[00:00] <cryptodan> Annoyed: it might be
[00:06] <Annoyed> ls
[00:08] <Annoyed> how would that work?
[00:10] <cryptodan> I wouldnt know as I do not use a PC for a router
[00:13] <Annoyed> I just don't get how the thing can retain the masq. settings after reboot.
[00:14] <cryptodan> you can run a tcpdump session and analyze the traffic with wireshark
[00:15] <bekks> Annoyed: ufw e.g. saves and loads settings upon reboot.
[00:15] <Annoyed> That's not enabled right now.
[00:25] <Annoyed> Ok, that mystery is cleared up.
[00:26] <bekks> How did it clear up?
[00:26] <Annoyed> The other machine on the "inside" was getting out through it's wlan interface.
[00:26] <Annoyed> killed that, and now it's behaving as expected; can get to the router box, but no farther.
[00:33] <Annoyed> So, client machine can get DHCP address & DNS from the server box. but can't get out. Going try ufw "by the book" again
[00:37] <Annoyed> cryptodan: by the  way, that /etc/udev/rules.d directory you mentioned  is empty
[00:42] <Annoyed> There's a readme that sends you to /etc/udev/rules.d/
[00:43] <Annoyed> I think I'm gonna turn that damned thing off.. no frakkin' idea why they want to rename things anyway
[00:46] <cryptodan> it shouldnt be empty
[00:46] <Annoyed> Well, just turned it off in grub.
[00:48] <cryptodan> Annoyed: http://dpaste.com/0KDQCFV
[00:50] <Annoyed> Mine has the  readme, that's it
[00:51] <Annoyed> Well, that went well. It doesn't even see either ethernet card now
[00:51] <Annoyed> ifconfig shows lo, that's it
[00:52] <cryptodan> Annoyed: time to reinstall
[00:52] <Annoyed> This IS a new install. just doing initial setup.
[00:53] <Annoyed> and there is no /dev entry for eth* of any sort
[01:02] <jerrcs> you should be using "ip addr" or "ifconfig -a"
[01:02] <jerrcs> the interface COULD be down.
[01:03] <jerrcs> (just as a best practice, no one else seemed to comment on that)
[01:09] <Annoyed> Well, there should STILL have been a /dev entry for eth(x)
[01:10] <Annoyed> Apparently, you have let it rename things.
[01:13] <Annoyed> The cynical side of me thinks they are overcomplicating this in order to generate paid support calls
[01:18] <jerrcs> Annoyed: so it shows up there?
[01:18] <jerrcs> or not
[01:19] <Annoyed> the only way the machine sees it's ethernet intefaces is with biosdevname turned on. then it sees p2p1 and p3p1, both enet cards
[01:38] <Annoyed> Not sure yet... but I think I might have it
[01:39] <Annoyed> Setting the default policy on the input chain to accept allows the inside machine to work.... So. maybe you have to add established/related rules via ufw
[01:50] <cryptodan> Annoyed: you say biosdevname exists in the latest server iso?
[01:51] <Annoyed> That's what Installed. 14.04.1, downloaded last week
[01:51] <cryptodan> im downloading now and will install in a VM
[01:58] <Annoyed> so much for the idea or needing established/related rules.
[01:58] <Annoyed> They're in the before.rules file already
[01:59] <cryptodan> 3 more minutes on download
[01:59] <benpardo> If I'm not supposed to do things on root, how do I get to run my reverse proxy on port 80?
[02:00] <Annoyed> sudo su to get root permissions temporarily
[02:00] <Annoyed> "sudo su" that is
[02:01] <benpardo> Annoyed: Is that secure? That's the best way to do it?
[02:01] <benpardo> Annoyed: don't mean to be a pain in the ass, I'm just new to this.
[02:02] <Annoyed> As far as I know. the root account is disabled by default, but if you want to enable it, you can. But "sudo su" gives  you temp. access, usually all you need
[02:04] <cryptodan> Annoyed: installing
[02:10] <benpardo> what folder on ubuntu should I put the generated static files being served?
[02:10] <cryptodan> Annoyed: I just installed a fresh copy of Ubuntu Server 14.04.1 and my devices for ethernet are Eth0
[02:13] <teward> benpardo: it depends on the website configuration - if you're on standard Apache, I think it's on /var/www/ somewhere, if you're on nginx, you should make your own docroot somewhere
[02:13] <benpardo> teward: I'm nodejs, does it matter?
