/srv/irclogs.ubuntu.com/2015/01/03/#ubuntu-server.txt

cryptodanAnnoyed: it might be00:00
Annoyedls00:06
Annoyedhow would that work?00:08
cryptodanI wouldnt know as I do not use a PC for a router00:10
AnnoyedI just don't get how the thing can retain the masq. settings after reboot.00:13
cryptodanyou can run a tcpdump session and analyze the traffic with wireshark00:14
bekksAnnoyed: ufw e.g. saves and loads settings upon reboot.00:15
AnnoyedThat's not enabled right now.00:15
AnnoyedOk, that mystery is cleared up.00:25
bekksHow did it clear up?00:26
AnnoyedThe other machine on the "inside" was getting out through it's wlan interface.00:26
Annoyedkilled that, and now it's behaving as expected; can get to the router box, but no farther.00:26
AnnoyedSo, client machine can get DHCP address & DNS from the server box. but can't get out. Going try ufw "by the book" again00:33
Annoyedcryptodan: by the  way, that /etc/udev/rules.d directory you mentioned  is empty00:37
AnnoyedThere's a readme that sends you to /etc/udev/rules.d/00:42
AnnoyedI think I'm gonna turn that damned thing off.. no frakkin' idea why they want to rename things anyway00:43
cryptodanit shouldnt be empty00:46
AnnoyedWell, just turned it off in grub.00:46
cryptodanAnnoyed: http://dpaste.com/0KDQCFV00:48
AnnoyedMine has the  readme, that's it00:50
AnnoyedWell, that went well. It doesn't even see either ethernet card now00:51
Annoyedifconfig shows lo, that's it00:51
cryptodanAnnoyed: time to reinstall00:52
AnnoyedThis IS a new install. just doing initial setup.00:52
Annoyedand there is no /dev entry for eth* of any sort00:53
jerrcsyou should be using "ip addr" or "ifconfig -a"01:02
jerrcsthe interface COULD be down.01:02
jerrcs(just as a best practice, no one else seemed to comment on that)01:03
AnnoyedWell, there should STILL have been a /dev entry for eth(x)01:09
AnnoyedApparently, you have let it rename things.01:10
=== Lcawte is now known as Lcawte|Away
AnnoyedThe cynical side of me thinks they are overcomplicating this in order to generate paid support calls01:13
jerrcsAnnoyed: so it shows up there?01:18
jerrcsor not01:18
Annoyedthe only way the machine sees it's ethernet intefaces is with biosdevname turned on. then it sees p2p1 and p3p1, both enet cards01:19
AnnoyedNot sure yet... but I think I might have it01:38
AnnoyedSetting the default policy on the input chain to accept allows the inside machine to work.... So. maybe you have to add established/related rules via ufw01:39
cryptodanAnnoyed: you say biosdevname exists in the latest server iso?01:50
AnnoyedThat's what Installed. 14.04.1, downloaded last week01:51
cryptodanim downloading now and will install in a VM01:51
Annoyedso much for the idea or needing established/related rules.01:58
AnnoyedThey're in the before.rules file already01:58
cryptodan3 more minutes on download01:59
benpardoIf I'm not supposed to do things on root, how do I get to run my reverse proxy on port 80?01:59
Annoyedsudo su to get root permissions temporarily02:00
Annoyed"sudo su" that is02:00
benpardoAnnoyed: Is that secure? That's the best way to do it?02:01
benpardoAnnoyed: don't mean to be a pain in the ass, I'm just new to this.02:01
AnnoyedAs far as I know. the root account is disabled by default, but if you want to enable it, you can. But "sudo su" gives  you temp. access, usually all you need02:02
cryptodanAnnoyed: installing02:04
benpardowhat folder on ubuntu should I put the generated static files being served?02:10
cryptodanAnnoyed: I just installed a fresh copy of Ubuntu Server 14.04.1 and my devices for ethernet are Eth002:10
tewardbenpardo: it depends on the website configuration - if you're on standard Apache, I think it's on /var/www/ somewhere, if you're on nginx, you should make your own docroot somewhere02:13
benpardoteward: I'm nodejs, does it matter?02:13
benpardoteward: although nginx is going to be the reverse-proxy02:14
