syscalls; check out the difference between 'man 1 reboot' and 'man 2 reboot'
[16:04] <sarnold> err, that'd be man 8 reboot and man 2 reboot   :)
[16:06] <Heavenstorm> I get it now
[16:29] <jamespage> zul, https://code.launchpad.net/~james-page/cinder/havana-pep8-deps/+merge/162309
[16:30] <zul> jamespage:  i dont think we need the -v either
[16:32] <jamespage> zul, OK - fixing that now
[16:32] <zul> cool
[16:37] <Heavenstorm> If I have set my interface (wlan0) to static why would dhclient have any effect on it?
[16:38] <jamespage> zul: for some reason alot of git poll processed got stacked in the lab - I killed them and it freed stuff up
[16:38] <zul> jamespage:  cool
[16:40] <psivaa> jamespage: hallyn: The lxc tests on saucy have http://pastebin.ubuntu.com/5629624/ in https://jenkins.qa.ubuntu.com/view/Saucy/view/Smoke%20Testing/job/saucy-server-amd64-smoke-lxc/4/
[16:40] <Heavenstorm> Thank you everyone for your help. It's still mysterious but I have some new ideas now.
[16:40] <psivaa> jamespage: hallyn: whenever you have time to look at ^
[16:41] <zul> jamespage:  +1
[17:08] <lwizardl> I have a problem with comcast blocking a smtp server on port 25 on my service. Would swapping the Arris modem/router they gave me with my own bought modem stop that block? since I was reading the Arris modem allows them to block ports on the network
[17:10] <sarnold> lwizardl: no, that does not help.
[17:13] <patdk-wk> I have comcast, and they don't block port 25
[17:13] <patdk-wk> the question is, did you sign up for a business class service?
[17:14] <lwizardl> patdk-lap: not yet I still have to wait a few months for my current bs service to expire. then I can get it as business class
[17:15] <hallyn> psivaa: looking
[17:21] <hallyn> psivaa: oh, so that's not an error in the tests, but the bzr package importer...  i'll need to resolve manually
[17:21] <psivaa> hallyn: ack, thank you
[17:22] <GrueMaster> Has anyone figured out why 12.04.2 server (amd64) boots to tty7 instead of tty1 by default?
[17:26] <arrrghhh> GrueMaster, I always ssh to the box... never really noticed.
[17:28] <parallel21> GreuMaster: from what I understand 1 through 6 is reserved to text mode.
[17:29] <parallel21> GrueMaster: but this look interesting… https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/695658
[17:37] <GrueMaster> parallel21: This doesn't happen in 12.04, but does after updating to 12.04.2 (or installing 12.04.2 from scratch), suggesting a regression.
[17:38] <GrueMaster> I really don't have time to be parsing and debugging Ubuntu bugs like this (not that it mattered when that was my job).
[17:50] <Arrick> hey all, I am having issues getting vsftpd to allow users to connect (Internal web site) so that they can upload/download data from our 12.04 server... I'm reading the documentaiton here: https://help.ubuntu.com/12.04/serverguide/ftp-server.html#vsftpd-ftp-server-installation however, I cant connect to it for some reason.
[17:53] <noxs> Servicetag
[17:54] <Arrick> huh?
[17:54] <Arrick> IdleOne, good afternoon.
[18:02] <hallyn> psivaa: I think it should be fixed, please re-try the test when you get a chance
[19:13] <psivaa> hallyn: the lxc tests have now passed, thanks
[19:13] <hallyn> psivaa: awesome
[19:14] <psivaa> :)
[19:34] <adam_g> Daviey, any chance you could take a look at the python-glanceclient package in queue for raring-proposed ?
[19:39] <Daviey> adam_g: Potentially
[19:39] <adam_g> Daviey, nothing major, just a cherry-picked patch
[19:42] <Daviey> adam_g: Are you wanting to upload it to the CA aswell?
[19:42] <adam_g> Daviey, after its been SRU'd to raring, yes
[19:47] <phunyguy> quick question.... I have a router that is ubuntu server, and there are several subnets attached that can all talk to each other freely.  Is there any (easy) way to get it to bounce multicast packets between networks? It's not a large network, so I am not worried about broadcast traffic becoming an issue.  I have installed pimd, but Others say it "just works", however I cannot get it to work.  Any ideas?
[19:47] <phunyguy> I also read something about mangling the broadcast packets to have a ttl of +1
[19:47] <phunyguy> which I did, no luck.