[02:14] <benpardo> teward: although nginx is going to be the reverse-proxy
[02:14] <teward> benpardo: then refer to the nodejs configuration
[02:14] <teward> benpardo: i've never used nodejs, but in all web servers and setups, the docroot varies based on the configurations
[02:15] <teward> benpardo: so refer to your configurations and find where the document root is
[02:15] <benpardo> teward: ah, I see. It may not actually matter and may be something I can set myself
[02:15] <Annoyed> cryptodan: Maybe because I'm using UEFI setup on the drives?
[02:16] <cryptodan> that wouldnt matter Annoyed
[02:16] <teward> benpardo: yes, it really depends on what nodejs lets you configure.  it may have a fixed document root or a variable one, it really depends on the configurations, and really the docroot can be anywhere so long as the web server has the access it needs to the docroot
[02:17] <benpardo> teward: that really helps
[02:19] <Annoyed> cryptodan: Well, I dunno. I have no idea why it's renaming them. I don't really like it, but it's not worth redoing the past week's work to re-install to see what I get. I can live with odd names. And I really don't think that's why I'm having ufw issues. UFW / Iptables IS working now, 'cause I have the default policy for  the input chain set to accept. If the device names were the issue, I don't think it would work
[02:20] <Annoyed> But I shouldn't have to set input chain policy to accept to get NAT to work
[02:21] <Annoyed> Either UFW can't handle NAT and firwalling right, (which I doubt) or there's something I'm not seeing
[02:21] <cryptodan> UFW can
[02:42] <Annoyed> I would think it would be able to, but I'm not seeing something.
[03:38] <Annoyed> Thanks, folks.
[03:38] <Annoyed> enough on this for today
[09:05] <lordievader> Good morning.
[09:21] <lnxmen> Good morning. ;)
[13:05] <samba35> how do i assign ip address  another guest  from guest has dhcp server (both as guest )
[13:05] <samba35> using ovs version 2.0.2 on ubunut
[13:05] <samba35> using openvswitch
[13:08] <mustti> happy new year 2015 to all
[13:11] <hariom> I have added an init script. Ran the update-rc.d command to run it after reboot (ps: http://paste.ubuntu.com/9664927/) but after reboot it doesn't run. Manually it runs fine.
[13:16] <hariom> Here is my init script: http://paste.ubuntu.com/9664956/
[13:19] <hariom> I have added an init script. Ran the update-rc.d command to run it after reboot (ps: http://paste.ubuntu.com/9664927/) but after reboot it doesn't run. Manually it runs fine.
[13:19] <hariom> Here is my init script: http://paste.ubuntu.com/9664956/
[14:14] <jefinc> anyone awake?
[14:16] <ObrienDave> barely
[14:17] <jefinc> uh oh too many brown bottles
[15:49] <fabiofranco85> (Ubuntu 14.04 LTS) Need to change locale settings for a specific country (pt_BR). The problem is when try to use resources that use these setting it returns the wrong results. Example: In java if I try to get the currency symbol it gives me BRL when it should give me R$ and the decimal separator is , and it gives me . (and the other way around too). I came to the conclusion the problem
[15:49] <fabiofranco85> is with the operating system configuration since I tried on a machine runing windows and it worked perfectly. Any suggestions?
[15:51] <bekks> fabiofranco85: I guess thats correct so far (at least for the currency), since the international identifier for your currency is BRL, not R$ (which is the national one). It is the same for the Euro with EUR vs. €, and for the US Dollar with USD vs $.
[15:55] <fabiofranco85> bekks: I understand but is there a file or some place where I can set the Display symbol for the currency?
[15:56] <fabiofranco85> bekks: I´m asking this because as I said it works on windows but when I run it on ubuntu server it goes wrong... and it´s not just the symbol
[15:56] <fabiofranco85> bekks: the decimal and thousand separator are also wrong
[15:56] <jefinc> how do I create a server that is then setup so that no matter what computer I access on the network I login with the same user/password and all my preferences are the same?
[16:09] <Patrickdk> ldap+nfs
[16:09] <Annoyed> Greetings
[16:09] <Annoyed> Any of the folks who were helping me yesterday around?