tewardbenpardo: then refer to the nodejs configuration02:14
tewardbenpardo: i've never used nodejs, but in all web servers and setups, the docroot varies based on the configurations02:14
tewardbenpardo: so refer to your configurations and find where the document root is02:15
benpardoteward: ah, I see. It may not actually matter and may be something I can set myself02:15
Annoyedcryptodan: Maybe because I'm using UEFI setup on the drives?02:15
cryptodanthat wouldnt matter Annoyed02:16
tewardbenpardo: yes, it really depends on what nodejs lets you configure.  it may have a fixed document root or a variable one, it really depends on the configurations, and really the docroot can be anywhere so long as the web server has the access it needs to the docroot02:16
benpardoteward: that really helps02:17
Annoyedcryptodan: Well, I dunno. I have no idea why it's renaming them. I don't really like it, but it's not worth redoing the past week's work to re-install to see what I get. I can live with odd names. And I really don't think that's why I'm having ufw issues. UFW / Iptables IS working now, 'cause I have the default policy for  the input chain set to accept. If the device names were the issue, I don't think it would work02:19
=== zz_DenBeiren is now known as DenBeiren
AnnoyedBut I shouldn't have to set input chain policy to accept to get NAT to work02:20
AnnoyedEither UFW can't handle NAT and firwalling right, (which I doubt) or there's something I'm not seeing02:21
cryptodanUFW can02:21
AnnoyedI would think it would be able to, but I'm not seeing something.02:42
AnnoyedThanks, folks.03:38
Annoyedenough on this for today03:38
=== bilde2910|away is now known as bilde2910
=== hachre_ is now known as hachre
lordievaderGood morning.09:05
lnxmenGood morning. ;)09:21
=== Lcawte|Away is now known as Lcawte
samba35how do i assign ip address  another guest  from guest has dhcp server (both as guest )13:05
samba35using ovs version 2.0.2 on ubunut13:05
samba35using openvswitch13:05
musttihappy new year 2015 to all13:08
hariomI have added an init script. Ran the update-rc.d command to run it after reboot (ps: http://paste.ubuntu.com/9664927/) but after reboot it doesn't run. Manually it runs fine.13:11
hariomHere is my init script: http://paste.ubuntu.com/9664956/13:16
hariomI have added an init script. Ran the update-rc.d command to run it after reboot (ps: http://paste.ubuntu.com/9664927/) but after reboot it doesn't run. Manually it runs fine.13:19
hariomHere is my init script: http://paste.ubuntu.com/9664956/13:19
jefincanyone awake?14:14
ObrienDavebarely14:16
jefincuh oh too many brown bottles14:17
fabiofranco85(Ubuntu 14.04 LTS) Need to change locale settings for a specific country (pt_BR). The problem is when try to use resources that use these setting it returns the wrong results. Example: In java if I try to get the currency symbol it gives me BRL when it should give me R$ and the decimal separator is , and it gives me . (and the other way around too). I came to the conclusion the problem15:49
fabiofranco85is with the operating system configuration since I tried on a machine runing windows and it worked perfectly. Any suggestions?15:49
bekksfabiofranco85: I guess thats correct so far (at least for the currency), since the international identifier for your currency is BRL, not R$ (which is the national one). It is the same for the Euro with EUR vs. €, and for the US Dollar with USD vs $.15:51
fabiofranco85bekks: I understand but is there a file or some place where I can set the Display symbol for the currency?15:55
fabiofranco85bekks: I´m asking this because as I said it works on windows but when I run it on ubuntu server it goes wrong... and it´s not just the symbol15:56
fabiofranco85bekks: the decimal and thousand separator are also wrong15:56