[19:58] <adam_g> Daviey, thanks
[22:15] <Heavenstorm> I am using ubuntu 12.10LTS and have been able to get my wireless interface up to the point that all I have to do is type in "dhclient" when it's booted. But how can I make it so it works without having to do that?
[22:17] <sarnold> Heavenstorm: 12.04 LTS? Or 12.10? those are different things..
[22:17] <Hitiek> my /boot is full. I'm trying to apt-get remove some of the old linux-image-* packages, but I can't because apt-get complains with "linux-image-server : Depends: linux-image-3.2.0-40-generic but it is not going to be installed". Anyone have a suggestion how I get around this?
[22:18] <Heavenstorm> You're right I'm using 12.04.2 LTS
[22:20] <Heavenstorm> I've been working on this issue for weeks. So far I'm using wpa supplicant and calling it from within the interfaces config
[22:24] <sarnold> Hitiek: you could delete a file or two by hand.. just make sure you remove files you intend to remove via apt shortly
[22:24] <Heavenstorm> It is called from a pre-up command and calls the wpa config file. The device is associated and the configuration data is there to give it a static ip.
[22:25] <Heavenstorm> Honestly I don't understand why I need to run dhclient for that reason
[22:26] <Heavenstorm> Do I need to somehow run dhclient during the bootup sequence or is there some obvious step I could be missing?
[22:31] <genii-around> Heavenstorm: Maybe you need a post-up command calling the dhclient
[22:32] <Heavenstorm> Problem with that is ifup won't work until dhclient is running. Will that affect it?
[22:33] <Heavenstorm> I guess it won't hurt to try
[22:34] <Heavenstorm> Right now I just tried it with a new pre-up command.
[22:34] <Heavenstorm> It worked!
[22:34] <Heavenstorm> But the ip address isn't want I set it to.
[22:37] <Heavenstorm> I will change the order of the config file to declare it after the pre and post-ups and see what happens
[22:41] <Heavenstorm> Do you know how to make it stop waiting for the network configuration? It always seems to time out and makes bootup a major drag.
[22:42] <sarnold> Heavenstorm: are you confident you ca'nt just poke a hole in your dhcp for a static ip for your server? servers on dhcp are .. odd.
[22:43] <Heavenstorm> I'm trying to make it a static ip. For whatever reason it won't work unless I run dhclient. It is the wireless side though and it goes to a wireless in-home router connected to the Internet.
[22:43] <riz0n> I have my DD-WRT set to give my server a "static IP" through DHCP... works beautifully.
[22:44] <Heavenstorm> The wired part is going to another router that will be an access point for my brother's kids with a transparent proxy used for a content filter and monitoring device.
[22:44] <Heavenstorm> At least that is my plans for it. Now I'm just trying to get internet into it
[22:45] <Heavenstorm> I just found out that the order in which things are declared in the config file seems to matter. It's all hosed now cause I switched things up. I hate cut and paste in nano!
[22:46] <riz0n> Heavenstorm: use WinSCP and edit the files that way
[22:46] <GrueMaster> Heavenstorm: Use vim.  It is easier.
[22:46] <Heavenstorm> Yes, vim, if I only had the patience to learn it.
[22:47] <GrueMaster> riz0n: In what universe is editing linux/unix config files on a Windows system easier?
[22:47] <riz0n> well when your linux system has no keyboard, mouse, or monitor attached, they got to be edited somehow :)
[22:48] <Heavenstorm> Good point but honestly I'd rather learn vim!
[22:48] <GrueMaster> ssh->vim
[22:48] <patdk-lap> rsh! :)
[22:49] <sarnold> patdk-lap :)
[22:49] <patdk-lap> oh wait, we are talking about cat
[22:49] <patdk-lap> I'm glad I got to toss the server that *required* rsh access last year
[22:49] <sarnold> patdk-lap: holy cow
[22:50] <sarnold> patdk-lap: it's been over a decade since I've used a system that even supported rsh.. maybe even 15?
[22:50] <patdk-lap> I had never used rsh ever, till that system
[22:51] <patdk-lap> I had used telnet and ssh, but never before rsh
[22:51] <patdk-lap> I did restrict rsh access to a single ip, but needed to use it to setup user quotas
[22:54] <Heavenstorm> Later all I think I'm onto something. Thanks for your input.