[16:14] <Annoyed> anhyone here good with iptables?
[16:15] <jerrcs> what's your question?
[16:15] <Patrickdk> !ask
[16:15] <jerrcs> 400 ppl in the channel, i'm sure someone will know something about iptables.
[16:16] <Patrickdk> do bots count?
[16:16] <jerrcs> yup
[16:16] <Patrickdk> and I count 3 times?
[16:16] <jerrcs> yep
[16:17] <Patrickdk> can I get payed 3 times?
[16:17] <jerrcs> absolutely
[16:17] <Annoyed> Can I specify a list of ips on an allow line? such as -A input -i [interface_name] x.x.x.x, y.y.y.y, z.z.z.z -j ACCEPT ??
[16:17] <Patrickdk> no, and that is highly invalid even if you didn't
[16:18] <Annoyed> Yeah, I know.. the exact syntax isn't right
[16:18] <jerrcs> Annoyed: have you tried CIDRs instead? or are the IPs in different ranges?
[16:18] <Annoyed> jerrcs: totally different
[16:18] <jerrcs> then negative, it doesn't work that way
[16:19] <Patrickdk> the solution is to use, ipset
[16:19] <Annoyed> bah. I have to allow ssh anda few other things from several ips and I wanted to do it on one line
[16:19] <jerrcs> first result on google - http://www.gossamer-threads.com/lists/gentoo/user/210361
[16:20] <jerrcs> they give a few ideas for creating "sets" of rules
[16:22] <Annoyed> Jerrcs, if you recall, I was having difficulty with ufw yesterday? couldn't get it to do NAT unless the default input policy was accept?   I ended up giving up on it and writing a manual ruleset.. that does work
[16:23] <Patrickdk> do what?
[16:23] <Patrickdk> input policy has NOTHING to do with nat at all
[16:23] <Patrickdk> nat ONLY uses the forward rules
[16:25] <Annoyed> Well, following the ufw  directions at https://help.ubuntu.com/14.04/serverguide/firewall.html to the letter, I couldn't get a natted box online unless I opened the input chain.
[16:25] <Patrickdk> yes, your diagnostics where wrong though
[16:26] <Patrickdk> maybe your NAT server also did DNS?
[16:26] <Patrickdk> and you didn't open up DNS? on input/output chains?
[16:26] <Patrickdk> therefor it *seemed* like nat was broken?
[16:27] <Patrickdk> and you did apply the correct rules to allow the required icmp through both?
[16:27] <Annoyed> Hmmm... Well, the machine does run DNS (full server, not cache) and it is able to resolve it's own needs fine
[16:28] <Patrickdk> but can the machine you tested nat on resolve fine?
[16:28] <Patrickdk> you ahve to test the whole stack
[16:28] <Patrickdk> not just the end result
[16:32] <Annoyed> Not sure about ability to resolve. I think it could, though.
[16:33] <Patrickdk> my recommendation though, would be to use shorewall
[16:33] <Patrickdk> after years of doing iptables and ipchains myself, and finding my own issues, like multible rules interacting to cause holes I didn't want and stuff
[16:33] <Patrickdk> shorewall just makes my life so much easier
[16:33] <jerrcs> i honestly use raw rules and not much of these programs
[16:33] <jerrcs> so i cannot speak on  them
[16:34] <Patrickdk> I do raw iptables too, but shorewall on anything harder now :)
[16:34] <Patrickdk> but sometimes I need to get creative, and use raw iptables for things, expecially stuff like ipvs and manual protocol violations
[16:34] <Patrickdk> cause shorewall isn't made to actually break things
[16:35] <Patrickdk> things can get alittle fun, when you have like 15+ nic's on a system, it's just a royal pain to do all that manually in iptables
[16:36] <Annoyed> But I don't have any allowances for port 53 in my current ruleset, and it works. I assume established,related allows the returns for outbound DNS queries
[16:36] <Patrickdk> yes
[16:37] <Patrickdk> but what accepts inbound from your machines from *behind* the nat?
[16:37] <Patrickdk> workstation -> nat -> outside dns
[16:37] <Patrickdk> you have to accept workstation -> nat first, before nat can go outside
[16:38] <Patrickdk> that wouldn't be a forward rule, cause your contacting a dns server onyour nat box, most likely
[16:38] <Annoyed> the nat box IS the dns server also.