jefinchow do I create a server that is then setup so that no matter what computer I access on the network I login with the same user/password and all my preferences are the same?15:56
Patrickdkldap+nfs16:09
AnnoyedGreetings16:09
AnnoyedAny of the folks who were helping me yesterday around?16:09
Annoyedanhyone here good with iptables?16:14
jerrcswhat's your question?16:15
Patrickdk!ask16:15
ubottuPlease don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience16:15
jerrcs400 ppl in the channel, i'm sure someone will know something about iptables.16:15
Patrickdkdo bots count?16:16
jerrcsyup16:16
Patrickdkand I count 3 times?16:16
jerrcsyep16:16
Patrickdkcan I get payed 3 times?16:17
jerrcsabsolutely16:17
AnnoyedCan I specify a list of ips on an allow line? such as -A input -i [interface_name] x.x.x.x, y.y.y.y, z.z.z.z -j ACCEPT ??16:17
Patrickdkno, and that is highly invalid even if you didn't16:17
AnnoyedYeah, I know.. the exact syntax isn't right16:18
jerrcsAnnoyed: have you tried CIDRs instead? or are the IPs in different ranges?16:18
Annoyedjerrcs: totally different16:18
jerrcsthen negative, it doesn't work that way16:18
Patrickdkthe solution is to use, ipset16:19
Annoyedbah. I have to allow ssh anda few other things from several ips and I wanted to do it on one line16:19
jerrcsfirst result on google - http://www.gossamer-threads.com/lists/gentoo/user/21036116:19
jerrcsthey give a few ideas for creating "sets" of rules16:20
AnnoyedJerrcs, if you recall, I was having difficulty with ufw yesterday? couldn't get it to do NAT unless the default input policy was accept?   I ended up giving up on it and writing a manual ruleset.. that does work16:22
Patrickdkdo what?16:23
Patrickdkinput policy has NOTHING to do with nat at all16:23
Patrickdknat ONLY uses the forward rules16:23
AnnoyedWell, following the ufw  directions at https://help.ubuntu.com/14.04/serverguide/firewall.html to the letter, I couldn't get a natted box online unless I opened the input chain.16:25
Patrickdkyes, your diagnostics where wrong though16:25
Patrickdkmaybe your NAT server also did DNS?16:26
Patrickdkand you didn't open up DNS? on input/output chains?16:26
Patrickdktherefor it *seemed* like nat was broken?16:26
Patrickdkand you did apply the correct rules to allow the required icmp through both?16:27
AnnoyedHmmm... Well, the machine does run DNS (full server, not cache) and it is able to resolve it's own needs fine16:27
Patrickdkbut can the machine you tested nat on resolve fine?16:28
Patrickdkyou ahve to test the whole stack16:28
Patrickdknot just the end result16:28
AnnoyedNot sure about ability to resolve. I think it could, though.16:32
Patrickdkmy recommendation though, would be to use shorewall16:33
Patrickdkafter years of doing iptables and ipchains myself, and finding my own issues, like multible rules interacting to cause holes I didn't want and stuff16:33
Patrickdkshorewall just makes my life so much easier16:33
jerrcsi honestly use raw rules and not much of these programs16:33
jerrcsso i cannot speak on  them16:33
PatrickdkI do raw iptables too, but shorewall on anything harder now :)16:34
Patrickdkbut sometimes I need to get creative, and use raw iptables for things, expecially stuff like ipvs and manual protocol violations16:34
Patrickdkcause shorewall isn't made to actually break things16:34
Patrickdkthings can get alittle fun, when you have like 15+ nic's on a system, it's just a royal pain to do all that manually in iptables16:35
AnnoyedBut I don't have any allowances for port 53 in my current ruleset, and it works. I assume established,related allows the returns for outbound DNS queries16:36
Patrickdkyes16:36
Patrickdkbut what accepts inbound from your machines from *behind* the nat?16:37
Patrickdkworkstation -> nat -> outside dns16:37
Patrickdkyou have to accept workstation -> nat first, before nat can go outside16:37
Patrickdkthat wouldn't be a forward rule, cause your contacting a dns server onyour nat box, most likely16:38