[16:38] <Patrickdk> what I said is full of assumptions about how you set things up
[16:38] <Annoyed> yes, exactly
[16:38] <Patrickdk> but normally that is how people do it
[16:38] <Annoyed> but I do recall errors in the logs regarding port 53
[16:39] <Patrickdk> on a normal home nat setup, you need to accept dhcp, dns, probably just all of icmp, and then if you get more fancy, upnp
[16:40] <Annoyed> Jan  2 21:56:22 unimatrix0 kernel: [ 6682.487057] [UFW BLOCK] IN=p2p1 OUT= MAC=10:c3:7b:db:99:5a:48:5b:39:1e:29:5b:08:00 SRC=172.16.0.13 DST=172.16.0.254 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=48164 DF PROTO=UDP SPT=5088 DPT=53 LEN=59
[16:43] <Annoyed> so, if I get you right, I would have to allow port 53 from any inside interface ?
[16:44] <Annoyed> I'm no iptables expert, so I assume something like ufw could write a better ruleset than I can, so I tried that.
[16:46] <Annoyed> If I want to use ufw, just add a rule to allow anything from the inside interface to the input chain?
[18:02] <Annoyed> Patrickdk: You still here?
[18:03] <Annoyed> If so, thank you. It was indeed DNS that was being blocked
[18:04] <Patrickdk> ufw doesn't write rulesets
[18:04] <Patrickdk> it only is an interface between you and iptables
[18:04] <Patrickdk> personally, I think it's a pointless interface
[18:04] <Patrickdk> but since ubuntu/debian has no persistant iptables interface, it needed something
[18:07] <Annoyed> Well, thank you anyway. I added lines to /etc/ufw/before.rules as follows
[18:07] <Annoyed> # allow all on inside interface
[18:07] <Annoyed> -A ufw-before-input -i p2p1 -j ACCEPT
[18:07] <Annoyed> -A ufw-before-output -o p2p1 -j ACCEPT
[18:08] <Annoyed> basically copied the settings for lo   and was all set
[18:08] <Annoyed> working as desired
[18:09] <Annoyed> And I assume that ufw can do a better job writing a ruleset than I can. =)
[18:15] <Patrickdk> if p2p1 is your *local* network, should be good enough :)
[18:46] <Annoyed> Yes, p2p1 is my inside interface
[18:47] <Annoyed> p3p1 is outside. For some reason, Ubuntu renamed them.
[18:48] <Annoyed> I tried to disable the biosdevname thing but it wouldn't even see ANY network intefaces then.
[18:48] <Annoyed> As long as it works, I'm not going worry about what it calls them
[21:11] <jefinc> so on my work's windows network I sign in with the same username/password from any computer within the network and it saves my settings/info etc., how do I do that with ubuntu?
[21:44] <SchrodingersScat> jefinc: https://help.ubuntu.com/community/SettingUpNFSHowTo ?
[21:44] <jefinc> SchrodingersScat: I will give it a go, thanks :)
[22:03] <NineTeen67Comet> Hello all .. been a while since I set up Ubuntu server (I've been running 13.04 for a while) .. this time however I moved 000-default to sites-available and restarted with my virtual files in sites-enabled but it still goes to the default Apache page .. is there another command I'm missing?
[22:04] <NineTeen67Comet> apachectl something?
[22:07] <NineTeen67Comet> I have directories in /var/www to represent the sites I'm running (re-building) ..
[22:51] <zol> Hi! I'm having trouble setting up my home network configuration. I have two NICs, one configured for WAN and the other for WAN on a subnet with range 10.0.0.0/24. The router has static ip 10.0.0.1, I can ping the router form the LAN clients, but I can't ping the clients from the router. The LAN clients can't reach outside of the LAN. I am using ufw as a firewall, I have NAT enabled to the best of my
[22:51] <zol> knowledge. I'm feeling terribly lost, have been trying to fix this for 6 hours now.
[22:51] <zol> and the other for LAN*
[22:52] <zol> I can't seem to get outgoing packets to be allowed by UFW.
[23:36] <jdstrand> zol: I suggest you look at the section on 'IP Masquerading' in 'man ufw-framwork'
[23:36] <jdstrand> zol: sorry, 'man ufw-framework'
[23:36]  * jdstrand wanders off again