Annoyedthe nat box IS the dns server also.16:38
Patrickdkwhat I said is full of assumptions about how you set things up16:38
Annoyedyes, exactly16:38
Patrickdkbut normally that is how people do it16:38
Annoyedbut I do recall errors in the logs regarding port 5316:38
Patrickdkon a normal home nat setup, you need to accept dhcp, dns, probably just all of icmp, and then if you get more fancy, upnp16:39
AnnoyedJan  2 21:56:22 unimatrix0 kernel: [ 6682.487057] [UFW BLOCK] IN=p2p1 OUT= MAC=10:c3:7b:db:99:5a:48:5b:39:1e:29:5b:08:00 SRC=172.16.0.13 DST=172.16.0.254 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=48164 DF PROTO=UDP SPT=5088 DPT=53 LEN=5916:40
Annoyedso, if I get you right, I would have to allow port 53 from any inside interface ?16:43
AnnoyedI'm no iptables expert, so I assume something like ufw could write a better ruleset than I can, so I tried that.16:44
AnnoyedIf I want to use ufw, just add a rule to allow anything from the inside interface to the input chain?16:46
AnnoyedPatrickdk: You still here?18:02
AnnoyedIf so, thank you. It was indeed DNS that was being blocked18:03
Patrickdkufw doesn't write rulesets18:04
Patrickdkit only is an interface between you and iptables18:04
Patrickdkpersonally, I think it's a pointless interface18:04
Patrickdkbut since ubuntu/debian has no persistant iptables interface, it needed something18:04
AnnoyedWell, thank you anyway. I added lines to /etc/ufw/before.rules as follows18:07
Annoyed# allow all on inside interface18:07
Annoyed-A ufw-before-input -i p2p1 -j ACCEPT18:07
Annoyed-A ufw-before-output -o p2p1 -j ACCEPT18:07
Annoyedbasically copied the settings for lo   and was all set18:08
Annoyedworking as desired18:08
AnnoyedAnd I assume that ufw can do a better job writing a ruleset than I can. =)18:09
Patrickdkif p2p1 is your *local* network, should be good enough :)18:15
AnnoyedYes, p2p1 is my inside interface18:46
Annoyedp3p1 is outside. For some reason, Ubuntu renamed them.18:47
AnnoyedI tried to disable the biosdevname thing but it wouldn't even see ANY network intefaces then.18:48
AnnoyedAs long as it works, I'm not going worry about what it calls them18:48
jefincso on my work's windows network I sign in with the same username/password from any computer within the network and it saves my settings/info etc., how do I do that with ubuntu?21:11
=== _KaszpiR__ is now known as _KaszpiR_
SchrodingersScatjefinc: https://help.ubuntu.com/community/SettingUpNFSHowTo ?21:44
jefincSchrodingersScat: I will give it a go, thanks :)21:44
NineTeen67CometHello all .. been a while since I set up Ubuntu server (I've been running 13.04 for a while) .. this time however I moved 000-default to sites-available and restarted with my virtual files in sites-enabled but it still goes to the default Apache page .. is there another command I'm missing?22:03
NineTeen67Cometapachectl something?22:04
NineTeen67CometI have directories in /var/www to represent the sites I'm running (re-building) ..22:07
=== bilde2910 is now known as bilde2910|away
zolHi! I'm having trouble setting up my home network configuration. I have two NICs, one configured for WAN and the other for WAN on a subnet with range 10.0.0.0/24. The router has static ip 10.0.0.1, I can ping the router form the LAN clients, but I can't ping the clients from the router. The LAN clients can't reach outside of the LAN. I am using ufw as a firewall, I have NAT enabled to the best of my22:51
zolknowledge. I'm feeling terribly lost, have been trying to fix this for 6 hours now.22:51
zoland the other for LAN*22:51
zolI can't seem to get outgoing packets to be allowed by UFW.22:52
jdstrandzol: I suggest you look at the section on 'IP Masquerading' in 'man ufw-framwork'23:36
jdstrandzol: sorry, 'man ufw-framework'23:36
* jdstrand wanders off again23:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!